summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Kube: Add liveness probe for containers.flouthoc2021-07-17
| | | | Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* Merge pull request #10947 from edsantiago/multiarch_imagesOpenShift Merge Robot2021-07-16
|\ | | | | System tests: fix a multiarch problem
| * System tests: fix a multiarch problemEd Santiago2021-07-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The multi-image load test was failing on non-x86_64 arch, because the images used by the test (:00000000, :20200902) did not have manifests for the given arch. Solution: all we need are two nonlocal images. Use the predefined NONLOCAL_IMAGE for one, and a new :multiimage tag (manually created, currently == :20210610) for the other. Document, so if/when RHEL adds new supported arches, the test will fail but a maintainer will have a clue what to do. Also, as long as I'm in here: add 'image prune -f' to teardown in build.bats, to avoid seeing lots of red "stray image" warnings in test logs. Also: skip a broken/flaky python test Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #10951 from rugk/patch-1OpenShift Merge Robot2021-07-16
|\ \ | | | | | | Randomize the auto-update of podman containers
| * | Randomize the auto-update of podman containersrugk2021-07-15
| |/ | | | | | | | | | | | | | | | | | | | | | | This makes sure, that the podman auto-update is not executed exactly at midnight for the same time always. If many things do the same and many services use this keyword and react at midnight, this can cause a lot of stress to a server. Thus, this adds a 900s/15min delay. As [the arch wiki says](https://wiki.archlinux.org/title/Systemd/Timers#Realtime_timer): > Special event expressions like daily and weekly refer to specific start times and thus any timers sharing such calendar events will start simultaneously. Timers sharing start events can cause poor system performance if the timers' services compete for system resources. The RandomizedDelaySec option in the [Timer] section avoids this problem by randomly staggering the start time of each timer. See systemd.timer(5). Signed-off-by: rugk <rugk+git@posteo.de>
* | Merge pull request #10894 from cdoern/pidPodOpenShift Merge Robot2021-07-15
|\ \ | | | | | | podman pod create --pid flag
| * | podman pod create --pid flagcdoern2021-07-15
| | | | | | | | | | | | | | | | | | | | | | | | added support for --pid flag. User can specify ns:file, pod, private, or host. container returns an error since you cannot point the ns of the pods infra container to a container outside of the pod. Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #10940 from tartina/doctypoOpenShift Merge Robot2021-07-15
|\ \ \ | |_|/ |/| | [CI:DOCS] Correct a typo in documentation
| * | Correct a typo in documentationGuido Aulisi2021-07-15
| | | | | | | | | | | | Signed-off-by: Guido Aulisi <guido.aulisi@gmail.com>
* | | Merge pull request #10939 from Luap99/rootless-cniOpenShift Merge Robot2021-07-15
|\ \ \ | | | | | | | | Fix race conditions in rootless cni setup
| * | | Fix race conditions in rootless cni setupPaul Holzinger2021-07-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There was an race condition when calling `GetRootlessCNINetNs()`. It created the rootless cni directory before it got locked. Therefore another process could have called cleanup and removed this directory before it was used resulting in errors. The lockfile got moved into the XDG_RUNTIME_DIR directory to prevent a panic when the parent dir was removed by cleanup. Fixes #10930 Fixes #10922 To make this even more robust `GetRootlessCNINetNs()` will now return locked. This guarantees that we can run `Do()` after `GetRootlessCNINetNs()` before another process could have called `Cleanup()` in between. [NO TESTS NEEDED] CI is flaking, hopefully this will fix it. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #10937 from vrothberg/auto-updateOpenShift Merge Robot2021-07-15
|\ \ \ \ | | | | | | | | | | auto-update: add --dry-run
| * | | | auto-update: add --dry-runValentin Rothberg2021-07-15
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a --dry-run flag to `podman auto-update` which will look for new images but won't perform any pull or restart any service or container. The "UPDATED" column will now indicate the availability of a newer image via "pending". ``` $ podman auto-update --dry-run UNIT CONTAINER IMAGE POLICY UPDATED container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false ``` Fixes: #9949 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #10932 from edsantiago/e2e_exit_checksOpenShift Merge Robot2021-07-15
