summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* systemd: compatible with rootless modeEaston Man2021-11-12
| | | | | | | - change the type to forking to allow fork. - add default.target for user systemd service Signed-off-by: Easton Man <manyang.me@outlook.com>
* Use exponential backoff when waiting for a journal entryNalin Dahyabhai2021-11-12
| | | | | | | | | When looking for a cursor that matches the first journal entry for a given container, wait and try to find it using exponential backoff. [NO NEW TESTS NEEDED] Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Pod Rm Infra Improvementscdoern2021-11-12
| | | | | | | | Made changes so that if the pod contains all exited containers and only infra is running, remove the pod. resolves #11713 Signed-off-by: cdoern <cdoern@redhat.com>
* System tests: confirm that -a and -l clashEd Santiago2021-11-12
| | | | | | ...and fix one instance where there was no check Signed-off-by: Ed Santiago <santiago@redhat.com>
* Remove infra ID from DB before removing containersMatthew Heon2021-11-12
| | | | | | | | | | | | | | | If we interrupt pod removal between removing containers and removing the whole pod, the infra ID was still in the DB, and most pod operations would try to retrieve the infra container (and would this fail). Clear the infra ID from the DB just before we remove all containers to prevent this. Fixes #12034 [NO NEW TESTS NEEDED] This is a very narrow race and I have no idea how to repro it. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Generate Kube should not print default structsDaniel J Walsh2021-11-12
| | | | | | | | | | | | | | | | | | | | If podman uses Workdir="/" or the workdir specified in the image, it should not add it to the yaml. If Podman find environment variables in the image, they should not get added to the yaml. If the container or pod do not have changes to SELinux we should not print seLinuxOpt{} If the container or pod do not change any dns options the yaml should not have a dnsOption={} If the container is not privileged it should not have privileged=false in the yaml. Fixes: https://github.com/containers/podman/issues/11995 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* fuse-overlay probably means fuse-overlayfs.Junichi Uekawa2021-11-12
| | | | | | fuse-overlayfs is usually the package name. Signed-off-by: Junichi Uekawa <dancer@debian.org>
* Replace 'an user' => 'a user'Stefan Weil2021-11-12
| | | | Signed-off-by: Stefan Weil <sw@weilnetz.de>
* Merge pull request #12269 from Luap99/backport3.4OpenShift Merge Robot2021-11-11
|\ | | | | [v3.4] backport networking fixes
| * network reload without ports should not reload portsPaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | When run as rootless the podman network reload command tries to reload the rootlessport ports because the childIP could have changed. However if the containers has no ports we should skip this instead of printing a warning. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * pod create: read network mode from configPaul Holzinger2021-11-11
|/ | | | | | | | | When we create a pod we have to parse the network mode form the config file. This is a regression in commit d28e85741f. Fixes #12207 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #12211 from vrothberg/3.4-bz-2014149OpenShift Merge Robot2021-11-08
|\ | | | | [3.4] volumes: be more tolerant and fix infinite loop
| * volumes: be more tolerant and fix infinite loopValentin Rothberg2021-11-08
|/ | | | | | | | | | | | | | | | | | | | | | Make Podman more tolerant when parsing image volumes during container creation and further fix an infinite loop when checking them. Consider `VOLUME ['/etc/foo', '/etc/bar']` in a Containerfile. While it looks correct to the human eye, the single quotes are wrong and yield the two volumes to be `[/etc/foo,` and `/etc/bar]` in Podman and Docker. When running the container, it'll create a directory `bar]` in `/etc` and a directory `[` in `/` with two subdirectories `etc/foo,`. This behavior is surprising to me but how Docker behaves. We may improve on that in the future. Note that the correct way to syntax for volumes in a Containerfile is `VOLUME /A /B /C` or `VOLUME ["/A", "/B", "/C"]`; single quotes are not supported. This change restores this behavior without breaking container creation or ending up in an infinite loop. BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2014149 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12153 from flouthoc/allow-tagging-manifest-list-3.4OpenShift Merge Robot2021-11-01
|\ | | | | [backport] tag: Support tagging manifest list instead of resolving to images.
