summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Do not add TCP to protocol in generated kube yamlUrvashi Mohnani2021-10-19
| | | | | | | | | | As the default protocol in k8s is TCP, don't add it to the generate yaml when using protocol. Add UDP to the protocol of the generated yaml when udp is being used. Add tests for this as well. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* Don't use docker/pkg/archive, use containers/storage/pkg/archiveDaniel J Walsh2021-10-19
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix panic in container create compat apiPaul Holzinger2021-10-19
| | | | | | | | | The bind and tmpfs options can be nil, we have to check that before we try to use it. Fixes #11961 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Don't add image entrypoint to the generate kube yamlUrvashi Mohnani2021-10-19
| | | | | | | | | | | | If no entrypoint or command is set in the podman create command, and the image command or entrypoint is being used as the default, then do not add the image command or entrypoint to the generated kube yaml. Kubernetes knows to default to the image command and/or entrypoint settings when not defined in the kube yaml. Add and modify tests for this case. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* Kube Gen run as user/group issuescdoern2021-10-19
| | | | | | | | | Removed the inclusion of RunAsUser or RunAsGroup unless a container is run with the --user flag. When building from an image the user will be pulled from there anyway resolves #11914 Signed-off-by: cdoern <cdoern@redhat.com>
* No space in kube annotations for bind mountsBrent Baude2021-10-19
| | | | | | | | | | | Kubernetes fails to deal with an annotation that has a space in it. Trim these strings to remove spaces. Fixes: #11929 Signed-off-by: Brent Baude <bbaude@redhat.com> [NO TESTS NEEDED]
* cgroups: use cgroup.controllers to read controllersGiuseppe Scrivano2021-10-19
| | | | | | | | | | | | | use the cgroup.controllers file instead of cgroup.subtree_control to read the list of controllers available in the current cgroup. Closes: https://github.com/containers/podman/issues/11931 [NO TESTS NEEDED] we have disabled this test in the CI because it is difficult to know what controllers are going to be enabled for rootless under all conditions we test. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Use SplitN(2) when copying env variablesJhon Honce2021-10-19
| | | | | | | | | | | | | Environment variables whose value contained an equal sign where truncated Fixes #11891 Signed-off-by: Jhon Honce <jhonce@redhat.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* [CI:DOCS] Include manifest example usageChris Evich2021-10-19
| | | | | | Fixes #8872 Signed-off-by: Chris Evich <cevich@redhat.com>
* podman stats: move cgroup validation to serverPaul Holzinger2021-10-19
| | | | | | | | | | | | Podman stats is not supported for rootless cgroupv1 setups. The check for this must be on the server side and not the client. [NO NEW TESTS NEEDED] we cannot test this because remote and server are always on the same machine in CI Fixes #11909 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* [CI:DOCS] oci-hooks.5.md: fixup section in headerReinhard Tartler2021-10-19
| | | | | | This fixes the autodetection of where to install the manpages Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* Change podman.1 man page to show corret log-level defaultDaniel J Walsh2021-10-19
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add podman-plugins to upstream imageMatthew Mosesohn2021-10-19
| | | | | | | | Fixes #11380 Replaces https://github.com/containers/podman/pull/11385 Originally subbmitted by @mattymo Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Ensure `podman ps --sync` functionsMatthew Heon2021-10-19
| | | | | | | | | | | | The backend for `ps --sync` has been nonfunctional for a long while now - probably since v2.0. It's questionable how useful the flag is in modern Podman (the original case it was intended to catch, Conmon gone via SIGKILL, should be handled now via pinging the process with a signal to ensure it's still alive) but having the ability to force a refresh of container state from the OCI runtime is still useful. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Allow `podman stop` to be run on Stopping containersMatthew Heon2021-10-19
| | | | | | | | | | | | | | | | | This allows you to stop a container after a `podman stop` process started, but did not finish, stopping the container (probably an ignored stop signal, with no time to SIGKILL?). This is a very narrow case, but once you're in it the only way to recover is a `podman rm -f` of the container or extensive manual remediation (you'd have to kill the container yourself, manually, and then force a `podman ps --all --sync` to update its status from the OCI runtime). [NO NEW TESTS NEEDED] I have no idea how to verify this one - we need to test that it actually started *during* the other stop command, and that's nontrivial. Signed-off-by: Matthew Heon <mheon@redhat.com>
* libpod: fix race when closing STDINPaul Holzinger2021-10-19
