summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #6813 from mheon/system_service_noteOpenShift Merge Robot2020-06-29
|\ | | | | Add a note on the APIs supported by `system service`
| * Add a note on the APIs supported by `system service`Matthew Heon2020-06-29
|/ | | | | | | | This makes it clear that we target compatibility with a specific Docker version (v1.40), but do not reject other versions. It also adds a link to documentation on the Podman-specific API. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #6808 from mheon/allow_empty_hostportOpenShift Merge Robot2020-06-29
|\ | | | | Allow empty host port in --publish flag
| * Allow empty host port in --publish flagMatthew Heon2020-06-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I didn't believe that this was actually legal, but it looks like it is. And, unlike our previous understanding (host port being empty means just use container port), empty host port actually carries the same meaning as `--expose` + `--publish-all` (that is, assign a random host port to the given container port). This requires a significant rework of our port handling code to handle this new case. I don't foresee this being commonly used, so I optimized having a fixed port number as fast path, which this random assignment code running after the main port handling code only if necessary. Fixes #6806 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6794 from baude/v2remotewindowsterminalOpenShift Merge Robot2020-06-29
|\ \ | | | | | | Set console mode for windows
| * | Set console mode for windowsBrent Baude2020-06-29
| | | | | | | | | | | | | | | | | | Windows terminal handling is different than darwin and linux. It needs to have the terminal mode set to enable virtual terminal processing. This allows colors and other things to work. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6810 from vrothberg/auto-update-testOpenShift Merge Robot2020-06-29
|\ \ \ | | | | | | | | systemd system test: run auto-update
| * | | systemd system test: run auto-updateValentin Rothberg2020-06-29
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Run `podman auto-update` in the systemd system tests. Note that this is a first step to at least exercise parts of `auto-update` in the CI. The service won't get updated just yet as we need to set up a local registry, and push a new image. I do not have enough time at the moment to do that but consider this change already as an improvement. We are experiencing some issues in #6793 w.r.t. to auto-updates but couldn't track down the root cause yet. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6716 from jwhonce/issues/6598OpenShift Merge Robot2020-06-29
|\ \ \ | | | | | | | | Fixes --remote flag issues
| * | | Fixes --remote flag issuesJhon Honce2020-06-26
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * --remote, --url and --identity are now anchored to podman command. Subcommands should no longer have issues * TraverseChildren now set to V1 expectations * Latest flag now has helper function. Now has consistent usage. * IsRemote() uses cobra parser to determin if --remote is given * Moved validation functions from parser pkg to validate pkg * Fixes #6598 Fixes #6704 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #6666 from giuseppe/conmon-delegateOpenShift Merge Robot2020-06-29
|\ \ \ | |_|/ |/| | podman: add new cgroup mode split
| * | podman: add new cgroup mode splitGiuseppe Scrivano2020-06-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running under systemd there is no need to create yet another cgroup for the container. With conmon-delegated the current cgroup will be split in two sub cgroups: - supervisor - container The supervisor cgroup will hold conmon and the podman process, while the container cgroup is used by the OCI runtime (using the cgroupfs backend). Closes: https://github.com/containers/libpod/issues/6400 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #6783 from edsantiago/batsOpenShift Merge Robot2020-06-29
|\ \ \ | | | | | | | | system tests: add pod, inspect testing
| * | | system tests: add pod, inspect testingEd Santiago2020-06-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to #6761: confirm that 'podman ps' shows the ports on a running container in a pod created with -p (not to be confused with the container itself running with -p, tested in 500-networking.bats). While we're at it, test that the port handling itself works, by sending random text to the container and making sure the container receives it. Followup to #6752: 'podman inspect' should show multiple security opts Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #6763 from maxm123/masterOpenShift Merge Robot2020-06-29
|\ \ \ \ | | | | | | | | | | Fix error handling problem in APIv2 network remove
| * | | | Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound ↵Maximilian Müller2020-06-27
| | |_|/ | |/| | | | | | | | | | | | | | | | | | instead of nil Signed-off-by: Maximilian Müller <maxm123@techie.com>
