summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Ensure Conmon is alive before waiting for exit fileMatthew Heon2020-06-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This came out of a conversation with Valentin about systemd-managed Podman. He discovered that unit files did not properly handle cases where Conmon was dead - the ExecStopPost `podman rm --force` line was not actually removing the container, but interestingly, adding a `podman cleanup --rm` line would remove it. Both of these commands do the same thing (minus the `podman cleanup --rm` command not force-removing running containers). Without a running Conmon instance, the container process is still running (assuming you killed Conmon with SIGKILL and it had no chance to kill the container it managed), but you can still kill the container itself with `podman stop` - Conmon is not involved, only the OCI Runtime. (`podman rm --force` and `podman stop` use the same code to kill the container). The problem comes when we want to get the container's exit code - we expect Conmon to make us an exit file, which it's obviously not going to do, being dead. The first `podman rm` would fail because of this, but importantly, it would (after failing to retrieve the exit code correctly) set container status to Exited, so that the second `podman cleanup` process would succeed. To make sure the first `podman rm --force` succeeds, we need to catch the case where Conmon is already dead, and instead of waiting for an exit file that will never come, immediately set the Stopped state and remove an error that can be caught and handled. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #6515 from vrothberg/v2-enable-ubuntuOpenShift Merge Robot2020-06-08
|\ | | | | V2 enable ubuntu
| * e2e: disable checkpoint test on UbuntuValentin Rothberg2020-06-08
| | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * force bats version to v1.1.0Valentin Rothberg2020-06-08
| | | | | | | | | | | | | | | | We experienced regression when using the latest `v1.2.0-dev` bats in Ubuntu 20.04 (see github.com/containers/libpod/pull/6418). Using bats v1.1.0 worked in the Ubuntu test VM. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * Enable Ubuntu tests in CIBrent Baude2020-06-08
|/ | | | | | Add updates required for ubuntu and run integration tests Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #6505 from mheon/parallel_stopOpenShift Merge Robot2020-06-08
|\ | | | | Add parallel operation to `podman stop`
| * Add parallel operation to `podman stop`Matthew Heon2020-06-05
| | | | | | | | | | | | | | | | | | | | | | | | This is the other command that benefits greatly from being run in parallel, due to the potential 15-second timeout for containers that ignore SIGTERM. While we're at it, also clean up how stop timeout is set. This needs to be an optional parameter, so that the value set when the container is created with `--stop-timeout` will be respected. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6417 from sujil02/py-testOpenShift Merge Robot2020-06-06
|\ \ | |/ |/| Adds docker py regression test.
| * Adds docker py regression test.Sujil022020-06-04
| | | | | | | | | | | | | | | | Adds test to validate podman image endpoints. Adds readme on how to run python tests Adds contants file. Signed-off-by: Sujil02 <sushah@redhat.com>
* | Merge pull request #6504 from rhatdan/systemdOpenShift Merge Robot2020-06-05
|\ \ | | | | | | Fix handling of systemd.
