summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Bump github.com/opencontainers/selinux from 1.7.0 to 1.8.0dependabot-preview[bot]2020-12-16
| | | | | | | | | Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.7.0...v1.8.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8312 from cevich/new_ubuntu_imagesOpenShift Merge Robot2020-12-16
|\ | | | | Cirrus: Update VM Images; Both Fedora and Ubuntu "prior" flavors run with CGroupsV1 & runc
| * Fix: unpause not supported for CGv1 rootlessChris Evich2020-12-16
| | | | | | | | | | | | Thanks Ed Santiago <santiago@redhat.com> for the fix. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Disable incompatible rootless + CGroupsV1 testsChris Evich2020-12-15
| | | | | | | | | | | | | | | | | | | | These tests simply will not work under these conditions. Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04 (prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and Ubuntu 20.10 were updated to always use CGroupsV2 with crun. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Disable rootless pod stats tests w/ CgroupV1Chris Evich2020-12-15
| | | | | | | | | | | | | | | | | | | | | | When running as rootless, on a CgroupV1 host these tests all report: `Error: pod stats is not supported in rootless mode without cgroups v2` Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04 (prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and Ubuntu 20.10 were updated to always use CGroupsV2 with crun. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Disable CGv1 pod stats on net=host postChris Evich2020-12-15
| | | | | | | | | | | | | | | | | | | | | | This should be addressed by PR https://github.com/containers/podman/pull/8685 Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04 (prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and Ubuntu 20.10 were updated to always use CGroupsV2 with crun. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Disable pod stats tests in containerized Fedora w/ CGroupsV1Chris Evich2020-12-15
| | | | | | | | | | | | | | | | | | | | | | | | | | Nearly/all of the 'podman stats' tests fail on Fedora when executing testing inside a container, and CGroupsV1 is used on the host. The typical failure message is of the form `Error: unable to load cgroup at /machine.slice/.../: cgroup deleted`. Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04 (prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and Ubuntu 20.10 were updated to always use CGroupsV2 with crun. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Disable blkio.weight test on UbuntuChris Evich2020-12-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | These tests fail with `Error: opening file `io.bfq.weight` for writing: Permission denied: OCI permission denied`. Upon examination of the VMs, it was found the kernel and OS lacks support for the `BFQ` scheduler (which supplies the `weight` option). The only available schedulers are `none` and `mq-deadline`. Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04 (prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and Ubuntu 20.10 were updated to always use CGroupsV2 with crun. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Add support for Ubuntu 20.xChris Evich2020-12-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously automation always dropped the minor version number for distributions. This was intended for presentation and conditional simplicity. Bash does not support non-integer comparison natively. With the release of version 20.10, supporting testing with it and the LTS release (20.04) requires scripts to consider minor version numbers for Ubuntu VMs. This is necessary because many times in the past, some behaviors needed to be conditional on the release version number. With this commit, the images and embedded scripts/tooling uses an altered format of `$UBUNTU_NAME', `$PRIOR_UBUNTU_NAME`, and (crucially) `$OS_RELEASE_VER` and `$OS_REL_VER`. Any `.` characters appearing in the official version (from `/etc/os-release`) are dropped, and the result is concatenated. For example the current Ubuntu LTS version is `20.04`. Prior to this commit, `$OS_RELEASE_VER` would have been `20`. With this change, `$OS_RELEASE_VER` will now show `2004`. Similarly `20.10` is shown as `2010`. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #8715 from baude/bindings3imagesOpenShift Merge Robot2020-12-16
|\ \ | | | | | | Podman image bindings for 3.0
| * | Podman image bindings for 3.0baude2020-12-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Begin the migration of the image bindings for podman 3.0. this includes the use of options for each binding. build was intentionally not converted as I believe it needs more discussion before migration. specifically, the build options themselves. also noteworthly is that the remove image and remove images bindings were merged into one. the remove images (or batch remove) has one downside in that the errors return no longer adhere to http return codes. this should be discussed and reimplemented in subsequent code. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8730 from rhatdan/logOpenShift Merge Robot2020-12-16
|\ \ \ | | | | | | | | Add LogSize to container inspect
| * | | Add LogSize to container inspectDaniel J Walsh2020-12-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Other log options are available so we need to add ability to look up LogSize. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8720 from edsantiago/batsOpenShift Merge Robot2020-12-16
|\ \ \ \ | |_|_|/ |/| | | system tests: the catch-up game
| * | | system tests: the catch-up gameEd Santiago2020-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - run test: minor cleanup to .containerenv test. Basically, make it do only two podman-runs (they're expensive) and tighten up the results checks - ps test: add ps -a --storage. Requires small tweak to run_podman helper, so we can have "timeout" be an expected result - sdnotify test: workaround for #8718 (seeing MAINPID=xxx as last output line instead of READY=1). As found by the newly-added debugging echos, what we are seeing is: MAINPID=103530 READY=1 MAINPID=103530 It's not supposed to be that way; it's supposed to be just the first two. But when faced with reality, we must bend to accommodate it, so let's accept READY=1 anywhere in the output stream, not just as the last line. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #8723 from matejvasek/cleanup-tmp-fileOpenShift Merge Robot2020-12-15
|\ \ \ \ | |_|/ / |/| | | Clean up temporary file.
