summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* make layer-tree lookup errors non-fatalValentin Rothberg2021-02-12
| | | | | | | | | | | | | | | | | | | | | Internally, Podman constructs a tree of layers in containers/storage to quickly compute relations among layers and hence images. To compute the tree, we intersect all local layers with all local images. So far, lookup errors have been fatal which has turned out to be a mistake since it seems fairly easy to cause storage corruptions, for instance, when killing builds. In that case, a (partial) image may list a layer which does not exist (anymore). Since the errors were fatal, there was no easy way to clean up and many commands were erroring out. To improve usability, turn the fatal errors into warnings that guide the user into resolving the issue. In this case, a `podman system reset` may be the approriate way for now. [NO TESTS NEEDED] because I have no reliable way to force it. [1] https://github.com/containers/podman/issues/8148#issuecomment-778253474 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #9302 from giuseppe/cgroup-split-v1OpenShift Merge Robot2021-02-11
|\ | | | | utils: takes the longest path on cgroup v1
| * utils: takes the longest path on cgroup v1Giuseppe Scrivano2021-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | now getCgroupProcess takes the longest path on cgroup v1, instead of complaining if the paths are different. This should help when --cgroups=split is used on cgroup v1 and the process cgroups look like: $ cat /proc/self/cgroup 11:pids:/user.slice/user-0.slice/session-4.scope 10:blkio:/ 9:cpuset:/ 8:devices:/user.slice 7:freezer:/ 6:memory:/user.slice/user-0.slice/session-4.scope 5:net_cls,net_prio:/ 4:hugetlb:/ 3:cpu,cpuacct:/ 2:perf_event:/ Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * utils: create parent cgroupsGiuseppe Scrivano2021-02-11
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * utils: ignore unified on cgroupv1 if not presentGiuseppe Scrivano2021-02-11
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * utils: skip empty linesGiuseppe Scrivano2021-02-11
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #9329 from mheon/update_master_300OpenShift Merge Robot2021-02-11
|\ \ | | | | | | [CI:DOCS] Update Master to reflect the 3.0 release
| * | Update Master to reflect the 3.0 releaseMatthew Heon2021-02-11
|/ / | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #9320 from baude/issue9315OpenShift Merge Robot2021-02-11
|\ \ | | | | | | container ps json format miscue
| * | container ps json format miscuebaude2021-02-11
|/ / | | | | | | | | | | | | | | | | | | when printing out json format, we mistakenly changed the Created field output to be a time.time in a different commit. This allows for override of the Created field to be a unix ts as type int64. Fixes: #9315 Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #9312 from baude/issue9310OpenShift Merge Robot2021-02-11
|\ \ | | | | | | Correct compat network prune response
| * | Correct compat network prune responsebaude2021-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | Correcting the structure of the compat network prune response. They should follow {"NetworksDeleted": [<network_name>",...]} Fixes: #9310 Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #9308 from mheon/fix_6003OpenShift Merge Robot2021-02-11
|\ \ \ | | | | | | | | Rewrite copy-up to use buildah Copier
| * | | Rewrite copy-up to use buildah CopierMatthew Heon2021-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The old copy-up implementation was very unhappy with symlinks, which could cause containers to fail to start for unclear reasons when a directory we wanted to copy-up contained one. Rewrite to use the Buildah Copier, which is more recent and should be both safer and less likely to blow up over links. At the same time, fix a deadlock in copy-up for volumes requiring mounting - the Mountpoint() function tried to take the already-acquired volume lock. Fixes #6003 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #9309 from baude/issue9303OpenShift Merge Robot2021-02-10
|\ \ \ \ | |_|/ / |/| | | Display correct value for unlimited ulimit
| * | | Display correct value for unlimited ulimitbaude2021-02-10
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When doing a container inspect on a container with unlimited ulimits, the value should be -1. But because the OCI spec requires the ulimit value to be uint64, we were displaying the inspect values as a uint64 as well. Simple change to display as an int64. Fixes: #9303 Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #9268 from cevich/podman_monitorOpenShift Merge Robot2021-02-10
|\ \ \ | | | | | | | | [CI:DOCS] Cirrus: Send cirrus-cron report e-mail to list.