* | | | Merge pull request #6768 from vrothberg/fix-6766OpenShift Merge Robot2020-06-29
|\ \ \ \ | | | | | | | | | | generate systemd: improve pod-flags filter
| * | | | generate systemd: improve pod-flags filterValentin Rothberg2020-06-25
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When generating systemd unit for pods, we need to remove certain pod-related flags from the containers' create commands. Make sure to account for all the syntax including a single argument with key and value being split by `=`. Fixes: #6766 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #6791 from mheon/fix_service_umaskOpenShift Merge Robot2020-06-29
|\ \ \ \ | |_|/ / |/| | | Ensure umask is set appropriately for 'system service'
| * | | Ensure umask is set appropriately for 'system service'Matthew Heon2020-06-26
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need a umask of 0022 to ensure containers are created correctly, but we set a different one prior to starting the server (to ensure the unix socket has the right permissions). Thus, we need to set the umask after the socket has been bound, but before the server begins accepting requests. Fixes #6787 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6767 from vrothberg/sec-opt-testOpenShift Merge Robot2020-06-26
|\ \ \ | | | | | | | | e2e inspect: HostConfig.SecurityOpt
| * | | e2e inspect: HostConfig.SecurityOptValentin Rothberg2020-06-25
| |/ / | | | | | | | | | | | | | | | | | | Make sure that all specified security options are displayed in a container's inspect data. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6786 from rhafer/rootless_rlimitOpenShift Merge Robot2020-06-26
|\ \ \ | | | | | | | | specgen: fix order for setting rlimits
| * | | specgen: fix order for setting rlimitsRalf Haferkamp2020-06-26
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also make sure that the limits we set for rootless are not higher than what we'd set for root containers. Rootless containers failed to start when the calling user already had ulimit (e.g. on NOFILE) set. This is basically a cherry-pick of 76f8efc0d0d into specgen Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
* | | Merge pull request #6756 from mheon/add_dangling_filterOpenShift Merge Robot2020-06-26
|\ \ \ | | | | | | | | Add support for dangling filter to volumes
| * | | Add support for dangling filter to volumesMatthew Heon2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The dangling filter determine whether a volume is dangling - IE, it has no containers attached using it. Unlike our other filters, this one is a boolean - must be true or false, not arbitrary values. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #6779 from jwhonce/wip/configOpenShift Merge Robot2020-06-25
|\ \ \ \ | | |_|/ | |/| | Revert sending --remote flag to containers
| * | | Revert sending --remote flag to containersJhon Honce2020-06-25
|/ / / | | | | | | | | | | | | | | | * quick --remote fix, sent --remote to ctnrs as argument Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #6761 from mheon/fix_ps_portmappingsOpenShift Merge Robot2020-06-25
|\ \ \ | | | | | | | | Print port mappings in `ps` for ctrs sharing network
| * | | Print port mappings in `ps` for ctrs sharing networkMatthew Heon2020-06-24
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | In Podman v1.9, we printed port mappings for the container, even if it shared its network namespace (and thus ports) with another container. We regressed on this in Podman v2.0, which is fixed here. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6748 from rhatdan/windowsOpenShift Merge Robot2020-06-25
|\ \ \ | | | | | | | | Add containers.conf default file for windows and MAC Installs
| * | | Add containers.conf default file for windows and MAC InstallsDaniel J Walsh2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We want to add this configuration file so that users can descover how to configure the permanent connection to a remote podman instance. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6775 from vrothberg/vendor-commonOpenShift Merge Robot2020-06-25
|\ \ \ \ | | | | | | | | | | vendor github.com/containers/common@v0.14.3
| * | | | vendor github.com/containers/common@v0.14.3Valentin Rothberg2020-06-25
|/ / / / | | | | | | | | | | | | | | | | | | | | Includes several fixes for config parsing and AppArmor. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #6760 from jwhonce/wip/pythonOpenShift Merge Robot2020-06-25
|\ \ \ \ | | | | | | | | | | Fix podman python docker-py tests
| * | | | Fix python dockerpy testsJhon Honce2020-06-24
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactor packaging so unittest discovery works * Refactor tests to use python3-docker.rpm that ships with Fedora32 * Flush image cache between tests suites * Update documentation to reflect changes Outstanding issue: * client.get_image() does not fail if image does not exist Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #6771 from vrothberg/fix-6770OpenShift Merge Robot2020-06-25
