summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* preparation for remote-client create containerbaude2019-03-11
| | | | | | | | | to prepare for being able to remotely run a container, we need to perform a refactor to get code out of main because it is not reusable. the shared location is a good starting spot though eventually some will likely end up in pkg/spec/ at some point. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2604 from giuseppe/allow-single-mappingsOpenShift Merge Robot2019-03-11
|\ | | | | rootless: allow single ID mappings
| * rootless: allow single mappingsGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we were playing safe and not allowed any container to have less than 65536 mappings. There are a couple of reasons to change it: - it blocked libpod to work in an environment where newuidmap/newgidmap are not available, or not configured. - not allowed to use different partitions of subuids, where each user has less than 65536 ids available. Hopefully this change in containers/storage: https://github.com/containers/storage/pull/303 will make error clearers if there are not enough IDs for the image that is being used. Closes: https://github.com/containers/libpod/issues/1651 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * pull: promote debug statement to errorGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | print an error if there is any failure pulling an image. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2606 from TomSweeneyRedHat/dev/tsweeney/builddocfixOpenShift Merge Robot2019-03-11
|\ \ | |/ |/| Remove --rm and --detach don't coexist note
| * Remove --rm and --detach don't coexist noteTomSweeneyRedHat2019-03-11
|/ | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> With later changes of Podman, you can now use both the --rm and --detach in a single run command. This PR removes the documentation in the man pages saying this is not allowed. Fixes: #2601
* Merge pull request #2603 from mheon/misc_pod_fixesOpenShift Merge Robot2019-03-11
|\ | | | | Misc pod fixes
| * Fix generation of infra container commandMatthew Heon2019-03-10
| | | | | | | | | | | | | | | | | | | | | | | | When sourcing from an image, we need to grab its entrypoint first and then add command on to mimic the behavior of Docker. The default Kube pause image just sets ENTRYPOINT, and not CMD, so nothing changes there, but this ought to fix other images (for example, nginx would try to run the pause command instead of an nginx process without this patch) Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Remove an unused if statement I addedMatthew Heon2019-03-10
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Don't delete another container's resolv and hosts filesMatthew Heon2019-03-10
| | | | | | | | | | | | | | | | | | | | | | The logic of deleting and recreating /etc/hosts and /etc/resolv.conf only makes sense when we're the one that creates the files - when we don't, it just removes them, and there's nothing left to use. Fixes #2602 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Fix a potential segfault during infra container createMatthew Heon2019-03-10
|/ | | | | | | | | I was seeing some segfaults where image config was being passed as nil, causing a nil dereference segfault. Fix the apparent cause and add some safety fencing to try and ensure it doesn't happen again. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2516 from rhatdan/secretsOpenShift Merge Robot2019-03-09
|\ | | | | Move secrets package to buildah
| * Move secrets package to buildahDaniel J Walsh2019-03-08
| | | | | | | | | | | | | | | | Trying to remove circular dependencies between libpod and buildah. First step to move pkg content from libpod to buildah. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2576 from rhatdan/troubleshootingOpenShift Merge Robot2019-03-09
|\ \ | | | | | | Add troublshoot information about SELinux labeling of containers/storage
| * | Add troublshoot information about SELinux labeling of containers/storageDaniel J Walsh2019-03-08
| |/ | | | | | | | | | | | | We have some bug reports about people moving containers storage to new directories and this troubleshooter should help them fix this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2531 from cevich/rootless_stubOpenShift Merge Robot2019-03-09
|\ \ | | | | | | Cirrus: Add dedicated rootless mode testing