| * | | Clean up temporary file.Matej Vasek2020-12-15
| |/ / | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | Merge pull request #8726 from giuseppe/conmon-rootless-errs-to-infoOpenShift Merge Robot2020-12-15
|\ \ \ | | | | | | | | libpod, conmon: change log level for rootless
| * | | contrib: drop mirror.chpc.utah.edu:443Giuseppe Scrivano2020-12-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | remove unused mirror from list of required host/ports: the host is unreachable due to DNS misconfiguration, and it doesn't look like we need it for anything anyway. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | libpod, conmon: change log level for rootlessGiuseppe Scrivano2020-12-15
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Change the log level when running as rootless when moving conmon to a different cgroup. Closes: https://github.com/containers/podman/issues/8721 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #8725 from rhatdan/TMPDIROpenShift Merge Robot2020-12-15
|\ \ \ | |/ / |/| | Allow users to specify TMPDIR in containers.conf
| * | Allow users to specify TMPDIR in containers.confDaniel J Walsh2020-12-15
|/ / | | | | | | | | | | | | | | | | | | | | Currently we hard code TMPDIR environment variable to /var/tmp if it is not set in the Environment. This causes TMPDIR environment variable to be ignored if set in containers.conf. This change now uses the host environment TMPDIR, followed by containers.conf and then hard codes TMPDIR, if it was not set. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8692 from rhatdan/networkOpenShift Merge Robot2020-12-14
|\ \ | | | | | | [CI:DOCS] Cleanup CNI Networks on reboot
| * | Cleanup CNI Networks on rebootDaniel J Walsh2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CNI sometimes leaves Network information in /var/lib/cni/networks when the system crashes or containers do not shut down properly. This PR will cleanup these left over files, so that container engines will get a clean enviroment when the system reboots. Related to: https://github.com/containers/podman/issues/3759 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8714 from edsantiago/more_journald_rootless_skipsOpenShift Merge Robot2020-12-14
|\ \ \ | |_|/ |/| | RHEL gating tests: more journald exceptions
| * | RHEL gating tests: more journald exceptionsEd Santiago2020-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to #8284, due to my not having noticed #8096. RHEL gating tests are failing again due to rhbz#1895105, the one where we can't run journalctl rootless on RHEL. #8284 fixed this for some RHEL builds of older podman, but I missed #8096 which added yet another logs test. This brings us to three journalctl exceptions, which means it gets complicated because I have to refactor it all. **THIS IS NOT SUSTAINABLE**. We need some way to have a similar setup in CI, with a permission-less rootless login, so we don't add yet another logs test some day and discover, months later, that it doesn't work on RHEL and then have to go into crisis mode. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #8696 from Luap99/podman-events-untilOpenShift Merge Robot2020-12-14
|\ \ \ | | | | | | | | podman events allow future time for --until
| * | | podman events allow future time for --untilPaul Holzinger2020-12-11
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The podman events aren't read until the given timestamp if the timestamp is in the future. It just reads all events until now and exits afterwards. This does not make sense and does not match docker. The correct behavior is to read all events until the given time is reached. This fixes a bug where the wrong event log file path was used when running first time with a new storage location. Fixes #8694 This also fixes the events api endpoint which only exited when an error occurred. Otherwise it just hung after reading all events. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8693 from giuseppe/drop-valid-id-in-userns-checkOpenShift Merge Robot2020-12-14
|\ \ \ | | | | | | | | podman: drop checking valid rootless UID
| * | | podman: drop checking valid rootless UIDGiuseppe Scrivano2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | do not check whether the specified ID is valid in the user namespace. crun handles this case[1], so the check in Podman prevents to get to the OCI runtime at all. $ podman run --user 10:0 --uidmap 0:0:1 --rm -ti fedora:33 sh -c 'id; cat /proc/self/uid_map' uid=10(10) gid=0(root) groups=0(root),65534(nobody) 10 0 1 [1] https://github.com/containers/crun/pull/556 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #8689 from bblenard/issue-8672-volume-pruneOpenShift Merge Robot2020-12-14
