summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Implement SecretsAshley Cui2021-02-09
| | | | | | | | | | | Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui <acui@redhat.com>
* Merge pull request #9265 from vrothberg/vendor-commonOpenShift Merge Robot2021-02-08
|\ | | | | vendor latest containers/common
| * vendor latest containers/commonValentin Rothberg2021-02-08
|/ | | | | | | | We had a couple of regressions in containers/common in the last release. Before cutting a new release, let's vendor it here. Since 3.0 has been branched, we can vendor a non-release commit of c/common. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #9205 from st1971/issue-8710OpenShift Merge Robot2021-02-05
|\ | | | | play kube selinux label issue
| * play kube selinux test caseSteven Taylor2021-02-04
| | | | | | | | | | | | added skip to test case where selinux not enabled Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
| * play kube selinux test caseSteven Taylor2021-02-03
| | | | | | | | | | | | fixed typo in the label comparison Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
| * play kube selinux label test caseSteven Taylor2021-02-03
| | | | | | | | | | | | | | test case added to e2e test suite to validate process label being correctly set on play kube Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
| * play kube selinux label issueSteven Taylor2021-02-02
| | | | | | | | | | | | | | | | | | play kube function not respecting selinux options in kube yaml, all options were being mapped to role. fixes issue 8710 Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
* | Merge pull request #9231 from vrothberg/rootfs-workdirOpenShift Merge Robot2021-02-05
|\ \ | | | | | | fix logic when not creating a workdir
| * | fix logic when not creating a workdirValentin Rothberg2021-02-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When resolving the workdir of a container, we may need to create unless the user set it explicitly on the command line. Otherwise, we just do a presence check. Unfortunately, there was a missing return that lead us to fall through into attempting to create and chown the workdir. That caused a regression when running on a read-only root fs. Fixes: #9230 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #9048 from matejvasek/apiv2_waitOpenShift Merge Robot2021-02-05
|\ \ \ | | | | | | | | Fix Docker APIv2 container wait endpoint
| * | | Fix per review requestMatej Vasek2021-02-04
| | | | | | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
| * | | Increase timeouts in some testsMatej Vasek2021-02-03
| | | | | | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
| * | | Add test for Docker APIv2 waitMatej Vasek2021-02-03
| | | | | | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
| * | | Implement Docker wait conditionsMatej Vasek2021-02-03
| | | | | | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
| * | | Improve ContainerEngine.ContainerWait()Matej Vasek2021-02-03
| | | | | | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
| * | | Improve container libpod.Wait*() functionsMatej Vasek2021-02-03
| |/ / | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | Merge pull request #9182 from mheon/bump_apiOpenShift Merge Robot2021-02-05
|\ \ \ | | | | | | | | Bump remote API version to 3.0.0
| * | | Bump remote API version to 3.0.0Matthew Heon2021-02-04
| | | | | | | | | | | | | | | | | | | | | | | | Fixes #9175 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #9235 from Luap99/fix-9234OpenShift Merge Robot2021-02-04
|\ \ \ \ | | | | | | | | | | Fix podman network disconnect wrong NetworkStatus number
| * | | | Fix podman network disconnect wrong NetworkStatus numberPaul Holzinger2021-02-04
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The allocated `tmpNetworkStatus` must be allocated with the length 0. Otherwise append would add new elements to the end of the slice and not at the beginning of the allocated memory. This caused inspect to fail since the number of networks did not matched the number of network statuses. Fixes #9234 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #9113 from cevich/ginkgo_logs_artifactOpenShift Merge Robot2021-02-04
|\ \ \ \ | | | | | | | | | | Cirrus: Collect ginkgo node logs artifacts
| * | | | Cirrus: Collect ginkgo node logs artifactsChris Evich2021-02-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In rare cases, it's possible for one of the ginkgo processes to "hang". When this occurs, the main output will contain this message: ``Ginkgo timed out waiting for all parallel nodes to report`` The only way to debug this was to look through concatenated printing of the ginkgo node logs. This is a tedious and daunting task, requiring special search knowledge, facing a "wall of text". Simplify the situation by collecting the node logs separately, as individual files in a cirrus-artifact. In this way, it's faster to figure out which test "hung" by examining each log individually. The log file which does not have a pass/fail summary at the end, indicates the last test hung (for whatever reason), and includes it's output (if any). Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | Merge pull request #9220 from vrothberg/fix-9211OpenShift Merge Robot2021-02-04
|\ \ \ \ \ | | | | | | | | | | | | generate kube: handle entrypoint
| * | | | | generate kube: handle entrypointValentin Rothberg2021-02-04
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The spec of a Kube Container has a `Command` and `Args`. While both are slices, the `Command` is the counterpart of the entrypoint of a libpod container. Kube is also happily accepting the arguments to as following items in the slice but it's cleaner to move those to `Args`. Fixes: #9211 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #9154 from alvistack/master-linux-amd64OpenShift Merge Robot2021-02-04
|\ \ \ \ \ | |_|/ / / |/| | | | Update nix pin with `make nixpkgs`
| * | | | Update nix pin with `make nixpkgs`Wong Hoi Sing Edison2021-02-03
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
* | | | | Merge pull request #9188 from jwhonce/issues/8865OpenShift Merge Robot2021-02-03
|\ \ \ \ \ | | | | | | | | | | | | Report StatusConflict on Pod opt partial failures
| * | | | | Report StatusConflict on Pod opt partial failuresJhon Honce2021-02-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - When one or more containers in the Pod reports an error on an operation report StatusConflict and report the error(s) - jsoniter type encoding used to marshal error as string using error.Error() - Update test framework to allow setting any flag when creating pods - Fix test_resize() result check Fixes #8865 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | Merge pull request #9217 from vrothberg/attach-warnOpenShift Merge Robot2021-02-03