|\ \ \ \ | |_|/ / |/| | | e2e tests: use Should(Exit()) and ExitWithError()
| * | | e2e tests: use Should(Exit()) and ExitWithError()Ed Santiago2021-07-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | e2e test failures are rife with messages like: Expected 1 to equal 0 These make me cry. They're anti-helpful, requiring the reader to dive into the source code to figure out what those numbers mean. Solution: Go tests have a '.Should(Exit(NNN))' mechanism. I don't know if it spits out a better diagnostic (I have no way to run e2e tests on my laptop), but I have to fantasize that it will, and given the state of our flakes I assume that at least one test will fail and give me the opportunity to see what the error message looks like. THIS IS NOT REVIEWABLE CODE. There is no way for a human to review it. Don't bother. Maybe look at a few random ones for sanity. If you want to really review, here is a reproducer of what I did: cd test/e2e ! positive assertions. The second is the same as the first, ! with the addition of (unnecessary) parentheses because ! some invocations were written that way. The third is BeZero(). perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(Equal\((\d+)\)\)/Expect($1).Should(Exit($2))/' *_test.go perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(\(Equal\((\d+)\)\)\)/Expect($1).Should(Exit($2))/' *_test.go perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(BeZero\(\)\)/Expect($1).Should(Exit(0))/' *_test.go ! Same as above, but handles three non-numeric exit codes ! in run_exit_test.go perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(Equal\((\S+)\)\)/Expect($1).Should(Exit($2))/' *_test.go ! negative assertions. Difference is the spelling of 'To(Not)', ! 'ToNot', and 'NotTo'. I assume those are all the same. perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(Not\(Equal\((0)\)\)\)/Expect($1).To(ExitWithError())/' *_test.go perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.ToNot\(Equal\((0)\)\)/Expect($1).To(ExitWithError())/' *_test.go perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.NotTo\(Equal\((0)\)\)/Expect($1).To(ExitWithError())/' *_test.go ! negative, old use of BeZero() perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.ToNot\(BeZero\(\)\)/Expect($1).Should(ExitWithError())/' *_test.go Run those on a clean copy of main branch (at the same branch point as my PR, of course), then diff against a checked-out copy of my PR. There should be no differences. Then all you have to review is that my replacements above are sane. UPDATE: nope, that's not enough, you also need to add gomega/gexec to the files that don't have it: perl -pi -e '$_ .= "$1/gexec\"\n" if m!^(.*/onsi/gomega)"!' $(grep -L gomega/gexec $(git log -1 --stat | awk '$1 ~ /test\/e2e\// { print $1}')) UPDATE 2: hand-edit run_volume_test.go UPDATE 3: sigh, add WaitWithDefaultTimeout() to a couple of places UPDATE 4: skip a test due to bug #10935 (race condition) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #10913 from rhatdan/buildOpenShift Merge Robot2021-07-15
|\ \ \ \ | |/ / / |/| | | podman-remote build use .containerignore over .dockerignore
| * | | podman-remote build use .containerignore over .dockerignoreDaniel J Walsh2021-07-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | $ mkdir zzz;cd zzz $ printf "FROM quay.io/libpod/testimage:20210610\nCOPY ./ ./\nCOPY subdir ./\n" >Dockerfile $ printf "*\nsubdir\n\!*/sub1*\n" >.dockerignore $ mkdir subdir; touch subdir/sub1.txt $ ../bin/podman-remote build . Should fail, but succeeds because we are not sending over the .dockerignore file to the server side. This PR will send the .dockerignore so the server side and use it. Fixes: #10907 Also if both .containerignore and .dockerignore in the context directory, podman-remote should prefer .containerignore and not use .dockerignore. Fixes: #10908 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #10936 from AkihiroSuda/issue10929OpenShift Merge Robot2021-07-15
|\ \ \ \ | |_|/ / |/| | | CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf
| * | | CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.confAkihiro Suda2021-07-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix issue 10929 : `[Regression in 3.2.0] CNI-in-slirp4netns DNS gets broken when running a rootful container after running a rootless container` When /etc/resolv.conf on the host is a symlink to /run/systemd/resolve/stub-resolv.conf, we have to mount an empty filesystem on /run/systemd/resolve in the child namespace, so as to isolate the directory from the host mount namespace. Otherwise our bind-mount for /run/systemd/resolve/stub-resolv.conf is unmounted when systemd-resolved unlinks and recreates /run/systemd/resolve/stub-resolv.conf on the host. [NO TESTS NEEDED] Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* | | | Merge pull request #10919 from vikas-goel/macvlanOpenShift Merge Robot2021-07-15
|\ \ \ \ | |_|/ / |/| | | Return macvlan object in /network REST API response
| * | | Return macvlan object in /network REST API responseVikas Goel2021-07-14
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: #10266 Signed-off-by: Vikas Goel <vikas.goel@gmail.com>
* | | | Merge pull request #10909 from rhatdan/docsOpenShift Merge Robot2021-07-14
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Fix up documentation of the userns audit flag
| * | | | Fix up documentation of the userns audit flagDaniel J Walsh2021-07-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add reference to the `containers` user in the /etc/subuid and /etc/subgid files. Fixes: https://github.com/containers/podman/issues/10906 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #10931 from alvistack/master-linux-amd64OpenShift Merge Robot2021-07-14
|\ \ \ \ \ | | | | | | | | | | | | Update nix pin with `make nixpkgs`
| * | | | | Update nix pin with `make nixpkgs`Wong Hoi Sing Edison2021-07-14
| | |_|/ / | |/| | | | | | | | | | | | | Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
* | | | | Merge pull request #10880 from vrothberg/auto-updateOpenShift Merge Robot2021-07-14
|\ \ \ \ \ | |_|/ / / |/| | | | auto-update: make output more user friendly
| * | | | auto-update: make output more user friendlyValentin Rothberg2021-07-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The rather raw and scarce output of `podman auto-update` has been a thorn in my eyes for a longer while. So far, Podman would only print updated systemd units, one per line, without further formatting. Motivated by issue #9949 which is asking for some more useful information in combination with a dry-run feature, I sat down and reflected which information may come in handy. Running `podman auto-update` will now look as follows: ``` $ podman auto-update Trying to pull [...] UNIT CONTAINER IMAGE POLICY UPDATED container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false ``` Also refactor the spaghetti code in the backend a bit to make it easier to digest and maintain. For easier testing and for the sake of consistency with other commands listing output, add a `--format` flag. The man page will get an overhaul in a follow up commit. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | auto update: minor style nitsValentin Rothberg2021-07-13
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | auto update: pass through a contextValentin Rothberg2021-07-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pass a single context.Context through the call stack. If auto-updates will ever be made available for REST calls, the context will help supporting disconnected clients. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | auto-update: use libimage for image checksValentin Rothberg2021-07-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use the `HasDifferentDigest()` method of the image to replace the previous checks if an image needs to be updated. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | auto update: fix authfile detectionValentin Rothberg2021-07-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a bug were an authfile label in a container would mistakenly override the authfile path for all subsequent checks. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | auto-update: make restarted unit more obviousValentin Rothberg2021-07-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The output of auto-update leaves quite some space for improvements. One thing is to make it more obvious which systemd units were restarted. With this change, the output looks as follows: ``` $ podman auto-update Trying to pull... Restarted the following systemd units: $unit-1 $unit-2 $unit-3 ``` Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #10662 from mwhahaha/fix-apiv2-testsOpenShift Merge Robot2021-07-14
