summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* auto-update tests: various fixesEd Santiago2021-06-07
| | | | | | | | | | | | | | Followup to #9740. Nice work, but the _confirm_update() helper was dangerously broken and I just wasn't able to communicate that. Given the time zone difference, and my weekly time cost in reviewing, it's easier for me to fix it myself. (The problem is that the function was a complete NOP, which would lead to flakes). Also: got rid of some clutter, restructured a few minor places for maintainability. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #9740 from ypu/auto-updateOpenShift Merge Robot2021-06-07
|\ | | | | System test: Add tests for podman auto-update
| * System test: Add podman auto-update related test casesYiqiao Pu2021-06-08
| | | | | | | | | | | | | | | | Add some cases for podman auto-update: 1. Test with different value for label io.containers.autoupdate 2. Run podman auto-update as systemd timer Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* | Merge pull request #10381 from adrianreber/2021-05-18-publishOpenShift Merge Robot2021-06-07
|\ \ | | | | | | Add --publish to container restore
| * | Add restore --publish to the man pageAdrian Reber2021-06-04
| | | | | | | | | | | | Signed-off-by: Adrian Reber <areber@redhat.com>
| * | Add test for restore --publishAdrian Reber2021-06-04
| | | | | | | | | | | | Signed-off-by: Adrian Reber <areber@redhat.com>
| * | Allow changing of port forward rules on restoreAdrian Reber2021-06-04
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Restored containers, until now, had the same port mappings as the original started container. This commit adds the parameter '--publish' to 'podman container restore' with the same semantic as during create/run. With this change it is possible to create a copy from a container with a '--publish' rule and replace the original '--publish' setting with a new one. # podman run -p 2345:8080 container # podman container checkpoint -l --export=dump.tar # podman container restore -p 5432:8080 --import=dump.tar The restored container will now listen on localhost:5432 instead of localhost:2345 as the original created container. Signed-off-by: Adrian Reber <areber@redhat.com>
* | Merge pull request #10557 from vrothberg/fix-5572OpenShift Merge Robot2021-06-07
|\ \ | | | | | | systemd/generate: change type to notify
| * | systemd/generate: change type to notifyValentin Rothberg2021-06-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change the type of units generated with --new from "forking" to "notify". This brings Podman closer to systemd and opens up Podman to a number of use cases (see #5572). Units generated without --new remain with `type=forking`. I experimented a bit with adding a `--sdnotify` flag to `podman start` but it doesn't really work well since we're competing with the default sdnotify mode set during container creation. Fixes: #5572 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10567 from adrianreber/2021-06-04-compressOpenShift Merge Robot2021-06-07
|\ \ \ | | | | | | | | Add support for selectable checkpoint archive compression algorithm
| * | | Added tests for different checkpoint archive compressionsAdrian Reber2021-06-07
| | | | | | | | | | | | | | | | Signed-off-by: Adrian Reber <areber@redhat.com>
| * | | Add --compress to podman-container-checkpoint.1.mdAdrian Reber2021-06-07
| | | | | | | | | | | | | | | | Signed-off-by: Adrian Reber <areber@redhat.com>
| * | | Add parameter to specify checkpoint archive compressionAdrian Reber2021-06-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The checkpoint archive compression was hardcoded to `archive.Gzip`. There have been requests to make the used compression algorithm selectable. There was especially the request to not compress the checkpoint archive to be able to create faster checkpoints when not compressing it. This also changes the default from `gzip` to `zstd`. This change should not break anything as the restore code path automatically handles whatever compression the user provides during restore. Signed-off-by: Adrian Reber <areber@redhat.com>
| * | | Order checkpoint options in man page alphabeticallyAdrian Reber2021-06-07
|/ / / | | | | | | | | | | | | | | | | | | This just reorders the options in the podman-container-checkpoint man page alphabetically. No actual content changed. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | Merge pull request #10561 from vrothberg/fix-remote-events-labelOpenShift Merge Robot2021-06-07
