summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Introduce podman machine init --root=t|f and podman machine set --root=t|fJason T. Greene2022-02-16
| | | | | | Switch default to rootless for mac and windows Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Initial implementation of mac forwarding using a privileged docker sock ↵Jason T. Greene2022-02-16
| | | | | | claim helper Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* ignition: propagate proxy settings from a host into a vmesendjer2022-02-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Set proxy settings (such as `HTTP_PROXY`, and others) for the whole guest OS with setting up `DefaultEnvironment` with a `systemd` configuration file `default-env.conf`, a `profile.d` scenario file - `default-env.sh` and a `environment.d` configuration file `default-env.conf` The **actual** environment variables are read by podman at a start, then they are encrypted with base64 into a single string and after are provided into a VM through QEMU Firmware Configuration (fw_cfg) Device Inside a VM a systemd service `envset-fwcfg.service` reads the providead encrypted string from fw_cfg, decrypts and then adds to the files - `/etc/systemd/system.conf.d/default-env.conf` - `/etc/profile.d/default-env.sh` - `/etc/environment.d/default-env.conf` At the end this service execute `systemctl daemon-reload` to propagate new variables for systemd manager [NO NEW TESTS NEEDED] Closes #13168 Signed-off-by: esendjer <esendjer@gmail.com>
* Update to podman4 copr streamJason T. Greene2022-02-16
| | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Unify ls --filter docs for networks and podsPatrycja Guzik2022-02-16
| | | | | | Signed-off-by: Patrycja Guzik <patrycja.k.guzik@gmail.com> #13078 follow-up
* e2e: merge after/since image-filter testsValentin Rothberg2022-02-16
| | | | | | | Merge the two tests to speed up testing. Both built the exact same images. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* podman network: add documentation for netavarkPaul Holzinger2022-02-16
| | | | | | | Add some docs about the different network backends. Also remove the CNI word from network since we refer to either a netavark or CNI config. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* create: Fix key=value annotation in the flag outputMorten Linderud2022-02-16
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Morten Linderud <morten@linderud.pw>
* enable netavark specific testsLokesh Mandvekar2022-02-16
| | | | | | | These are copies of the CNI tests with modifications wherever neccessary. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* Fix checkpoint/restore pod testsAdrian Reber2022-02-16
| | | | | | | | | Checkpoint/restore pod tests are not running with an older runc and now that runc 1.1.0 appears in the repositories it was detected that the tests were failing. This was not detected in CI as CI was not using runc 1.1.0 yet. Signed-off-by: Adrian Reber <areber@redhat.com>
* Make sure building with relative paths work correctly.Daniel J Walsh2022-02-16
| | | | | | Fixes: https://github.com/containers/podman/issues/12763 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add 409 response to swagger godocJhon Honce2022-02-16
| | | | | | | | | When attempting to create a network with a name that already exists, a 409 status code will be returned [NO NEW TESTS NEEDED] Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #13233 from baude/v4.0fcossideOpenShift Merge Robot2022-02-16
|\ | | | | [BACKPORT] V4.0fcosside
| * Fix images since/after testsBrent Baude2022-02-16
| | | | | | | | | | | | | | | | For the since and after imagve filter tests, instead of using the read-only cache of images, we just use the empty r/w store. We then build three images that are strictly predictable. Signed-off-by: Brent Baude <bbaude@redhat.com>
| * Changes of docker descriptionsBrent Baude2022-02-16
| | | | | | | | | | | | | | | | | | It looks like some descriptions have changed on the docker registry where we had been searching for images that include 'alpine'. We are now seeing an image in the initial list that has 'alpine' in its description. Signed-off-by: Brent Baude <bbaude@redhat.com>
| * Temporarily pull machine images from side repoBrent Baude2022-02-14
| | | | | | | | | | | | | | | | | | | | | | Until podman4 is in the fcos trees, we need to pull the machine images from a side repository. There is a hard coded bit that forces the side repo download right now. Simple comment or removal of the bit will revert to normal download behavior. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #13249 from baude/backporte2efixesOpenShift Merge Robot2022-02-16
|\ \ | |/ |/| [BACKPORT] Backporte2efixes
| * Fix images since/after testsBrent Baude2022-02-16
| | | | | | | | | | | | | | | | For the since and after imagve filter tests, instead of using the read-only cache of images, we just use the empty r/w store. We then build three images that are strictly predictable. Signed-off-by: Brent Baude <bbaude@redhat.com>
| * Changes of docker descriptionsBrent Baude2022-02-16
