summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Lint: Update metalinter dependencyŠimon Lukašík2018-11-10
| | | | | | | | | | | | We fixated on old metalinter dependency in past based on experience of metalinter being oftentimes broke and hence broking our build. See 762f508d9ca97cdbaee6053b663e98aee9cae081 in cri-o for more details. Now, dated metalinter is messing up with my environment (like it is panicing on containters/storage) so let's see if we can move to more current version of metalinter. Signed-off-by: Šimon Lukašík <slukasik@redhat.com>
* Merge pull request #1772 from baude/rmdelpausedOpenShift Merge Robot2018-11-09
|\ | | | | rm -f now removes a paused container
| * rm -f now removes a paused containerbaude2018-11-08
| | | | | | | | | | | | | | | | | | | | | | | | We now can remove a paused container by sending it a kill signal while it is paused. We then unpause the container and it is immediately killed. Also, reworked how the parallelWorker results are handled to provide a more consistent approach to how each subcommand implements it. It also fixes a bug where if one container errors, the error message is duplicated when printed out. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1789 from mheon/fix_add_hosts_testOpenShift Merge Robot2018-11-09
|\ \ | | | | | | Accurately update state if prepare() partially fails
| * | Accurately update state if prepare() partially failsMatthew Heon2018-11-08
| |/ | | | | | | | | | | | | | | | | We are seeing some issues where, when part of prepare() fails (originally noticed due to a bad static IP), the other half does not successfully clean up, and the state can be left in a bad place (not knowing about an active SHM mount for example). Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #1726 from giuseppe/default-to-fuse-overlayfsOpenShift Merge Robot2018-11-09
|\ \ | | | | | | rootless: default to fuse-overlayfs when available
| * | rootless: default to fuse-overlayfs when availableGiuseppe Scrivano2018-11-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | If fuse-overlayfs is present, rootless containers default to use it. This can still be overriden either via the command line with --storage-driver or in the ~/.config/containers/storage.conf configuration file. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #1793 from vrothberg/rootless-infoOpenShift Merge Robot2018-11-09
|\ \ \ | | | | | | | | info: add rootless field
| * | | info: add rootless fieldValentin Rothberg2018-11-09
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | Add a rootless field to the info data (e.g., `podman info`) to indicate if the executing user is root or not. In most cases, this can be guessed but now it is clear and may aid in debugging, reporting and understanding certain issues. Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
* | | Merge pull request #1786 from vbatts/docsOpenShift Merge Robot2018-11-08
|\ \ \ | | | | | | | | podman_tutorial: cni build path has changed
| * | | podman_tutorial: cni build path has changedVincent Batts2018-11-08
| | | | | | | | | | | | | | | | Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
* | | | Merge pull request #1784 from cevich/cirrus_ignore_ircOpenShift Merge Robot2018-11-08
|\ \ \ \ | | | | | | | | | | Cirrus: Ignore any error from the IRC messenger
| * | | | Cirrus: Ignore any error from the IRC messengerChris Evich2018-11-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | Merge pull request #1787 from baude/netstatusreworkOpenShift Merge Robot2018-11-08
|\ \ \ \ \ | | | | | | | | | | | | correct assignment of networkStatus
| * | | | | correct assignment of networkStatusbaude2018-11-08
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | once we changed configureNetNS to return a result beyond an error, we need to make sure that we used locals instead of ctr attributes when determining networks. Resolves #1752 Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #1790 from isimluk/beware-of-goroutine-localsOpenShift Merge Robot2018-11-08
|\ \ \ \ \ | |_|_|_|/ |/| | | | Do not hide errors when creating container with UserNSRoot
| * | | | Do not hide errors when creating container with UserNSRootŠimon Lukašík2018-11-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This one is tricky. By using `:=` operator we have made err variable to be local in the gorutine and different from `err` variable in the surrounding function. And thus `createContainer` function returned always nil, even in cases when some error occurred in the gorutine. Signed-off-by: Šimon Lukašík <slukasik@redhat.com>
* | | | | Merge pull request #1785 from mheon/bump-0.11.1OpenShift Merge Robot2018-11-08
|\ \ \ \ \ | |_|_|/ / |/| | | | Bump to v0.11.1
| * | | | Bump gitvalidation epochMatthew Heon2018-11-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | | | Bump to v0.11.2-devMatthew Heon2018-11-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | | | Bump to v0.11.1v0.11.1Matthew Heon2018-11-08
|/ / / / | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | | | Merge pull request #1781 from mheon/release_notes_0.11.1OpenShift Merge Robot2018-11-08
|\ \ \ \ | |_|/ / |/| | | Update release notes for 0.11.1
| * | | Update release notes for 0.11.1Matthew Heon2018-11-08
|/ / / | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | | Merge pull request #1778 from vrothberg/update-seccompOpenShift Merge Robot2018-11-08
|\ \ \ | |_|/ |/| | update seccomp.json
| * | update seccomp.jsonValentin Rothberg2018-11-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Merge the following changes from the upstream Moby seccomp profile: * commit b2a907c8cab6 ("Whitelist statx syscall for libseccomp-2.3.3 onward") * commit 47dfff68e436 ("Whitelist syscalls linked to CAP_SYS_NICE in default seccomp profile") * commit ccd22ffcc8b5 ("Move the syslog syscall to be gated by CAP_SYS_ADMIN or CAP_SYSLOG") Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
* | | Merge pull request #1773 from TomSweeneyRedHat/dev/tsweeney/logoptfix1OpenShift Merge Robot2018-11-07
|\ \ \ | | | | | | | | Touch up --log* options and daemons in man pages
| * | | Touch up --log* options and daemons in man pagesTomSweeneyRedHat2018-11-07
|/ / / | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #1774 from mheon/fix_add_hosts_testOpenShift Merge Robot2018-11-07
