summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Add parallel execution code for container operationsMatthew Heon2020-06-05
| | | | | | | | This code will run container operations in parallel, up to a given maximum number of threads. Currently, it has only been enabled for local `podman rm` as a proof of concept. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6492 from mheon/bump-2.0.0-rc4OpenShift Merge Robot2020-06-04
|\ | | | | [CI:DOCS] Bump to v2.0.0-RC4
| * Bump to v2.0.0-devMatthew Heon2020-06-04
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Bump to v2.0.0-rc4v2.0.0-rc4Matthew Heon2020-06-04
|/ | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #6491 from vrothberg/fix-6490OpenShift Merge Robot2020-06-04
|\ | | | | /images/.../json: fix port parsing
| * /images/.../json: fix port parsingValentin Rothberg2020-06-04
| | | | | | | | | | | | | | | | | | | | Fix a bug when parsing the `ExposedPorts` of the image that lead to panics when the field was set. The OCI image spec allows three valid formats: `tcp/port`, `udp/port` and `port` Fixes: #6490 Reported-by: @jgallucci32 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6489 from edsantiago/batsOpenShift Merge Robot2020-06-04
|\ \ | | | | | | BATS and APIv2: more tests and tweaks
| * | BATS and APIv2: more tests and tweaksEd Santiago2020-06-03
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - (minor): apiv2 tests: check for full ID Observation made while reviewing #6461: tests were checking only for a 12-character container/image ID in return value. It's actually 64, and we should test for that. This should also minimize confusion in a future maintainer. - podman pause/unpause: new test Runs a 'date/sleep' loop, pauses container, sleeps 3s, restarts, then confirms that there's a 3- to 6-second gap in the logs for the container. - podman healthcheck: new test run a container with healthcheck, test both healthy and unhealthy conditions - podman pod: check '{{.Pod}}' field in podman ps Hey, as long as we have a pod with two running containers, might as well confirm that 'podman ps' returns the expected pod ID. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #6485 from QiWang19/remote-ignoreOpenShift Merge Robot2020-06-04
|\ \ | | | | | | fix remote test --ignore & turn on more tests
| * | fix remote test --ignore & turn on more testsQi Wang2020-06-03
| | | | | | | | | | | | | | | | | | fix remote test --ignore & turn on more tests Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #6481 from QiWang19/rm-test-stopOpenShift Merge Robot2020-06-04
|\ \ \ | | | | | | | | turn on remote stop_test
| * | | turn on remote stop_testQi Wang2020-06-03
| | | | | | | | | | | | | | | | | | | | | | | | turn on stop_test --cidfile Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #6470 from mheon/fix_stats_nonetOpenShift Merge Robot2020-06-04
|\ \ \ \ | | | | | | | | | | Properly follow linked namespace container for stats
| * | | | Properly follow linked namespace container for statsMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman containers can specify that they get their network namespace from another container. This is automatic in pods, but any container can do it. The problem is that these containers are not guaranteed to have a network namespace of their own; it is perfectly valid to join the network namespace of a --net=host container, and both containers will end up in the host namespace. The code for obtaining network stats did not account for this, and could cause segfaults as a result. Fortunately, the fix is simple - the function we use to get said stats already performs appropriate checks, so we just need to recursively call it. Fixes #5652 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #6486 from baude/v2infoaddsocketOpenShift Merge Robot2020-06-04
|\ \ \ \ \ | | | | | | | | | | | | add socket information to podman info
| * | | | | add socket information to podman infoBrent Baude2020-06-03
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | this is step 1 to self-discovery of remote ssh connections. we add a remotesocket struct to info to detect what the socket path might be. Co-authored-by: Jhon Honce <jhonce@redhat.com> Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #6404 from ↵OpenShift Merge Robot2020-06-04
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/conmon-2.0.17incompatible Bump github.com/containers/conmon from 2.0.16+incompatible to 2.0.17+incompatible
| * | | | | Bump github.com/containers/conmonDaniel J Walsh2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/conmon](https://github.com/containers/conmon) from 2.0.16+incompatible to 2.0.17+incompatible. - [Release notes](https://github.com/containers/conmon/releases) - [Changelog](https://github.com/containers/conmon/blob/master/changelog.txt) - [Commits](https://github.com/containers/conmon/compare/v2.0.16...v2.0.17) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #6484 from rhatdan/namespaceOpenShift Merge Robot2020-06-04
|\ \ \ \ \ \ | | | | | | | | | | | | | | Namespace fields were set with bogus values
| * | | | | | Namespace fields were set with bogus valuesDaniel J Walsh2020-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Namespace fields were being set with their option names unless overriden by the user. This was causing issues with podman-remote on userns. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | Merge pull request #6476 from eriksjolund/add_some_CVE_entries_to_changelog.txtOpenShift Merge Robot2020-06-04
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Add a few CVE entries to changelog.txt
| * | | | | | | Add a few CVE entries to changelog.txtErik Sjölund2020-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the following CVE entries CVE-2020-1726 CVE-2020-10696 CVE-2019-18466 to changelog.txt Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | | | | | Merge pull request #6482 from mheon/split_inspectOpenShift Merge Robot2020-06-04
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Ensure that image/container inspect are specialized
| * | | | | | | | Ensure that image/container inspect are specializedMatthew Heon2020-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are currently able to inspect images with `podman container inspect` and containers with `podman image inspect` and neither of those seem correct. This ensures that the appropriate flags, and only the appropriate flags, are available for each specialized exec, and they can only inspect the specific type they were intended to. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | | | | Merge pull request #6487 from rhatdan/VENDOROpenShift Merge Robot2020-06-04
|\ \ \ \ \ \ \ \ \ | |_|_|_|_|_|_|_|/ |/| | | | | | | | Vendor in container/storage v1.20.2
| * | | | | | | | Vendor in container/storage v1.20.2Daniel J Walsh2020-06-03
