| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The infra/abi code for pods was written in a flawed way, assuming
that the map[string]error containing individual container errors
was only set when the global error for the pod function was nil;
that is not accurate, and we are actually *guaranteed* to set the
global error when any individual container errors. Thus, we'd
never actually include individual container errors, because the
infra code assumed that err being set meant everything failed and
no container operations were attempted.
We were originally setting the cause of the error to something
nonsensical ("container already exists"), so I made a new error
indicating that some containers in the pod failed. We can then
ignore that error when building the report on the pod operation
and actually return errors from individual containers.
Unfortunately, this exposed another weakness of the infra code,
which was discarding the container IDs. Errors from individual
containers are not guaranteed to identify which container they
came from, hence the use of map[string]error in the Pod API
functions. Rather than restructuring the structs we return from
pkg/infra, I just wrapped the returned errors with a message
including the ID of the container.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| |
| |
| | |
containers/dependabot/go_modules/github.com/opentracing/opentracing-go-1.2.0
Bump github.com/opentracing/opentracing-go from 1.1.0 to 1.2.0
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github.com/opentracing/opentracing-go](https://github.com/opentracing/opentracing-go) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/opentracing/opentracing-go/releases)
- [Changelog](https://github.com/opentracing/opentracing-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/opentracing/opentracing-go/compare/v1.1.0...v1.2.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
APIv2: Add docker compatible volume endpoints
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In response to input regarding the semantic difference for the `force`
parameter for volume removal between Docker and us, this change ensures
that we emulate the Dockr behaviour correctly when this parameter is
specified.
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change implements docker compatibile endpoint for interacting with
volumes. The code is mostly lifted from the `libpod` API handlers but
decodes and constructs data using types defined in the docker API
package.
Some notable support caveats with the current implementation:
* we don't return the nullable `Status` or `UsageData` keys when
returning volume information for inspect and create endpoints
* we don't support filters when pruning
* we return a fixed `0` for the `SpaceReclaimed` key when pruning
since we have no insight into how much space was freed from runtime
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
|
|\
| |
| |
| |
| | |
containers/dependabot/go_modules/github.com/containers/common-0.15.1
Bump github.com/containers/common from 0.14.3 to 0.15.1
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.14.3 to 0.15.1.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](https://github.com/containers/common/compare/v0.14.3...v0.15.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | |
| | |
| | | |
containers/dependabot/go_modules/k8s.io/apimachinery-0.18.5
Bump k8s.io/apimachinery from 0.18.4 to 0.18.5
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.18.4 to 0.18.5.
- [Release notes](https://github.com/kubernetes/apimachinery/releases)
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.18.4...v0.18.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Created timesptamp returned by imagelist should be in unix format
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In the API, we are currently returning the image time of creation
as a string, in time.Time format. The API is for a 64 bit integer
representing Unix time.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
APIv2 tests: usability: better test logging
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
test-apiv2 has two basic comparisons of returned JSON:
equality and likeness ('=' and '~'). When logging failures,
the test runner shows both actual and expected values. When
logging success, for '=' there's no need to show both actual
and expected. But for '~', it can be helpful (for verifying
test correctness) to show the actual returned value.
To be specific:
old: ok ... .MemTotal~[0-9]\+
new: ok ... .MemTotal ('33509068800') ~ [0-9]\+
old: ok ... .[0].State~\(exited\|stopped\)
new: ok ... .[0].State ('exited') ~ \(exited\|stopped\)
The main benefit is that a developer or end user can
easily see precisely what was returned; this can help
confirm that the test is working as intended, and/or
help fine-tune how the test is written.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
utils: fix parsing of cgroup with : in the name
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
a cgroup can have ':' in its name. Make sure the parser doesn't split
more than 3 fields and leave untouched the ':' in the cgroup name.
commit 6ee5f740a4ecb70636b888e78b02065ee984636c introduced the issue.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
docs: recommend alternatives to podman inspect
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
podman inspect is problematic because there can be naming clashes. Also,
it only inspects a couple of types of objects and the docs for it didn't
help discover that several more types could be inspected as well.
To address both concerns, we deprecate `podman inspect` and update the
docs to point to to the recommend alternatives.
