summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #11794 from umohnani8/pidOpenShift Merge Robot2021-09-30
|\ | | | | Allow a value of -1 to set unlimited pids limit
| * Allow a value of -1 to set unlimited pids limitUrvashi Mohnani2021-09-29
| | | | | | | | | | | | | | | | | | Users can set --pids-limit to -1 now to set unlimited pids limit for a container - this matches the convention. [NO TESTS NEEDED] Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Merge pull request #11807 from emsoucy/mainDaniel J Walsh2021-09-30
|\ \ | | | | | | Fix typo in storage.conf file exists message
| * | [NO TESTS NEEDED] Fix typo in storage.conf file exists messageEthan Soucy2021-09-30
| | | | | | | | | | | | Signed-off-by: Ethan Soucy <ethan.soucy@gmail.com>
* | | Merge pull request #11806 from giuseppe/play-kube-fix-cpu-limitsOpenShift Merge Robot2021-09-30
|\ \ \ | | | | | | | | kube: fix conversion from milliCPU to period/quota
| * | | kube: fix conversion from milliCPU to period/quotaGiuseppe Scrivano2021-09-30
| | | | | | | | | | | | | | | | | | | | | | | | Closes: https://github.com/containers/podman/issues/11803 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #11793 from baude/playgenkubeselinuxOpenShift Merge Robot2021-09-30
|\ \ \ \ | | | | | | | | | | Support selinux options with bind mounts play/gen
| * | | | Support selinux options with bind mounts play/genBrent Baude2021-09-30
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using play kube and generate kube, we need to support if bind mounts have selinux options. As kubernetes does not support selinux in this way, we tuck the selinux values into a pod annotation for generation of the kube yaml. Then on play, we check annotations to see if a value for the mount exists and apply it. Fixes BZ #1984081 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #11804 from ↵OpenShift Merge Robot2021-09-30
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/mattn/go-isatty-0.0.14 Bump github.com/mattn/go-isatty from 0.0.12 to 0.0.14
| * | | | Bump github.com/mattn/go-isatty from 0.0.12 to 0.0.14dependabot[bot]2021-09-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) from 0.0.12 to 0.0.14. - [Release notes](https://github.com/mattn/go-isatty/releases) - [Commits](https://github.com/mattn/go-isatty/compare/v0.0.12...v0.0.14) --- updated-dependencies: - dependency-name: github.com/mattn/go-isatty dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #11801 from flouthoc/podman-machine-stop-infoOpenShift Merge Robot2021-09-30
|\ \ \ \ \ | |_|/ / / |/| | | | machine: Info on successfully stopping qemu machine
| * | | | machine: Info on successfully stopping qemu machineAditya Rajan2021-09-30
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Spit info log whenever we successfully stop qemu machine for ack. Closes: https://github.com/containers/podman/issues/11542 [NO TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | | Merge pull request #11798 from ↵OpenShift Merge Robot2021-09-30
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | giuseppe/skip-pid-shared-ns-on-rootless-cgroups-v1 test: skip test on rootless cgroupsv1
| * | | | test: use new helperGiuseppe Scrivano2021-09-30
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | test: skip test on rootless cgroupsv1Giuseppe Scrivano2021-09-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | skip the test "podman selinux: shared context in (some) namespaces" on cgroupsv1 when running as rootless since the tests requires --pid=container:. If the container runtime cannot use cgroupsv1 and the container has no pid namespace. then it is not possible to correctly terminate the container. Without a cgroup or a pid namespace, the runtime has no control on what processes are in the container. Closes: https://github.com/containers/podman/issues/11785 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #11790 from rhatdan/VENDOROpenShift Merge Robot2021-09-30
|\ \ \ \ \ | |_|_|/ / |/| | | | Vendor in latest containers/storage
| * | | | Vendor in latest containers/storageDaniel J Walsh2021-09-29
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | Fix handling of additional shares with no images Fixes: https://github.com/containers/storage/issues/1029 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #11787 from rhatdan/deleteContainerOpenShift Merge Robot2021-09-30
|\ \ \ \ | |_|_|/ |/| | | Storage can remove ErrNotAContainer as well
| * | | Storage can remove ErrNotAContainer as wellDaniel J Walsh2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11775 [NO TESTS NEEDED] No easy way to cause this problem in CI. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #11390 from giuseppe/logging-passthroughOpenShift Merge Robot2021-09-29
|\ \ \ \ | |_|/ / |/| | | logging: new mode -l passthrough