|/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also modify gate Dockerfile to take advantage of skipping mounting of the storage directory. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | | Merge pull request #6478 from rhatdan/abisupportOpenShift Merge Robot2020-06-03
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Remove use of ABISupport buildtag
| * | | | | | | | Remove use of ABISupport buildtagDaniel J Walsh2020-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to default to building podman. If you specify no build tags you will not build podman, not podman-remote. Just using remote flag to indicate podman-remote and !remote for podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | | | Merge pull request #6483 from mheon/cleanup_on_stopOpenShift Merge Robot2020-06-03
|\ \ \ \ \ \ \ \ \ | |_|_|_|/ / / / / |/| | | | | | | | When stopping containers locally, ensure cleanup runs
| * | | | | | | | When stopping containers locally, ensure cleanup runsMatthew Heon2020-06-03
| | |_|_|_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The cleanup process was already running and ensuring that mounts and networking configuration was cleaned up on container stop, but this was async from the actual `podman stop` command which breaks some expectations - the container is still mounted at the end of `podman stop` and will be cleaned up soon, but not immediately. Fortunately, it's a trivial change to resolve this. Fixes #5747 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | | | Merge pull request #6461 from chuanchang/add_contaner_cases_for_apiv2OpenShift Merge Robot2020-06-03
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | test.apiv2: add test cases for committing an image from a container
| * | | | | | | test.apiv2: add test cases for committing an image from a containerAlex Jia2020-06-03
| | |_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Testing query parameters: container, repo, tag, comment, author, changes and pause. Signed-off-by: Alex Jia <chuanchang.jia@gmail.com>
* | | | | | | Merge pull request #6465 from rhatdan/remoteOpenShift Merge Robot2020-06-03
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | Add more Remote tests
| * | | | | | Add more Remote testsDaniel J Walsh2020-06-03
| |/ / / / / | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #6469 from jwhonce/wip/authOpenShift Merge Robot2020-06-03
|\ \ \ \ \ \ | | | | | | | | | | | | | | V2 Add support for ssh authentication methods
| * | | | | | V2 Add support for ssh authentication methodsJhon Honce2020-06-03
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * podman --remote ssh://<user>:<password>@<host>:<port><path> * podman --remote ssh://<user>:<password>@<host>:<port><path> \ --identity <path> --passphrase <phrase> * ssh-add <key> podman --remote ssh://<user>@<host><path> * Fix `podman help` to run even if podman missing components * Prompt for passphrase on stdin IFF key is protected and passphrase not given via any other configuration * cobra flags do not support optional value flags therefore refactored --remote to be a boolean and --url will now contain the URI to Podman service Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | Merge pull request #6473 from mheon/fix_inspect_segfaultOpenShift Merge Robot2020-06-03
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Fix a segfault in `podman inspect -l` w/ no containers
| * | | | | Fix a segfault in `podman inspect -l` w/ no containersMatthew Heon2020-06-02
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We also need to rework container/image inspect to be separate, but that can happen in another PR. Fixes #6472 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #6477 from rhatdan/specOpenShift Merge Robot2020-06-03
|\ \ \ \ \ | |_|_|/ / |/| | | | RHEL8 and Centos8 don't have oci-runtime yet
| * | | | RHEL8 and Centos8 don't have oci-runtime yetDaniel J Walsh2020-06-03
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | For the time being we need to just require runc this should fix rdoproject.org/github-check Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6474 from QiWang19/remote-cidfile-testOpenShift Merge Robot2020-06-03
|\ \ \ \ | |/ / / |/| | | Turn on remote rm_test
| * | | Turn on remote rm_test --cidfileQi Wang2020-06-02
|/ / / | | | | | | | | | | | | | | | Turn on remote rm_test --cidfile Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #6471 from mheon/troubleshooting_77OpenShift Merge Robot2020-06-03
|\ \ \ | | | | | | | | Remove reference to "upcoming" RHEL 7.7
| * | | Remove reference to "upcoming" RHEL 7.7Matthew Heon2020-06-02
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | 7.7 has been released for a while now, so change troubleshooting reference to indicate that. Fixes #6349 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6468 from mheon/remote_detached_execOpenShift Merge Robot2020-06-03
|\ \ \ | | | | | | | | Enable detached exec for remote
| * | | Bump Conmon in COPR specMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | | We need 2.0.17 for detached remote exec. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Enable detached exec for remoteMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The biggest obstacle here was cleanup - we needed a way to remove detached exec sessions after they exited, but there's no way to tell if an exec session will be attached or detached when it's created, and that's when we must add the exit command that would do the removal. The solution was adding a delay to the exit command (5 minutes), which gives sufficient time for attached exec sessions to retrieve the exit code of the session after it exits, but still guarantees that they will be removed, even for detached sessions. This requires Conmon 2.0.17, which has the new `--exit-delay` flag. As part of the exit command rework, we can drop the hack we were using to clean up exec sessions (remove them as part of inspect). This is a lot cleaner, and I'm a lot happier about it. Otherwise, this is just plumbing - we need a bindings call for detached exec, and that needed to be added to the tunnel mode backend for entities. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #6467 from baude/v2windowsenvOpenShift Merge Robot2020-06-02
|\ \ \ \ | |_|/ / |/| | | make env handling os dependent
| * | | make env handling os dependentBrent Baude2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | | environment variables are handled differently on windows vs linux. here we split them to be handled but no actually processing of windows environment variables was done. it can be added for future. hoowever, now we dont get errors on windows about processing them. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #6435 from QiWang19/uidOpenShift Merge Robot2020-06-02
|\ \ \ \ | | | | | | | | | | check --user range for rootless containers