|/ | | | | | | | | It looks like some descriptions have changed on the docker registry where we had been searching for images that include 'alpine'. We are now seeing an image in the initial list that has 'alpine' in its description. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #13216 from cevich/ci_updatesOpenShift Merge Robot2022-02-14
|\ | | | | [4.0] Enable Netavark/Aardvark-DNS CI Testing
| * Cirrus: TODO: netavark/aardvark release branchesChris Evich2022-02-11
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Expand netavark testing to include rootlessChris Evich2022-02-11
| | | | | | | | | | | | | | | | | | | | The list of netavark/aardvark-dns tasks is likely to be ever-growing for the near-term. Consolidate them into a single task entry with a matrix attribute to make future expansions less YAML-duplicative. Also, re-arrange it to fall in-between the CNI integration and system task sections. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Minor - limit release task applicabilityChris Evich2022-02-11
| | | | | | | | | | | | | | | | | | | | | | | | This task/test is guaranteed to fail on non-release PRs. Upon reviewing actual practice and the release docs, this task should be limited to PRs with a title containing `release` or `bump` keywords. Also fix a minor comment typo. Ref: https://github.com/containers/podman/pull/13106#pullrequestreview-869855449 Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Add [CI:BUILD] magic that only buildsChris Evich2022-02-11
| | | | | | | | | | | | | | | | This is intended for cases where no code changes were made in this repo. but something did change which could affect the toolchain. For example, `Makefile` or packaging changes. Signed-off-by: Chris Evich <cevich@redhat.com>
| * CI: fix nightly buildsLokesh Mandvekar2022-02-11
| | | | | | | | | | | | | | | | | | | | | | | | Nightly builds were failing on CI ever since the Makefile change to have install target independent of build targets. See: e4636ebdc84ca28cf378873435cc9a27c81756f8 This commit ensures everything is built before installation. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
| * Cirrus: Log netavark/aardvark binary build info.Chris Evich2022-02-11
| | | | | | | | | | | | | | | | Enabled by: * https://github.com/containers/netavark/pull/191 * https://github.com/containers/aardvark-dns/pull/36 Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Add netavark/aardvark system test taskChris Evich2022-02-11
| | | | | | | | | | | | | | Also add a system-test that verifies netavark driver is in use when magic env. var. is set. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Also download aardvark-dns binaryChris Evich2022-02-11
| | | | | | | | | | | | | | | | This involves a minor code-change so the download/install can run in a loop for the two different repositories and binaries. Given everything is exactly the same except the URLs and names. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Add e2e task w/ upstream netavarkChris Evich2022-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR adds the CI mechanisms to obtain the latest upstream netavark binary, and set a magic env-var to indicate e2e tests should execute podman with `--network-driver=netavark`. A future commit implement this functionality within the e2e tests. Due to the way the new environment is enabled, the standard task name is too long for github to display without adding ellipsis. Force the custom task name `Netavark Integration` to workaround this. At some future point, when netavark is more mainstream/widely supported, this custom task and upstream binary install can simply be removed - i.e. netavark will simply be used by default in the normal e2e tasks. Signed-off-by: Chris Evich <cevich@redhat.com>
| * netavark e2e testsBrent Baude2022-02-11
| | | | | | | | | | | | enabled e2e tests for netavark Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #13203 from mheon/bump_rc5OpenShift Merge Robot2022-02-11
|\ \ | |/ |/| Bump to v4.0.0-RC5
| * Revert minimum API changeMatthew Heon2022-02-11
| | | | | | | | | | | | CI is barfing and this seems like the most likely cause. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Bump to v4.0.0-devMatthew Heon2022-02-10
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Bump to v4.0.0-RC5v4.0.0-rc5Matthew Heon2022-02-10
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Update release notes for v4.0.0-RC5Matthew Heon2022-02-10
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Modify /etc/resolv.conf when connecting/disconnectingMatthew Heon2022-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `podman network connect` and `podman network disconnect` commands give containers access to different networks than the ones they were created with; these networks can also have DNS servers associated with them. Until now, however, we did not modify resolv.conf as network membership changed. With this PR, `podman network connect` will add any new nameservers supported by the new network to the container's /etc/resolv.conf, and `podman network disconnect` command will do the opposite, removing the network's nameservers from `/etc/resolv.conf`. Fixes #9603 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Do not set the network config dir to cni plugin dirPaul Holzinger2022-02-10
