| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\
| |
| | |
[v4.0] bump buildah to 1.24.3
|
| | |
| |
| |
| | |
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \
| |/
|/| |
Backports and release notes for v4.0.3
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The slirp4netns port forwarder was not updated to make use of the new
port format. This results in a problem when port ranges are used since
it does not read the range field from the port.
Update the logic to iterate through all ports with the range and
protocols. Also added a system test for port ranges with slirp4netns,
rootlesskit and the bridge network mode.
Fixes #13643
[Fixed merge conflict]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
enable cgroup delegation when running as a systemd service so all the
available controllers are correctly detected.
Closes: https://github.com/containers/podman/issues/13710
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When you run podman on a non systemd system we should not try to move the
process under a new systemd scope.
[NO NEW TESTS NEEDED]
Ref #13703
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
With podman4 we support netavark, however old versions will still use
cni. Since netavark and cni can conflict we should not mix them.
Remove the network setup from the inital podman command and create the
directories manually to prevent such conflicts.
Also the update to 4.0 changes the network db structure. While it is
compatible from 3.X to 4.0 it will fail the other way around. In this
test it will happen because the cleanup process still uses the old
podman while the network connect/disconnect test already changed the db
format. Therefore the cleanup process cannot see any networks and will
not tear it down. The following start will fail because the ip address
is already assigned.
Fixes #13679
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Fixes: https://github.com/containers/podman/issues/13324
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
WalkDir should be faster the Walk, since we often do
not need to stat files.
[NO NEW TESTS NEEDED] Existing tests should find errors.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Adam Maryniuk <adamaze@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
podman build fails on remote build when using a relative context directory.
This is because the context dir was not being added to the tar, so when remote
the compat build function would not be able to stat the contextDir.
resolves #13293
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Issue #10927 reports `container create failed (no logs from conmon): EOF`
errors. Since we do not know the root cause it would be helpful to try
to get as much info as possible out of the error.
(buffer).ReadBytes() will return the bytes read even when an error
occurs. So when we get an EOF we could still have some valuable
information in the buffer. Lets try to unmarshal them and if this fails
we add the bytes to the error message.
This does not fix the issue but it might help us getting a better error.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Use logrus.IsLevelEnabled because this will cover all levels below it as
well. Currently this condition would fail for the trace log level.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We store the full path to qemu in the machine config. When the path
changes on the host the machine can longer be started. To fix it we get
the path again when we fail to start the machine due the missing binary.
We want to store and use the full path first because otherwise existing
machines can break when the qemu version changed.
[NO NEW TESTS NEEDED] We still have no machine tests.
Fixes #13394
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
podman-remote is considered stable and follows the same semver as
podman.
Fixes a question on the podman mailing list.
https://lists.podman.io/archives/list/podman@lists.podman.io/thread/2DVCU5Z54U4PI5ROTBQXHDBLQSAXAHFU/
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It is not quite clear what the difference between `podman machine set
--rootful` and `podman system connection default` is.
Add a small note with the difference, the --rootful option will also
affect the socket forwarding.
Fixes #13515
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The PlayKube and PlayKubeDown commands accepted a "path" argument to a YAML file
to play. This requires the caller to write the YAML to a file path. The downside
of this is apparent in the HTTP handlers which have to use a temporary file on
disk to store the YAML file.
The file is opened & used as the body of the HTTP request. It's possible to
instead pass a io.Reader and use a fully in-memory request body.
Add backwards-compatible changes to bindings to allow passing either a filepath
or a io.Reader body.
Refactor the podman bindings to use a io.Reader instead of a filepath.
Simplify the HTTP handlers for PlayKube by removing the now unneeded tempfile.
[NO NEW TESTS NEEDED]
Signed-off-by: Christian Stewart <christian@paral.in>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Flag is actually named `rootful` however documented as `root`, fix the
documented example as actual flag.
Both `podman machine init` and `podman machine set` uses flag `rootfull`
[NO TESTS NEEDED]
[NO NEW TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When you run podman stats, the first interval always shows the wrong cpu
usage. To calculate cpu percentage we get the cpu time from the cgroup
and compare this against the system time between two stats. Since the
first time we do not have a previous stats an empty struct is used
instead. Thus we do not use the actual running time of the container but
the current unix timestamp (time since Jan 1 1970).
To fix this we make sure that the previous stats time is set to the
container start time, when it is empty.
[NO NEW TESTS NEEDED] No idea how I could create a test which would have
a predictable cpu usage.
See the linked bugzilla for a reproducer.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2066145
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
We can just calculate the cpu percent for the time the container is
running. There is no need to use datapoints.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When starting a VM that has been configured with volume mounts, the
podman client attempts to connect via TCP to localhost, which runs
gvproxy to proxy an ephemeral port to the VM's ssh port. Previously,
gvproxy was listening on all interfaces and IP addresses, but this
behavior has changed to listening only on the IPv4 loopback address.
Without this change, if a newer build of gvproxy is used, a podman
machine configured with volume mounts will hang forever after "podman
machine start" with "Waiting for VM ...".
[NO NEW TESTS NEEDED]
Signed-off-by: Burt Holzman <burt@fnal.gov>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Every exec session run attached will, on exit, do two things: it
will signal the associated `podman exec` that it is finished (to
allow Podman to collect the exit code and exit), and spawn a
cleanup process to clean up the exec session (in case the `podman
exec` process died, we still need to clean up). If an exec
session is created that exits almost instantly, but generates a
large amount of output (e.g. prints thousands of lines), the
cleanup process can potentially execute before `podman exec` has
a chance to read the exit code, resulting in errors. Handle this
by detecting if the cleanup process has already removed the exec
session before handling the error from reading the exec exit
code.
