summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* CI: force registry:2.6Valentin Rothberg2020-06-19
| | | | | | | | | | | For using the `registry:2.6` image. 2.7 and beyond dropped the `htpasswd` binary from the rootfs which parts of our CI depends on. While this is not a sustainable solution (assuming `htpasswd` is gone for ever), it unblocks the CI for now. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6673 from ashley-cui/masterOpenShift Merge Robot2020-06-18
|\ | | | | [CI:DOCS] Fix remote docs
| * Fix remote docsAshley Cui2020-06-18
|/ | | | | | | | Fix renaming bug in remote-docs.sh Remove mentions of 'remote' in windows and mac dos Remove podman-remote.conf.5 Signed-off-by: Ashley Cui <acui@redhat.com>
* Merge pull request #6656 from mheon/recursive_initOpenShift Merge Robot2020-06-18
|\ | | | | Allow recursive dependency start with Init()
| * Allow recursive dependency start with Init()Matthew Heon2020-06-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As part of APIv2 Attach, we need to be able to attach to freshly created containers (in ContainerStateConfigured). This isn't something Libpod is interested in supporting, so we use Init() to get the container into ContainerStateCreated, in which attach is possible. Problem: Init() will fail if dependencies are not started, so a fresh container in a fresh pod will fail. The simplest solution is to extend the existing recursive start code from Start() to Init(), allowing dependency containers to be started when we initialize the container (optionally, controlled via bool). Also, update some comments in container_api.go to make it more clear how some of our major API calls work. Fixes #6646 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #6662 from ↵OpenShift Merge Robot2020-06-18
|\ \ | | | | | | | | | | | | containers/dependabot/go_modules/k8s.io/apimachinery-0.18.4 Bump k8s.io/apimachinery from 0.18.3 to 0.18.4
| * | Bump k8s.io/apimachinery from 0.18.3 to 0.18.4Daniel J Walsh2020-06-18
| |/ | | | | | | | | | | | | | | | | Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.18.3 to 0.18.4. - [Release notes](https://github.com/kubernetes/apimachinery/releases) - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.18.3...v0.18.4) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6669 from vrothberg/unflake-rmiOpenShift Merge Robot2020-06-18
|\ \ | |/ |/| unflake rmi tests
| * unflake rmi testsValentin Rothberg2020-06-18
| | | | | | | | | | | | | | Make sure to always get the older images that previously committed one depends on. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6663 from containers/dependabot/go_modules/k8s.io/api-0.18.4OpenShift Merge Robot2020-06-18
|\ \ | | | | | | Bump k8s.io/api from 0.18.3 to 0.18.4
| * | Bump k8s.io/api from 0.18.3 to 0.18.4dependabot-preview[bot]2020-06-18
| |/ | | | | | | | | | | | | | | | | Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.18.3 to 0.18.4. - [Release notes](https://github.com/kubernetes/api/releases) - [Commits](https://github.com/kubernetes/api/compare/v0.18.3...v0.18.4) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6661 from ↵OpenShift Merge Robot2020-06-18
|\ \ | | | | | | | | | | | | containers/dependabot/go_modules/go.etcd.io/bbolt-1.3.5 Bump go.etcd.io/bbolt from 1.3.4 to 1.3.5
| * | Bump go.etcd.io/bbolt from 1.3.4 to 1.3.5dependabot-preview[bot]2020-06-18
| |/ | | | | | | | | | | | | | | | | Bumps [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) from 1.3.4 to 1.3.5. - [Release notes](https://github.com/etcd-io/bbolt/releases) - [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.4...v1.3.5) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6658 from mheon/experimental_no_moreOpenShift Merge Robot2020-06-18
|\ \ | | | | | | Podman system service is no longer experimental
| * | Podman system service is no longer experimentalMatthew Heon2020-06-17
| | | | | | | | | | | | | | | | | | | | | As such, we can remove the warnings logs that previously printed every time it was run. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #6611 from lsm5/fix-Makefile-for-varlinkOpenShift Merge Robot2020-06-18
|\ \ \ | |_|/ |/| | Makefile: install.varlink needs to create dirs
| * | Makefile: install.varlink needs to create dirsLokesh Mandvekar2020-06-17
| | | | | | | | | | | | Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | Merge pull request #6654 from rhatdan/keepidOpenShift Merge Robot2020-06-17
|\ \ \ | | | | | | | | Don't ignore --user flag in rootless --userns keepid
| * | | Don't ignore --user flag in rootless --userns keepidDaniel J Walsh2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently podman run --userns keep-id --user root:root fedora id The --user flag is ignored. Removing this makes the code work correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6647 from rhatdan/capsOpenShift Merge Robot2020-06-17
