summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Bump to v4.0.1v4.0.1Matthew Heon2022-02-23
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Update release notes for v4.0.1Matthew Heon2022-02-23
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Fix a potential flake in volume plugins testsMatthew Heon2022-02-23
| | | | | | | | | We could remove the container running the volume plugins, before the containers using the volume plugins; this could cause unmounting the volumes to fail because the plugin could not be contacted. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Propagate $CONTAINERS_CONF to conmonDavid Gibson2022-02-23
| | | | | | | | | | | | | | | | | | | | | The CONTAINERS_CONF environment variable can be used to override the configuration file, which is useful for testing. However, at the moment this variable is not propagated to conmon. That means in particular, that conmon can't propagate it back to podman when invoking its --exit-command. The mismatch in configuration between the starting and cleaning up podman instances can cause a variety of errors. This patch also adds two related test cases. One checks explicitly that the correct CONTAINERS_CONF value appears in conmon's environment. The other checks for a possible specific impact of this bug: if we use a nonstandard name for the runtime (even if its path is just a regular crun), then the podman container cleanup invoked at container exit will fail. That has the effect of meaning that a container started with -d --rm won't be correctly removed once complete. Fixes #12917 Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* tests: Remove inaccurate commentDavid Gibson2022-02-23
| | | | | | | | This comment refers to overiding $PODMAN although the code below does nothing of the sort. Presumbly the comment has been outdated by altering the containers.conf / $CONTAINERS_CONF instead. Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* System tests: show one-line config overviewEd Santiago2022-02-23
| | | | | | | | | | | | | We're running into problems that are impossible to diagnose because we have no idea if the SUT is using netavark or CNI. We've previously run into similar problems with runc/crun, or cgroups 1/2. This adds a one-line 'echo' with important system info. Now, when viewing a full test log, it will be possible to view system settings in one glance. Signed-off-by: Ed Santiago <santiago@redhat.com>
* provide better error on invalid flagPaul Holzinger2022-02-23
| | | | | | | | | | | | | | | Add a extra `See 'podman command --help'` to the error output. With this patch you now get: ``` $ podman run -h Error: flag needs an argument: 'h' in -h See 'podman run --help' ``` Fixes #13082 Fixes #13002 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* use GetRuntimeDir() from c/commonPaul Holzinger2022-02-23
| | | | | | | | | To prevent duplication and potential bugs we should use the same GetRuntimeDir function that is used in c/common. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* kube: honor --build=false and make --build=true by defaultAditya R2022-02-23
| | | | | | | | `podman play kube` tries to build images even if `--build` is set to false so lets honor that and make `--build` , `true` by default so it matches the original behviour. Signed-off-by: Aditya R <arajan@redhat.com>
* system tests: cleanup networks on teardownPaul Holzinger2022-02-23
| | | | | | | | When a test which creates a network fail it will not remove the network. The teardown logic should remove the networks. Since there is no --all option for network rm we use network prune --force. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Remove the runtime lockMatthew Heon2022-02-23
| | | | | | | | | | | | | | | | This primarily served to protect us against shutting down the Libpod runtime while operations (like creating a container) were happening. However, it was very inconsistently implemented (a lot of our longer-lived functions, like pulling images, just didn't implement it at all...) and I'm not sure how much we really care about this very-specific error case? Removing it also removes a lot of potential deadlocks, which is nice. [NO NEW TESTS NEEDED] Signed-off-by: Matthew Heon <mheon@redhat.com>
* Don't log errors on removing volumes inuse, if container --volumes-fromDaniel J Walsh2022-02-23
| | | | | | | | | | | When removing a container created with a --volumes-from a container created with a built in volume, we complain if the original container still exists. Since this is an expected state, we should not complain about it. Fixes: https://github.com/containers/podman/issues/12808 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* kube: honor mount propagation modeGiuseppe Scrivano2022-02-23
| | | | | | | convert the propagation mode specified for the mount to the expected Linux mount option. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Load ip_tables modules at bootPaul Holzinger2022-02-23
