summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* [v3.4] bump c/common to v0.44.3Paul Holzinger2021-10-01
| | | | | | | | This fixes a bug where podman machine could create a broken config file. Fixes #11824 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11817 from mheon/bump_340OpenShift Merge Robot2021-09-30
|\ | | | | [CI:DOCS] Bump to v3.4.0
| * Bump to v3.4.1-devMatthew Heon2021-09-30
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Bump to v3.4.0v3.4.0Matthew Heon2021-09-30
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Final release notes update for v3.4.0Matthew Heon2021-09-30
|/ | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #11812 from baude/v34backportplaygenOpenShift Merge Robot2021-09-30
|\ | | | | Support selinux options with bind mounts play/gen
| * Support selinux options with bind mounts play/genBrent Baude2021-09-30
|/ | | | | | | | | | | | When using play kube and generate kube, we need to support if bind mounts have selinux options. As kubernetes does not support selinux in this way, we tuck the selinux values into a pod annotation for generation of the kube yaml. Then on play, we check annotations to see if a value for the mount exists and apply it. Fixes BZ #1984081 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #11792 from mheon/340_finalOpenShift Merge Robot2021-09-30
|\ | | | | Backports + release notes for v3.4.0 final
| * Fix release notesMatthew Heon2021-09-29
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Release notes for v3.4.0 final releaseMatthew Heon2021-09-29
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Disable docker and alias to podman in FCOS ignitionJason T. Greene2021-09-29
| | | | | | | | | | Signed-off-by: Jason Greene <jason.greene@redhat.com> Co-authored-by: Dusty Mabe <dusty@dustymabe.com>
| * [NO TESTS NEEDED] Add port configuration to first regular containerUrvashi Mohnani2021-09-29
| | | | | | | | | | | | | | | | When generating a kube yaml and there is a port configuration add the configuration to the first regular container in the pod and not to the init container. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
| * Remind user to check connection or use podman machineAshley Cui2021-09-29
| | | | | | | | | | | | | | Remind user to check their remote linux connection or use podman machine. Move the warning from bindings to cmd/podman. Signed-off-by: Ashley Cui <acui@redhat.com>
| * Ensure pod ID bucket is properly updated on renameMatthew Heon2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | As we were not updating the pod ID bucket, removing a pod with containers still in it (including the infra container, which will always suffer from this) will not properly update the name registry to remove the name of any renamed containers. This patch ensures that does not happen - all containers will be fully removed, even if renamed. Fixes #11750 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * libpod: do not call (*container).Config()Valentin Rothberg2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Access the container's config field directly inside of libpod instead of calling `Config()` which in turn creates expensive JSON deep copies. Accessing the field directly drops memory consumption of a simple `podman run --rm busybox true` from 1245kB to 410kB. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com> <MH: Fixed cherry-pick conflicts>
| * [CI:DOCS] cmd/podman: no dot for short descriptionsValentin Rothberg2021-09-29
| | | | | | | | | | | | | | Remove trailing dots in the short descriptions for the sake of consistency. Noticed while parsing `podman help`. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * System tests: speed up. They've gotten too slow.Ed Santiago2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - logs: remove unnecessary sleeps. This saves ~25s. Unfortunately, journald seems to have some sort of lag, so we need to keep retrying until we get the 'after' string. - ps: add placeholder test for once buildah 3544 is fixed - cp: bulk-kill containers when finished, instead of one by one. This is a big change and only saves about 8s per run, but hey. - mount,pause,healthcheck: 'podman stop -t 0' before rm'ing containers. Easy 50s. Have I mentioned, lately, that 'podman rm -f' needs a '-t 0' flag? - play: same, and also 'podman pod stop'. Seems to shave ~20s. - socket-activation: UGH! Buggy and useless tests! They were running "sleep 90" containers for no reason whatsoever. I assume the intention was to run them with "-d", so that's what I've done here. Also fixed some language. 180 seconds! (Unrelated: cleanup in 070-build, use $IMAGE, not alpine) Signed-off-by: Ed Santiago <santiago@redhat.com>
| * stop: Do nothing if container was never created in runtimeAditya Rajan2021-09-29
| | | | | | | | | | | | | | | | | | Following commit ensures we silently return container id on `stop` if container was never created in OCI runtime. Following behaviour ensures that we are in parity with docker. Signed-off-by: Aditya Rajan <arajan@redhat.com>
