summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #12354 from Luap99/exit-commandOpenShift Merge Robot2021-11-18
|\ | | | | Do not store the exit command in container config
| * Do not store the exit command in container configPaul Holzinger2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a problem with creating and storing the exit command when the container was created. It only contains the options the container was created with but NOT the options the container is started with. One example would be a CNI network config. If I start a container once, then change the cni config dir with `--cni-config-dir` ans start it a second time it will start successfully. However the exit command still contains the wrong `--cni-config-dir` because it was not updated. To fix this we do not want to store the exit command at all. Instead we create it every time the conmon process for the container is startet. This guarantees us that the container cleanup process is startet with the correct settings. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11957 from edsantiago/batsOpenShift Merge Robot2021-11-18
|\ \ | | | | | | System tests: new checkpoint test
| * | System tests: new checkpoint testsEd Santiago2021-11-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | Includes a test for the stdout-goes-away bug (crun #756). Skip on Ubuntu due to a many-months-old kernel bug that keeps getting fixed and then un-fixed. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #12295 from flouthoc/filter-label-patternOpenShift Merge Robot2021-11-18
|\ \ \ | | | | | | | | filters: add basic pattern matching for label keys i.e `--filter label=<pattern>`
| * | | filter: add basic pattern matching for label keysAditya Rajan2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following PR adds basic pattern matching to filter by labels for `keys`. Adds support for use-cases like `--filter label=some.prefix.com/key/*` where end-users want to match a pattern for keys as compared to exact value. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | | Merge pull request #12298 from giuseppe/idmapped-bind-mountsOpenShift Merge Robot2021-11-18
|\ \ \ \ | | | | | | | | | | volumes: add new option idmap
| * | | | volumes: add new option idmapGiuseppe Scrivano2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pass down the "idmap" mount option to the OCI runtime. Needs: https://github.com/containers/crun/pull/780 Closes: https://github.com/containers/podman/issues/12154 [NO NEW TESTS NEEDED] there is no crun version yet that support the new feature. Test case (must run as root): podman run --rm -v foo:/foo alpine touch /foo/bar podman run --uidmap 0:1:1000 --rm -v foo:/foo:idmap alpine ls -l /foo total 0 -rw-r--r-- 1 root root 0 Nov 15 14:01 bar Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #12314 from Luap99/machine-wait-sshdOpenShift Merge Robot2021-11-18
|\ \ \ \ \ | | | | | | | | | | | | podman machine start wait for ssh
| * | | | | podman machine start wait for sshPaul Holzinger2021-11-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Wait for sshd to be ready before we return from start. This should make podman machine ssh immediately available without any race conditions. Fixes #11532 [NO NEW TESTS NEEDED] I could not reproduce the issue so I am not sure if this fixes it. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #12348 from Luap99/rootless-netnsOpenShift Merge Robot2021-11-18
|\ \ \ \ \ \ | | | | | | | | | | | | | | rootless netns, one netns per libpod tmp dir
| * | | | | | rootless netns, one netns per libpod tmp dirPaul Holzinger2021-11-18
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The netns cleanup code is checking if there are running containers, this can fail if you run several libpod instances with diffrent root/runroot. To fix it we use one netns for each libpod instances. To prevent name conflicts we use a hash from the static dir as part of the name. Previously this worked because we would use the CNI files to check if the netns was still in use. but this is no longer possible with netavark. [NO NEW TESTS NEEDED] Fixes #12306 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #12333 from rst0git/file-locksOpenShift Merge Robot2021-11-18
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | Add --file-locks checkpoint/restore option
| * | | | | Add test for checkpoint/restore with --file-locksRadostin Stoyanov2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
| * | | | | Add --file-locks checkpoint/restore optionRadostin Stoyanov2021-11-18
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CRIU supports checkpoint/restore of file locks. This feature is required to checkpoint/restore containers running applications such as MySQL. Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
* | | | | Merge pull request #12342 from vrothberg/fix-12334OpenShift Merge Robot2021-11-18
|\ \ \ \ \ | |/ / / / |/| | | | remote checkpoint/restore: more fixes
| * | | | remote checkpoint/restore: more fixesValentin Rothberg2021-11-18
