summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #12270 from rhatdan/authOpenShift Merge Robot2021-11-13
|\ | | | | --authfile command line argument for image sign command.
| * --authfile command line argument for image sign command.José Guilherme Vanz2021-11-11
| | | | | | | | | | | | | | | | | | | | | | Adds the --authfile command line argument to allow users to use alternative authfile paths when signing images. Replaces: https://github.com/containers/podman/pull/10975 Fixes: https://github.com/containers/podman/issues/10866 Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12271 from Luap99/play-kube-netOpenShift Merge Robot2021-11-12
|\ \ | | | | | | Fix network mode in play kube
| * | Fix network mode in play kubePaul Holzinger2021-11-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to use the config network mode when no network mode was set. To do so we have to keep the nsmode empty, MakeContainer() will use the correct network mode from the config when needed. Fixes #12248 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #12224 from cdoern/scpOpenShift Merge Robot2021-11-12
|\ \ \ | | | | | | | | Podman Image SCP transfer patch
| * | | Podman Image SCP transfer patchcdoern2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixed syntax so that podman image scp transfer works with no user specified. This command can only be executed as root so to obtain the default user, I searched for the SUDO_USER environmental variable. If that is not found, we error out and inform the user to set this variable and make sure they are running as root Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | | Merge pull request #12279 from mscherer/fix_11842OpenShift Merge Robot2021-11-12
|\ \ \ \ | | | | | | | | | | Always create working directory when using compat API
| * | | | Always create working directory when using compat APIMichael Scherer2021-11-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker/Moby always create the working directory, and some tools rely on that behavior (example, woodpecker/drone). Fixes #11842 Signed-off-by: Michael Scherer <misc@redhat.com>
* | | | | Merge pull request #12280 from vrothberg/fix-12254OpenShift Merge Robot2021-11-12
|\ \ \ \ \ | |/ / / / |/| | | | play kube: don't force-pull infra image
| * | | | play kube: don't force-pull infra imageValentin Rothberg2021-11-12
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not force-pull the infra image in `play kube` but let the backend take care of that when creating the pod(s) which may build a local `podman-pause` image instead of using the default infra image. Fixes: #12254 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12256 from cevich/update_to_U2110OpenShift Merge Robot2021-11-11
|\ \ \ \ | | | | | | | | | | Cirrus: Update to Ubuntu 21.10 + Disable F33
| * | | | Cirrus: Temp. disable prior-fedora testingChris Evich2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With F35 released, F33 is officially dead. Move it out of the way temporarily until F35 VM images are ready. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | Cirrus: Update to Ubuntu 21.10Chris Evich2021-11-11
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | Merge pull request #12197 from gliptak/readme1OpenShift Merge Robot2021-11-11
|\ \ \ \ \ | |_|_|_|/ |/| | | | [ci:docs] Add Static Build download instructions to README
| * | | | Add Static Build download instructions to READMEGábor Lipták2021-11-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TEST NEEDED] Signed-off-by: Gábor Lipták <gliptak@gmail.com>
* | | | | Merge pull request #12267 from giuseppe/safely-create-etc-mtabOpenShift Merge Robot2021-11-11
|\ \ \ \ \ | | | | | | | | | | | | libpod: create /etc/mtab safely
| * | | | | libpod: create /etc/mtab safelyGiuseppe Scrivano2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | make sure the /etc/mtab symlink is created inside the rootfs when /etc is a symlink. Closes: https://github.com/containers/podman/issues/12189 [NO NEW TESTS NEEDED] there is already a test case Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #12214 from giuseppe/fix-rootless-error-messageOpenShift Merge Robot2021-11-11
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | rootless: adjust error message
| * | | | | rootless: adjust error messageGiuseppe Scrivano2021-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | since we now support reading additional IDs with libsubid, clarify that the /etc/subuid and /etc/subgid files are honored only when shadow-utils is configured to use them. [NO TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #12131 from Luap99/netavark-interfaceOpenShift Merge Robot2021-11-11
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Netavark interface
| * | | | | Add failing run test for netavarkPaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | Add flag to overwrite network backend from configPaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To make testing easier we can overwrite the network backend with the global `--network-backend` option. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | Add network backend to podman infoPaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | Add more netavark testsPaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | select network backend based on configPaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | You can change the network backendend in containers.conf supported values are "cni" and "netavark". Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | Fix RUST_LOG envar for netavarkPaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | THe rust netlink library is very verbose. It contains way to much debug and trave logs. We can set `RUST_LOG=netavark=<level>` to make sure this log level only applies to netavark and not the libraries. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | netavark IPAM assignmentPaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new boltdb to handle IPAM assignment. The db structure is the following: Each network has their own bucket with the network name as bucket key. Inside the network bucket there is an ID bucket which maps the container ID (key) to a json array of ip addresses (value). The network bucket also has a bucket for each subnet, the subnet is used as key. Inside the subnet bucket an ip is used as key and the container ID as value. The db should be stored on a tmpfs to ensure we always have a clean state after a reboot. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | netavark network interfacePaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement a new network interface for netavark. For now only bridge networking is supported. The interface can create/list/inspect/remove networks. For setup and teardown netavark will be invoked. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | Make networking code reusablePaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To prevent code duplication when creating new network backends move reusable code into a separate internal package. This allows all network backends to use the same code as long as they implement the new NetUtil interface. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #12193 from yahavi/patch-1OpenShift Merge Robot2021-11-11