| * [backport] tag: Support tagging manifest list instead of resolving to imagesAditya Rajan2021-11-01
|/ | | | | | | | | | Following commit makes sure when buildah tag is invoked on a manifest list, it tags the same manifest list instead of resolving to an image and tagging it. Backporting https://github.com/containers/podman/pull/12057 Signed-off-by: Aditya Rajan <arajan@redhat.com>
* Merge pull request #12040 from mheon/341_releaseOpenShift Merge Robot2021-10-20
|\ | | | | Bump to v3.4.1
| * Bump to v3.4.2-devMatthew Heon2021-10-19
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Bump to v3.4.1v3.4.1Matthew Heon2021-10-19
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Update release notes for v3.4.1Matthew Heon2021-10-19
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Fix test failures from backportsMatthew Heon2021-10-19
| | | | | | | | | | | | | | Timeouts for `podman rm` aren't in until 4.0, so we need to remove them. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * system tests: socket activation: clean upEd Santiago2021-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Multiarch folks are seeing flakes in this test. I can't reproduce them, but I did notice that the test isn't doing the best possible job of reporting failures nor of confirming what it purports to test. Major fix here is to check the exit status of each curl: if we see the flake again, that will help us track down the failure. Other fixes are just refactoring, cleanup, and disambiguation (using the random service name consistently) Signed-off-by: Ed Santiago <santiago@redhat.com>
| * Checkpoint/Restore test fixesAdrian Reber2021-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Moving to Fedora 35 showed test failures (time outs) in the test "podman checkpoint and restore container with different port mappings" The test starts a container and maps the internal port 6379 to the local port 1234 ('-p 1234:6379') and then tries to connect to localhost:1234 On Fedora 35 this failed and blocked the test because the container was not yet ready. The test was trying to connect to localhost:1234 but nothing was running there. So the error was not checkpointing related. Before trying to connect to the container the test is now waiting for the container to be ready. Another problem with this test and running ginkgo in parallel was that it was possible that the port was already in use. Now for each run a random port is selected to decrease the chance of collisions. Signed-off-by: Adrian Reber <areber@redhat.com>
| * Set targetPort to the port value in the kube yamlUrvashi Mohnani2021-10-19
| | | | | | | | | | | | | | | | | | | | When the targetPort is not defined, it is supposed to be set to the port value according to the k8s docs. Add tests for targetPort. Update tests to be able to check the Service yaml that is generated. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
| * Test-hang fix: Wait for ready + timeout on connect.Chris Evich2021-10-19
| | | | | | | | | | | | | | | | | | | | | | | | It was observed during initial F35 testing, this test can cause Ginkgo to "hang" by attempting to connect before the redis is up/listening. Fix this by confirming the ready-state before attempting to connect. Also, force IPv4 and timeout on any connection fault - to allow other tests to run. Thanks to Adrian Reber for help on this and related fixes. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Don't include ctr.log if not using file loggingDaniel J Walsh2021-10-19
| | | | | | | | | | | | | | | | | | | | Checkpoint is blowing up when you use --log-driver=none [NO NEW TESTS NEEDED] No way currently to test checkpoint restore. Fixes: https://github.com/containers/podman/issues/11974 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Do not add TCP to protocol in generated kube yamlUrvashi Mohnani2021-10-19
| | | | | | | | | | | | | | | | | | | | As the default protocol in k8s is TCP, don't add it to the generate yaml when using protocol. Add UDP to the protocol of the generated yaml when udp is being used. Add tests for this as well. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
| * Don't use docker/pkg/archive, use containers/storage/pkg/archiveDaniel J Walsh2021-10-19
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Fix panic in container create compat apiPaul Holzinger2021-10-19
| | | | | | | | | | | | | | | | | | The bind and tmpfs options can be nil, we have to check that before we try to use it. Fixes #11961 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * Don't add image entrypoint to the generate kube yamlUrvashi Mohnani2021-10-19
| | | | | | | | | | | | | | | | | | | | | | | | If no entrypoint or command is set in the podman create command, and the image command or entrypoint is being used as the default, then do not add the image command or entrypoint to the generated kube yaml. Kubernetes knows to default to the image command and/or entrypoint settings when not defined in the kube yaml. Add and modify tests for this case. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
| * Kube Gen run as user/group issuescdoern2021-10-19
| | | | | | | | | | | | | | | | | | Removed the inclusion of RunAsUser or RunAsGroup unless a container is run with the --user flag. When building from an image the user will be pulled from there anyway resolves #11914 Signed-off-by: cdoern <cdoern@redhat.com>
| * No space in kube annotations for bind mountsBrent Baude2021-10-19
| | | | | | | | | | | | | | | | | | | | | | Kubernetes fails to deal with an annotation that has a space in it. Trim these strings to remove spaces. Fixes: #11929 Signed-off-by: Brent Baude <bbaude@redhat.com> [NO TESTS NEEDED]