|\ \ \ | | | | | | | | remote events: support labels
| * | | remote events: support labelsValentin Rothberg2021-06-04
| |/ / | | | | | | | | | | | | | | | | | | | | | Certain event meta data was lost when converting the remote events to libpod events and vice versa. Enable the skipped system tests for remote. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10568 from jwhonce/issues/10562OpenShift Merge Robot2021-06-06
|\ \ \ | | | | | | | | [CI:DOCS] Document which CNI fields are encoded
| * | | [CI:DOCS] Document which CNI fields are encodedJhon Honce2021-06-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The CNI configuration fields named Bytes are typed []byte which the GO JSON encoded automatically Base64 encodes. Note: Future major versions of Podman will refactor the networking endpoints to encapsulate/abstract the CNI structures which will allow better documenation and encoding. Fixes #10562 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #10574 from rogercoll/fix-bindings-docsOpenShift Merge Robot2021-06-06
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Fix outdated docs
| * | | | fix go-bindings examples with v3 new parametersRoger Coll2021-06-05
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Roger Coll <rogercoll@protonmail.com>
* | | | | Merge pull request #10500 from gigatexal/expand-podman-remote-docs-add-key-helpOpenShift Merge Robot2021-06-06
|\ \ \ \ \ | |/ / / / |/| | | | [CI:DOCS] extend docs to include help for when pub/priv key is signing issue
| * | | | extend docs to include help for when pub/priv key is signed with an ↵alex narayan2021-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | unsupported algo Signed-off-by: alex narayan <alexandar.narayan@deliveryhero.com>
* | | | | Merge pull request #10549 from Luap99/fix-9859OpenShift Merge Robot2021-06-05
|\ \ \ \ \ | |_|/ / / |/| | | | remote: always send resize before the container starts
| * | | | remote: always send resize before the container startsPaul Holzinger2021-06-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is race condition in the remote client attach logic. Because the resize api call was handled in an extra goroutine the container was started before the resize call happend. To fix this we have to call resize in the same goroutine as attach. When the first resize is done start a goroutine to listen on SIGWINCH in the background and resize again if the signal is received. Fixes #9859 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #10546 from boaz0/closes_8645OpenShift Merge Robot2021-06-04
|\ \ \ \ \ | | | | | | | | | | | | Add CORS support
| * | | | | Add CORS supportBoaz Shuster2021-06-04
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | | | Merge pull request #10563 from Luap99/fix-10494OpenShift Merge Robot2021-06-04
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] fix incorrect network remove api doc
| * | | | | [CI:DOCS] fix incorrect network remove api docPaul Holzinger2021-06-04
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The endpoint returns an array and not a single entry. Fixes #10494 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #10558 from vrothberg/fix-10529OpenShift Merge Robot2021-06-04
|\ \ \ \ \ | |_|_|_|/ |/| | | | remote events: fix --stream=false
| * | | | remote events: fix --stream=falseValentin Rothberg2021-06-04
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a bug in remote events where only one event would be sent if when streaming is turned off. The source of the bug was that the handler attempted to implement the streaming logic and did it wrong. The fix is rather simple by removing this logic from the handler and let the events backend handle streaming. Fixes: #10529 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #10553 from mheon/bump_master_320OpenShift Merge Robot2021-06-03
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Update main branch to reflect 3.2.0 release
| * | | | Update main branch to reflect 3.2.0 releaseMatthew Heon2021-06-03
|/ / / / | | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #10533 from rhatdan/docsOpenShift Merge Robot2021-06-03
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Fix spacing in buildthedocs
| * | | | Fix spacing in buildthedocsDaniel J Walsh2021-06-02
| | |/ / | |/| | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #10545 from ↵OpenShift Merge Robot2021-06-03
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/go.etcd.io/bbolt-1.3.6 Bump go.etcd.io/bbolt from 1.3.5 to 1.3.6
| * | | | Bump go.etcd.io/bbolt from 1.3.5 to 1.3.6dependabot[bot]2021-06-03