| * | Fix handling of systemd.Daniel J Walsh2020-06-05
|/ / | | | | | | | | | | | | | | | | | | Systemd enablement has to happen on the server side, since we need check if the image is running systemd. Also need to make sure user setting the StopSignal is not overriden on the server side. But if not set and using systemd, we set it correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6495 from mheon/parallel_executionOpenShift Merge Robot2020-06-05
|\ \ | | | | | | Add parallel execution code for container operations
| * | Add parallel execution code for container operationsMatthew Heon2020-06-05
| | | | | | | | | | | | | | | | | | | | | | | | This code will run container operations in parallel, up to a given maximum number of threads. Currently, it has only been enabled for local `podman rm` as a proof of concept. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6500 from ↵OpenShift Merge Robot2020-06-05
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/seccomp/containers-golang-0.5.0 Bump github.com/seccomp/containers-golang from 0.4.1 to 0.5.0
| * | | Bump github.com/seccomp/containers-golang from 0.4.1 to 0.5.0dependabot-preview[bot]2020-06-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/seccomp/containers-golang](https://github.com/seccomp/containers-golang) from 0.4.1 to 0.5.0. - [Release notes](https://github.com/seccomp/containers-golang/releases) - [Commits](https://github.com/seccomp/containers-golang/compare/v0.4.1...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6498 from mheon/fix_pod_hostnameOpenShift Merge Robot2020-06-05
|\ \ \ \ | | | | | | | | | | Ensure that containers in pods properly set hostname
| * | | | Strip defaults from namespace flagsMatthew Heon2020-06-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We were picking up defaults from the client's containers.conf, which broke pod namespaces. The server-side code already checks containers.conf when not explicitly overridden by the user, or by the container being part of a pod (the last bit being our bug). This only manifested on systems with a containers.conf installed, so RHEL 8 and Fedora 32 (which means our F32 CI VMs likely should have caught it, but didn't, which is concerning). This prevents defaults for these flags being shown, but they were incorrect anyways for `podman-remote`, so I'm not terribly concerned. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | Ensure that containers in pods properly set hostnameMatthew Heon2020-06-04
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we moved to the new Namespace types in Specgen, we made a distinction between taking a namespace from a pod, and taking it from another container. Due to this new distinction, some code that previously worked for both `--pod=$ID` and `--uts=container:$ID` has accidentally become conditional on only the latter case. This happened for Hostname - we weren't properly setting it in cases where the container joined a pod. Fortunately, this is an easy fix once we know to check the condition. Also, ensure that `podman pod inspect` actually prints hostname. Fixes #6494 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #6501 from rhatdan/iopsOpenShift Merge Robot2020-06-05
|\ \ \ \ | |/ / / |/| | | Fix handling of ThrottleWriteIOPSDevice
| * | | Fix handling of ThrottleWriteIOPSDeviceDaniel J Walsh2020-06-05
|/ / / | | | | | | | | | | | | | | | This is causing the UBuntu tests to fail. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6338 from rhatdan/build3OpenShift Merge Robot2020-06-04
|\ \ \ | | | | | | | | Attempt to turn on special_testing_in_podman tests
| * | | Attempt to turn on special_testing_in_podman testsDaniel J Walsh2020-06-04
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6374 from rhatdan/build1OpenShift Merge Robot2020-06-04
|\ \ \ \ | |_|/ / |/| | | Turn on the podman-commands script to verify man pages
| * | | Turn on the podman-commands script to verify man pagesDaniel J Walsh2020-06-04
|/ / / | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6492 from mheon/bump-2.0.0-rc4OpenShift Merge Robot2020-06-04
|\ \ \ | |/ / |/| | [CI:DOCS] Bump to v2.0.0-RC4
| * | Bump to v2.0.0-devMatthew Heon2020-06-04
| | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | Bump to v2.0.0-rc4v2.0.0-rc4Matthew Heon2020-06-04
|/ / | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #6491 from vrothberg/fix-6490OpenShift Merge Robot2020-06-04
|\ \ | | | | | | /images/.../json: fix port parsing
| * | /images/.../json: fix port parsingValentin Rothberg2020-06-04
| |/ | | | | | | | | | | | | | | | | | | Fix a bug when parsing the `ExposedPorts` of the image that lead to panics when the field was set. The OCI image spec allows three valid formats: `tcp/port`, `udp/port` and `port` Fixes: #6490 Reported-by: @jgallucci32 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6489 from edsantiago/batsOpenShift Merge Robot2020-06-04
|\ \ | | | | | | BATS and APIv2: more tests and tweaks
| * | BATS and APIv2: more tests and tweaksEd Santiago2020-06-03
