| Commit message (Collapse) | Author | Age |
|\
| |
| | |
cgroups: support creating cgroupsv2 paths
|
| |
| |
| |
| |
| |
| |
| |
| | |
if the cpuacct file doesn't exist, ignore it instead of erroring out.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1728242
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
drop the limitation of not supporting creating new cgroups v2 paths.
Every controller enabled /sys/fs/cgroup will be propagated down to the
created path. This won't work for rootless cgroupsv2, but it is not
an issue for now, as this code is used only by CRI-O.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
make localsystem: wipe all user config state
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CI is experiencing failures in the system_test step, caused by
podman commands issuing the following warning:
time="2019-07-09T13:30:19-04:00" level=error msg="User-selected graph driver \"overlay\" overwritten by graph driver \"vfs\" from database - delete libpod local files to resolve
Hypothesis: integration tests, which run just before us, are
leaving user config files in an unstable state.
Workaround: delete all user cache and config and db before
running system tests. This should be safe, and should be
a NOP when running as root.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\
| |
| | |
healthcheck: support rootless mode
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
now that dbus authentication works fine from a user namespace (systemd
241 works fine), we can enable rootless healthchecks.
It uses "systemd-run --user" for creating the healthcheck timer and
communicates with the user instance of systemd listening at
$XDG_RUNTIME_DIR/systemd/private.
Closes: https://github.com/containers/libpod/issues/3523
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Randomize IP addresses during checkpoint/restore tests
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This tries to reduce CI errors which might happen due to parallel CI
runs which all are using the same IP addresses. Using random addresses
should reduce the possibility of parallel tests using the same IP address.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \ \
| | | |
| | | | |
Restart failed containers in tests
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When we're waiting for a container to come up with healthchecks,
and it's not even running, there's no point to waiting further.
Instead, let's restart the container and continue waiting.
This may fix some flakes we're seeing with 'podman port' tests.
Then again, all the tests there seem to fail, not just a single
test flaking - so I bet there's some other underlying cause.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
podman: create and run honors auth file location
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
if the auth file was overriden, be sure create and run honors it.
Closes: https://github.com/containers/libpod/issues/3524
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
rootless.md: Include GPFS as a parallel filesystem
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Per @rhatdan's request in #3478, this commit makes a note of supporting
General Parallel File System by IBM since it shares the same root issue
as NFS for rootless containers.
Signed-off-by: Justin W. Flory <git@jwf.io>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Cirrus: Use packaged-based dependencies
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Building/installing dependencies from fixed source-version ensures
testing is reliable, but introduces a maintenance burden and
risks testing far outside of a real-world environment. The
sensible alternative is to install dependencies from distro-packaging
systems.
Install all development and testing dependencies at VM cache-image build
time, to help ensure testing remains stable. The existing cache-image
build workflow can be utilized at any future time to build/test
with updated packages.
***N/B***: This does not update any dockerfiles used by testing, that is
left up to future efforts.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Podman-remote usage message to display `podman-remote` instead of `podman`
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
When the user uses remote client, the message prompts the user to use `podman-remote`. This does not apply for Mac usage.
Signed-off-by: Ashley Cui <ashleycui16@gmail.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Use conmon pidfile in generated systemd unit as PIDFile.
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
It is not correct to rely on specific location of the podman binary.
In most cases it is /usr/bin/podman, but sometimes is not (e.g. in
system tests). Use /proc/self/exe instead of hardcoded path.
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
There is no meaning of performing setup/teardown for these tests
when we even can not work with systemd.
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Systemd manager drops non-existent directories from the units search
path during initialization, thus, creation of UNIT_DIR, if it did not
exist before, requres reloading the daemon.
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
The conmon pidfile is crucial for podman-generated systemd units, because
these units rely on it for determining service's main process ID.
With this change, every container has ConmonPidFile set (at least to
default value).
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
By default, podman points PIDFile in generated unit file to non-existent
location. As a result, the unit file, generated by podman, is broken:
an attempt to start this unit without prior modification results in a crash,
because systemd can not find the pidfile of service's main process.
Fix the value of "PIDFile" and add a system test for this case.
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
|
|\ \ \ \ \ \ \ \
| |_|_|_|_|_|_|/
|/| | | | | | | |
speed up rootless tests
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
when running integrations tests as rootless, several tests still
unnecessarily pull images which is costly in terms of time.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \ \ \ \
| |_|_|/ / / / /
|/| | | | | | | |
Set correct SELinux label on restored containers
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
A container restored from a checkpoint archive used to have the root
file-system mounted with a wrong (new) SELinux label. This made it, for
example, impossible to use 'podman exec' on a restored container.
This test tests exactly this. 'podman exec' after 'podman container restore'.
Unfortunately this test does not fail, even without the patch that fixes
it as the test seems to run in an environment where the SELinux label of
the container root file-system is not relevant. Somehow.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Restoring a container from a checkpoint archive creates a complete
new root file-system. This file-system needs to have the correct SELinux
label or most things in that restored container will fail. Running
processes are not as problematic as newly exec()'d process (internally
or via 'podman exec').
This patch tells the storage setup which label should be used to mount
the container's root file-system.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Instead of only tracking that a container is restored from
a checkpoint locally in runtime_ctr.go this adds a flag to the
Container structure.
Upcoming patches to correctly label the root file-system mount-point
need also to know if a container is restored from a checkpoint.
Instead of passing a parameter around a lot of functions, this
adds that information to the Container structure.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \ \ \ \ \ \ \
| |_|/ / / / / /
|/| | | | | | | |
docs: fix --healthcheck-command option
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Make the documentation agree with the code.
Related #3507
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
|
|\ \ \ \ \ \ \ \
| |_|_|_|_|/ / /
|/| | | | | | | |
Add RUN priv'd test for build
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Podman 1.4.1 had problems with builds with a
RUN command that tried to to a privliged command.
This adds a gating test for that situation.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \ \ \ \ \ \
| |_|/ / / / / /
|/| | | | | | | |
code cleanup
|
| | |_|_|_|/ /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
clean up code identified as problematic by golands inspection
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
fix integration flake tests
|
| |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
attempts to correct three of our flakey integration tests
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
CONTRIBUTING.md: fix project paths
|
| |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The paths to the local libpod tree where missing the `./src` part which
ultimately lead to compilation errors. Also place the git trees into
containers/libpod and not into the user's GitHub root.
Reported in #podman on IRC.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \ \ \
| |/ / / / / /
|/| | | | | | |
get last container event
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
an internal change in libpod will soon required the ability to lookup
the last container event using the continer name or id and the type of
event. this pr is in preperation for that need.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
generate kube with volumes
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Specifically, we were needlessly doing a double lookup to find which config mounts were user volumes. Improve this by refactoring a bit of code from inspect
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
for containers that share volumes, so the pod section doesn't list copies
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|