Issue: #6756
Signed-off-by: Mark Stosberg <mark@rideamigos.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
container: move volume chown after spec generation
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
move the chown for newly created volumes after the spec generation so
the correct UID/GID are known.
Closes: https://github.com/containers/libpod/issues/5698
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Set TMPDIR to /var/tmp by default if not set
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Containers/image will use TMPDIR for the location of pulled layer blobs.
If TMPDIR is not set, it will use /tmp. Since this is known to be of
limited space on most systems, we change the default to /var/tmp
if the user has not told the tools where to store temporary files.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
fix: Don't override entrypoint if it's `nil`
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
This change ensures that we only override a container's entrypoint if it
is set to something other than `nil`.
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
|
|\ \ \
| |_|/
|/| | |
Add a note on the APIs supported by `system service`
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
This makes it clear that we target compatibility with a specific
Docker version (v1.40), but do not reject other versions. It also
adds a link to documentation on the Podman-specific API.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \
| | |
| | | |
Allow empty host port in --publish flag
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I didn't believe that this was actually legal, but it looks like
it is. And, unlike our previous understanding (host port being
empty means just use container port), empty host port actually
carries the same meaning as `--expose` + `--publish-all` (that
is, assign a random host port to the given container port). This
requires a significant rework of our port handling code to handle
this new case. I don't foresee this being commonly used, so I
optimized having a fixed port number as fast path, which this
random assignment code running after the main port handling code
only if necessary.
Fixes #6806
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| | | |
| | | | |
Set console mode for windows
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Windows terminal handling is different than darwin and linux. It needs to have the terminal mode set to enable virtual terminal processing. This allows colors and other things to work.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
systemd system test: run auto-update
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Run `podman auto-update` in the systemd system tests. Note that this is
a first step to at least exercise parts of `auto-update` in the CI. The
service won't get updated just yet as we need to set up a local
registry, and push a new image. I do not have enough time at the moment
to do that but consider this change already as an improvement.
We are experiencing some issues in #6793 w.r.t. to auto-updates but
couldn't track down the root cause yet.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Fixes --remote flag issues
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* --remote, --url and --identity are now anchored to podman command.
Subcommands should no longer have issues
* TraverseChildren now set to V1 expectations
* Latest flag now has helper function. Now has consistent usage.
* IsRemote() uses cobra parser to determin if --remote is given
* Moved validation functions from parser pkg to validate pkg
*
Fixes #6598
Fixes #6704
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
podman: add new cgroup mode split
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When running under systemd there is no need to create yet another
cgroup for the container.
With conmon-delegated the current cgroup will be split in two sub
cgroups:
- supervisor
- container
The supervisor cgroup will hold conmon and the podman process, while
the container cgroup is used by the OCI runtime (using the cgroupfs
backend).
Closes: https://github.com/containers/libpod/issues/6400
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
system tests: add pod, inspect testing
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Followup to #6761: confirm that 'podman ps' shows the ports
on a running container in a pod created with -p (not to
be confused with the container itself running with -p,
tested in 500-networking.bats).
While we're at it, test that the port handling itself works,
by sending random text to the container and making sure the
container receives it.
Followup to #6752: 'podman inspect' should show multiple
security opts
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Fix error handling problem in APIv2 network remove
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | | |
instead of nil
Signed-off-by: Maximilian Müller <maxm123@techie.com>
|
|\ \ \ \
| | | | |
| | | | | |
generate systemd: improve pod-flags filter
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When generating systemd unit for pods, we need to remove certain
pod-related flags from the containers' create commands. Make sure
to account for all the syntax including a single argument with key and
value being split by `=`.
Fixes: #6766
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Ensure umask is set appropriately for 'system service'
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We need a umask of 0022 to ensure containers are created
correctly, but we set a different one prior to starting the
server (to ensure the unix socket has the right permissions).
Thus, we need to set the umask after the socket has been bound,
but before the server begins accepting requests.
Fixes #6787
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| | | |
| | | | |
e2e inspect: HostConfig.SecurityOpt
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
Make sure that all specified security options are displayed in a
container's inspect data.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
specgen: fix order for setting rlimits
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Also make sure that the limits we set for rootless are not higher than
what we'd set for root containers.
Rootless containers failed to start when the calling user already
had ulimit (e.g. on NOFILE) set.
This is basically a cherry-pick of 76f8efc0d0d into specgen
Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
|