| | | | | | | | | | | | | | | | | | | | There is a race where `conn.Close()` was called before `conn.CloseWrite()`. In this case `CloseWrite` will fail and an useless error is printed. To fix this we move the the `CloseWrite()` call to the same goroutine to remove the race. This ensures that `CloseWrite()` is called before `Close()` and never afterwards. Also fixed podman-remote run where the STDIN was never was closed. This is causing flakes in CI testing. [NO TESTS NEEDED] Fixes #11856 Signed-off-by: Paul Holzinger <pholzing@redhat.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* It really should be no **NEW** tests neededEd Santiago2021-10-19
| | | | | | | | | | | | Accept both "NO TESTS NEEDED" and "NO NEW TESTS NEEDED". That was a usability mistake I made on Day One. Fixed it in Buildah but oops never got around to fixing it here. Also, fix the test suite script: remove a no-longer-working test case (changelog.txt, removed in #11467) and add a new test for commits that include the magic string. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Add guard for BuildOptions.CommonBuildOptsJhon Honce2021-10-19
| | | | | | | Existing images.Build() bindings code panicked when field was not initialized. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* machine: silently cleanup dangling sockets before rm if possibleAditya Rajan2021-10-19
| | | | | | | | | Try to cleanup dandling pid and machine socket if possible silently before `rm`. [NO TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* sdnotify test: accept MAINPID anywhereEd Santiago2021-10-19
| | | | | | | | | | systemd sometimes spits out lines in the wrong order. Deal with it. This fixes an infrequent flake that I haven't filed because I didn't understand it well enough. (Hence, this reduces BUGS but does not reduce BUG COUNT. Sorry!) Signed-off-by: Ed Santiago <santiago@redhat.com>
* Allow a value of -1 to set unlimited pids limitUrvashi Mohnani2021-10-19
| | | | | | | | | Users can set --pids-limit to -1 now to set unlimited pids limit for a container - this matches the convention. [NO TESTS NEEDED] Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* Merge pull request #11853 from edsantiago/bats_permission_fixOpenShift Merge Robot2021-10-04
|\ | | | | [v3.4] bats permission fix
| * Gating tests: fix permissions errorEd Santiago2021-10-04
|/ | | | | | | | ...in volume test. Looks like Bodhi gating tests run from a nonwritable directory. I feel really stupid for not realizing this when I first tried to fix this bug two weeks ago. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #11832 from Luap99/common-v0.44.3OpenShift Merge Robot2021-10-01
|\ | | | | [v3.4] bump c/common to v0.44.3
| * [v3.4] bump c/common to v0.44.3Paul Holzinger2021-10-01
|/ | | | | | | | This fixes a bug where podman machine could create a broken config file. Fixes #11824 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11817 from mheon/bump_340OpenShift Merge Robot2021-09-30
|\ | | | | [CI:DOCS] Bump to v3.4.0
| * Bump to v3.4.1-devMatthew Heon2021-09-30
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Bump to v3.4.0v3.4.0Matthew Heon2021-09-30
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Final release notes update for v3.4.0Matthew Heon2021-09-30
|/ | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #11812 from baude/v34backportplaygenOpenShift Merge Robot2021-09-30
|\ | | | | Support selinux options with bind mounts play/gen
| * Support selinux options with bind mounts play/genBrent Baude2021-09-30
|/ | | | | | | | | | | | When using play kube and generate kube, we need to support if bind mounts have selinux options. As kubernetes does not support selinux in this way, we tuck the selinux values into a pod annotation for generation of the kube yaml. Then on play, we check annotations to see if a value for the mount exists and apply it. Fixes BZ #1984081 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #11792 from mheon/340_finalOpenShift Merge Robot2021-09-30
|\ | | | | Backports + release notes for v3.4.0 final
| * Fix release notesMatthew Heon2021-09-29
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Release notes for v3.4.0 final releaseMatthew Heon2021-09-29
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Disable docker and alias to podman in FCOS ignitionJason T. Greene2021-09-29
| | | | | | | | | | Signed-off-by: Jason Greene <jason.greene@redhat.com> Co-authored-by: Dusty Mabe <dusty@dustymabe.com>
| * [NO TESTS NEEDED] Add port configuration to first regular containerUrvashi Mohnani2021-09-29
| | | | | | | | | | | | | | | | When generating a kube yaml and there is a port configuration add the configuration to the first regular container in the pod and not to the init container. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
| * Remind user to check connection or use podman machineAshley Cui2021-09-29
| | | | | | | | | | | | | | Remind user to check their remote linux connection or use podman machine. Move the warning from bindings to cmd/podman. Signed-off-by: Ashley Cui <acui@redhat.com>