|\ \ \ | | | | | | | | Fix run --hostname test that started failing post-merge
| * | | Fix run --hostname test that started failing post-mergeMatthew Heon2018-11-07
|/ / / | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #1764 from rhatdan/nopasswdOpenShift Merge Robot2018-11-07
|\ \ \ | | | | | | | | Don't fail if /etc/passwd or /etc/group does not exists
| * | | Don't fail if /etc/passwd or /etc/group does not existsDaniel J Walsh2018-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Container images can be created without passwd or group file, currently if one of these containers gets run with a --user flag the container blows up complaining about t a missing /etc/passwd file. We just need to check if the error on read is ENOEXIST then allow the read to return, not fail. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #1771 from baude/prepareOpenShift Merge Robot2018-11-07
|\ \ \ \ | | | | | | | | | | move defer'd function declaration ahead of prepare error return
| * | | | move defer'd function declaration ahead of prepare error returnbaude2018-11-07
| |/ / / | | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #1689 from mheon/add_runc_timeoutOpenShift Merge Robot2018-11-07
|\ \ \ \ | | | | | | | | | | Do not call out to runc for sync
| * | | | Print error status code if we fail to parse itMatthew Heon2018-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we read the conmon error status file, if Atoi fails to parse the string we read from the file as an int, print the string as part of the error message so we know what might have gone wrong. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | Properly set Running state when starting containersMatthew Heon2018-11-07
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | | | Fix misspellingMatthew Heon2018-11-07
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | | | Retrieve container PID from conmonMatthew Heon2018-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of running a full sync after starting a container to pick up its PID, grab it from Conmon instead. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | | | If a container ceases to exist in runc, set exit statusMatthew Heon2018-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we scan a container in runc and see that it no longer exists, we already set ContainerStatusExited to indicate that it no longer exists in runc. Now, also set an exit code and exit time, so PS output will make some sense. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | | | EXPERIMENTAL: Do not call out to runc for syncMatthew Heon2018-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When syncing container state, we normally call out to runc to see the container's status. This does have significant performance implications, though, and we've seen issues with large amounts of runc processes being spawned. This patch attempts to use stat calls on the container exit file created by Conmon instead to sync state. This massively decreases the cost of calling updateContainer (it has gone from an almost-unconditional fork/exec of runc to a single stat call that can be avoided in most states). Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | | | Actually save changes from post-stop syncMatthew Heon2018-11-07
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After stopping containers, we run updateContainerStatus to sync our state with runc (pick up exit code, for example). Then we proceed to not save this to the database, requiring us to grab it again on the next sync. This should remove the need to read the exit file more than once. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | | | Merge pull request #1767 from mheon/remove_conmon_cgroup_firstOpenShift Merge Robot2018-11-07
|\ \ \ \ | | | | | | | | | | Remove conmon cgroup before pod cgroup for cgroupfs
| * | | | Remove conmon cgroup before pod cgroup for cgroupfsMatthew Heon2018-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For pods using cgroupfs, we were seeing some error messages in CI from an inability to remove the pod CGroup, which was traced down to the conmon cgroup still being present as a child. Try to remove these error messages and ensure successful CGroup deletion by removing the conmon CGroup first, then the pod cgroup. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | | | | Merge pull request #1761 from giuseppe/rootless-systemdOpenShift Merge Robot2018-11-07
|\ \ \ \ \ | | | | | | | | | | | | rootless: don't bind mount /sys/fs/cgroup/systemd in systemd mode
| * | | | | rootless: mount /sys/fs/cgroup/systemd from the hostGiuseppe Scrivano2018-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | systemd requires /sys/fs/cgroup/systemd to be writeable. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | rootless: don't bind mount /sys/fs/cgroup/systemd in systemd modeGiuseppe Scrivano2018-11-07
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it is not writeable by non-root users so there is no point in having access to it from a container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #1751 from QiWang19/issue1745OpenShift Merge Robot2018-11-07
|\ \ \ \ \ | |_|/ / / |/| | | | Add hostname to /etc/hosts
| * | | | Add hostname to /etc/hostsQi Wang2018-11-07
| | |/ / | |/| | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #1762 from mheon/fix_python_testsOpenShift Merge Robot2018-11-07
|\ \ \ \ | | | | | | | | | | Temporarily fix the Python tests to fix some PRs
| * | | | Temporarily fix the Python tests to fix some PRsMatthew Heon2018-11-07
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Python podman bindings have issues around kill - specifically attempting to make it act like stop, when it should not. We provide no guarantee of what state a container if in after kill - it should be stopped, but we might have sent something that's not SIGKILL. If you want a container or pod stopped, guaranteed, use Stop(). The Python code attempted to ensure a container was actually stopped after kill was run, which runs counter the above. This was holding up some PRs that caused changes in how libpod obtains its state, so for now, change pod kill to pod stop until the proper changes in the Python code can be made. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>