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support `checkpoint --pre-checkpoint` * Support `checkpoint --with-previous` * Disable `restore --import-previous` for the remote client since we had to send two files which in turn would require to tar them up and hence be a breaking change. Podman 4.0 would be the chance and I hope we'll find time before that to remote-restore prettier. Note that I did not run over swagger yet to check whether all parameters are actually documented due to time constraints. Fixes: #12334 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12343 from vrothberg/fix-ciOpenShift Merge Robot2021-11-18
|\ \ \ \ | | | | | | | | | | fix CI
| * | | | fix CIValentin Rothberg2021-11-18
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Our fedora-minimal image on Quay bases on fedora-minimal:latest which starting with F35 removed a number of binaries that our CI depends on. Fix that by pulling `fedora-minimal:34` from the Fedora registry directly. Once the build bot on Quay has been disabled, we move the image over there to make sure that it will not change over time. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12330 from etenzy/mainOpenShift Merge Robot2021-11-18
|\ \ \ \ | | | | | | | | | | fix: take absolute path for dd on apple silicon
| * | | | fix: take absolute path for dd on apple siliconetenzy2021-11-17
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #12329 [NO NEW TESTS NEEDED] podman machine Signed-off-by: Michael Rödel <hello@mroedel.de>
* | | | Merge pull request #12325 from giuseppe/rootless-use-auto-cleanupOpenShift Merge Robot2021-11-17
|\ \ \ \ | | | | | | | | | | rootless: use auto cleanup functions
| * | | | rootless: drop strerror(errno) callsGiuseppe Scrivano2021-11-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | *printf functions already support printing the errno string with %m Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | rootless: reuse existing open_namespace functionGiuseppe Scrivano2021-11-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | there is already a function for opening a namespace path, reuse it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | rootless: use auto cleanup functionsGiuseppe Scrivano2021-11-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | simplify code using auto cleanup functions [NO NEW TESTS NEEDED] it is a refactoring of existing code Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #12326 from giuseppe/catatonit-rootlessOpenShift Merge Robot2021-11-17
|\ \ \ \ \ | |_|/ / / |/| | | | rootless: use catatonit to maintain user+mnt namespace
| * | | | rootless: use catatonit to maintain user+mnt namespaceGiuseppe Scrivano2021-11-17
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | if catatonit is present, use it to keep the rootless user+mnt namespace alive. [NO NEW TESTS NEEDED] no new features added. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #12281 from vrothberg/fix-12007OpenShift Merge Robot2021-11-17
|\ \ \ \ | | | | | | | | | | fix remote checkpoint/restore
| * | | | fix remote checkpoint/restoreValentin Rothberg2021-11-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Nothing was working before, and it's too much to summarize. To make sure we're not regressing in the future again, enable the remote e2e tests. Fixes: #12007 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #12303 from rhatdan/tmpdirOpenShift Merge Robot2021-11-17
|\ \ \ \ \ | | | | | | | | | | | | Set config environment variables early in Podman init
| * | | | | Set config environment variables early in Podman initDaniel J Walsh2021-11-15
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/12296 [NO NEW TESTS NEEDED] because there is no easy way to test this. Tests are in containers/common. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #12323 from giuseppe/utils-not-unique-pause-scope-nameOpenShift Merge Robot2021-11-17
|\ \ \ \ \ | |_|_|/ / |/| | | | utils: use podman-pause-$RANDOM.scope name
| * | | | utils: use podman-pause-$RANDOM.scope nameGiuseppe Scrivano2021-11-17
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we try hard to re-use the existing podman-pause.scope name when it already exists, causing any sort of race errors when the already existing scope is terminating. There is no such a requirement though, so just try with a random name. Closes: https://github.com/containers/podman/issues/12065 [NO NEW TESTS NEEDED] it fixes a race in the CI Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #12319 from Luap99/nettypes-renameOpenShift Merge Robot2021-11-17
|\ \ \ \ | | | | | | | | | | rename libpod nettypes fields
| * | | | rename libpod nettypes fieldsPaul Holzinger2021-11-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some field names are confusing. Change them so that they make more sense to the reader. Since these fields are only in the main branch we can safely rename them without worrying about backwards compatibility. Note we have to change the field names in netavark too. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #12322 from edsantiago/bats_helper_binsOpenShift Merge Robot2021-11-16