|\ \ \ \ | | | | | | | | | | Add volume prune --filter support
| * | | | Add volume prune --filter supportBaron Lenardson2020-12-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds support for the `--filter` / `?filters` arguments on the `podman volume prune` subcommand. * Adds ParseFilterArgumentsIntoFilters helper for consistent Filter string slice handling * Adds `--filter` support to podman volume prune cli * Adds `?filters...` support to podman volume prune api * Updates apiv2 / e2e tests Closes #8672 Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
* | | | | Merge pull request #8699 from Luap99/network-flag-completionOpenShift Merge Robot2020-12-14
|\ \ \ \ \ | |_|_|_|/ |/| | | | shell completion for the network flag
| * | | | shell completion for the network flagPaul Holzinger2020-12-12
| | |_|/ | |/| | | | | | | | | | | | | | | | | | Complete all the options e.g. `container:`,`ns:`,`host`, etc... Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #8553 from baude/composeciOpenShift Merge Robot2020-12-12
|\ \ \ \ | | | | | | | | | | add compose regression to ci
| * | | | add compose test descriptionsbaude2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | adding compose test descriptions and validations. Signed-off-by: baude <bbaude@redhat.com>
| * | | | test-compose: rewrite to new subdir formEd Santiago2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ...in which we use all-local tests Signed-off-by: Ed Santiago <santiago@redhat.com>
| * | | | add compose regression to cibaude2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to prevent any regressions, we should be running regression tests using compose. Signed-off-by: baude <bbaude@redhat.com>
| * | | | WIP: test docker-composeEd Santiago2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git-fetch a set of docker-compose examples Add a mechanism for 'curl'ing to verify that service is up. For each docker-compose directory: 1) test that it comes up 2) use 'curl' to confirm that the service is up 3) bring it back down Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #7718 from QiWang19/sign-multi-archOpenShift Merge Robot2020-12-12
|\ \ \ \ \ | | | | | | | | | | | | Sign multi-arch images
| * | | | | Sign multi-arch imagesQi Wang2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman image sign handles muti-arch images. --all option to create signature for each manifest from the image manifest list. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | Merge pull request #8676 from jwhonce/issues/7806OpenShift Merge Robot2020-12-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | Refine public key usage when remote
| * | | | | | Refine public key usage when remoteJhon Honce2020-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move all public key handling into one AuthMethod. Prioritize ssh-agent keys over identity files. * Cache server connection when tunneling, saves one RoundTrip on ssh handshake Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | | Merge pull request #8688 from rhatdan/startOpenShift Merge Robot2020-12-11
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | Handle --rm when starting a container
| * | | | | | Handle --rm when starting a containerDaniel J Walsh2020-12-11
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman start should follow the same behaviour as podman run when removing a container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #8686 from Luap99/logs-stderrOpenShift Merge Robot2020-12-11
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | podman logs honor stderr correctly
| * | | | | podman logs honor stderr correctlyPaul Holzinger2020-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make the ContainerLogsOptions support two io.Writers, one for stdout and the other for stderr. The logline already includes the information to which Writer it has to be written. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | | Merge pull request #8690 from zhangguanzhang/apiv2-wrong-ImgNameOpenShift Merge Robot2020-12-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix Wrong img name used when creating a container from an image which had multi names
| * | | | | | Fix Wrong image tag is used when creating a container from an image with ↵zhangguanzhang2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | multiple tags Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | | | | Merge pull request #8691 from Luap99/network-compatOpenShift Merge Robot2020-12-11
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | Fix some network compat api problems