summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #3506 from giuseppe/cgroup2-improvementsOpenShift Merge Robot2019-07-10
|\ | | | | cgroups: support creating cgroupsv2 paths
| * cgroups: skip not existing cpuacct filesGiuseppe Scrivano2019-07-10
| | | | | | | | | | | | | | | | if the cpuacct file doesn't exist, ignore it instead of erroring out. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1728242 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * cgroups: support creating cgroupsv2 pathsGiuseppe Scrivano2019-07-10
|/ | | | | | | | | drop the limitation of not supporting creating new cgroups v2 paths. Every controller enabled /sys/fs/cgroup will be propagated down to the created path. This won't work for rootless cgroupsv2, but it is not an issue for now, as this code is used only by CRI-O. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #3536 from edsantiago/tabularasa_before_system_testOpenShift Merge Robot2019-07-10
|\ | | | | make localsystem: wipe all user config state
| * make localsystem: wipe all user config stateEd Santiago2019-07-09
|/ | | | | | | | | | | | | | | | CI is experiencing failures in the system_test step, caused by podman commands issuing the following warning: time="2019-07-09T13:30:19-04:00" level=error msg="User-selected graph driver \"overlay\" overwritten by graph driver \"vfs\" from database - delete libpod local files to resolve Hypothesis: integration tests, which run just before us, are leaving user config files in an unstable state. Workaround: delete all user cache and config and db before running system tests. This should be safe, and should be a NOP when running as root. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #3529 from giuseppe/healthcheck-rootlessOpenShift Merge Robot2019-07-09
|\ | | | | healthcheck: support rootless mode
| * healthcheck: support rootless modeGiuseppe Scrivano2019-07-09
| | | | | | | | | | | | | | | | | | | | | | | | | | now that dbus authentication works fine from a user namespace (systemd 241 works fine), we can enable rootless healthchecks. It uses "systemd-run --user" for creating the healthcheck timer and communicates with the user instance of systemd listening at $XDG_RUNTIME_DIR/systemd/private. Closes: https://github.com/containers/libpod/issues/3523 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3501 from adrianreber/randomOpenShift Merge Robot2019-07-09
|\ \ | | | | | | Randomize IP addresses during checkpoint/restore tests
| * | Use random IP addresses during checkpoint/restore testsAdrian Reber2019-07-09
| | | | | | | | | | | | | | | | | | | | | | | | This tries to reduce CI errors which might happen due to parallel CI runs which all are using the same IP addresses. Using random addresses should reduce the possibility of parallel tests using the same IP address. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | Merge pull request #3480 from mheon/potential_ps_test_fixOpenShift Merge Robot2019-07-09
|\ \ \ | | | | | | | | Restart failed containers in tests
| * | | Restart failed containers in testsMatthew Heon2019-07-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we're waiting for a container to come up with healthchecks, and it's not even running, there's no point to waiting further. Instead, let's restart the container and continue waiting. This may fix some flakes we're seeing with 'podman port' tests. Then again, all the tests there seem to fail, not just a single test flaking - so I bet there's some other underlying cause. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #3528 from giuseppe/fix-auth-locationOpenShift Merge Robot2019-07-09
|\ \ \ \ | | | | | | | | | | podman: create and run honors auth file location
| * | | | podman: create and run honors auth file locationGiuseppe Scrivano2019-07-09
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | if the auth file was overriden, be sure create and run honors it. Closes: https://github.com/containers/libpod/issues/3524 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #3518 from jwflory/change/rootless-gpfsOpenShift Merge Robot2019-07-09
|\ \ \ \ | | | | | | | | | | rootless.md: Include GPFS as a parallel filesystem
| * | | | rootless.md: Include GPFS as a parallel filesystemJustin W. Flory2019-07-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Per @rhatdan's request in #3478, this commit makes a note of supporting General Parallel File System by IBM since it shares the same root issue as NFS for rootless containers. Signed-off-by: Justin W. Flory <git@jwf.io>
* | | | | Merge pull request #1936 from cevich/cirrus_packaged_depsOpenShift Merge Robot2019-07-09
|\ \ \ \ \ | | | | | | | | | | | | Cirrus: Use packaged-based dependencies
