| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
This fixes a bug where podman machine could create a broken config file.
Fixes #11824
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\
| |
| | |
[CI:DOCS] Bump to v3.4.0
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|/
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\
| |
| | |
Support selinux options with bind mounts play/gen
|
|/
|
|
|
|
|
|
|
|
|
|
| |
When using play kube and generate kube, we need to support if bind
mounts have selinux options. As kubernetes does not support selinux in
this way, we tuck the selinux values into a pod annotation for
generation of the kube yaml. Then on play, we check annotations to see
if a value for the mount exists and apply it.
Fixes BZ #1984081
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\
| |
| | |
Backports + release notes for v3.4.0 final
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| | |
Signed-off-by: Jason Greene <jason.greene@redhat.com>
Co-authored-by: Dusty Mabe <dusty@dustymabe.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
When generating a kube yaml and there is a port configuration
add the configuration to the first regular container in the pod
and not to the init container.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
Remind user to check their remote linux connection or use podman
machine. Move the warning from bindings to cmd/podman.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As we were not updating the pod ID bucket, removing a pod with
containers still in it (including the infra container, which will
always suffer from this) will not properly update the name
registry to remove the name of any renamed containers. This
patch ensures that does not happen - all containers will be fully
removed, even if renamed.
Fixes #11750
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Access the container's config field directly inside of libpod instead of
calling `Config()` which in turn creates expensive JSON deep copies.
Accessing the field directly drops memory consumption of a simple
`podman run --rm busybox true` from 1245kB to 410kB.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
<MH: Fixed cherry-pick conflicts>
|
| |
| |
| |
| |
| |
| |
| | |
Remove trailing dots in the short descriptions for the sake of
consistency. Noticed while parsing `podman help`.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- logs: remove unnecessary sleeps. This saves ~25s.
Unfortunately, journald seems to have some sort of lag,
so we need to keep retrying until we get the 'after' string.
- ps: add placeholder test for once buildah 3544 is fixed
- cp: bulk-kill containers when finished, instead of one by one.
This is a big change and only saves about 8s per run, but hey.
- mount,pause,healthcheck: 'podman stop -t 0' before rm'ing containers.
Easy 50s.
Have I mentioned, lately, that 'podman rm -f' needs a '-t 0' flag?
- play: same, and also 'podman pod stop'. Seems to shave ~20s.
- socket-activation: UGH! Buggy and useless tests! They were
running "sleep 90" containers for no reason whatsoever. I
assume the intention was to run them with "-d", so that's
what I've done here. Also fixed some language. 180 seconds!
(Unrelated: cleanup in 070-build, use $IMAGE, not alpine)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Following commit ensures we silently return container id on `stop` if
container was never created in OCI runtime.
Following behaviour ensures that we are in parity with docker.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
Use EvalSymlinks() to find the context directory, in case there's
shenanigans.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The go logic already prevents podman from joining the userns for machine
commands but the c shortcut code did not.
[NO TESTS NEEDED]
Fixes #11731
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Sankalp Rangare <sankalprangare786@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Google docs found this while writing Podman in Action book.
[NO TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The dnsname plugin tries to use XDG_RUNTIME_DIR to store files.
podman run will have XDG_RUNTIME_DIR set and thus the cni plugin can use
it. The problem is that XDG_RUNTIME_DIR is unset for the conmon process
for rootful users. This causes issues since the cleanup process is spawned
by conmon and thus not have XDG_RUNTIME_DIR set to same value as podman run.
Because of it dnsname will not find the config files and cannot correctly
cleanup.
To fix this we should also unset XDG_RUNTIME_DIR for the cni plugins as
rootful.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 91e21bed48a2ab11049ef20e9150b5be531bc50a.
XDG_RUNTIME_DIR is required for the authfile path. We cannot unset it.
[NO TESTS NEEDED]
Fixes #11725
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The shell completion should only suggest arguments that work. Using a
image without tag does not work in many cases. Having both the version
with and without tag also forces users to press one key more because
tab completion will always stop at the colon.
Fixes #11673
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Update the descriptions of the --arch, --os, --variant, and --platform
options, since the last of those hasn't been a no-op for some time, and
it was recently extended to accept multiple values.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the command came from the underlying image, then we should
not include it in the generate yaml file.