|\ \ \ \ \ | |/ / / / |/| | | | hack/bats: deal with new bin helpers
| * | | | hack/bats: deal with new bin helpersEd Santiago2021-11-16
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some time in the last month, podman started to depend on a bunch of external helper binaries: rootlessport, pause, catatonit. System tests fail without these. Update the hack/bats script to pass $CONTAINERS_HELPER_BINARIES_DIR (set to ./bin); podman will then use locally-built helpers. (This requires https://github.com/containers/common/pull/823 , which as of this PR is not yet vendored into podman. There is no harm in merging this while we wait.) Also: if bats helper is invoked as root, run only once; i.e., skip the "rootless" step. Also (piggybacked): the name of the podman pause image has changed, from pause to podman-pause. Adjust that in our teardown so we don't leave droppings. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #12218 from vrothberg/pause-catatonitOpenShift Merge Robot2021-11-16
|\ \ \ \ | | | | | | | | | | infra container: replace pause with catatonit
| * | | | cirrus: force-install catatonitValentin Rothberg2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A temporary workaround until the CI images are updated. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | infra container: replace pause with catatonitValentin Rothberg2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman has been using catatonit for a number of years already. Thanks to @giuseppe, catatonit is now able to run as a pause process which allows us to replace the pause binary entirely. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | Revert "add kubernetes pause"Valentin Rothberg2021-11-15
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 9d2b8d2791c23b83b6155b046099a83483860c56 since catatonit's new pause functionality can replace the `pause` binary entirely. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12100 from rhatdan/envOpenShift Merge Robot2021-11-16
|\ \ \ \ | |_|_|/ |/| | | Add option --unsetenv to remove default environment variables
| * | | Add --unsetenv & --unsetenv-all to remove def environment variablesDaniel J Walsh2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman adds a few environment variables by default, and currently there is no way to get rid of them from your container. This option will allow you to specify which defaults you don't want. --unsetenv-all will remove all default environment variables. Default environment variables can come from podman builtin, containers.conf or from the container image. Fixes: https://github.com/containers/podman/issues/11836 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #12283 from Luap99/machine-portsOpenShift Merge Robot2021-11-16
|\ \ \ \ | |_|_|/ |/| | | podman machine improve port forwarding
| * | | podman machine improve port forwardingPaul Holzinger2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commits adds port forwarding logic directly into podman. The podman-machine cni plugin is no longer needed. The following new features are supported: - works with cni, netavark and slirp4netns - ports can use the hostIP to bind instead of hard coding 0.0.0.0 - gvproxy no longer listens on 0.0.0.0:7777 (requires a new gvproxy version) - support the udp protocol With this we no longer need podman-machine-cni and should remove it from the packaging. There is also a change to make sure we are backwards compatible with old config which include this plugin. Fixes #11528 Fixes #11728 [NO NEW TESTS NEEDED] We have no podman machine test at the moment. Please test this manually on your system. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #12294 from flouthoc/secret-mount-targetOpenShift Merge Robot2021-11-16
|\ \ \ \ | | | | | | | | | | secret: honor custom `target=` for secrets with `type=mount` for ctr.
| * | | | secret: honor custom target for secrets with runAditya Rajan2021-11-15
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Honor custom `target` if specified while running or creating containers with secret `type=mount`. Example: `podman run -it --secret token,type=mount,target=TOKEN ubi8/ubi:latest bash` Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | | Merge pull request #12285 from nalind/journal-follow-not-earlyOpenShift Merge Robot2021-11-15
|\ \ \ \ | |_|_|/ |/| | | journald logs: keep reading until the journal's end
| * | | journald logs: keep reading until the journal's endNalin Dahyabhai2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When reading logs from the journal, keep going after the container exits, in case it gets restarted. Events logged to the journal via the normal paths don't include CONTAINER_ID_FULL, so don't bother adding it to the "history" event we use to force at least one entry for the container to show up in the log. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | | Merge pull request #12130 from rhatdan/journalOpenShift Merge Robot2021-11-15
|\ \ \ \ | |/ / / |/| | | Error logs --follow if events-backend != journald, event-logger=journald