| * | | | | Cirrus: Use packaged dependenciesChris Evich2019-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Building/installing dependencies from fixed source-version ensures testing is reliable, but introduces a maintenance burden and risks testing far outside of a real-world environment. The sensible alternative is to install dependencies from distro-packaging systems. Install all development and testing dependencies at VM cache-image build time, to help ensure testing remains stable. The existing cache-image build workflow can be utilized at any future time to build/test with updated packages. ***N/B***: This does not update any dockerfiles used by testing, that is left up to future efforts. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #3519 from ashley-cui/remoteusageOpenShift Merge Robot2019-07-08
|\ \ \ \ \ \ | | | | | | | | | | | | | | Podman-remote usage message to display `podman-remote` instead of `podman`
| * | | | | | Fix podman-remote usage message to display `podman-remote` instead of `podman`Ashley Cui2019-07-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the user uses remote client, the message prompts the user to use `podman-remote`. This does not apply for Mac usage. Signed-off-by: Ashley Cui <ashleycui16@gmail.com>
* | | | | | | Merge pull request #3497 from QazerLab/bugfix/systemd-generate-pidfileOpenShift Merge Robot2019-07-08
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Use conmon pidfile in generated systemd unit as PIDFile.
| * | | | | | | Do not hardcode podman binary location in generate systemd.Danila Kiver2019-07-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is not correct to rely on specific location of the podman binary. In most cases it is /usr/bin/podman, but sometimes is not (e.g. in system tests). Use /proc/self/exe instead of hardcoded path. Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
| * | | | | | | Move skipping systemd tests to early setup.Danila Kiver2019-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is no meaning of performing setup/teardown for these tests when we even can not work with systemd. Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
| * | | | | | | Reload systemd daemon on creation of units location dir in tests.Danila Kiver2019-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Systemd manager drops non-existent directories from the units search path during initialization, thus, creation of UNIT_DIR, if it did not exist before, requres reloading the daemon. Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
| * | | | | | | Add debug information to "generate systemd" test.Danila Kiver2019-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
| * | | | | | | Use default conmon pidfile location for root containers.Danila Kiver2019-07-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The conmon pidfile is crucial for podman-generated systemd units, because these units rely on it for determining service's main process ID. With this change, every container has ConmonPidFile set (at least to default value). Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
| * | | | | | | Use conmon pidfile in generated systemd unit as PIDFile.Danila Kiver2019-07-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default, podman points PIDFile in generated unit file to non-existent location. As a result, the unit file, generated by podman, is broken: an attempt to start this unit without prior modification results in a crash, because systemd can not find the pidfile of service's main process. Fix the value of "PIDFile" and add a system test for this case. Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
* | | | | | | | Merge pull request #3515 from baude/rootlessintegrationtestsOpenShift Merge Robot2019-07-08
|\ \ \ \ \ \ \ \ | |_|_|_|_|_|_|/ |/| | | | | | | speed up rootless tests
| * | | | | | | speed up rootless testsbaude2019-07-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when running integrations tests as rootless, several tests still unnecessarily pull images which is costly in terms of time. Signed-off-by: baude <bbaude@redhat.com>
* | | | | | | | Merge pull request #3425 from adrianreber/restore-mount-labelOpenShift Merge Robot2019-07-08
|\ \ \ \ \ \ \ \ | |_|_|/ / / / / |/| | | | | | | Set correct SELinux label on restored containers
| * | | | | | | Add exec after checkpoint/restore testAdrian Reber2019-06-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A container restored from a checkpoint archive used to have the root file-system mounted with a wrong (new) SELinux label. This made it, for example, impossible to use 'podman exec' on a restored container. This test tests exactly this. 'podman exec' after 'podman container restore'. Unfortunately this test does not fail, even without the patch that fixes it as the test seems to run in an environment where the SELinux label of the container root file-system is not relevant. Somehow. Signed-off-by: Adrian Reber <areber@redhat.com>