| | | | | | | | | | | | | | | | | | Rootless users cannot load the ip_tables module, in fedora 36 this module is no longer loaded by default so we have to add it manually. This is needed because rootless network setup tries to use iptables and if iptables-legacy is used instead of iptables-nft it will fail. To provide a better user experience we will load the module at boot. Note that this is not needed for RHEL because iptables-legacy is not supported on RHEL 8 and newer. [NO NEW TESTS NEEDED] Fixes #12661 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #13251 from cevich/new_4.0_vm_imagesOpenShift Merge Robot2022-02-19
|\ | | | | [v4.0] Cirrus: Update VM Images for 4.0 release
| * Cirrus: Disable F34 aka prior-fedora testingChris Evich2022-02-17
| | | | | | | | | | | | | | | | | | | | Podman 4.0 will never be supported in F34, and the use of F35 in CI is temporary until F36 is brought up to speed. Rather than fight with testing issues that will never be fixed/supported, simply disable it. This commit may be reverted at a future date when F36 VM support is added. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Update VM Images for 4.0 releaseChris Evich2022-02-17
|/ | | | | | | | | | This is to ensure VM images for CI, which contain the intended dependency versions to support the podman 4.0 release. Ref: https://github.com/containers/automation_images/pull/114 Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #13255 from mheon/bump_400_finalOpenShift Merge Robot2022-02-17
|\ | | | | Bump to v4.0.0 final
| * Bump to v4.0.1-devMatthew Heon2022-02-17
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Bump to v4.0.0Matthew Heon2022-02-17
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Release notes for v4.0.0 finalv4.0.0Matthew Heon2022-02-17
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Fix lintMatthew Heon2022-02-17
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Fix manifest 4.0 EndpointsJhon Honce2022-02-17
| | | | | | | | | | | | Branch forced 4.0 only endpoints Signed-off-by: Jhon Honce <jhonce@redhat.com>
| * Introduce podman machine init --root=t|f and podman machine set --root=t|fJason T. Greene2022-02-16
| | | | | | | | | | | | Switch default to rootless for mac and windows Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
| * Initial implementation of mac forwarding using a privileged docker sock ↵Jason T. Greene2022-02-16
| | | | | | | | | | | | claim helper Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
| * ignition: propagate proxy settings from a host into a vmesendjer2022-02-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set proxy settings (such as `HTTP_PROXY`, and others) for the whole guest OS with setting up `DefaultEnvironment` with a `systemd` configuration file `default-env.conf`, a `profile.d` scenario file - `default-env.sh` and a `environment.d` configuration file `default-env.conf` The **actual** environment variables are read by podman at a start, then they are encrypted with base64 into a single string and after are provided into a VM through QEMU Firmware Configuration (fw_cfg) Device Inside a VM a systemd service `envset-fwcfg.service` reads the providead encrypted string from fw_cfg, decrypts and then adds to the files - `/etc/systemd/system.conf.d/default-env.conf` - `/etc/profile.d/default-env.sh` - `/etc/environment.d/default-env.conf` At the end this service execute `systemctl daemon-reload` to propagate new variables for systemd manager [NO NEW TESTS NEEDED] Closes #13168 Signed-off-by: esendjer <esendjer@gmail.com>
| * Update to podman4 copr streamJason T. Greene2022-02-16
| | | | | | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
| * Unify ls --filter docs for networks and podsPatrycja Guzik2022-02-16
| | | | | | | | | | | | Signed-off-by: Patrycja Guzik <patrycja.k.guzik@gmail.com> #13078 follow-up
| * e2e: merge after/since image-filter testsValentin Rothberg2022-02-16
| | | | | | | | | | | | | | Merge the two tests to speed up testing. Both built the exact same images. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
| * podman network: add documentation for netavarkPaul Holzinger2022-02-16
| | | | | | | | | | | | | | Add some docs about the different network backends. Also remove the CNI word from network since we refer to either a netavark or CNI config. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * create: Fix key=value annotation in the flag outputMorten Linderud2022-02-16
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Morten Linderud <morten@linderud.pw>
| * enable netavark specific testsLokesh Mandvekar2022-02-16
| | | | | | | | | | | | | | These are copies of the CNI tests with modifications wherever neccessary. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
| * Fix checkpoint/restore pod testsAdrian Reber2022-02-16
