summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* libpod: pods do not use cgroups if --cgroups=disabledGiuseppe Scrivano2022-03-03
| | | | | | | | | do not attempt to use cgroups with pods if the cgroups are disabled. A similar check is already in place for containers. Closes: https://github.com/containers/podman/issues/13411 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #13375 from kousu/repair-13123OpenShift Merge Robot2022-03-01
|\ | | | | Use storage that better supports rootless overlayfs
| * Use storage that better supports rootless overlayfsNick Guenther2022-03-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | overlayfs -- the kernel's version, not fuse-overlayfs -- recently learned (as of linux 5.16.0, I believe) how to support rootless users. Previously, rootless users had to use these storage.conf(5) settings: * storage.driver=vfs (aka STORAGE_DRIVER=vfs), or * storage.driver=overlay (aka STORAGE_DRIVER=overlay), storage.options.overlay.mount_program=/usr/bin/fuse-overlayfs (aka STORAGE_OPTS=/usr/bin/fuse-overlayfs) Now that a third backend is available, setting only: * storage.driver=overlay (aka STORAGE_DRIVER=overlay) https://github.com/containers/podman/issues/13123 reported EXDEV errors during the normal operation of their container. Tracing it out, the problem turned out to be that their container was being mounted without 'userxattr'; I don't fully understand why, but mount(8) mentions this is needed for rootless users: > userxattr > > Use the "user.overlay." xattr namespace instead of "trusted.overlay.". > This is useful for unprivileged mounting of overlayfs. https://github.com/containers/storage/pull/1156 found and fixed the issue in podman, and this just pulls in that via go get github.com/containers/storage@ebc90ab go mod vendor make vendor Closes https://github.com/containers/podman/issues/13123 Signed-off-by: Nick Guenther <nick.guenther@polymtl.ca>
* | Merge pull request #13391 from baude/revertOpenShift Merge Robot2022-03-01
|\ \ | | | | | | Revert "use GetRuntimeDir() from c/common"
| * | Revert "use GetRuntimeDir() from c/common"Brent Baude2022-03-01
| |/ | | | | | | | | | | | | | | This reverts commit fc5cf812c81a10f8a021aae11df5f12ab2a6f6f6. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #13380 from jwhonce/wip/docker-pyOpenShift Merge Robot2022-03-01
|\ \ | |/ |/| Refactor docker-py compatibility tests
| * Refactor docker-py compatibility testsJhon Honce2022-03-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add which python client is being used to run tests, see "python client" below. * Remove redundate code from test classes * Update/Add comments to modules and classes ======================================================= test session starts ======================================================== platform linux -- Python 3.10.0, pytest-6.2.4, py-1.10.0, pluggy-0.13.1 python client -- DockerClient rootdir: /home/jhonce/Projects/go/src/github.com/containers/podman plugins: requests-mock-1.8.0 collected 33 items test/python/docker/compat/test_containers.py ...s.............. [ 54%] test/python/docker/compat/test_images.py ............ [ 90%] test/python/docker/compat/test_system.py ... [100%] Note: Follow-up PRs will verify the test results and expand the tests. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #13362 from keonchennl/pod-logs-add-flagOpenShift Merge Robot2022-03-01
|\ \ | | | | | | Add the names flag for pod logs
| * | Add the names flag for pod logsXueyuan Chen2022-03-01
| |/ | | | | | | | | | | Fixes containers#13261 Signed-off-by: Xueyuan Chen <X.Chen-47@student.tudelft.nl>
* | Merge pull request #13318 from rhatdan/volumeOpenShift Merge Robot2022-03-01
|\ \ | | | | | | Add podman volume mount support
| * | Add podman volume mount supportDaniel J Walsh2022-02-28
| |/ | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/12768 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13374 from cevich/fix_dupe_docker_testingOpenShift Merge Robot2022-02-28
|\ \ | | | | | | Clarify v2 API testing for podman vs docker clients
| * | Clarify v2 API testing for podman vs docker clientsChris Evich2022-02-28
| |/ | | | | | | | | | | Fixes: #13273 Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #13372 from ashley-cui/binarypathOpenShift Merge Robot2022-02-28
