summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* remote: fix name and ID collisions of containers and podsValentin Rothberg2020-10-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the look up of containers and pods in the remote client. User input can refer to both, names or IDs of containers and pods, so there is a fair chance of collisions (e.g., "c1" name with a "c1...." ID). Those collisions are well handled (and battle tested) in the local client which is directly using the libpod backend. Hence, the remote client should not attempt to introduce its own logic to prevent bugs and divergence between the local and the remote clients. To prevent collisions such as in #7837, do a container/pod inspect on the user-provided input to find the corresponding ID and eventually do full ID comparisons to avoid potential collisions with names. Note that this has a cost that I am not entirely happy with. Looking at issue #7837, the collisions are happening when removing the two containers. Remote container removal is now very chatty with the server as it first queries for all containers, then iterates over the provided names or IDs and does a remote inspect to figure out the IDs and find a matching container object. However, remote removal could just pass the names and IDs directly to the batch removal endpoint. Querying for all containers could be prevented if the batch removal endpoint would remove all if the slice is empty. In other words, the bug is fixed but there's room for performance improvements. Fixes: #7837 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #7823 from vrothberg/fix-6381OpenShift Merge Robot2020-10-01
|\ | | | | image look up: consult registries.conf
| * image look up: consult registries.confValentin Rothberg2020-09-30
| | | | | | | | | | | | | | | | | | | | When looking up local images, take the unqualified-serach registries of the registries.conf into account (on top of "localhost/"). Also extend the integration tests to prevent future regressions. Fixes: #6381 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * pkg/registries: add a retiring noteValentin Rothberg2020-09-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The registries package should be retired. It was introduced as an easier to use wrapper around c/image `sysregistries` which has been replaced by `sysregistriesv2` a long while ago. Users should either use the `sysregistriesv2` package directly or, even better, we cache the config in libpod's image runtime to prevent redundant (and ~expensive) parsing of the registries.conf files. For now, just add a note in hope we'll not forgert about it when we find time in the future. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #7834 from xordspar0/patch-1OpenShift Merge Robot2020-09-30
|\ \ | | | | | | Don't disable Go modules when generating varlink
| * | Don't disable Go modules when generating varlinkJordan Christiansen2020-09-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From a fresh install of Fedora 33 Beta and a fresh clone of the repo, `make` fails with the following error when Go modules are disabled: # Only generate the varlink code on Linux (see issue #4814). GO111MODULE=off go generate ./pkg/varlink/... ../../vendor/github.com/varlink/go/cmd/varlink-go-interface-generator/main.go:12:2: cannot find package "github.com/varlink/go/varlink/idl" in any of: /usr/lib/golang/src/github.com/varlink/go/varlink/idl (from $GOROOT) /home/test/src/podman/_output/src/github.com/varlink/go/varlink/idl (from $GOPATH) pkg/varlink/generate.go:3: running "go": exit status 1 make: *** [Makefile:646: pkg/varlink/iopodman.go] Error 1 Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | | Merge pull request #7798 from QiWang19/run-manifestOpenShift Merge Robot2020-09-30
|\ \ \ | | | | | | | | Use local image if input image is a manifest list
| * | | Use local image if input image is a manifest listQi Wang2020-09-30
| | | | | | | | | | | | | | | | | | | | | | | | If run&create image returns error: image contains manifest list, not a runnable image, find the local image that has digest matching the digest from the list and use the image from local storage for the command. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #7820 from giuseppe/fix-capabilities-not-rootOpenShift Merge Robot2020-09-30
|\ \ \ \ | | | | | | | | | | capabilities: always set ambient and inheritable
| * | | | capabilities: always set ambient and inheritableGiuseppe Scrivano2020-09-30
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | change capabilities handling to reflect what docker does. Bounding: set to caplist Inheritable: set to caplist Effective: if uid != 0 then clear; else set to caplist Permitted: if uid != 0 then clear; else set to caplist Ambient: clear Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #7847 from rhatdan/networkOpenShift Merge Robot2020-09-30
|\ \ \ \ | | | | | | | | | | Make the e2e test network cleanup more robust.