|\ \ \ \ | |_|_|/ |/| | | Handle dropping capabilities correctly when running as non root user
| * | | Handle dropping capabilties correctly when running as non root userDaniel J Walsh2020-06-17
|/ / / | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6560 from mheon/fix_exec_logdriverOpenShift Merge Robot2020-06-17
|\ \ \ | | | | | | | | Do not share container log driver for exec
| * | | Do not share container log driver for execMatthew Heon2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the container uses journald logging, we don't want to automatically use the same driver for its exec sessions. If we do we will pollute the journal (particularly in the case of healthchecks) with large amounts of undesired logs. Instead, force exec sessions logs to file for now; we can add a log-driver flag later (we'll probably want to add a `podman logs` command that reads exec session logs at the same time). As part of this, add support for the new 'none' logs driver in Conmon. It will be the default log driver for exec sessions, and can be optionally selected for containers. Great thanks to Joe Gooch (mrwizard@dok.org) for adding support to Conmon for a null log driver, and wiring it in here. Fixes #6555 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #6657 from mheon/bump-2.0.0-rc7OpenShift Merge Robot2020-06-17
|\ \ \ \ | |_|/ / |/| | | [CI:DOCS] Bump to v2.0.0-RC7
| * | | Bump to v2.0.0-devMatthew Heon2020-06-17
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | Bump to v2.0.0-rc7v2.0.0-rc7Matthew Heon2020-06-17
|/ / / | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #6655 from TomSweeneyRedHat/dev/tsweeney/b1_15_0OpenShift Merge Robot2020-06-17
|\ \ \ | |_|/ |/| | Bump Buildah to v1.15.0
| * | Bump Buildah to v1.15.0TomSweeneyRedHat2020-06-17
| | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #6620 from jgallucci32/api-logs-separateOpenShift Merge Robot2020-06-17
|\ \ \ | | | | | | | | Move logs functionality to separate file for APIv2
| * | | Move logs functionality to separate file for APIv2jgallucci322020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This simply moves the function for the log handler for APIv2 to a separate file to be consistent with other parts of the code base. Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
* | | | Merge pull request #6634 from baude/v2buildfixesOpenShift Merge Robot2020-06-17
|\ \ \ \ | |_|/ / |/| | | fix misc remote build issues
| * | | fix misc remote build issuesBrent Baude2020-06-17
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | address problem when multiple -t were sent. and rework remote build's tarball if a context dir is given other than ".". Fixes: #6578 Fixes: #6577 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6522 from mheon/unless-stoppedOpenShift Merge Robot2020-06-17
|\ \ \ | |_|/ |/| | Add support for the unless-stopped restart policy
| * | Add support for the unless-stopped restart policyMatthew Heon2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We initially believed that implementing this required support for restarting containers after reboot, but this is not the case. The unless-stopped restart policy acts identically to the always restart policy except in cases related to reboot (which we do not support yet), but it does not require that support for us to implement it. Changes themselves are quite simple, we need a new restart policy constant, we need to remove existing checks that block creation of containers when unless-stopped was used, and we need to update the manpages. Fixes #6508 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6644 from jgallucci32/revert-log-followOpenShift Merge Robot2020-06-17
|\ \ \ | | | | | | | | Revert #6591 to fix issue with failed tests
| * | | Revert #6591 to fix issue with failed testsjgallucci322020-06-17
| |/ / | | | | | | | | | Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
* | | Merge pull request #6630 from ashley-cui/masterOpenShift Merge Robot2020-06-17
|\ \ \ | | | | | | | | Show Anon, GID, UID in v2 volumes
| * | | Show Anon, GID, UID in v2 volumesAshley Cui2020-06-16
| | | | | | | | | | | | | | | | | | | | | | | | Anon, GID, UID parameters previously hidden if empty in podman volume for API v2. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | Merge pull request #6641 from vrothberg/harden-unitsOpenShift Merge Robot2020-06-17
|\ \ \ \ | | | | | | | | | | generate systemd: `ExecStopPost` for all units
| * | | | generate systemd: `ExecStopPost` for all unitsValentin Rothberg2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add an `ExecStopPost` run even for units generated without `--new`. Although it may seem redundant to run `container/pod stop` twice at first glance, we really need the post run. If the main PID (i.e., conmon) is killed, systemd will not execute `ExecStop` but only the post one. We made this obeservation in a customer issue and could reproduce the behavior consistently. Hence, the post run is needed to properly clean up when conmon is killed and it's pretty much a NOP in all other cases. Credits to Ulrich Obergfell for throrough and detailed analyses, which ultimately lead to this fix. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #6648 from vrothberg/vendor-imageOpenShift Merge Robot2020-06-17