| * remote build: EvalSymlinks() the context directoryNalin Dahyabhai2021-09-29
| | | | | | | | | | | | | | Use EvalSymlinks() to find the context directory, in case there's shenanigans. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * podman machine: do not join usernsPaul Holzinger2021-09-29
| | | | | | | | | | | | | | | | | | | | | | The go logic already prevents podman from joining the userns for machine commands but the c shortcut code did not. [NO TESTS NEEDED] Fixes #11731 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * added healthcheck to ps commandSankalp Rangare2021-09-29
| | | | | | | | Signed-off-by: Sankalp Rangare <sankalprangare786@gmail.com>
| * Fix english on prune promptDaniel J Walsh2021-09-29
| | | | | | | | | | | | | | | | Google docs found this while writing Podman in Action book. [NO TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * rootful: do not set XDG_RUNTIME_DIR for cni pluginsPaul Holzinger2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The dnsname plugin tries to use XDG_RUNTIME_DIR to store files. podman run will have XDG_RUNTIME_DIR set and thus the cni plugin can use it. The problem is that XDG_RUNTIME_DIR is unset for the conmon process for rootful users. This causes issues since the cleanup process is spawned by conmon and thus not have XDG_RUNTIME_DIR set to same value as podman run. Because of it dnsname will not find the config files and cannot correctly cleanup. To fix this we should also unset XDG_RUNTIME_DIR for the cni plugins as rootful. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * Revert "rootful: unset XDG_RUNTIME_DIR"Paul Holzinger2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 91e21bed48a2ab11049ef20e9150b5be531bc50a. XDG_RUNTIME_DIR is required for the authfile path. We cannot unset it. [NO TESTS NEEDED] Fixes #11725 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * shell completion: do not show images without tagPaul Holzinger2021-09-29
| | | | | | | | | | | | | | | | | | | | | | The shell completion should only suggest arguments that work. Using a image without tag does not work in many cases. Having both the version with and without tag also forces users to press one key more because tab completion will always stop at the colon. Fixes #11673 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * Update docs for --platform in podman-build.1Nalin Dahyabhai2021-09-29
| | | | | | | | | | | | | | | | Update the descriptions of the --arch, --os, --variant, and --platform options, since the last of those hasn't been a no-op for some time, and it was recently extended to accept multiple values. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * podman generate kube should not include images commandDaniel J Walsh2021-09-29
| | | | | | | | | | | | | | | | | | If the command came from the underlying image, then we should not include it in the generate yaml file. Fixes: https://github.com/containers/podman/issues/11672 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Also show the (initial) disk sizeAnders F Björklund2021-09-29
| | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * Show cpus and memory in machine listAnders F Björklund2021-09-29
| | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * Ignore mount errors except ErrContainerUnknown when cleaningup containerDaniel J Walsh2021-09-29
| | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11207 [NO TESTS NEEDED] Since I don't know how to get into this situation. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #11773 from ashley-cui/machineconf3.4OpenShift Merge Robot2021-09-29
|\| | | | | [3.4] Backport Allow machine options to be set from containers.conf
| * Allow machine options to be set from containers.confAshley Cui2021-09-28
|/ | | | | | | | | CPUS, memory, disk size, and image path defaults can be set from [machine] table in containers.conf [NO TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* Merge pull request #11772 from ashley-cui/depsOpenShift Merge Robot2021-09-28
|\ | | | | [3.4] Vendor common v0.44.2 and buildah v1.23.1
| * Vendor in containers/buildah v1.23.1Ashley Cui2021-09-28
| | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
| * Vendor in containers/common v0.44.2Ashley Cui2021-09-28
|/ | | | | | [NO TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* Merge pull request #11726 from baude/v3.4backportkubecontextOpenShift Merge Robot2021-09-23
|\ | | | | Set context dir for play kube build
| * Set context dir for play kube buildBrent Baude2021-09-23
|/ | | | | | | | When performing an image build with play kube, we need to set the context directory so things like file copies have the correct input path. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #11723 from vrothberg/3.4-save-remove-signaturesOpenShift Merge Robot2021-09-23
|\ | | | | [3.4] podman save: enforce signature removal
| * [3.4] podman save: enforce signature removalValentin Rothberg2021-09-23