| * | | Cirrus: Send cirrus-cron report e-mail to list.Chris Evich2021-02-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This mailing-list was established to allow people to sub/unsub from automated notifications. Add it to the list of destinations picked up by the Github Actions workflow `.github/workflows/check_cirrus_cron.yml`. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #9298 from ↵OpenShift Merge Robot2021-02-10
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/spf13/cobra-1.1.2 Bump github.com/spf13/cobra from 1.1.1 to 1.1.2
| * | | | Bump github.com/spf13/cobra from 1.1.1 to 1.1.2dependabot-preview[bot]2021-02-10
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.1 to 1.1.2. - [Release notes](https://github.com/spf13/cobra/releases) - [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md) - [Commits](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #9299 from Luap99/secret-shell-completion-testOpenShift Merge Robot2021-02-10
|\ \ \ \ | | | | | | | | | | Add shell completion tests for secrets
| * | | | Add shell completion tests for secretsPaul Holzinger2021-02-10
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the SECRET keyword to the shell completion test. Also update the use line for podman secret create to use `NAME` instead of `SECRET`. This matches the other commands such as network/volume create. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #9301 from vrothberg/bumpOpenShift Merge Robot2021-02-10
|\ \ \ \ | | | | | | | | | | bump to v3.1.0-dev
| * | | | bump to v3.1.0-devValentin Rothberg2021-02-10
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Given we branched for 3.0 already, bumping the version in the main branch will help prevent confusion in case users report issues on main versus the v3.0 branch. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #9294 from matejvasek/update_linterOpenShift Merge Robot2021-02-10
|\ \ \ \ | | | | | | | | | | Update golangci-lint
| * | | | [NO TESTS NEEDED] Update linterMatej Vasek2021-02-10
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | | | Merge pull request #9297 from matejvasek/apiv2_push_get_digestOpenShift Merge Robot2021-02-10
|\ \ \ \ \ | | | | | | | | | | | | Docker [APIv2] push sends digest in response body
| * | | | | Docker APIv2 push sends digest in response bodyMatej Vasek2021-02-10
| |/ / / / | | | | | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | | | Merge pull request #9291 from lsm5/fedora-rpm-binary-hardeningOpenShift Merge Robot2021-02-10
|\ \ \ \ \ | |_|/ / / |/| | | | hardening flags for fedora rpmbuilds
| * | | | hardening flags for fedora rpmbuildsLokesh Mandvekar2021-02-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit sets the CGO_CFLAGS variable for hardening the Fedora rpm binaries. The flags used are the same as those in the official Fedora rpms. Setting the flags in upstream spec would provide early warnings for flag adjustments or other hardening issues. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | | | Merge pull request #9295 from Luap99/fix-9293OpenShift Merge Robot2021-02-10
|\ \ \ \ \ | |_|/ / / |/| | | | Fix compat networks endpoint for a empty result
| * | | | Fix compat networks endpoint for a empty resultPaul Holzinger2021-02-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The networks list compat api endpoint must return `[]` and not `null` if no networks are found. Fixes #9293 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | Merge pull request #9284 from rhatdan/annotationsOpenShift Merge Robot2021-02-09
|\ \ \ \ \ | |_|/ / / |/| | | | Support annotations from containers.conf
| * | | | Restart service when CONTAINERS_CONF changesDaniel J Walsh2021-02-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Service needs to be restarted in order to read the CONTAINERS_CONF file. Not resetting this can lead to lots of flakes, since the test will use whatever the host system has to be set in it's containers.conf. Fixes: https://github.com/containers/podman/issues/9286 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | | Support annotations from containers.confDaniel J Walsh2021-02-09
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | Currently podman does not use the annotations specified in the containers.conf. This PR fixes this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #9288 from vrothberg/vendor-imageOpenShift Merge Robot2021-02-09
|\ \ \ \ | | | | | | | | | | vendor github.com/containers/image v5.10.2
| * | | | vendor github.com/containers/image v5.10.2Valentin Rothberg2021-02-09
| |/ / / | | | | | | | | | | | | | | | | Fixes: #8559 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #9289 from edsantiago/apiv2_test_fixesOpenShift Merge Robot2021-02-09
|\ \ \ \ | | | | | | | | | | apiv2 test fixes
| * | | | APIv2 tests: lots of cleanupEd Santiago2021-02-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's been a while since I last looked at these; some cruft has crept in, generating noise and hence unreadable test results. Clean it up: * remove pushd/popd in one subtest, replace with 'tar -C'. (Also remove confusing quotation marks). This removes spurious directory names from output. * in like(), show only first line of actual output. Some commands ('tree', 'generate kube') produce voluminous multi-line output, which is super useless and distracting when reading a test run. * Recognize that some queries will not generate output, e.g. HEAD requests and some POSTs. Deal with that. This fixes "curl.result.out: no such file" and "parse error" warnings. * In cleanup, 'podman rm -a' and 'rmi -af'; this gets rid of errors when deleting $WORKDIR. (EBUSY error when root, EPERM when rootless). And, the original reason for poking in here: refactor the wait-for-port part of start_server() into its own helper function, so we can use it when starting a local registry in 12-imagesMore. (Ref: #9270) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #9270 from matejvasek/fix_apiv2_pushOpenShift Merge Robot2021-02-09
|\| | | | | | | | | | | | | | Fix Docker APIv2 push endpoint
| * | | | Fix Docker APIv2 push endpointMatej Vasek2021-02-09
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | Docker doesn't have the destination parameter as libpod does, the "image name" path parameter is supposed to be the destination. Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | | Merge pull request #9283 from vrothberg/fix-8897OpenShift Merge Robot2021-02-09
|\ \ \ \ | |_|/ / |/| | | generate kube: do not set caps with --privileged
| * | | generate kube: support --privilegedValentin Rothberg2021-02-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not play with capabilities for privileged containers where all capabilities will be set implicitly. Also, avoid the device check when running privileged since all of /dev/* will be mounted in any case. Fixes: #8897 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #9281 from ↵OpenShift Merge Robot2021-02-09
|\ \ \ \ | |_|_|/ |/| | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/ocicrypt-1.1.0 Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0
| * | | Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0dependabot-preview[bot]2021-02-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.0.3 to 1.1.0. - [Release notes](https://github.com/containers/ocicrypt/releases) - [Commits](https://github.com/containers/ocicrypt/compare/v1.0.3...v1.1.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #9125 from ashley-cui/secretswiringOpenShift Merge Robot2021-02-09
|\ \ \ \ | |_|/ / |/| | | Implement Secrets
| * | | Implement SecretsAshley Cui2021-02-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | Merge pull request #9269 from Luap99/rootfs-shell-completionOpenShift Merge Robot2021-02-09
|\ \ \ \ | | | | | | | | | | Allow path completion for podman create/run --rootfs
| * | | | Allow path completion for podman create/run --rootfsPaul Holzinger2021-02-08
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the --rootfs flag is set podman create/run expect a host path as first argument. The shell completion should provide path completion in that case. [NO TESTS NEEDED] This can manually be verified with `podman run --rootfs [TAB]`. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #9272 from rhatdan/VENDOROpenShift Merge Robot2021-02-09
|\ \ \ \ | |_|_|/ |/| | | Bump containers/buildah to v1.19.4