| * | Cirrus: Add dedicated rootless mode testingChris Evich2019-03-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Certain integration tests require execution as a regular user. This is acomplished by `PodmanTest.PodmanAsUserBase()` wrapping a specialized execution environment, in `test/utils/utils.go`. However, doing this requires passing through python, which vastly increases the complexity of debugging low-level problems. This commit introduces a new parallel task, run as a regular user on the VM as set by three environment variables. All commands executed in the ``rootless_test.sh`` script, will occur as a real user with a name and home directory, just as `$DIETY` intended. All env. vars established during `environment_setup.sh` (for root) are available. The PR source in `$GOSRC` and `$GOPATH` are owned by this user, and ready for use. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #2598 from mheon/crio_umount_is_uselessOpenShift Merge Robot2019-03-09
|\ \ \ | | | | | | | | We don't use crio-umount.conf
| * | | We don't use crio-umount.confMatthew Heon2019-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It also causes conflicts with CRI-O packages. Also, change the path on seccomp.json so it lives in /usr/share by default, with everything else. Fixes #2596 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #2592 from baude/testfixupsOpenShift Merge Robot2019-03-08
|\ \ \ \ | | | | | | | | | | test docs fixups
| * | | | test docs fixupsbaude2019-03-08
| | |_|/ | |/| | | | | | | | | | | | | | | | | | adding some clarification on testing based on tom's input. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #2590 from haircommander/pause_entry_cmdOpenShift Merge Robot2019-03-08
|\ \ \ \ | |/ / / |/| | | Default to image entrypoint for infra container
| * | | Default to image entrypoint for infra containerPeter Hunt2019-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | If the pod infra container is overriden, we want to run the entry point of the image, instead of the default infra command. This allows users to override the infra-image with greater ease. Also use process environment variables from image Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | | Merge pull request #2560 from baude/ginkgoimprovementsOpenShift Merge Robot2019-03-08
|\ \ \ \ | | | | | | | | | | ginkgo status improvements
| * | | | ginkgo status improvementsbaude2019-03-08
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | a series of improvements to our ginkgo test framework so we can get better ideas of whats going on when run in CI Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #2591 from baude/issue2209OpenShift Merge Robot2019-03-08
|\ \ \ \ | | | | | | | | | | podman play kube defaults
| * | | | podman play kube defaultsbaude2019-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | if an input YAML file lacks securitycontext and working dir for a container, we need to be able to handle that. if no default for working dir is provided, we use a default of "/". fixes issue #2209 Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #2589 from baude/issue2171OpenShift Merge Robot2019-03-08
|\ \ \ \ \ | | | | | | | | | | | | container runlabel respect $PWD
| * | | | | container runlabel respect $PWDbaude2019-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When doing environment variable substitution, we need to make sure $PWD is replaced with the current working directory. fixes issue #2171 Signed-off-by: baude <bbaude@redhat.com>
* | | | | | Merge pull request #2588 from giuseppe/rootless-propagate-error-from-infoOpenShift Merge Robot2019-03-08
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | rootless: propagate errors from info
| * | | | | rootless: propagate errors from infoGiuseppe Scrivano2019-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we use "podman info" to reconfigure the runtime after a reboot, but we don't propagate the error message back if something goes wrong. Closes: https://github.com/containers/libpod/issues/2584 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #2557 from QiWang19/filter2241OpenShift Merge Robot2019-03-08
|\ \ \ \ \ \ | | | | | | | | | | | | | | fix bug in podman images list all images with same name
| * | | | | | fix bug in podman images list all images with same nameQi Wang2019-03-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | | Merge pull request #2257 from cevich/system_test_beginningOpenShift Merge Robot2019-03-08
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | [ci skip] System-test: Begin list of needed high-level tests
| * | | | | | | System-test: Documentation and TODO listChris Evich2019-03-06
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | | Merge pull request #2569 from giuseppe/rootless-fix-exec-with-userOpenShift Merge Robot2019-03-08
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | rootless: exec join the user+mount namespace
| * | | | | | create: join also the mount ns of the dependencyGiuseppe Scrivano2019-03-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when we are creating a container that depends on another one, be sure we also join its mount namespace in addition to the user namespace. Closes: https://github.com/containers/libpod/issues/2556 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | rootless: exec join the user+mount namespaceGiuseppe Scrivano2019-03-07