|/ | | | | | | | | | | | | | Enforce the removal of signatures in `podman save` to restore behavior prior to the migration to libimage. We may consider improving on that in the future. For details, please refer to the excellent summary by @mtrmac [1]. [NO TESTS NEEDED] - manually verified but exisiting tests need some further investigation (see [1]). [1] https://github.com/containers/podman/pull/11669#issuecomment-925250264 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #11705 from mheon/340OpenShift Merge Robot2021-09-22
|\ | | | | Release 3.4.0-rc2 (inc. backports)
| * Use a new markdown converter for sphinxPaul Holzinger2021-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Recommonmark has many issues and is deprecated. The recommended alternative is MyST-Parser. [1] The myst parser looks great, it also correctly parses tables and adds the correct links. To test locallay run: ``` cd docs rm -rf build/ \# install build deps sudo dnf install python3-sphinx && pip install myst-parser make html python -m http.server 8000 --directory build/html \# Now check in your browser if it looks good to you ``` [1] https://github.com/readthedocs/recommonmark/issues/221 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * Bump to v3.4.0-devMatthew Heon2021-09-22
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Bump to v3.4.0-rc2v3.4.0-rc2Matthew Heon2021-09-22
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Release notes for v3.4.0-RC2Matthew Heon2021-09-22
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Generate kube should'd add podman default environment varsDaniel J Walsh2021-09-22
| | | | | | | | | | | | | | | | | | | | | | | | Currently we add the default PATH, TERM and container from Podman to every kubernetes.yaml file. These values should not be recorded in the yaml files. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * sync container state before reading the healthcheckPaul Holzinger2021-09-22
| | | | | | | | | | | | | | | | | | | | The health check result is stored in the container state. Since the state can change or might not even be set we have to retrive the current state before we try to read the health check result. Fixes #11687 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * Eighty-six eighty-eightyEd Santiago2021-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (Sorry, couldn't resist). CI flakes have been coming down - thank you to everyone who has been making them a priority. This leaves a noisy subset that I've just been ignoring for months: Running: podman ... -p 8080:something ...cannot listen on the TCP port: listen tcp4 :8080: bind: address already in use Sometimes these are one-time errors resolved on 2nd try; sometimes they fail three times, forcing CI user to hit Rerun. In all cases they make noise in my flake logs, which costs me time. My assumption is that this has to do with ginkgo running random tests in parallel. Since many e2e tests simplemindedly use 8080, collisions are inevitable. Solution: simplemindedly replace 8080 with other (also arbitrarily picked) numbers. This is imperfect -- it requires human developers to pick a number NNNN and 'grep NNNN test/e2e/*' before adding new tests, which I am 100% confident ain't gonna happen -- but it's better than what we have now. Side note: I considered writing and using a RandomAvailablePort() helper, but that would still be racy. Plus, it would be a pain to interpolate strings into so many places. Finally, with this hand-tooled approach, if/when we _do_ get conflicts on port NNNN, it should be very easy to grep for NNNN, find the offending tests that reuse that port, and fix one of them. Signed-off-by: Ed Santiago <santiago@redhat.com>
| * vendor c/psgo@v1.7.1Valentin Rothberg2021-09-22
| | | | | | | | | | | | | | | | | | | | psgo added support for listing supplementary groups via two new descriptors: * `groups` for supplementary groups inside the container * `hgroups` for the counterpart on the host Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * Add a backoff and retries to retrieving exited eventMatthew Heon2021-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's a potential race around extremely short-running containers and events with journald. Events may not be written for some time (small, but appreciable) after they are received, and as such we can fail to retrieve it if there is a sufficiently short time between us writing the event and trying to read it. Work around this by just retrying, with a 0.25 second delay between retries, up to 4 times. [NO TESTS NEEDED] because I have no idea how to reproduce this race in CI. Fixes #11633 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * [CI:DOCS] Add network alias note in man pagesTomSweeneyRedHat2021-09-22
| | | | | | | | | | | | | | Adds a note about the limitation of network aliases to the man pages This should satisfy https://issues.redhat.com/browse/RUN-1189 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>