| * Ensure pod ID bucket is properly updated on renameMatthew Heon2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | As we were not updating the pod ID bucket, removing a pod with containers still in it (including the infra container, which will always suffer from this) will not properly update the name registry to remove the name of any renamed containers. This patch ensures that does not happen - all containers will be fully removed, even if renamed. Fixes #11750 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * libpod: do not call (*container).Config()Valentin Rothberg2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Access the container's config field directly inside of libpod instead of calling `Config()` which in turn creates expensive JSON deep copies. Accessing the field directly drops memory consumption of a simple `podman run --rm busybox true` from 1245kB to 410kB. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com> <MH: Fixed cherry-pick conflicts>
| * [CI:DOCS] cmd/podman: no dot for short descriptionsValentin Rothberg2021-09-29
| | | | | | | | | | | | | | Remove trailing dots in the short descriptions for the sake of consistency. Noticed while parsing `podman help`. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * System tests: speed up. They've gotten too slow.Ed Santiago2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - logs: remove unnecessary sleeps. This saves ~25s. Unfortunately, journald seems to have some sort of lag, so we need to keep retrying until we get the 'after' string. - ps: add placeholder test for once buildah 3544 is fixed - cp: bulk-kill containers when finished, instead of one by one. This is a big change and only saves about 8s per run, but hey. - mount,pause,healthcheck: 'podman stop -t 0' before rm'ing containers. Easy 50s. Have I mentioned, lately, that 'podman rm -f' needs a '-t 0' flag? - play: same, and also 'podman pod stop'. Seems to shave ~20s. - socket-activation: UGH! Buggy and useless tests! They were running "sleep 90" containers for no reason whatsoever. I assume the intention was to run them with "-d", so that's what I've done here. Also fixed some language. 180 seconds! (Unrelated: cleanup in 070-build, use $IMAGE, not alpine) Signed-off-by: Ed Santiago <santiago@redhat.com>
| * stop: Do nothing if container was never created in runtimeAditya Rajan2021-09-29
| | | | | | | | | | | | | | | | | | Following commit ensures we silently return container id on `stop` if container was never created in OCI runtime. Following behaviour ensures that we are in parity with docker. Signed-off-by: Aditya Rajan <arajan@redhat.com>
| * remote build: EvalSymlinks() the context directoryNalin Dahyabhai2021-09-29
| | | | | | | | | | | | | | Use EvalSymlinks() to find the context directory, in case there's shenanigans. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * podman machine: do not join usernsPaul Holzinger2021-09-29
| | | | | | | | | | | | | | | | | | | | | | The go logic already prevents podman from joining the userns for machine commands but the c shortcut code did not. [NO TESTS NEEDED] Fixes #11731 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * added healthcheck to ps commandSankalp Rangare2021-09-29
| | | | | | | | Signed-off-by: Sankalp Rangare <sankalprangare786@gmail.com>
| * Fix english on prune promptDaniel J Walsh2021-09-29
| | | | | | | | | | | | | | | | Google docs found this while writing Podman in Action book. [NO TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * rootful: do not set XDG_RUNTIME_DIR for cni pluginsPaul Holzinger2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The dnsname plugin tries to use XDG_RUNTIME_DIR to store files. podman run will have XDG_RUNTIME_DIR set and thus the cni plugin can use it. The problem is that XDG_RUNTIME_DIR is unset for the conmon process for rootful users. This causes issues since the cleanup process is spawned by conmon and thus not have XDG_RUNTIME_DIR set to same value as podman run. Because of it dnsname will not find the config files and cannot correctly cleanup. To fix this we should also unset XDG_RUNTIME_DIR for the cni plugins as rootful. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * Revert "rootful: unset XDG_RUNTIME_DIR"Paul Holzinger2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 91e21bed48a2ab11049ef20e9150b5be531bc50a. XDG_RUNTIME_DIR is required for the authfile path. We cannot unset it. [NO TESTS NEEDED] Fixes #11725 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * shell completion: do not show images without tagPaul Holzinger2021-09-29
| | | | | | | | | | | | | | | | | | | | | | The shell completion should only suggest arguments that work. Using a image without tag does not work in many cases. Having both the version with and without tag also forces users to press one key more because tab completion will always stop at the colon. Fixes #11673 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * Update docs for --platform in podman-build.1Nalin Dahyabhai2021-09-29
| | | | | | | | | | | | | | | | Update the descriptions of the --arch, --os, --variant, and --platform options, since the last of those hasn't been a no-op for some time, and it was recently extended to accept multiple values. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>