| | | | | | | | | | | | | | | | | | Checkpoint/restore pod tests are not running with an older runc and now that runc 1.1.0 appears in the repositories it was detected that the tests were failing. This was not detected in CI as CI was not using runc 1.1.0 yet. Signed-off-by: Adrian Reber <areber@redhat.com>
| * Make sure building with relative paths work correctly.Daniel J Walsh2022-02-16
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/12763 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Add 409 response to swagger godocJhon Honce2022-02-16
|/ | | | | | | | | When attempting to create a network with a name that already exists, a 409 status code will be returned [NO NEW TESTS NEEDED] Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #13233 from baude/v4.0fcossideOpenShift Merge Robot2022-02-16
|\ | | | | [BACKPORT] V4.0fcosside
| * Fix images since/after testsBrent Baude2022-02-16
| | | | | | | | | | | | | | | | For the since and after imagve filter tests, instead of using the read-only cache of images, we just use the empty r/w store. We then build three images that are strictly predictable. Signed-off-by: Brent Baude <bbaude@redhat.com>
| * Changes of docker descriptionsBrent Baude2022-02-16
| | | | | | | | | | | | | | | | | | It looks like some descriptions have changed on the docker registry where we had been searching for images that include 'alpine'. We are now seeing an image in the initial list that has 'alpine' in its description. Signed-off-by: Brent Baude <bbaude@redhat.com>
| * Temporarily pull machine images from side repoBrent Baude2022-02-14
| | | | | | | | | | | | | | | | | | | | | | Until podman4 is in the fcos trees, we need to pull the machine images from a side repository. There is a hard coded bit that forces the side repo download right now. Simple comment or removal of the bit will revert to normal download behavior. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #13249 from baude/backporte2efixesOpenShift Merge Robot2022-02-16
|\ \ | |/ |/| [BACKPORT] Backporte2efixes
| * Fix images since/after testsBrent Baude2022-02-16
| | | | | | | | | | | | | | | | For the since and after imagve filter tests, instead of using the read-only cache of images, we just use the empty r/w store. We then build three images that are strictly predictable. Signed-off-by: Brent Baude <bbaude@redhat.com>
| * Changes of docker descriptionsBrent Baude2022-02-16
|/ | | | | | | | | It looks like some descriptions have changed on the docker registry where we had been searching for images that include 'alpine'. We are now seeing an image in the initial list that has 'alpine' in its description. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #13216 from cevich/ci_updatesOpenShift Merge Robot2022-02-14
|\ | | | | [4.0] Enable Netavark/Aardvark-DNS CI Testing
| * Cirrus: TODO: netavark/aardvark release branchesChris Evich2022-02-11
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Expand netavark testing to include rootlessChris Evich2022-02-11
| | | | | | | | | | | | | | | | | | | | The list of netavark/aardvark-dns tasks is likely to be ever-growing for the near-term. Consolidate them into a single task entry with a matrix attribute to make future expansions less YAML-duplicative. Also, re-arrange it to fall in-between the CNI integration and system task sections. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Minor - limit release task applicabilityChris Evich2022-02-11
| | | | | | | | | | | | | | | | | | | | | | | | This task/test is guaranteed to fail on non-release PRs. Upon reviewing actual practice and the release docs, this task should be limited to PRs with a title containing `release` or `bump` keywords. Also fix a minor comment typo. Ref: https://github.com/containers/podman/pull/13106#pullrequestreview-869855449 Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Add [CI:BUILD] magic that only buildsChris Evich2022-02-11
| | | | | | | | | | | | | | | | This is intended for cases where no code changes were made in this repo. but something did change which could affect the toolchain. For example, `Makefile` or packaging changes. Signed-off-by: Chris Evich <cevich@redhat.com>
| * CI: fix nightly buildsLokesh Mandvekar2022-02-11
| | | | | | | | | | | | | | | | | | | | | | | | Nightly builds were failing on CI ever since the Makefile change to have install target independent of build targets. See: e4636ebdc84ca28cf378873435cc9a27c81756f8 This commit ensures everything is built before installation. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
| * Cirrus: Log netavark/aardvark binary build info.Chris Evich2022-02-11
| | | | | | | | | | | | | | | | Enabled by: * https://github.com/containers/netavark/pull/191 * https://github.com/containers/aardvark-dns/pull/36 Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Add netavark/aardvark system test taskChris Evich2022-02-11
| | | | | | | | | | | | | | Also add a system-test that verifies netavark driver is in use when magic env. var. is set. Signed-off-by: Chris Evich <cevich@redhat.com>