summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #8075 from mheon/fix_8073OpenShift Merge Robot2020-10-20
|\ | | | | Retrieve network inspect info from dependency container
| * Retrieve network inspect info from dependency containerMatthew Heon2020-10-20
| | | | | | | | | | | | | | | | | | | | | | | | | | When a container either joins a pod that shares the network namespace or uses `--net=container:` to share the network namespace of another container, it does not have its own copy of the CNI results used to generate `podman inspect` output. As such, to inspect these containers, we should be going to the container we share the namespace with for network info. Fixes #8073 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #8042 from rhatdan/tlsverifyOpenShift Merge Robot2020-10-20
|\ \ | | | | | | --tls-verify and --authfile should work for all remote commands
| * | --tls-verify and --authfile should work for all remote commandsDaniel J Walsh2020-10-19
| | | | | | | | | | | | | | | | | | | | | These options are now fully supported in the remote API and should no longer be hidden and/or documented as non supported. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8067 from mheon/net_host_hostsOpenShift Merge Robot2020-10-20
|\ \ \ | |_|/ |/| | Ensure that hostname is added to hosts with net=host
| * | Ensure that hostname is added to hosts with net=hostMatthew Heon2020-10-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container uses --net=host the default hostname is set to the host's hostname. However, we were not creating any entries in `/etc/hosts` despite having a hostname, which is incorrect. This hostname, for Docker compat, will always be the hostname of the host system, not the container, and will be assigned to IP 127.0.1.1 (not the standard localhost address). Also, when `--hostname` and `--net=host` are both passed, still use the hostname from `--hostname`, not the host's hostname (we still use the host's hostname by default in this case if the `--hostname` flag is not passed). Fixes #8054 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #7126 from mheon/fix_missing_ociruntimeOpenShift Merge Robot2020-10-20
|\ \ \ | | | | | | | | Fix missing OCI Runtime
| * | | Add a system test to verify --runtime is preservedMatthew Heon2020-10-20
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Use runtime names instead of paths in E2E testsMatthew Heon2020-10-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | My patches to fix `--runtime /usr/bin/crun` being allowed to use a different version of the crun runtime revealed a problem: we were actually relying on that exact behavior in our E2E tests. We specified the runtime path as `/usr/bin/runc` for the Ubuntu tests, but that didn't exist, so Podman was actively looking for a different, usable runc binary and using that, instead of the path we explicitly hardcoded. Fixing the bug broke this, and thus broke the tests. Instead of hard-coding OCI runtime paths, swap to just using the runtime name, `runc` or `crun`, and letting Podman figure out where the runtime lives - it's quite good at that. This should un-break the tests and make them more durable. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Re-create OCI runtimes by path when it is missingMatthew Heon2020-10-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When an OCI runtime is given by full path, we need to ensure we use the same runtime on subsequent use. Unfortunately, users are often not considerate enough to use the same `--runtime` flag every time they invoke runtime - and if the runtime was not in containers.conf, that means we don't have it stored inn the libpod Runtime. Fortunately, since we have the full path, we can initialize the OCI runtime for use at the point where we pull the container from the database. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | When given OCI runtime by path, use path as nameMatthew Heon2020-10-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Say I start a container with the flag `--runtime /usr/local/sbin/crun`. I then stop the container, and restart it without the flag. We previously stored the runtime in use by a container only by basename when given a path, so the container only knows that it's using the `crun` OCI runtime - and on being restarted without the flag, it will use the system crun, not my special crun build. Using the full path as the name in these cases ensures we will still use the correct runtime, even on subsequent runs of Podman. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #7999 from mheon/signal_handlerOpenShift Merge Robot2020-10-20
|\ \ \ \ | |/ / / |/| | | Add a shutdown signal handler
| * | | Enforce LIFO ordering for shutdown handlersMatthew Heon2020-10-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows us to run both the Libpod and Server handlers at the same time without unregistering one. Also, pass the signal that killed us into the handlers, in case they want to use it to determine what to do (e.g. what exit code to set). Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | Enable masking stop signals within container creationMatthew Heon2020-10-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Expand the use of the Shutdown package such that we now use it to handle signals any time we run Libpod. From there, add code to container creation to use the Inhibit function to prevent a shutdown from occuring during the critical parts of container creation. We also need to turn off signal handling when --sig-proxy is invoked - we don't want to catch the signals ourselves then, but instead to forward them into the container via the existing sig-proxy handler. Fixes #7941 Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | Add a shutdown handler packageMatthew Heon2020-10-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need a unified package for handling signals that shut down Libpod and Podman. We need to be able to do different things on receiving such a signal (`system service` wants to shut down the service gracefully, while most other commands just want to exit) and we need to be able to inhibit this shutdown signal while we are waiting for some critical operations (e.g. creating a container) to finish. This takes the first step by defining the package that will handle this. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #8069 from matejvasek/fix-memswapOpenShift Merge Robot2020-10-20
|\ \ \ \ | | | | | | | | | | fix: neutral value for MemorySwappiness
| * | | | fix: neutral value for MemorySwappinessMatej Vasek2020-10-20
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | | | Merge pull request #8043 from saschagrunert/hostport-fixOpenShift Merge Robot2020-10-20
|\ \ \ \ \ | | | | | | | | | | | | Fix host to container port mapping for simple ranges
| * | | | | Fix host to container port mapping for simple rangesSascha Grunert2020-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the issue that a simple port range should map to a random port range from the host to the container, if no host port range is specified. For example this fails without applying the patch: ``` > podman run -it -p 6000-6066 alpine Error: cannot listen on the TCP port: listen tcp4 :53: bind: address already in use ``` The issue is that only the first port is randomly chosen and all following in the range start by 0 and increment. This is now fixed by tracking the ranges and then incrementing the random port if necessary. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | | | | Merge pull request #8061 from edsantiago/batsOpenShift Merge Robot2020-10-20
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | System tests: remove some misleading 'run's
| * | | | | System tests: remove some misleading 'run'sEd Santiago2020-10-19
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The BATS 'run' directive is really quite obnoxious; for the most part we really don't want to use it. Remove some uses that snuck in last week, and remove one test (exists) that can more naturally be piggybacked into an rm test. While we're at it: in setup(), look for and delete stray external (buildah) containers. This will be important if any of the external-container tests fails; this way we don't leave behind a state that causes subsequent tests to fail. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #8056 from xordspar0/invalid-imageOpenShift Merge Robot2020-10-19
|\ \ \ \ \ | |/ / / / |/| | | | Make invalid image name error more specific
| * | | | Make invalid image name error more specificJordan Christiansen2020-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, using an invalid image name would produce an error like this: Error: error encountered while bringing up pod test-pod-0: invalid reference format This message didn't specify that there was an problem with an image name, and it didn't specify which image name had a problem if there were multiple. Now the error reads: Error: error encountered while bringing up pod test-pod-0: Failed to parse image "./myimage": invalid reference format Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | | | | Merge pull request #7908 from rhatdan/diffOpenShift Merge Robot2020-10-19
|\ \ \ \ \ | |/ / / / |/| | | | fix podman container exists and diff for storage containers
| * | | | Fix sorting issues in completionsDaniel J Walsh2020-10-15
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | | Add support for external containerDaniel J Walsh2020-10-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | External containers are containers created outside of Podman. For example Buildah and CRI-O Containers. $ buildah from alpine alpine-working-container $ buildah run alpine-working-container touch /test $ podman container exists --external alpine-working-container $ podman container diff alpine-working-container C /etc A /test Added --external flag to refer to external containers, rather then --storage. Added --external for podman container exists and modified podman ps to use --external rather then --storage. It was felt that --storage would confuse the user into thinking about changing the storage driver or options. --storage is still supported through the use of aliases. Finally podman contianer diff, does not require the --external flag, since it there is little change of users making the mistake, and would just be a pain for the user to remember the flag. podman container exists --external is required because it could fool scripts that rely on the existance of a Podman container, and there is a potential for a partial deletion of a container, which could mess up existing users. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | | fix podman container exists and diff for storage containersDaniel J Walsh2020-10-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Current these commands only check if a container exists in libpod. With this fix, the commands will also check if they are in containers/storage. This allows users to look at differences within a buildah or CRI-O container. Currently buildah diff does not exists, so this helps out in that situation as well as in CRI-O since the cri does not implement a diff command. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #8044 from Luap99/fix-8040OpenShift Merge Robot2020-10-18