| * | | | Make the e2e test network cleanup more robust.Daniel J Walsh2020-09-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to handle removal of non existing network. This allows the `removeCNINetwork` function always to be called. This is needed by tests which are trying to remove the network manually in order to prevent flakes. Fixes #7809 Signed-off-by: Paul Holzinger <paul.holzinger@web.de> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7833 from jwhonce/issues/7826OpenShift Merge Robot2020-09-30
|\ \ \ \ \ | |_|_|_|/ |/| | | | Refactor IdleTracker to handle StateIdle transitions
| * | | | Refactor IdleTracker to handle StateIdle transitionsJhon Honce2020-09-29
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove stutter naming for package and types * Stop treating StateIdle the same as StateClosed, rather transitions to StateIdle will keep API timeout window open * Remove redundate code Fixes #7826 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #7840 from vrothberg/remote-untagOpenShift Merge Robot2020-09-30
|\ \ \ \ | | | | | | | | | | fix remote untag
| * | | | fix remote untagValentin Rothberg2020-09-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the remote client to untag all tags of the specified image. Instead of querying the image on the client side, support the case where both, repo and tag, are empty and remove all tags. Reuse the ABI implementation where possible. In retrospective, the libpod untag endpoint should support a slice of strings to batch remove tags rather than reaching out for each tag individually. Enable the skipped test. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #7841 from AkihiroSuda/fix-7789OpenShift Merge Robot2020-09-30
|\ \ \ \ \ | |_|_|/ / |/| | | | rootless-cni-infra v3: fix cleaning up DNS entries
| * | | | libpod: bump up rootless-cni-infra to v3Akihiro Suda2020-09-30
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
| * | | | rootless-cni-infra v3: fix cleaning up DNS entriesAkihiro Suda2020-09-30
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix "Old DNS entries are not cleaned up" by passing CNI_ARGS to `cnitool del`. Fix #7789 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* | | | Merge pull request #7831 from rhatdan/envOpenShift Merge Robot2020-09-30
|\ \ \ \ | | | | | | | | | | We already set container=podman environment variable
| * | | | We already set container=podman environment variableDaniel J Walsh2020-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only need to set container, no need for containers Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7825 from rhatdan/exitcodeOpenShift Merge Robot2020-09-30
|\ \ \ \ \ | | | | | | | | | | | | Fix handling of remove of bogus volumes, networks and Pods
| * | | | | Fix handling of remove of bogus volumes, networks and PodsDaniel J Walsh2020-09-29
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In podman containers rm and podman images rm, the commands exit with error code 1 if the object does not exists. This PR implements similar functionality to volumes, networks, and Pods. Similarly if volumes or Networks are in use by other containers, and return exit code 2. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7827 from vrothberg/systemd-run-errorOpenShift Merge Robot2020-09-30
|\ \ \ \ \ | | | | | | | | | | | | healthchecks: return systemd-run error
| * | | | | healthchecks: return systemd-run errorValentin Rothberg2020-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In case `systemd-run` errors when creating transient unit files (and timers), create an error based on the combined output from stdout and stderr. Using the error from `exec.Command` contains the exit code only which is not useful to debug (see #7484). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Merge pull request #7799 from rhatdan/rootlessOpenShift Merge Robot2020-09-30
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Make all Skips specify a reason
| * | | | | Make all Skips specify a reasonDaniel J Walsh2020-09-29
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | Always use CGROUPV2 rather then reading from system all the time. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7832 from edsantiago/bats_run_tzOpenShift Merge Robot2020-09-30
|\ \ \ \ \ | |/ / / / |/| | | | System tests: add podman run --tz
| * | | | System tests: add podman run --tzEd Santiago2020-09-29
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | New tests for podman run --tz=EXPLICIT and =local. Requires updating our testimage by adding a fixed reference timestamp to a known file path. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #7828 from edsantiago/batsOpenShift Merge Robot2020-09-29
|\ \ \ \ | |_|_|/ |/| | | System tests: corner case for run --pull
| * | | System tests: corner case for run --pullEd Santiago2020-09-29
