summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* move `rootless-cni-infra` image to quay.ioValentin Rothberg2020-09-15
| | | | | | | | | | | | | Move the `rootless-cni-infra` image to `quay.io/libpod/rootless-cni-image:$tag` where $tag has the format `$version-$architecture`. Whenever we upload a new image (e.g., after changing the Containerfile), we need to make sure to increase the version number (an ordinary integer for simplicity) so we have a notion of support. Thanks to @AkihiroSuda for working on rootless CNI! Fixes: #7617 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #7614 from mheon/bump-2.1.0-rc1OpenShift Merge Robot2020-09-14
|\ | | | | [CI:DOCS] Bump to v2.1.0-RC1
| * Bump to v2.1.0-devMatthew Heon2020-09-11
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Bump to v2.1.0-rc1v2.1.0-rc1Matthew Heon2020-09-11
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #7616 from EduardoVega/5845-support-for-systemd-resolvedOpenShift Merge Robot2020-09-14
|\ \ | | | | | | Determine if resolv.conf points to systemd-resolved
| * | Determine if resolv.conf points to systemd-resolvedEduardo Vega2020-09-11
| | | | | | | | | | | | Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
* | | Merge pull request #7619 from rhatdan/pulltypeOpenShift Merge Robot2020-09-13
|\ \ \ | |_|/ |/| | pull types allow initial caps
| * | pull types allow initial capsDaniel J Walsh2020-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | validate pulltype will allow initial caps form cli or yaml file passed to i play kube. Use code related with pullpolicy from containers/common. Signed-off-by: Qi Wang <qiwan@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7612 from mheon/release_notes_210_rc1OpenShift Merge Robot2020-09-11
|\ \ \ | |/ / |/| | [CI:DOCS] Add release notes for Podman v2.1.0-RC1
| * | Add release notes for Podman v2.1.0-RC1Matthew Heon2020-09-11
| | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #7609 from rhatdan/VENDOROpenShift Merge Robot2020-09-11
|\ \ \ | |/ / |/| | Vendor in containers/buildah 1.16.1
| * | Vendor in containers/buildah 1.16.1Daniel J Walsh2020-09-11
|/ / | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7605 from rhatdan/VENDOROpenShift Merge Robot2020-09-11
|\ \ | | | | | | Vendor in containers/common v0.22.0
| * | Vendor in containers/common v0.22.0Daniel J Walsh2020-09-11
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7604 from vrothberg/fix-7406OpenShift Merge Robot2020-09-11
|\ \ \ | | | | | | | | system df: fix image-size calculations
| * | | system df: fix image-size calculationsValentin Rothberg2020-09-11
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the image-size calculations of system-df, where the shared size is the actual shared size with other images (including children) and the (total) size is the sum of the shared and unique size [1]. To calculate parent/child relations, make use of the recently added layer tree which allows for quick (and cached!) calculations. Break calculating image disk usages into the image runtime to a) access the layer tree, and b) make the code easier to maintain and extend. [1] https://docs.docker.com/engine/reference/commandline/system_df/ Fixes: #7406 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #7600 from rhatdan/codespellOpenShift Merge Robot2020-09-11
|\ \ \ | | | | | | | | Fix up errors found by codespell
| * | | Fix up errors found by codespellDaniel J Walsh2020-09-11
| |/ / | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7403 from QiWang19/runtime-flagOpenShift Merge Robot2020-09-11
|\ \ \ | | | | | | | | Add global options --runtime-flags
| * | | Add global options --runtime-flagsQi Wang2020-09-04
| | | | | | | | | | | | | | | | | | | | | | | | Add global options --runtime-flags for setting options to container runtime. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #7589 from rhatdan/rootfsOpenShift Merge Robot2020-09-11
|\ \ \ \ | |_|_|/ |/| | | [CI:DOCS] Document --read-only --rootfs requirements
| * | | Document --read-only --rootfs requirementsDaniel J Walsh2020-09-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add entry to troubleshooting to document how to setup a read-only rootfs to use with Podman. Fixes: https://github.com/containers/podman/issues/5895 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7601 from vrothberg/add-edOpenShift Merge Robot2020-09-11
|\ \ \ \ | | | | | | | | | | add @edsantiago to OWNERS file
| * | | | add @edsantiago to OWNERS fileValentin Rothberg2020-09-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I keep forgetting to /approve PRs as Ed really doesn't need an explicit approval. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | sort OWNERS fileValentin Rothberg2020-09-11
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #7561 from vrothberg/fix-7340OpenShift Merge Robot2020-09-11
|\ \ \ \ \ | |_|_|_|/ |/| | | | remote run: fix error checks
| * | | | remote run: fix error checksValentin Rothberg2020-09-11
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As error types are not preserved on the client side (due to marshaling), we cannot use `errors.Cause(...)` and friends but, unfortunately, have to fall back to looking for substring the error messages. Change the error checks in remote run to do substring matches and fix issue #7340. Fixes: #7340 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #7592 from mheon/force_attach_winchOpenShift Merge Robot2020-09-11
|\ \ \ \ | | | | | | | | | | Force Attach() to send a SIGWINCH and redraw
| * | | | Force Attach() to send a SIGWINCH and redrawMatthew Heon2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Basically, we want to force the application in the container to (iff the container was made with a terminal) redraw said terminal immediately after an attach completes, so the fresh Attach session will be able to see what's going on (e.g. will have a shell prompt). Our current attach functions are unfortunately geared more towards `podman run` than `podman attach` and will start forwarding resize events *immediately* instead of waiting until the attach session is alive (much safer for short-lived `podman run` sessions, but broken for the `podman attach` case). To avoid a major rewrite, let's just manually send a SIGWINCH after attach succeeds to force a redraw. Fixes #6253 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #7591 from haircommander/play-kube-process-namespaceOpenShift Merge Robot2020-09-11
|\ \ \ \ \ | |_|_|/ / |/| | | | play/generate: support shareProcessNamespace