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it is not enough to join the user namespace where the container is running. We also need to join the mount namespace so that we can correctly look-up inside of the container rootfs. This is necessary to lookup the mounted /etc/passwd file when --user is specified. Closes: https://github.com/containers/libpod/issues/2566 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #2586 from mheon/fix_ps_statesOpenShift Merge Robot2019-03-08
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | Remove 'podman ps' restarting filter and fix stopped
| * | | | | Remove 'podman ps' restarting filter and fix stoppedMatthew Heon2019-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman has no concept of a "restarting" container - such a container is just transitioning from running to stopped and then back to running through our ordinary state machine. As such, filtering "restarting" containers doesn't work and does nothing. Also, make "stopped" containers show as exited - this is a momentary state we transition to before proper exited. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | Merge pull request #2582 from baude/issue2574OpenShift Merge Robot2019-03-08
|\ \ \ \ \ \ | |/ / / / / |/| | | | | label parsing in non-quoted field
| * | | | | label parsing in non-quoted fieldbaude2019-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | switch from a stringslice to a stringarray for labels to handle quoted input. fixes issue #2574 Signed-off-by: baude <bbaude@redhat.com>
* | | | | | Merge pull request #2580 from rhatdan/cleanup1OpenShift Merge Robot2019-03-08
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | More cleanup for failures on missing commands.
| * | | | | More cleanup for failures on missing commands.Daniel J Walsh2019-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently in podman if a user specifies a command that does not exist the tool shows the help information. This patch changes it to show information like: $ ./bin/podman foobar Error: unrecognized command 'podman foobar' Try 'podman --help' for more information. $ ./bin/podman volume foobar Error: unrecognized command `podman volume foobar` Try 'podman volume --help' for more information. $ ./bin/podman container foobar Error: unrecognized command `podman container foobar` Try 'podman container --help' for more information. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #2579 from edsantiago/add_healthcheck_to_podman_1OpenShift Merge Robot2019-03-08
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | add podman-healthcheck(1) to podman(1)
| * | | | | add podman-healthcheck(1) to podman(1)Ed Santiago2019-03-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ...caught by hack/podman-commands.sh script. Which had a little buglet, which I fixed: add a special case for 'help', which neither has nor needs a man page. I believe the podman-commands.sh script is ready to be run in CI, hint hint. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #2533 from edsantiago/batsOpenShift Merge Robot2019-03-07
|\ \ \ \ \ \ | | | | | | | | | | | | | | New system tests under BATS
| * | | | | | Implement review feedbackEd Santiago2019-03-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - document a recommended convention for fail-fast tests - document the requirement for jq. (And, add a fail-fast test for its presence; remove the duplicated checks in subtests) - add further sanity checks to 'help' test. Add missing documentation. Remove a no-longer-needed workaround for usage-message bug fixed in #2486 - add a documented TEMPLATE - and, since we're at 1.1, enable 'Remote API' check in version test - better diagnostics in setup/teardown; add vim filetype hint; better formatting of actual-vs-expect errors - new pod-top, logs, build tests - improve error messages - add $IMAGE alias for ridiculous $PODMAN_TEST_IMAGE_FQN - final cleanup, in prep for merge Signed-off-by: Ed Santiago <santiago@redhat.com>
| * | | | | | new system tests under BATSEd Santiago2019-03-07
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Initial attempt at writing a framework for podman system tests. The idea is to define a useful set of primitives that will make it easy to write actual tests and to interpret results of failing ones. This is a proof-of-concept right now; only a small number of tests, by no means comprehensive. I am requesting review in order to find showstopper problems: reasons why this approach cannot work. Should there be none, we can work toward running these as gating tests for Fedora and RHEL8. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #2570 from muayyad-alsadi/alsadi-tests-20190307OpenShift Merge Robot2019-03-07
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | test to cover parallel execution and networking