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) from 1.3.5 to 1.3.6. - [Release notes](https://github.com/etcd-io/bbolt/releases) - [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.5...v1.3.6) --- updated-dependencies: - dependency-name: go.etcd.io/bbolt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | Merge pull request #10543 from ↵OpenShift Merge Robot2021-06-03
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/opencontainers/selinux-1.8.2 Bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2
| * | | | Bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2dependabot[bot]2021-06-03
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: github.com/opencontainers/selinux dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | Merge pull request #10541 from Luap99/fix-10158OpenShift Merge Robot2021-06-03
|\ \ \ \ | | | | | | | | | | add ipv6 nameservers only when the container has ipv6 enabled
| * | | | add ipv6 nameservers only when the container has ipv6 enabledPaul Holzinger2021-06-03
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The containers /etc/resolv.conf allways preserved the ipv6 nameserves from the host even when the container did not supported ipv6. Check if the cni result contains an ipv6 address or slirp4netns has ipv6 support enabled and only add the ipv6 nameservers when this is the case. The test needs to have an ipv6 nameserver in the hosts /etc/hosts but we should never mess with this file on the host. Therefore the test is skipped when no ipv6 is detected. Fixes #10158 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #10544 from ↵OpenShift Merge Robot2021-06-03
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | containers/dependabot/go_modules/github.com/docker/docker-20.10.7incompatible Bump github.com/docker/docker from 20.10.6+incompatible to 20.10.7+incompatible
| * | | Bump github.com/docker/dockerdependabot[bot]2021-06-03
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.6+incompatible to 20.10.7+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md) - [Commits](https://github.com/docker/docker/compare/v20.10.6...v20.10.7) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #10540 from ↵OpenShift Merge Robot2021-06-03
|\ \ \ | |/ / |/| | | | | | | | containers/dependabot/go_modules/github.com/onsi/ginkgo-1.16.4 Bump github.com/onsi/ginkgo from 1.16.3 to 1.16.4
| * | Bump github.com/onsi/ginkgo from 1.16.3 to 1.16.4dependabot[bot]2021-06-03
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.3 to 1.16.4. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v1.16.3...v1.16.4) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | Merge pull request #10514 from vrothberg/fix-10507OpenShift Merge Robot2021-06-02
|\ \ | | | | | | events: support disjunctive filters
| * | events: support disjunctive filtersValentin Rothberg2021-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | While different filters are applied in conjunction, the same filter (but with different values) should be applied in disjunction. This allows, for instance, to query the events of two containers. Fixes: #10507 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10523 from rhatdan/docsOpenShift Merge Robot2021-06-02
|\ \ \ | | | | | | | | [CI:DOCS] Use secrets and machine rst file properly
| * | | Use secrets and machine rst file properlyDaniel J Walsh2021-06-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change makes secrets and machine handling match the handling of other subcommands of Podman. Possible fixes: https://github.com/containers/podman/issues/10513 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #10527 from edsantiago/batsOpenShift Merge Robot2021-06-01
|\ \ \ \ | | | | | | | | | | System tests: add :Z to volume mounts
| * | | | System tests: add :Z to volume mountsEd Santiago2021-06-01
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | selinux-policy-34.9-1.fc34 breaks a behavior we've relied on since (at least) January 2020: - Revert "Add permission open to files_read_inherited_tmp_files() interface" That's probably the correct thing to do, but it breaks our existing tests. Solution: add ':Z' where needed. Tested on Ed's laptop, which has the offending selinux-policy as of 2021-05-31. Tests pass root and rootless. (I mention this because tests will obviously pass in CI, which has a much older selinux-policy). Also: add a 'podman rmi' for cleanup in one test, to avoid noise in test logs. Fixes: #10522 Signed-off-by: Ed Santiago <santiago@redhat.com>