|\ \ | |/ |/| Allow setting binarypath from Makefile
| * Allow setting binarypath from MakefileAshley Cui2022-02-28
| | | | | | | | | | | | | | | | | | | | Packagers for other distributions and package managers may put their helper binaries in other location prefixes. Add HELPER_BINARIES_DIR to the makefile so packagers can set the prefix when building Podman. HELPER_BINARIES_DIR will be set at link-time. Example usage: make podman-remote HELPER_BINARIES_DIR=/my/location/prefix Signed-off-by: Ashley Cui <acui@redhat.com>
| * Vendor in containers/common@mainAshley Cui2022-02-28
| | | | | | | | Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #13353 from lsm5/copr-packaging-macroOpenShift Merge Robot2022-02-26
|\ \ | |/ |/| copr packaging: use generic macros for tmpfiles and modules load dirs
| * copr packaging: use generic macros for tmpfiles and modules load dirsLokesh Mandvekar2022-02-25
|/ | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* Merge pull request #13343 from afbjorklund/dpkg-packageOpenShift Merge Robot2022-02-25
|\ | | | | Show version of the deb package in info output
| * Show version of the deb package in info outputAnders F Björklund2022-02-24
|/ | | | | | | | | Previously just showing name of the package, followed by the path repeated again (already stated on the line above) [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* Merge pull request #13336 from ↵OpenShift Merge Robot2022-02-24
|\ | | | | | | | | containers/dependabot/go_modules/github.com/containernetworking/plugins-1.1.0 Bump github.com/containernetworking/plugins from 1.0.1 to 1.1.0
| * Bump github.com/containernetworking/plugins from 1.0.1 to 1.1.0dependabot[bot]2022-02-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.0.1 to 1.1.0. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.0.1...v1.1.0) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | Merge pull request #13325 from xordspar0/configmap-error-msgOpenShift Merge Robot2022-02-24
|\ \ | |/ |/| Improve the error message for usused configMaps
| * Improve the error message for usused configMapsJordan Christiansen2022-02-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If you run `podman play kube` on a yaml file that only contains configMaps, podman will fail with the error: Error: YAML document does not contain any supported kube kind This is not strictly true; configMaps are a supported kube kind. The problem is that configMaps aren't a standalone entity. They have to be used in a container somewhere, otherwise they don't do anything. This change adds a new message in the case when there only configMaps resources. It would be helpful if podman reported which configMaps are unused on every invocation of kube play. However, even if that feedback were added, this new error messages still helpfully explains the reason that podman is not creating any resources. [NO NEW TESTS NEEDED] Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | Merge pull request #13333 from vrothberg/systemd-docs-infra-containerOpenShift Merge Robot2022-02-24
|\ \ | | | | | | [CI:DOCS] generate-systemd: pod requires an infra container
| * | docs: generate-systemd: pod requires an infra containerValentin Rothberg2022-02-24
|/ / | | | | | | | | | | | | | | | | | | | | Generating unit files for a pod requires the pod to be created with an infra container (see `--infra=true`). An infra container runs across the entire lifespan of a pod and is hence required for systemd to manage the life cycle of the pod's main unit. This issue came up on the mailing list. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #13157 from ydayagi/mainOpenShift Merge Robot2022-02-23
|\ \ | | | | | | play kube: set defaults to container resources
| * | play kube: set defaults to container resourcesYaron Dayagi2022-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this fixes https://github.com/containers/podman/issues/13115 the change tries to immitate k8s behavior. when limits are not set the container's limits are all CPU and all RAM when requests are missing then they are equal to limits Signed-off-by: Yaron Dayagi <ydayagi@redhat.com>
* | | Merge pull request #13314 from flouthoc/container-commit-squashOpenShift Merge Robot2022-02-23
|\ \ \ | | | | | | | | container-commit: support `--squash` to squash layers into one if users want.