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Obscure corner case in which 'podman run --pull=never alpine' will actually pass *with no alpine image* if there's an image named "myalpine". (i.e. a substring match, not full string match). Fixed in #7770 but the tests that were added there do not actually test that. This adds a double-duty test for that as well as making sure that 'run --pull=never SHORTNAME' (implicit :latest) does not match our existing :YYYYMMDD image; then one more quick test to make sure that if we tag as :latest, the same --pull=never succeeds. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #7797 from rsommer/masterOpenShift Merge Robot2020-09-29
|\ \ \ | |/ / |/| | [CI:DOCS] Add section about current differences
| * | Apply suggestions from code reviewRoland Sommer2020-09-29
| | | | | | | | | | | | | | | Co-authored-by: Tom Sweeney <tsweeney@redhat.com> Signed-off-by: Roland Sommer <rol@ndsommer.de>
| * | Add section about current differencesRoland Sommer2020-09-28
| | | | | | | | | | | | | | | | | | There are some differences in behaviour between docker and podman which should be documented to help developers while transitioning. Signed-off-by: Roland Sommer <rol@ndsommer.de>
* | | Merge pull request #7788 from IceCodeNew/patch-1OpenShift Merge Robot2020-09-29
|\ \ \ | | | | | | | | Updating on supported restart policy
| * | | Updating on supported restart policyIceCodeNew2020-09-27
| |/ / | | | | | | | | | Signed-off-by: IceCodeNew <32576256+IceCodeNew@users.noreply.github.com>
* | | Merge pull request #7783 from ashley-cui/slirpOpenShift Merge Robot2020-09-29
|\ \ \ | | | | | | | | Add support for slirp network for pods
| * | | Add support for slirp network for podsAshley Cui2020-09-25
| | | | | | | | | | | | | | | | | | | | | | | | flag --network=slirp4netns[options] for root and rootless pods Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | Merge pull request #7822 from edsantiago/batsOpenShift Merge Robot2020-09-29
|\ \ \ \ | | | | | | | | | | Gating-test fix: deal with new crun error msg
| * | | | Gating-test fix: deal with new crun error msgEd Santiago2020-09-29
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | crun changed an error message: https://github.com/containers/crun/pull/439 It's a good change, absolutely the right thing to do, but it broke gating tests. Fix tests so they handle both old and new format. Fixes: #7814 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #7811 from rhatdan/sysctlsOpenShift Merge Robot2020-09-29
|\ \ \ \ | | | | | | | | | | Ignore containers.conf sysctl when namespaces set to host
| * | | | Ignore containers.conf sysctl when namespaces set to hostDaniel J Walsh2020-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If user sets namespace to host, then default sysctls need to be ignored that are specific to that namespace. --net=host ignore sysctls that begin with net. --ipc=host ignore fs.mqueue --uts=host ignore kernel.domainname and kernel.hostname Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7819 from ↵OpenShift Merge Robot2020-09-29
|\ \ \ \ \ | |_|/ / / |/| | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/sirupsen/logrus-1.7.0 Bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0
| * | | | Bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0dependabot-preview[bot]2020-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.6.0 to 1.7.0. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.6.0...v1.7.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7792 from Landrash/masterOpenShift Merge Robot2020-09-29
|\ \ \ \ \ | |/ / / / |/| | | | [CI:DOCS] Adds missing . to README.md file.
| * | | | Adds missing . to README.md file.Landrash2020-09-28
| | |_|/ | |/| | | | | | | | | | Signed-off-by: Fredrik Lindqvist <landrash@mail.com>
* | | | Merge pull request #7803 from edsantiago/batsOpenShift Merge Robot2020-09-29
|\ \ \ \ | | | | | | | | | | System tests: reenable some skipped tests
| * | | | System tests: reenable some skipped testsEd Santiago2020-09-28
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - pause test: enable when rootless + cgroups v2 (was previously disabled for all rootless) - run --pull: now works with podman-remote (in #7647, thank you @jwhonce) - various other run/volumes tests: try reenabling It looks like #7195 was fixed (by #7451? I'm not sure if I'm reading the conversation correctly). Anyway, remove all the skip()s on 7195. Only time will tell if it's really fixed) Also: - new test for podman image tree --whatrequires (because TIL). Doesn't work with podman-remote. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #7805 from Luap99/journald-testOpenShift Merge Robot2020-09-28
|\ \ \ \ | | | | | | | | | | Journald log driver test
| * | | | Journald log driver testPaul Holzinger2020-09-28
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | Test that the journald log driver writes to journald and that we can read it with journalctl. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>