| * | | logging: new mode -l passthroughGiuseppe Scrivano2021-09-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it allows to pass the current std streams down to the container. conmon support: https://github.com/containers/conmon/pull/289 [NO TESTS NEEDED] it needs a new conmon. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #11703 from n1hility/disable-fcos-mobyOpenShift Merge Robot2021-09-29
|\ \ \ \ | | | | | | | | | | [NO TESTS NEEDED] Disable docker and alias to podman in FCOS ignition
| * | | | Disable docker and alias to podman in FCOS ignitionJason T. Greene2021-09-24
| | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jason Greene <jason.greene@redhat.com> Co-authored-by: Dusty Mabe <dusty@dustymabe.com>
* | | | | Merge pull request #11781 from vrothberg/specOpenShift Merge Robot2021-09-29
|\ \ \ \ \ | | | | | | | | | | | | podman run - avoid calls to JSONDeepCopy
| * | | | | libpod: container create: init variable: do not deep copy specValentin Rothberg2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not create an expensive deep copy for the provided spec.Spec when creating a container. No API should be expected to create deep copies of arguments unless explicitly documented. This removes the last call to JSONDeepCopy in a simple `podman run --rm -d busybox true`. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | libpod: add GetConfigNoCopy()Valentin Rothberg2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new function to libpod to directly access the runtime configuration without creating an expensive deep copy. Further migrate a number of callers to this new function. This drops the number of calls to JSONDeepCopy from 4 to 1 in a simple `podman run --rm -d busybox top`. Future work: Please note that there are more callers of GetConfig() that can me migrated to GetConfigNoCopy(). [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | libpod: add execSessionNoCopyValentin Rothberg2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To avoid creating an expensive deep copy, create an internal function to access the exec session. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | libpod: do not call (*container).Spec()Valentin Rothberg2021-09-29
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Access the container's spec field directly inside of libpod instead of calling Spec() which in turn creates expensive JSON deep copies. Accessing the field directly drops memory consumption of a simple podman run --rm busybox true from ~700kB to ~600kB. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #11761 from umohnani8/initOpenShift Merge Robot2021-09-29
|\ \ \ \ \ | | | | | | | | | | | | Add port configuration to first regular container
| * | | | | [NO TESTS NEEDED] Add port configuration to first regular containerUrvashi Mohnani2021-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When generating a kube yaml and there is a port configuration add the configuration to the first regular container in the pod and not to the init container. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | | | Merge pull request #11637 from ashley-cui/warnOpenShift Merge Robot2021-09-29
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | [NO TESTS NEEDED] Remind user to check connection or use podman machine
| * | | | | Remind user to check connection or use podman machineAshley Cui2021-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remind user to check their remote linux connection or use podman machine. Move the warning from bindings to cmd/podman. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | | | Merge pull request #11774 from mheon/fix_11750OpenShift Merge Robot2021-09-29
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | Ensure pod ID bucket is properly updated on rename
| * | | | | Ensure pod ID bucket is properly updated on renameMatthew Heon2021-09-28
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As we were not updating the pod ID bucket, removing a pod with containers still in it (including the infra container, which will always suffer from this) will not properly update the name registry to remove the name of any renamed containers. This patch ensures that does not happen - all containers will be fully removed, even if renamed. Fixes #11750 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #11769 from afbjorklund/make-dashOpenShift Merge Robot2021-09-28
|\ \ \ \ \ | |/ / / / |/| | | | Fix contributor make targets on Ubuntu and Debian
| * | | | Fix contributor make targets on Ubuntu and DebianAnders F Björklund2021-09-28
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | It was trying to run a bash script with sh [NO TESTS NEEDED] This changes "make lint" Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | | Merge pull request #11768 from vrothberg/deep-copyOpenShift Merge Robot2021-09-28