Fixes: https://github.com/containers/podman/issues/11672
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
| |
| |
| |
| |
| | |
[NO TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| |
| |
| |
| |
| |
| | |
[NO TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes: https://github.com/containers/podman/issues/11207
[NO TESTS NEEDED] Since I don't know how to get into this situation.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\|
| |
| | |
[3.4] Backport Allow machine options to be set from containers.conf
|
|/
|
|
|
|
|
|
|
| |
CPUS, memory, disk size, and image path defaults can be set from
[machine] table in containers.conf
[NO TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\
| |
| | |
[3.4] Vendor common v0.44.2 and buildah v1.23.1
|
| |
| |
| |
| |
| |
| | |
[NO TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|/
|
|
|
|
| |
[NO TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\
| |
| | |
Set context dir for play kube build
|
|/
|
|
|
|
|
|
| |
When performing an image build with play kube, we need to set the
context directory so things like file copies have the correct input
path.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\
| |
| | |
[3.4] podman save: enforce signature removal
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enforce the removal of signatures in `podman save` to restore behavior
prior to the migration to libimage. We may consider improving on that
in the future. For details, please refer to the excellent summary by
@mtrmac [1].
[NO TESTS NEEDED] - manually verified but exisiting tests need some
further investigation (see [1]).
[1] https://github.com/containers/podman/pull/11669#issuecomment-925250264
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Release 3.4.0-rc2 (inc. backports)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Recommonmark has many issues and is deprecated. The recommended
alternative is MyST-Parser. [1]
The myst parser looks great, it also correctly parses tables and adds the
correct links.
To test locallay run:
```
cd docs
rm -rf build/
\# install build deps
sudo dnf install python3-sphinx && pip install myst-parser
make html
python -m http.server 8000 --directory build/html
\# Now check in your browser if it looks good to you
```
[1] https://github.com/readthedocs/recommonmark/issues/221
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently we add the default PATH, TERM and container from Podman
to every kubernetes.yaml file. These values should not be recorded
in the yaml files.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The health check result is stored in the container state. Since the
state can change or might not even be set we have to retrive the current
state before we try to read the health check result.
Fixes #11687
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(Sorry, couldn't resist).
CI flakes have been coming down - thank you to everyone who has
been making them a priority.
This leaves a noisy subset that I've just been ignoring for months:
Running: podman ... -p 8080:something
...cannot listen on the TCP port: listen tcp4 :8080: bind: address already in use
Sometimes these are one-time errors resolved on 2nd try; sometimes
they fail three times, forcing CI user to hit Rerun. In all cases
they make noise in my flake logs, which costs me time.
My assumption is that this has to do with ginkgo running random
tests in parallel. Since many e2e tests simplemindedly use 8080,
collisions are inevitable.
Solution: simplemindedly replace 8080 with other (also arbitrarily
picked) numbers. This is imperfect -- it requires human developers
to pick a number NNNN and 'grep NNNN test/e2e/*' before adding
new tests, which I am 100% confident ain't gonna happen -- but
it's better than what we have now.
Side note: I considered writing and using a RandomAvailablePort()
helper, but that would still be racy. Plus, it would be a pain
to interpolate strings into so many places. Finally, with this
hand-tooled approach, if/when we _do_ get conflicts on port NNNN,
it should be very easy to grep for NNNN, find the offending tests
that reuse that port, and fix one of them.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
psgo added support for listing supplementary groups via
two new descriptors:
* `groups` for supplementary groups inside the container
* `hgroups` for the counterpart on the host
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There's a potential race around extremely short-running
containers and events with journald. Events may not be written
for some time (small, but appreciable) after they are received,
and as such we can fail to retrieve it if there is a sufficiently
short time between us writing the event and trying to read it.
Work around this by just retrying, with a 0.25 second delay
between retries, up to 4 times.
[NO TESTS NEEDED] because I have no idea how to reproduce this
race in CI.
Fixes #11633
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| | |
Adds a note about the limitation of network aliases to the man pages
This should satisfy https://issues.redhat.com/browse/RUN-1189
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|