| * | | | | | | Provide correct SELinux mount-label for restored containerAdrian Reber2019-06-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Restoring a container from a checkpoint archive creates a complete new root file-system. This file-system needs to have the correct SELinux label or most things in that restored container will fail. Running processes are not as problematic as newly exec()'d process (internally or via 'podman exec'). This patch tells the storage setup which label should be used to mount the container's root file-system. Signed-off-by: Adrian Reber <areber@redhat.com>
| * | | | | | | Track if a container is restored from an exported checkpointAdrian Reber2019-06-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of only tracking that a container is restored from a checkpoint locally in runtime_ctr.go this adds a flag to the Container structure. Upcoming patches to correctly label the root file-system mount-point need also to know if a container is restored from a checkpoint. Instead of passing a parameter around a lot of functions, this adds that information to the Container structure. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | | | | | Merge pull request #3517 from stefanb2/topic-doc-fix-healthcheck-commandOpenShift Merge Robot2019-07-08
|\ \ \ \ \ \ \ \ | |_|/ / / / / / |/| | | | | | | docs: fix --healthcheck-command option
| * | | | | | | docs: fix --healthcheck-command optionStefan Becker2019-07-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make the documentation agree with the code. Related #3507 Signed-off-by: Stefan Becker <chemobejk@gmail.com>
* | | | | | | | Merge pull request #3377 from TomSweeneyRedHat/dev/tsweeney/gateOpenShift Merge Robot2019-07-08
|\ \ \ \ \ \ \ \ | |_|_|_|_|/ / / |/| | | | | | | Add RUN priv'd test for build
| * | | | | | | Add RUN priv'd test for buildTomSweeneyRedHat2019-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman 1.4.1 had problems with builds with a RUN command that tried to to a privliged command. This adds a gating test for that situation. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | | | | Merge pull request #3496 from baude/golandcodeinspectOpenShift Merge Robot2019-07-08
|\ \ \ \ \ \ \ \ | |_|/ / / / / / |/| | | | | | | code cleanup
| * | | | | | | code cleanupbaude2019-07-08
| | |_|_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | clean up code identified as problematic by golands inspection Signed-off-by: baude <bbaude@redhat.com>
* | | | | | | Merge pull request #3514 from baude/cornflakesOpenShift Merge Robot2019-07-08
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | fix integration flake tests
| * | | | | | | fix integration flake testsbaude2019-07-08
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | attempts to correct three of our flakey integration tests Signed-off-by: baude <bbaude@redhat.com>
* | | | | | | Merge pull request #3512 from vrothberg/fix-contributingOpenShift Merge Robot2019-07-08
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | CONTRIBUTING.md: fix project paths
| * | | | | | | CONTRIBUTING.md: fix project pathsValentin Rothberg2019-07-08
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The paths to the local libpod tree where missing the `./src` part which ultimately lead to compilation errors. Also place the git trees into containers/libpod and not into the user's GitHub root. Reported in #podman on IRC. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | | Merge pull request #3505 from baude/getlasteventOpenShift Merge Robot2019-07-08
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | get last container event
| * | | | | | get last container eventbaude2019-07-07
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | an internal change in libpod will soon required the ability to lookup the last container event using the continer name or id and the type of event. this pr is in preperation for that need. Signed-off-by: baude <bbaude@redhat.com>
* | | | | | Merge pull request #3472 from haircommander/generate-volumesOpenShift Merge Robot2019-07-04
|\ \ \ \ \ \ | | | | | | | | | | | | | | generate kube with volumes
| * | | | | | Improve parsing of mountsPeter Hunt2019-07-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specifically, we were needlessly doing a double lookup to find which config mounts were user volumes. Improve this by refactoring a bit of code from inspect Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * | | | | | Add test for generate kube with volumesPeter Hunt2019-07-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * | | | | | Deduplicate volumesPeter Hunt2019-07-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | for containers that share volumes, so the pod section doesn't list copies Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * | | | | | Pass along volumes to pod yamlPeter Hunt2019-07-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * | | | | | Configure container volumes for generate kubePeter Hunt2019-07-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>