|\ \ \ \ | | | | | | | | | | libpod: do not call (*container).Config()
| * | | | libpod: do not call (*container).Config()Valentin Rothberg2021-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Access the container's config field directly inside of libpod instead of calling `Config()` which in turn creates expensive JSON deep copies. Accessing the field directly drops memory consumption of a simple `podman run --rm busybox true` from 1245kB to 410kB. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #11615 from cevich/pr_templateOpenShift Merge Robot2021-09-28
|\ \ \ \ \ | |/ / / / |/| | | | [CI:DOCS] Implement PR template to assist review & release
| * | | | Implement PR template to assist review & releaseChris Evich2021-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This duplicates the template used for buildah. The intention is to make it immediately clear to reviewers: * The intended/basic purpose of the PR (also machine readable) * Why are changes being proposed * If there are any specific items need additional checking or scrutiny * What should go into the release-notes (if anything). Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | Merge pull request #11760 from rhatdan/dockerfileOpenShift Merge Robot2021-09-28
|\ \ \ \ \ | | | | | | | | | | | | Add dockerfile.5 as man link to containerfile man page
| * | | | | Add dockerfile.5 as man link to containerfile man pageDaniel J Walsh2021-09-27
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers-common now ships a containerfile man page, this patch adds a link to dockerfile.5 so that if user installs podman-docker package man dockerfile will work. [NO TESTS NEEDED] since this is just a man page change. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #11751 from Luap99/net-aliasOpenShift Merge Robot2021-09-28
|\ \ \ \ \ | | | | | | | | | | | | always add short container id as net alias
| * | | | | move network alias validation to container createPaul Holzinger2021-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman 4.0 currently errors when you use network aliases for a network which has dns disabled. Because the error happens on network setup this can cause regression for old working containers. The network backend should not validate this. Instead podman should check this at container create time and also for network connect. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | set --cni-config-dir for exit commandPaul Holzinger2021-09-28
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | always add short container id as net aliasPaul Holzinger2021-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This matches what docker does. Also make sure the net aliases are also shown when the container is stopped. docker-compose uses this special alias entry to check if it is already correctly connected to the network. [1] Because we do not support static ips on network connect at the moment calling disconnect && connect will loose the static ip. Fixes #11748 [1] https://github.com/docker/compose/blob/0bea52b18dda3de8c28fcfb0c80cc08b8950645e/compose/service.py#L663-L667 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #11765 from vrothberg/no-dotOpenShift Merge Robot2021-09-28
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] cmd/podman: no dot for short descriptions
| * | | | | | [CI:DOCS] cmd/podman: no dot for short descriptionsValentin Rothberg2021-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove trailing dots in the short descriptions for the sake of consistency. Noticed while parsing `podman help`. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | | Merge pull request #11762 from edsantiago/batsOpenShift Merge Robot2021-09-28
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | System tests: speed up. They've gotten too slow.
| * | | | | | | System tests: speed up. They've gotten too slow.Ed Santiago2021-09-27
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - logs: remove unnecessary sleeps. This saves ~25s. Unfortunately, journald seems to have some sort of lag, so we need to keep retrying until we get the 'after' string. - ps: add placeholder test for once buildah 3544 is fixed - cp: bulk-kill containers when finished, instead of one by one. This is a big change and only saves about 8s per run, but hey. - mount,pause,healthcheck: 'podman stop -t 0' before rm'ing containers. Easy 50s. Have I mentioned, lately, that 'podman rm -f' needs a '-t 0' flag? - play: same, and also 'podman pod stop'. Seems to shave ~20s. - socket-activation: UGH! Buggy and useless tests! They were running "sleep 90" containers for no reason whatsoever. I assume the intention was to run them with "-d", so that's what I've done here. Also fixed some language. 180 seconds! (Unrelated: cleanup in 070-build, use $IMAGE, not alpine) Signed-off-by: Ed Santiago <santiago@redhat.com>