|\ \ \ \ \ | |/ / / / |/| | | | vendor github.com/containers/image/v5@v5.5.1
| * | | | vendor github.com/containers/image/v5@v5.5.1Valentin Rothberg2020-06-17
| | |/ / | |/| | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #6631 from rhatdan/hooksOpenShift Merge Robot2020-06-17
|\ \ \ \ | |/ / / |/| | | Fix handling of old oci hooks
| * | | Fix handling of old oci hooksDaniel J Walsh2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman is blowing up with oci-umount hook, because it was never rewritten to support the v1.0.0 value. This PR adds support for the older version and cleans up the hook handling. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6640 from edsantiago/fix_flaky_logs_testOpenShift Merge Robot2020-06-17
|\ \ \ \ | | | | | | | | | | "streaming output" logs test: fix flake
| * | | | "streaming output" logs test: fix flakeEd Santiago2020-06-17
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Test has been flaking excessively. A quick look shows that the test itself is broken, making a bad assumption. 'podman logs -f' is guaranteed to exit when a container terminates. This does not (and should not) mean that the container has been cleaned up. It is undefined and unsafe to run 'podman run -n same-name-as-terminated-container' immediately after 'podman logs' exits. Solution: instead of 'podman run', do 'podman inspect'. This, too, is unsafe, but we can expect to see one of two possible conditions: 1) command succeeds, in which case we require that container State.Status be "exited"; or 2) command fails, in which case we expect "no such container" in error output For full coverage we should add a small delay-check test to (1) to ensure that the container is cleaned up after a short amount of time. Leaving that as a TODO because it's more than my Go skills can handle, and I want to get this checked in ASAP to get rid of the flake hassle. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #6636 from mheon/add_warningsOpenShift Merge Robot2020-06-17
|\ \ \ \ | | | | | | | | | | Re-add resource limit warnings to Specgen
| * | | | Re-add resource limit warnings to SpecgenMatthew Heon2020-06-16
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These were part of Podman v1.9, but were lost in the transition to using Specgen to create containers. Most resource limits are checked via the sysinfo package to ensure they are safe to use (the cgroup is mounted, kernel support is present, etc) and removed if not safe. Further, bounds checks are performed to ensure that values are valid. Ensure these warnings are printed client-side when they occur. This part is a little bit gross, as it happens in pkg/infra and not cmd/podman, which is largely down to how we implemented `podman run` - all the work is done in pkg/infra and it returns only once the container has exited, and we need warnings to print *before* the container runs. The solution here, while inelegant, avoid the need to extensively refactor our handling of run. Should fix blkio-limit warnings that were identified by the FCOS test suite. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #6583 from mheon/inspect_ctr_before_imgOpenShift Merge Robot2020-06-17
|\ \ \ \ | |_|_|/ |/| | | Fix podman inspect on overlapping/missing objects
| * | | Fix podman inspect on overlapping/missing objectsMatthew Heon2020-06-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This started as a small fix to `podman inspect` where a container and image, with the same name/tag, were present, and `podman inspect` was run on that name. `podman inspect` in 1.9 (and `docker inspect`) will give you the container; in v2.0, we gave the image. This was an easy fix (just reorder how we check for image/container). Unfortunately, in the process of testing this fix, I determined that we regressed in a different area. When you run inspect on a number of containers, some of which do not exist, `podman inspect` should return an array of inspect results for the objects that exist, then print a number of errors, one for each object that could not be found. We were bailing after the first error, and not printing output for the containers that succeeded. (For reference, this applied to images as well). This required a much more substantial set of changes to properly handle - signatures for the inspect functions in ContainerEngine and ImageEngine, plus the implementations of these interfaces, plus the actual inspect frontend code needed to be adjusted to use this. Fixes #6556 Signed-off-by: Matthew Heon <matthew.heon@pm.me>