|\ \ \ \ | | | | | | | | | | systemd generate: allow manual restart of container units in pods
| * | | | systemd generate: allow manual restart of container units in podsValentin Rothberg2020-06-25
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | Allow manual restarts of container units that are part of a pod. This allows for configuring these containers for auto updates. Fixes: #6770 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #6754 from edsantiago/man_page_xrefOpenShift Merge Robot2020-06-25
|\ \ \ \ | | | | | | | | | | Docs: consistency between man / --help
| * | | | Docs: consistency between man / --helpEd Santiago2020-06-24
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New functionality in hack/man-page-checker: start cross- referencing the man page 'Synopsis' line against the output of 'podman foo --help'. This is part 1, flag/option consistency. Part 2 (arg consistency) is too big and will have to wait for later. flag/option consistency means: if 'podman foo --help' includes the string '[flags]' in the Usage message, make sure the man page includes '[*options*]' in its Synopsis line, and vice-versa. This found several inconsistencies, which I've fixed. While doing this I realized that Cobra automatically includes a 'Flags:' subsection in its --help output for all subcommands that have defined flags. This is great - it lets us cross-check against the usage synopsis, and make sure that '[flags]' is present or absent as needed, without fear of human screwups. If a flag-less subcommand ever gets extended with flags, but the developer forgets to add '[flags]' and remove DisableFlagsInUseLine, we now have a test that will catch that. (This, too, caught two instances which I fixed). I don't actually know if the new man-page-checker functionality will work in CI: I vaguely recall that it might run before 'make podman' does; and also vaguely recall that some steps were taken to remedy that. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #6751 from vrothberg/fix-6744OpenShift Merge Robot2020-06-25
|\ \ \ \ | |_|/ / |/| | | podman run/create: support all transports
| * | | Merge pull request #2 from edsantiago/pr6751-testValentin Rothberg2020-06-25
| |\ \ \ | | | | | | | | | | Friendly amendment for pr 6751
| | * | | Friendly amendment for pr 6751Ed Santiago2020-06-24
| |/ / / | | | | | | | | | | | | | | | | | | | | More robust system test for podman run/create docker-archive Signed-off-by: Ed Santiago <santiago@redhat.com>
| * | | podman run/create: support all transportsValentin Rothberg2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support all image transports in podman run/create. It seems we regressed with v2 on that. Also add tests to make sure we're not regressing again. Fixes: #6744 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #6713 from mheon/debug_levelOpenShift Merge Robot2020-06-25
|\ \ \ \ | | | | | | | | | | Set syslog for exit commands on log-level=debug
| * | | | Set syslog for exit commands on log-level=debugMatthew Heon2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have a flag, --syslog, for telling logrus to log to syslog as well as to the terminal. Previously, this flag also set the exit command for containers to use `--syslog` (otherwise all output from exit commands is lost). I attempted to replicate this with Podman v2.0, but quickly ran into circular import hell (the flag is defined in cmd/podman, I needed it in cmd/podman/containers, cmd/podman imports cmd/podman/containers already, etc). Instead, let's just set the syslog flag automatically on `--log-level=debug` so we log exit commands automatically when debug-level logs are requested. This is consistent with Conmon and seems to make sense. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #6752 from rhatdan/inspectOpenShift Merge Robot2020-06-24
|\ \ \ \ \ | |_|_|_|/ |/| | | | Fix inspect to display multiple label: changes
| * | | | Fix inspect to display multiple label: changesDaniel J Walsh2020-06-24
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the user runs a container like podman run --security-opt seccomp=unconfined --security-opt label=type:spc_t --security-opt label=level:s0 ... Podman inspect was only showing the second option This change will show "SecurityOpt": [ "label=type:spc_t,label=level:s0:c60", "seccomp=unconfined" ], Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6753 from giuseppe/drop-default-mapping-1-1OpenShift Merge Robot2020-06-24
|\ \ \ \ | |_|/ / |/| | | utils: drop default mapping when running uid!=0
| * | | utils: drop default mapping when running uid!=0Giuseppe Scrivano2020-06-24
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | this is a leftover from the first implementation of rootless. This code is never hit by podman rootless anymore as podman automatically creates a user namespace now. Fixes an issue with podman remote when used with uid != 0. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-18 06:34:04 +0000