| * cgroups: use cgroup.controllers to read controllersGiuseppe Scrivano2021-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | use the cgroup.controllers file instead of cgroup.subtree_control to read the list of controllers available in the current cgroup. Closes: https://github.com/containers/podman/issues/11931 [NO TESTS NEEDED] we have disabled this test in the CI because it is difficult to know what controllers are going to be enabled for rootless under all conditions we test. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * Use SplitN(2) when copying env variablesJhon Honce2021-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | Environment variables whose value contained an equal sign where truncated Fixes #11891 Signed-off-by: Jhon Honce <jhonce@redhat.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * [CI:DOCS] Include manifest example usageChris Evich2021-10-19
| | | | | | | | | | | | Fixes #8872 Signed-off-by: Chris Evich <cevich@redhat.com>
| * podman stats: move cgroup validation to serverPaul Holzinger2021-10-19
| | | | | | | | | | | | | | | | | | | | | | | | Podman stats is not supported for rootless cgroupv1 setups. The check for this must be on the server side and not the client. [NO NEW TESTS NEEDED] we cannot test this because remote and server are always on the same machine in CI Fixes #11909 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * [CI:DOCS] oci-hooks.5.md: fixup section in headerReinhard Tartler2021-10-19
| | | | | | | | | | | | This fixes the autodetection of where to install the manpages Signed-off-by: Reinhard Tartler <siretart@tauware.de>
| * Change podman.1 man page to show corret log-level defaultDaniel J Walsh2021-10-19
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Add podman-plugins to upstream imageMatthew Mosesohn2021-10-19
| | | | | | | | | | | | | | | | Fixes #11380 Replaces https://github.com/containers/podman/pull/11385 Originally subbmitted by @mattymo Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Ensure `podman ps --sync` functionsMatthew Heon2021-10-19
| | | | | | | | | | | | | | | | | | | | | | | | The backend for `ps --sync` has been nonfunctional for a long while now - probably since v2.0. It's questionable how useful the flag is in modern Podman (the original case it was intended to catch, Conmon gone via SIGKILL, should be handled now via pinging the process with a signal to ensure it's still alive) but having the ability to force a refresh of container state from the OCI runtime is still useful. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Allow `podman stop` to be run on Stopping containersMatthew Heon2021-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows you to stop a container after a `podman stop` process started, but did not finish, stopping the container (probably an ignored stop signal, with no time to SIGKILL?). This is a very narrow case, but once you're in it the only way to recover is a `podman rm -f` of the container or extensive manual remediation (you'd have to kill the container yourself, manually, and then force a `podman ps --all --sync` to update its status from the OCI runtime). [NO NEW TESTS NEEDED] I have no idea how to verify this one - we need to test that it actually started *during* the other stop command, and that's nontrivial. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * libpod: fix race when closing STDINPaul Holzinger2021-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a race where `conn.Close()` was called before `conn.CloseWrite()`. In this case `CloseWrite` will fail and an useless error is printed. To fix this we move the the `CloseWrite()` call to the same goroutine to remove the race. This ensures that `CloseWrite()` is called before `Close()` and never afterwards. Also fixed podman-remote run where the STDIN was never was closed. This is causing flakes in CI testing. [NO TESTS NEEDED] Fixes #11856 Signed-off-by: Paul Holzinger <pholzing@redhat.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * It really should be no **NEW** tests neededEd Santiago2021-10-19
| | | | | | | | | | | | | | | | | | | | | | | | Accept both "NO TESTS NEEDED" and "NO NEW TESTS NEEDED". That was a usability mistake I made on Day One. Fixed it in Buildah but oops never got around to fixing it here. Also, fix the test suite script: remove a no-longer-working test case (changelog.txt, removed in #11467) and add a new test for commits that include the magic string. Signed-off-by: Ed Santiago <santiago@redhat.com>
| * Add guard for BuildOptions.CommonBuildOptsJhon Honce2021-10-19
| | | | | | | | | | | | | | Existing images.Build() bindings code panicked when field was not initialized. Signed-off-by: Jhon Honce <jhonce@redhat.com>
| * machine: silently cleanup dangling sockets before rm if possibleAditya Rajan2021-10-19
| | | | | | | | | | | | | | | | | | Try to cleanup dandling pid and machine socket if possible silently before `rm`. [NO TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
| * sdnotify test: accept MAINPID anywhereEd Santiago2021-10-19
| | | | | | | | | | | | | | | | | | | | systemd sometimes spits out lines in the wrong order. Deal with it. This fixes an infrequent flake that I haven't filed because I didn't understand it well enough. (Hence, this reduces BUGS but does not reduce BUG COUNT. Sorry!) Signed-off-by: Ed Santiago <santiago@redhat.com>
| * Allow a value of -1 to set unlimited pids limitUrvashi Mohnani2021-10-19
|/ | | | | | | | | Users can set --pids-limit to -1 now to set unlimited pids limit for a container - this matches the convention. [NO TESTS NEEDED] Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* Merge pull request #11853 from edsantiago/bats_permission_fixOpenShift Merge Robot2021-10-04
|\ | | | | [v3.4] bats permission fix
| * Gating tests: fix permissions errorEd Santiago2021-10-04
|/ | | | | | | | ...in volume test. Looks like Bodhi gating tests run from a nonwritable directory. I feel really stupid for not realizing this when I first tried to fix this bug two weeks ago. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #11832 from Luap99/common-v0.44.3OpenShift Merge Robot2021-10-01
|\ | | | | [v3.4] bump c/common to v0.44.3
| * [v3.4] bump c/common to v0.44.3Paul Holzinger2021-10-01
|/ | | | | | | | This fixes a bug where podman machine could create a broken config file. Fixes #11824 Signed-off-by: Paul Holzinger <pholzing@redhat.com>