| * | | | play/generate: support shareProcessNamespacePeter Hunt2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this is an option that allows a user to specify whether to share PID namespace in the pod for play kube and generate kube associated test added Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | | | Merge pull request #7593 from edsantiago/network_test_cleanupOpenShift Merge Robot2020-09-11
|\ \ \ \ \ | |_|_|/ / |/| | | | run_networking e2e test: add cleanup to some tests
| * | | | run_networking e2e test: add cleanup to some testsEd Santiago2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Problem: if either of the two "podman network create" tests fail, all subsequent retries will also fail because the created network has not been cleaned up (so "network create" will fail with EEXIST). Solution: run "podman network rm" as deferred cleanup instead of in each test. This is NOT a fix for #7583 - it is just a way to allow ginkgo to retry a failing test. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #7587 from ParkerVR/kube-underscoresOpenShift Merge Robot2020-09-11
|\ \ \ \ \ | | | | | | | | | | | | Allowed underscores to remain in name for YAML (Kube generate)
| * | | | | allowed underscores to remain in name for YAMLParker Van Roy2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
* | | | | | Merge pull request #7586 from ashley-cui/rokubeOpenShift Merge Robot2020-09-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | Add read-only volume mount to play kube
| * | | | | | Add read-only mount to play kubeAshley Cui2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add support for read-only volume mounts in podman play kube Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | | | | Merge pull request #7584 from QiWang19/login-docOpenShift Merge Robot2020-09-11
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | [CI:DOCS] Add auth.json(5) link to login/logout docs
| * | | | | | | Add auth.json(5) link to login/logout docsQi Wang2020-09-10
| | |/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add auth.json(5) link to login/logout docs. Provide more details about the usage of auth.json by podman-login. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | | Merge pull request #7590 from edsantiago/batsOpenShift Merge Robot2020-09-10
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | system tests: cleanup
| * | | | | | system tests: cleanupEd Santiago2020-09-10
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - run tests: better "skip" message for docker-archive test; remove FIXME, document that podman-remote doesn't support it - run tests: instrument the --conmon-pidfile test in hopes of tracking down flake #7580: cross-check pidfile against output of 'podman inspect', and add some debug messages that will only be seen on test failure. - load tests: the pipe test: save and load a temporary tag, not $IMAGE. Primary reason is because of #7371, in which 'podman load' assigns a new image ID (instead of preserving the saved one). This messes with our image management, and it turns out to be nonfixable. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #7541 from mheon/modify_groupOpenShift Merge Robot2020-09-10
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Make an entry in /etc/group when we modify /etc/passwd
| * | | | | Make an entry in /etc/group when we modify /etc/passwdMatthew Heon2020-09-10
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To ensure that the user running in the container ahs a valid entry in /etc/passwd so lookup functions for the current user will not error, Podman previously began adding entries to the passwd file. We did not, however, add entries to the group file, and this created problems - our passwd entries included the group the user is in, but said group might not exist. The solution is to mirror our logic for /etc/passwd modifications to also edit /etc/group in the container. Unfortunately, this is not a catch-all solution. Our logic here is only advanced enough to *add* to the group file - so if the group already exists but we add a user not a part of it, we will not modify that existing entry, and things remain inconsistent. We can look into adding this later if we absolutely need to, but it would involve adding significant complexity to this already massively complicated function. While we're here, address an edge case where Podman could add a user or group whose UID overlapped with an existing user or group. Also, let's make users able to log into users we added. Instead of generating user entries with an 'x' in the password field, indicating they have an entry in /etc/shadow, generate a '*' indicating the user has no password but can be logged into by other means e.g. ssh key, su. Fixes #7503 Fixes #7389 Fixes #7499 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #7577 from rhatdan/runlabel1OpenShift Merge Robot2020-09-10
|\ \ \ \ \ | | | | | | | | | | | | podman container runlabel should pull the image if it does not exist
| * | | | | podman container runlabel should pull the image if it does not existDaniel J Walsh2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since --pull is deprecated, remove it from help and hide if from --help Also set it to true by default. Share image pull code betweern podman image pull and podman container runlabel. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1877181 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #7578 from giuseppe/join-userns-reuse-mappingsOpenShift Merge Robot2020-09-10
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | libpod: read mappings when joining a container userns
| * | | | | libpod: read mappings when joining a container usernsGiuseppe Scrivano2020-09-10
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when joining an existing container user namespace, read the existing mappings so the storage can be created with the correct ownership. Closes: https://github.com/containers/podman/issues/7547 Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
* | | | | Merge pull request #7582 from rhatdan/VENDOROpenShift Merge Robot2020-09-10
|\ \ \ \ \ | | | | | | | | | | | | vendor containers/storage v1.23.5
| * | | | | vendor containers/storage v1.23.5Daniel J Walsh2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #7460 from AkihiroSuda/allow-rootless-cniOpenShift Merge Robot2020-09-10
|\ \ \ \ \ \ | | | | | | | | | | | | | | rootless: support `podman network create` (CNI-in-slirp4netns)