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - (minor): apiv2 tests: check for full ID Observation made while reviewing #6461: tests were checking only for a 12-character container/image ID in return value. It's actually 64, and we should test for that. This should also minimize confusion in a future maintainer. - podman pause/unpause: new test Runs a 'date/sleep' loop, pauses container, sleeps 3s, restarts, then confirms that there's a 3- to 6-second gap in the logs for the container. - podman healthcheck: new test run a container with healthcheck, test both healthy and unhealthy conditions - podman pod: check '{{.Pod}}' field in podman ps Hey, as long as we have a pod with two running containers, might as well confirm that 'podman ps' returns the expected pod ID. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #6485 from QiWang19/remote-ignoreOpenShift Merge Robot2020-06-04
|\ \ | | | | | | fix remote test --ignore & turn on more tests
| * | fix remote test --ignore & turn on more testsQi Wang2020-06-03
| | | | | | | | | | | | | | | | | | fix remote test --ignore & turn on more tests Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #6481 from QiWang19/rm-test-stopOpenShift Merge Robot2020-06-04
|\ \ \ | | | | | | | | turn on remote stop_test
| * | | turn on remote stop_testQi Wang2020-06-03
| | | | | | | | | | | | | | | | | | | | | | | | turn on stop_test --cidfile Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #6470 from mheon/fix_stats_nonetOpenShift Merge Robot2020-06-04
|\ \ \ \ | | | | | | | | | | Properly follow linked namespace container for stats
| * | | | Properly follow linked namespace container for statsMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman containers can specify that they get their network namespace from another container. This is automatic in pods, but any container can do it. The problem is that these containers are not guaranteed to have a network namespace of their own; it is perfectly valid to join the network namespace of a --net=host container, and both containers will end up in the host namespace. The code for obtaining network stats did not account for this, and could cause segfaults as a result. Fortunately, the fix is simple - the function we use to get said stats already performs appropriate checks, so we just need to recursively call it. Fixes #5652 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #6486 from baude/v2infoaddsocketOpenShift Merge Robot2020-06-04
|\ \ \ \ \ | | | | | | | | | | | | add socket information to podman info
| * | | | | add socket information to podman infoBrent Baude2020-06-03
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | this is step 1 to self-discovery of remote ssh connections. we add a remotesocket struct to info to detect what the socket path might be. Co-authored-by: Jhon Honce <jhonce@redhat.com> Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #6404 from ↵OpenShift Merge Robot2020-06-04
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/conmon-2.0.17incompatible Bump github.com/containers/conmon from 2.0.16+incompatible to 2.0.17+incompatible
| * | | | | Bump github.com/containers/conmonDaniel J Walsh2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/conmon](https://github.com/containers/conmon) from 2.0.16+incompatible to 2.0.17+incompatible. - [Release notes](https://github.com/containers/conmon/releases) - [Changelog](https://github.com/containers/conmon/blob/master/changelog.txt) - [Commits](https://github.com/containers/conmon/compare/v2.0.16...v2.0.17) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #6484 from rhatdan/namespaceOpenShift Merge Robot2020-06-04
|\ \ \ \ \ \ | | | | | | | | | | | | | | Namespace fields were set with bogus values
| * | | | | | Namespace fields were set with bogus valuesDaniel J Walsh2020-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Namespace fields were being set with their option names unless overriden by the user. This was causing issues with podman-remote on userns. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | Merge pull request #6476 from eriksjolund/add_some_CVE_entries_to_changelog.txtOpenShift Merge Robot2020-06-04
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Add a few CVE entries to changelog.txt
| * | | | | | | Add a few CVE entries to changelog.txtErik Sjölund2020-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the following CVE entries CVE-2020-1726 CVE-2020-10696 CVE-2019-18466 to changelog.txt Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | | | | | Merge pull request #6482 from mheon/split_inspectOpenShift Merge Robot2020-06-04
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Ensure that image/container inspect are specialized
| * | | | | | | | Ensure that image/container inspect are specializedMatthew Heon2020-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are currently able to inspect images with `podman container inspect` and containers with `podman image inspect` and neither of those seem correct. This ensures that the appropriate flags, and only the appropriate flags, are available for each specialized exec, and they can only inspect the specific type they were intended to. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | | | | Merge pull request #6487 from rhatdan/VENDOROpenShift Merge Robot2020-06-04
|\ \ \ \ \ \ \ \ \ | |_|_|_|_|_|_|_|/ |/| | | | | | | | Vendor in container/storage v1.20.2
| * | | | | | | | Vendor in container/storage v1.20.2Daniel J Walsh2020-06-03
|/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also modify gate Dockerfile to take advantage of skipping mounting of the storage directory. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | | Merge pull request #6478 from rhatdan/abisupportOpenShift Merge Robot2020-06-03
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Remove use of ABISupport buildtag