|\ \ \ \ \ \ | | | | | | | | | | | | | | bindings: attach: warn correct error
| * | | | | | bindings: attach: warn correct errorValentin Rothberg2021-02-03
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The resize warning logged the wrong error. While this does not fix #9172, it may very well be helpful finding its root cause. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Merge pull request #9216 from ↵OpenShift Merge Robot2021-02-03
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/storage-1.25.0 Bump github.com/containers/storage from 1.24.5 to 1.25.0
| * | | | | | Bump github.com/containers/storage from 1.24.5 to 1.25.0dependabot-preview[bot]2021-02-03
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.24.5 to 1.25.0. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.24.5...v1.25.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #9215 from ↵OpenShift Merge Robot2021-02-03
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containernetworking/cni-0.8.1 Bump github.com/containernetworking/cni from 0.8.0 to 0.8.1
| * | | | | | Bump github.com/containernetworking/cni from 0.8.0 to 0.8.1dependabot-preview[bot]2021-02-03
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 0.8.0 to 0.8.1. - [Release notes](https://github.com/containernetworking/cni/releases) - [Commits](https://github.com/containernetworking/cni/compare/v0.8.0...v0.8.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #9208 from edsantiago/batsOpenShift Merge Robot2021-02-03
|\ \ \ \ \ \ | | | | | | | | | | | | | | System test for #9096 (truncated stdout)
| * | | | | | System test for #9096 (truncated stdout)Ed Santiago2021-02-02
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This actually tests conmon, not podman; but that's the whole point of system tests in the first place: if a problem exists, we want to fail loudly, no matter whose fault it is. (I can't get this to fail on my f33 laptop; OP on #9096 claims it only fails on Ubuntu. We'll see what happens in CI). Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #9214 from rhatdan/waitOpenShift Merge Robot2021-02-03
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix invalid wait condition on kill
| * | | | | | Fix invalid wait condition on killDaniel J Walsh2021-02-03
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using the compatability tests on kill, the kill function goes into an infinite wait loop taking all of the CPU. This change will use the correct wait function and exit properly. Fixes: https://github.com/containers/podman/issues/9206 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #9210 from edsantiago/makefile_fixesOpenShift Merge Robot2021-02-03
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Makefile: make bin/* real targets!
| * | | | | Makefile: make bin/* real targets!Ed Santiago2021-02-03
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Backstory: every time you run 'make podman' or even just 'make', you get a full recompile. This is sub-ideal. Cause: I don't really know. It looks complicated. #5017 introduced a .PHONY for bin/podman, for reasons not explained in the PR. Then, much later, #5880 well- intentionedly but improperly tweaked the 'find' command used in defining SOURCES, adding a -prune but without the corresponding and required -print. Let's just say, it was an unfortunate cascade of events. This PR fixes the SOURCES definition and removes the highly-undesired .PHONY from podman & podman-remote, making it so you can type 'make' and, oh joy, not build anything if it's current. The way 'make' is supposed to work. Why fix this now? Because my PR (#9209) was failing in CI, in the Validate step: Can't exec "./bin/podman": No such file or directory at hack/xref-helpmsgs-manpages line 223. It failed even on Re-run, and only passed once I force-pushed the PR (with no changes, just a new commit SHA). I have no idea why bin/podman wasn't built, and I have zero interest in pursuing that right now, but the proper solution is to add bin/podman as a Makefile dependency for that particular test. So done. While I'm at it, fix what is pretty clearly a typo in a .PHONY And, finally, fix a go-md2man warning introduced in #9189 [NO TESTS NEEDED] Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #9197 from ↵OpenShift Merge Robot2021-02-03
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/onsi/gomega-1.10.5 Bump github.com/onsi/gomega from 1.10.4 to 1.10.5
| * | | | | Bump github.com/onsi/gomega from 1.10.4 to 1.10.5dependabot-preview[bot]2021-02-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.10.4 to 1.10.5. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.10.4...v1.10.5) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Merge pull request #9103 from mattcen/patch-1OpenShift Merge Robot2021-02-03
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] typo
| * | | | | | typoMatthew Cengia2021-02-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Cengia <mattcen@mattcen.com>
* | | | | | | Merge pull request #9174 from bitstrings/masterOpenShift Merge Robot2021-02-03
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Make slirp MTU configurable (network_cmd_options)
| * | | | | | | Make slirp MTU configurable (network_cmd_options)bitstrings2021-02-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The mtu default value is currently forced to 65520. This let the user control it using the config key network_cmd_options, i.e.: network_cmd_options=["mtu=9000"] Signed-off-by: bitstrings <pino.silvaggio@gmail.com>
* | | | | | | | Merge pull request #9209 from edsantiago/bats_diff_workaroundOpenShift Merge Robot2021-02-03
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Gating tests: diff test: workaround for RHEL8 failure
| * | | | | | | | Gating tests: diff test: workaround for RHEL8 failureEd Santiago2021-02-02
| | |_|_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RHEL8 rootless gating tests are inconsistently failing with: $ podman diff --format json -l # {"changed":["/etc"],"added":["/sys/fs","/sys/fs/cgroup","/pMOm1Q0fnN"],"deleted":["/etc/services"]} # #/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv # #| FAIL: added # #| expected: '/pMOm1Q0fnN' # #| actual: '/sys/fs' # #| > '/sys/fs/cgroup' # #| > '/pMOm1Q0fnN' # #\^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Reason: PR #8561, I think (something to do with /sys on RHEL). Workaround: ignore '/sys/fs' in diffs. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | | | Merge pull request #9204 from baude/macvlanextraOpenShift Merge Robot2021-02-03
|\ \ \ \ \ \ \ \ | |_|_|_|/ / / / |/| | | | | | | Honor network options for macvlan networks