| * | | container-commit: support --squash to squash layers into oneAditya R2022-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow users to commit containers into a single layer. Usage ```bash podman container commit --squash <name> ``` Signed-off-by: Aditya R <arajan@redhat.com>
* | | | Merge pull request #13323 from Luap99/iptables-moduleOpenShift Merge Robot2022-02-23
|\ \ \ \ | | | | | | | | | | Load ip_tables modules at boot
| * | | | Load ip_tables modules at bootPaul Holzinger2022-02-23
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rootless users cannot load the ip_tables module, in fedora 36 this module is no longer loaded by default so we have to add it manually. This is needed because rootless network setup tries to use iptables and if iptables-legacy is used instead of iptables-nft it will fail. To provide a better user experience we will load the module at boot. Note that this is not needed for RHEL because iptables-legacy is not supported on RHEL 8 and newer. [NO NEW TESTS NEEDED] Fixes #12661 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #13231 from ↵OpenShift Merge Robot2022-02-23
|\ \ \ \ | |_|_|/ |/| | | | | | | | | | | eriksjolund/troubleshooting_mention_systemd-run_and_machinectl [CI:DOCS] troubleshooting: mention machinectl and systemd-run
| * | | [CI:DOCS] troubleshooting: mention machinectl and systemd-runErik Sjölund2022-02-18
| | | | | | | | | | | | | | | | Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | Merge pull request #13317 from elezar/update-cdi-moduleOpenShift Merge Robot2022-02-23
|\ \ \ \ | | | | | | | | | | Update CDI go dependency to v0.3.0
| * | | | Bump CDI go dependency to v0.3.0Evan Lezar2022-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This updates the CDI dependency to the v0.3.0 tagged version instead of relying on a pseudo version. This also addresses the fact that cgroups are not set correctly for devices using the previous dependency. Signed-off-by: Evan Lezar <elezar@nvidia.com>
* | | | | Merge pull request #13320 from giuseppe/play-kube-honor-propagation-modeOpenShift Merge Robot2022-02-23
|\ \ \ \ \ | |_|_|/ / |/| | | | kube: honor mount propagation mode
| * | | | kube: honor mount propagation modeGiuseppe Scrivano2022-02-23
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | convert the propagation mode specified for the mount to the expected Linux mount option. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #13232 from rhatdan/volumesOpenShift Merge Robot2022-02-23
|\ \ \ \ | |/ / / |/| | | Don't log errors on removing volumes inuse, if container --volumes-from
| * | | Don't log errors on removing volumes inuse, if container --volumes-fromDaniel J Walsh2022-02-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When removing a container created with a --volumes-from a container created with a built in volume, we complain if the original container still exists. Since this is an expected state, we should not complain about it. Fixes: https://github.com/containers/podman/issues/12808 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #13247 from rhatdan/trustOpenShift Merge Robot2022-02-23
|\ \ \ \ | | | | | | | | | | Cleanup display of trust with transports
| * | | | Cleanup display of trust with transportsDaniel J Walsh2022-02-22
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #13276 from rhatdan/containers-commonOpenShift Merge Robot2022-02-22
|\ \ \ \ \ | |/ / / / |/| | | | Add containers-common spec and command to podman
| * | | | Add containers-common spec and command to podmanDaniel J Walsh2022-02-22
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since containers-common package is tied to specific versions of Podman, add tools to build the package into the contrib directory This should help other distributions to figure out which commont package to ship. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #13311 from mheon/remove_runtime_lockOpenShift Merge Robot2022-02-22
|\ \ \ \ | | | | | | | | | | Remove the runtime lock
| * | | | Remove the runtime lockMatthew Heon2022-02-22
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This primarily served to protect us against shutting down the Libpod runtime while operations (like creating a container) were happening. However, it was very inconsistently implemented (a lot of our longer-lived functions, like pulling images, just didn't implement it at all...) and I'm not sure how much we really care about this very-specific error case? Removing it also removes a lot of potential deadlocks, which is nice. [NO NEW TESTS NEEDED] Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #13059 from cdoern/cloneOpenShift Merge Robot2022-02-22
|\ \ \ \ | | | | | | | | | | Implement Podman Container Clone
| * | | | Implement Podman Container Clonecdoern2022-02-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman container clone takes the id of an existing continer and creates a specgen from the given container's config recreating all proper namespaces and overriding spec options like resource limits and the container name if given in the cli options this command utilizes the common function DefineCreateFlags meaning that we can funnel as many create options as we want into clone over time allowing the user to clone with as much or as little of the original config as they want. container clone takes a second argument which is a new name and a third argument which is an image name to use instead of the original container's the current supported flags are: --destroy (remove the original container) --name (new ctr name) --cpus (sets cpu period and quota) --cpuset-cpus --cpu-period --cpu-rt-period --cpu-rt-runtime --cpu-shares --cpuset-mems --memory --run resolves #10875 Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | Merge pull request #13280 from baude/updatetutorialsOpenShift Merge Robot2022-02-22
|\ \ \ \ \ | |_|_|_|/ |/| | | | [CI:DOCS]Update networking tutorial for netavark
| * | | | [CI:DOCS]Update networking tutorial for netavarkBrent Baude2022-02-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With netavark being the default networking implementation for Podman v4, the tutorial needed some updating. [NO NEW TESTS] Signed-off-by: Brent Baude <bbaude@redhat.com>