| | | | | | | | | | | | | | | | | | | | | | | | I do not know why this code was added but it is wrong. We should never use a plugin dir as config dir. Also this will fail for netavark. The correct default will be set in c/common so podman should not touch it. [NO NEW TESTS NEEDED] Ref #13183 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * Show API doc for several versionsPaul Holzinger2022-02-10
| | | | | | | | | | | | | | | | | | | | | | Right now it is not possible to look at the API version for a specific version. docs.podman.io always show the latest version from the main branch. This is not want many users want so they now have the ability to select a different version. Fixes #12796 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * [NO NEW TEST NEEDED] Add schema for ImageCreate 200 response.Tom Deseyn2022-02-10
| | | | | | | | Signed-off-by: Tom Deseyn <tom.deseyn@gmail.com>
| * fix: Multiplication of durationsmyml2022-02-10
| | | | | | | | | | | | | | 'killContainerTimeout' is already 5 second [NO NEW TESTS NEEDED] Signed-off-by: myml <wurongjie1@gmail.com>
| * move rootless netns slirp4netns process to systemd user.slicePaul Holzinger2022-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | When running podman inside systemd user units, it is possible that systemd kills the rootless netns slirp4netns process because it was started in the default unit cgroup. When the unit is stopped all processes in that cgroup are killed. Since the slirp4netns process is run once for all containers it should not be killed. To make sure systemd will not kill the process we move it to the user.slice. Fixes #13153 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * compat: endpoint /build must set header content type as application/json in ↵Aditya R2022-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | reponse Lot of clients are expecting proper `Content-type: application/json` configured in response headers of `/build` compat api. Following commit fixes that. Fixes issues where code is setting header field after writing header which is wrong. We must set `content-type` before we write and flush http header. Signed-off-by: Aditya R <arajan@redhat.com>
| * Cleanup: remove obsolete/misleading bug workaroundEd Santiago2022-02-10
| | | | | | | | | | | | | | Followup to #13129: remove a no-longer-necessary workaround for a healthcheck bug. Signed-off-by: Ed Santiago <santiago@redhat.com>
| * tests: retrofit healthcheck system testsAditya R2022-02-10
| | | | | | | | | | | | | | | | | | All the healthcheck return output now but systems tests is written to expect empty output which seems wrong. Modify jq output to contain newline character rather than actual newline Signed-off-by: Aditya R <arajan@redhat.com>
| * healthcheck, libpod: Read healthcheck event output from os pipeAditya R2022-02-10
| | | | | | | | | | | | | | | | | | | | It seems we are ignoring output from healthcheck session. Open a valid pipe to healthcheck session in order read its output. Use common pipe for both `stdout/stderr` since that was the previous behviour as well. Signed-off-by: Aditya R <arajan@redhat.com>
| * Fix: Do not print error when parsing journald log failsmyml2022-02-10
| | | | | | | | | | | | | | foramtError was written as err [NO NEW TESTS NEEDED] Signed-off-by: myml <wurongjie1@gmail.com>
| * Bump github.com/buger/goterm from 1.0.1 to 1.0.4dependabot[bot]2022-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/buger/goterm](https://github.com/buger/goterm) from 1.0.1 to 1.0.4. - [Release notes](https://github.com/buger/goterm/releases) - [Commits](https://github.com/buger/goterm/compare/v1.0.1...v1.0.4) --- updated-dependencies: - dependency-name: github.com/buger/goterm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
| * append podman dns search domainPaul Holzinger2022-02-10
| | | | | | | | | | | | | | | | | | | | Append the podman dns seach domain to the host search domains when we use the dnsname/aardvark server. Previously it would only use podman seach domains and discard the host domains. Fixes #13103 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * Podman pod create --share-parent vs --share=cgroupcdoern2022-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | separated cgroupNS sharing from setting the pod as the cgroup parent, made a new flag --share-parent which sets the pod as the cgroup parent for all containers entering the pod remove cgroup from the default kernel namespaces since we want the same default behavior as before which is just the cgroup parent. resolves #12765 Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
| * System tests: revert emergency skip of checkpoint testsEd Santiago2022-02-10
|/ | | | | | | | | | | Revert #13049. criu-3.16.1-6.fc36 fixes the problem and is now in fc36 stable: https://bodhi.fedoraproject.org/updates/FEDORA-2022-183b337712 (Yes, I confirmed that tests pass on a rawhide vm) Signed-off-by: Ed Santiago <santiago@redhat.com>