|\ \ \ \ \ | | | | | | | | | | | | Fix broken volume and container tests
| * | | | | Fix broken volume and container testsAlex Schultz2021-07-14
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are a handful of tests that aren't actually being run because there are missing \ which is prevented the tests from being executed. Additionally some of the test syntax was incorrect but not showing up because these tests didn't run. Signed-off-by: Alex Schultz <aschultz@redhat.com>
* | | | | Merge pull request #10916 from mheon/fix_7360OpenShift Merge Robot2021-07-14
|\ \ \ \ \ | |/ / / / |/| | | | Perform a one-sided close of HTTP attach conn on EOF
| * | | | Perform a one-sided close of HTTP attach conn on EOFMatthew Heon2021-07-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On EOF of STDIN, we need to perform a one-sided close of the attach connection on the client side, to ensure that STDIN finishing will also cause the exec session to terminate, instead of hang. Fixes #7360 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | Merge pull request #10901 from rsevilla87/manifest-create-argsOpenShift Merge Robot2021-07-13
|\ \ \ \ \ | | | | | | | | | | | | manifest create subcommand should accept more than 2 arguments
| * | | | | Update USE in order to fix testsRaul Sevilla2021-07-13
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Raul Sevilla <rsevilla@redhat.com>
| * | | | | Manifest create subcommand should accept more than 2 argumentsRaul Sevilla2021-07-12
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Raul Sevilla <rsevilla@redhat.com>
* | | | | | Merge pull request #10921 from ↵OpenShift Merge Robot2021-07-13
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/google/uuid-1.3.0 Bump github.com/google/uuid from 1.2.0 to 1.3.0
| * | | | | Bump github.com/google/uuid from 1.2.0 to 1.3.0dependabot[bot]2021-07-13
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.2.0 to 1.3.0. - [Release notes](https://github.com/google/uuid/releases) - [Commits](https://github.com/google/uuid/compare/v1.2.0...v1.3.0) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #10849 from cevich/fix_cron_mailOpenShift Merge Robot2021-07-12
|\ \ \ \ \ | |_|_|/ / |/| | | | [CI:DOCS] Fix cirrus-cron failure notification GH workflow
| * | | | Fix cirrus-cron failure notification GH workflowChris Evich2021-07-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The master->main rename broke this. Also update the runtime along with a comment w/ link to the actual job definitions. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | Merge pull request #10905 from matejvasek/fix-mountOpenShift Merge Robot2021-07-12
|\ \ \ \ \ | | | | | | | | | | | | fix: uid/gid for volume mounted to existing dir
| * | | | | fix: uid/gid for volume mounted to existing dirMatej Vasek2021-07-12
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | If mounting to existing directory the uid/gid should be preserved. Primary uid/gid of container shouldn't be used. Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | | | Merge pull request #10903 from ↵OpenShift Merge Robot2021-07-12
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/storage-1.32.6 Bump github.com/containers/storage from 1.32.5 to 1.32.6
| * | | | | Bump github.com/containers/storage from 1.32.5 to 1.32.6dependabot[bot]2021-07-12
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.32.5 to 1.32.6. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.32.5...v1.32.6) --- updated-dependencies: - dependency-name: github.com/containers/storage dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #10896 from hshiina/pod-psOpenShift Merge Robot2021-07-12
|\ \ \ \ \ | |_|/ / / |/| | | | Restore headers of optional information in 'podman pod ps'
| * | | | Restore headers of optional information in 'podman pod ps'Hironori Shiina2021-07-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When optional information such as container IDs and names in pods, the headers are not displayed. This fix restored the headers. Documentation of this subcommand is also updated. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
* | | | | Merge pull request #10890 from rhatdan/mainOpenShift Merge Robot2021-07-12
|\ \ \ \ \ | |_|/ / / |/| | | | Don't exclude Dockerfile, Containerfiles from tar content