|\ \ \ \ \ | | | | | | | | | | | | Always add the dnsname plugin to the config for rootless
| * | | | | Always add the dnsname plugin to the config for rootlessPaul Holzinger2020-10-17
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The rootless-cni-infra container always has the dnsname plugin installed. It makes no sense to check if it is present on the host. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | Merge pull request #8045 from ↵OpenShift Merge Robot2020-10-17
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | andylibrian/podman-remote-cleanly-exit-on-detachkeyspressed Update podman-remote run and start to handle detach keys
| * | | | | Update podman-remote start --attach to handle detach keysAndy Librian2020-10-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fixes #7979 Signed-off-by: Andy Librian <andylibrian@gmail.com>
| * | | | | Update podman-remote run to handle detach keysAndy Librian2020-10-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | addresses #7979 Signed-off-by: Andy Librian <andylibrian@gmail.com>
* | | | | | Merge pull request #8036 from xordspar0/heading-consistencyOpenShift Merge Robot2020-10-16
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] Make man page headings more consistent
| * | | | | | Make man page headings more consistentJordan Christiansen2020-10-16
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | | | | | Merge pull request #8039 from zhangguanzhang/runlabel-panicOpenShift Merge Robot2020-10-16
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Fix panic when runlabel is missing
| * | | | | Fix panic when runlabel is missingzhangguanzhang2020-10-16
| | |_|/ / | |/| | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | | Merge pull request #7992 from ↵OpenShift Merge Robot2020-10-16
|\ \ \ \ \ | |_|/ / / |/| | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/common-0.25.0 Bump github.com/containers/common from 0.24.0 to 0.26.0
| * | | | Bump github.com/containers/common from 0.24.0 to 0.26.0Daniel J Walsh2020-10-16
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/common](https://github.com/containers/common) from 0.24.0 to 0.26.0. - [Release notes](https://github.com/containers/common/releases) - [Commits](https://github.com/containers/common/compare/v0.24.0...v0.26.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8029 from Luap99/image-trust-show-rawOpenShift Merge Robot2020-10-16
|\ \ \ \ | |/ / / |/| | | Fix podman image trust show --raw output
| * | | Fix podman image trust show --raw outputPaul Holzinger2020-10-15
| | | | | | | | | | | | | | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #8035 from xordspar0/fix-doc-headingDaniel J Walsh2020-10-15
|\ \ \ \ | | | | | | | | | | Fix podman-run man page heading
| * | | | Fix podman-run man page headingJordan Christiansen2020-10-15
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | Sharing IPC is meant to be an example under the Examples heading, not a new section. Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | | | Merge pull request #8030 from Luap99/fix-restore-panicOpenShift Merge Robot2020-10-15
|\ \ \ \ | |_|/ / |/| | | Fix possible panic in libpod container restore
| * | | Fix possible panic in libpod container restorePaul Holzinger2020-10-15
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | We need to do a length check before we can access the networkStatus slice by index to prevent a runtime panic. Fixes #8026 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8028 from ↵OpenShift Merge Robot2020-10-15
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/spf13/cobra-1.1.0 Bump github.com/spf13/cobra from 1.0.0 to 1.1.0
| * | | Bump github.com/spf13/cobra from 1.0.0 to 1.1.0dependabot-preview[bot]2020-10-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.0.0 to 1.1.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md) - [Commits](https://github.com/spf13/cobra/compare/v1.0.0...v1.1.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8003 from ↵OpenShift Merge Robot2020-10-15
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/onsi/gomega-1.10.3 Bump github.com/onsi/gomega from 1.10.2 to 1.10.3
| * | | | Bump github.com/onsi/gomega from 1.10.2 to 1.10.3dependabot-preview[bot]2020-10-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.10.2 to 1.10.3. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.10.2...v1.10.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* | | | | Merge pull request #8025 from edsantiago/batsOpenShift Merge Robot2020-10-15
|\ \ \ \ \ | |_|_|/ / |/| | | | System test additions
| * | | | System test additionsEd Santiago2020-10-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - run --userns=keep-id: confirm that $HOME gets set (#8013) - inspect: confirm that JSON output is a sane number of lines (10 or more), not an unreadable one-liner (#8011 and #8021). Do so with image, pod, network, volume because the code paths might be different. - cgroups: confirm that 'run' preserves cgroup manager (#7970) - sdnotify: reenable tests, and hope CI doesn't hang. This test was disabled on August 18 because CI jobs were hanging and timing out. My suspicion was that it was #7316, which in turn seems to have hinged on conmon #182. The latter was merged on Sep 16, so let's cross our fingers and see what happens. Also: remove inaccurate warning from a networking test. And, wow, fix is_cgroupsv2(), it has never actually worked. Signed-off-by: Ed Santiago <santiago@redhat.com>