|\ \ \ \ \ \ | |/ / / / / |/| | | | | [CI:DOCS] Fix Zsh completion command documentation
| * | | | | Fix Zsh completion command documentationYahav Itzhak2021-11-09
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: yahavi <yahavi@jfrog.com>
* | | | | | Merge pull request #12260 from Luap99/upgrade-flakeOpenShift Merge Robot2021-11-11
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | Fix flake in upgrade tests
| * | | | | Fix flake in upgrade testsPaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The cni plugins need access to /run/cni and the dnsname plugin needs access to /run/containers. The race condition was basically that a `podman stop` could either do the cleanup itself or the spawned cleanup process would do the cleanup if it was fast enough. The `podman stop` is executed on the host while the podman cleanup process is executed in the "parent container". The parent container contains older plugins than on the host. The dnsname plugin before version 1.3 could error and this would prevent CNI from doing a proper cleanup. The plugin errors because it could not find its files in /run/containers. On my system the test always failed because the cleanup process was always faster than the stop process. However in the CI VMs the stop process was usually faster and so it failed only sometimes. Fixes #11558 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #12261 from rhatdan/DockerfileOpenShift Merge Robot2021-11-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] VOLUME must be declared after RUN chown command
| * | | | | | VOLUME must be declared after RUN chown commandJindrich Novy2021-11-10
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman and Docker will not commit changes via RUN command of a VOLUME directory, so we need to chown path first. Not doing do will cause: https://bugzilla.redhat.com/show_bug.cgi?id=2009266 Signed-off-by: Jindrich Novy <jnovy@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #12240 from umohnani8/tableOpenShift Merge Robot2021-11-10
|\ \ \ \ \ \ | | | | | | | | | | | | | | Print headers for system connection ls
| * | | | | | Print headers for system connection lsUrvashi Mohnani2021-11-10
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Print out the headers even if the system connection list is empty to match the behavior of other list commands. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | | | Merge pull request #12242 from Luap99/port-reloadOpenShift Merge Robot2021-11-10
|\ \ \ \ \ \ | | | | | | | | | | | | | | network reload without ports should not reload ports
| * | | | | | network reload return error if we cannot reload portsPaul Holzinger2021-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As rootless we have to reload the port mappings. If it fails we should return an error instead of the warning. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | | network reload without ports should not reload portsPaul Holzinger2021-11-10
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When run as rootless the podman network reload command tries to reload the rootlessport ports because the childIP could have changed. However if the containers has no ports we should skip this instead of printing a warning. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #12258 from edsantiago/xref_manpages_see_alsoOpenShift Merge Robot2021-11-10
|\ \ \ \ \ \ | |/ / / / / |/| | | | | [CI:DOCS] Add CI check for SEE ALSO in man pages
| * | | | | [CI:DOCS] Add CI check for SEE ALSO in man pagesEd Santiago2021-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add new CI check to confirm that links and references in SEE ALSO sections are properly formatted and that links are valid (at least in theory: we do no actual URL fetching to test for 404). The check is piggybacked into existing xref-helpmsgs-manpages script. It could conceivably be more elegant to write a separate tool for this purpose, but I don't wish to duplicate the logic for finding and reading markdown files. Script identified various problems, which I fix in this PR: . missing '**' (asterisks) around some references, or '**' in the wrong place. . links pointing to github.com/.../tree/ instead of /blob/ (github redirects those automatically, but I like consistency) . a few copy-paste errors, e.g. subgid linking to subuid. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #12255 from vrothberg/fix-11970OpenShift Merge Robot2021-11-10
|\ \ \ \ \ \ | |/ / / / / |/| | | | | podman load: support downloading files
| * | | | | podman load: support downloading filesValentin Rothberg2021-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support downloading files, for instance via `podman load -i server.com/image.tar`. The specified URL is downloaded in the frontend and stored as a temp file that gets passed down to the backend. Also vendor in c/common@main to use the new `pkg/download`. Fixes: #11970 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Merge pull request #12241 from rhatdan/manOpenShift Merge Robot2021-11-10
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] Add links to all SEE ALSO sections
| * | | | | | Add links to all SEE ALSO sectionsDaniel J Walsh2021-11-10
| |/ / / / / | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #12250 from vrothberg/fix-12245OpenShift Merge Robot2021-11-10
|\ \ \ \ \ \ | |/ / / / / |/| | | | | pod create: read infra image from containers.conf
| * | | | | pod create: read infra image from containers.confValentin Rothberg2021-11-10
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a bug where pods would be created with the hard-coded default infra image instead of the custom one from containers.conf. Add a simple regression test. Fixes: #12245 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #12227 from Luap99/net-setupOpenShift Merge Robot2021-11-09
|\ \ \ \ \ | | | | | | | | | | | | Fix rootless networking with userns and ports
| * | | | | Fix rootless networking with userns and portsPaul Holzinger2021-11-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A rootless container created with a custom userns and forwarded ports did not work. I refactored the network setup to make the setup logic more clear. Signed-off-by: Paul Holzinger <pholzing@redhat.com>