[NO NEW TESTS NEEDED] I have no idea how to test this in CI.
Fixes #13227
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The documentation files for `Containerfile` and `containerignore` have
been moved from the `buildah` repository to the `common` repository.
ref: https://github.com/containers/buildah/commit/488e8654ea
Signed-off-by: John Kristensen <john@jerrykan.com>
|
| | |
| |
| |
| |
| |
| | |
Fixes #13596
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We cannot use local var outside of a function. We have to use a global
one.
Log: https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/5970023511490560/html/compose_v2-podman-fedora-35-root-host.log.html
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
do not print a warning on cgroup removal if it doesn't exist.
Closes: https://github.com/containers/podman/issues/13382
[NO NEW TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Containers started with `--no-healthcheck` are configured to contain no
healthcheck and test configured as `NONE`. Podman shows wrong status as
such use cases.
Following commit fixes the faulty behavior of stauts field for
containers started with `--no-healthcheck`
Signed-off-by: Aditya R <arajan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Resolves: #13557
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
drop a warning for runc not supporting cgroup v2 on Fedora 31.
[NO NEW TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The calculate the percentage we need floating point numbers. The current
code however casted the result of reclaimable/size to an int first.
Casting to an int in go will just discard the decimal points, thus the
result was either 0 or 1 so if multiplied by 100 it would show up as 0%
or 100%.
To fix this we have to multiply by 100 first before casting the result
to an int. Also add a check for div by zero which results in NaN and use
math.Round() to correctly round a number.
Ref #13516
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
One of the pod tests was leaving a stray image behind,
causing scary red warnings in CI logs. Clean that up.
Also, now that #13541 has merged, use 'rmi --ignore' instead of
ignoring exit status from rmi
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Kuldar Kaasik <kaasikkuldar@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Reading from the nc socket is flaky because docker-compose only starts
the containers. We cannot know at this point if the container did already
send the message. Give the container 5 seconds time to send the message
to prevent flakes.
This happened rarely with compose v1 but it looks like it will happen a
lot more with compose v2.
Example failure log:
https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/6567556239589376/html/compose_v2-podman-fedora-35-rootless-host.log.html
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We need to use different ipv6 subnets for the tests since they can
collide otherwise when the tests are run in parallel.
In the future we should rethink hardcoding subnets for ipv4/ipv6. This
will make it impossible to run these tests if the subnet is already used
on the host.
Example log: https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/5711403297275904/html/int-podman-fedora-35-root-host-netavark.log.html#t--podman-network-create-with-multiple-subnets-dual-stack-with-gateway-and-range--1
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Inside the podman machine vm we always remove the hostip from the port
mapping because this should only be used on the actual host. Otherwise
you run into issues when we would bind 127.0.0.1 or try to bind a
host address that is not available in the VM.
This was already done for cni/netavark ports and slirp4netns but not for
the port bindings inside libpod which are only used as root.
[NO NEW TESTS NEEDED] We still do not have machine tests!
Fixes #13543
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Make sure to ignore local {container,docker}ignore files when building a
local pause image. Otherwise, we may mistakenly not be able to copy
catatonit into the build container.
Fixes: #13529
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When podman generate systemd is invoked, it previously did not check if
container-prefix or pod-prefix are empty. When these are empty, the file name
starts with the separator, which is hyphen by default. This results in files
like '-containername.service'.
The code now checks if these prefixes are empty. If they are, the filename no
longer adds a separator. Instead, it uses name or ID of the container or pod.
Closes #13272
Signed-off-by: Nirmal Patel <npate012@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
The example is also improved to add the --subnet option, this option is required with netavark, else you get:
Error: macvlan driver needs at least one subnet specified, DHCP is not supported with netavark
Signed-off-by: Clayton Craft <clayton@craftyguy.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When podman is build without git commit information it will print a
empty newline instead. This is undesirable and a regression introduced
in commit 7d22cc88ef38.
To test build podman with `go build -mod=vendor -o bin/podman ./cmd/podman`
and check the output of bin/podman version with and without this commit.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When enable_ipv6=true is set for slirp4netns (default since podman v4),
we will try to set the accept sysctl. This sysctl will not exist on
systems that have ipv6 disabled. In this case we should not error and
just ignore the extra ipv6 setup.
Also the current logic to wait for the slirp4 setup was kinda broken, it
did not actually wait until the sysctl was set before starting slirp.
This should now be fixed by using two `sync.WaitGroup`s.
[NO NEW TESTS NEEDED]
Fixes #13388
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The permissions on disk were wrong since we were not converting to
octal.
Fixes: https://github.com/containers/podman/issues/13108
[NO NEW TESTS NEEDED] Since we don't currently test using the docker
client
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
pprof tests are way too flaky, and are causing problems for
community contributors who don't have privs to press Re-run.
There has been no activity or interest in fixing the bug,
and it's not something I can fix. So, just disable the test.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Secret-verify-leak is causing flakes, when running in parallel tests.
This is because remote secrets are copied into the context directory to
send to the API server, and secret-verify-leak is doing a COPY * and
then checking if the temporary secret file ends up in the container or
not. Since all the temporary files are prefixed with
"podman-build-secret", this test checks if podman-build-secret is in the
image. However, when run in parallel with other tests, other temporary
podman-build-secrets might be in the context dir. Moving
secret-verify-leak into its own directory makes sure that the context
dir is used only by this one test.
Also renamed Dockerfile -> Containerfile and cleaned up unused
Containerfiles.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| | |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Thibault Gagnaux <tgagnaux@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Error out if the kube yaml passed to play kube has more
than one container or init container with the same name.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
