summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* pkg: use PROXY_VARS from c/commonAditya Rajan2022-01-11
| | | | Signed-off-by: Aditya Rajan <arajan@redhat.com>
* ignition: add support from setting SSL_CERT_FILEAditya Rajan2022-01-11
| | | | | | | | | | | | | Podman often has to run behind an http/https proxy, often in corporate environments. This proxy may or may not include SSL inspection capabilities, requiring a trusted SSL CA certificate to be added to a system's trust store. Copy the file referred to by SSL_CERT_FILE on the host into the podman machine's OS trust store, overriding the built-in single-file trust store certificate. Also set the `SSL_FILE_CERT` on remote machine [NO NEW TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* ignition: propogate HTTP proxy variables from host to remoteAditya Rajan2022-01-11
| | | | | | | | | | | Podman often has to run behind an http/https proxy, often in corporate environments. This proxy may or may not include SSL inspection capabilities, requiring a trusted SSL CA certificate to be added to a system's trust store. Solve this by reading standard proxy variables (HTTP_PROXY HTTPS_PROXY NO_PROXY http_proxy https_proxy no_proxy) and injecting them into the machine at init. [NO NEW TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* Merge pull request #12772 from rhatdan/pauseOpenShift Merge Robot2022-01-10
|\ | | | | Remove dead RuntimeOption functions
| * Remove dead RuntimeOption functionsDaniel J Walsh2022-01-10
| | | | | | | | | | | | | | | | | | | | I don't see where these With Functions are used, so removing them to clean up code. WithDefaultInfra* functions screwed me up and confused me. [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12757 from umohnani8/cmOpenShift Merge Robot2022-01-10
|\ \ | | | | | | Don't add env if optional and not found
| * | Don't add env if optional and not foundUrvashi Mohnani2022-01-10
| | | | | | | | | | | | | | | | | | | | | | | | If the pod yaml has env from secret and condifg map but they are optional and the secret cannot be found, don't add the env key as well as the env value will not be found. Matches behavior with k8s. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | Merge pull request #12786 from vrothberg/vendor-commonOpenShift Merge Robot2022-01-10
|\ \ \ | | | | | | | | vendor c/common
| * | | vendor c/commonValentin Rothberg2022-01-10
| |/ / | | | | | | | | | | | | | | | | | | | | | Also update the e2e pull test to account for the changes when pulling from the dir transport. Images pulled via the dir transport are not tagged anymore; the path is not a reliable source. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #12787 from rhatdan/dockerOpenShift Merge Robot2022-01-10
|\ \ \ | |_|/ |/| | Update docker cli message for case where user creates directory
| * | Update docker cli message for case where user creates directoryStephen Person2022-01-10
|/ / | | | | | | | | | | | | | | | | Check for any existing system object in docker script to clear warning message (Resolving PR comments) [NO NEW TESTS NEEDED] Signed-off-by: Stephen Person <stephen.person.12@cnu.edu> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12783 from n1hility/wxs-fixOpenShift Merge Robot2022-01-10
|\ \ | |/ |/| [NO TESTS NEEDED] Fix type-o in podman.wxs
| * Fix type-o in podman.wxsJason T. Greene2022-01-09
|/ | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Merge pull request #12773 from mhrivnak/fix-example-indentationOpenShift Merge Robot2022-01-08
|\ | | | | [CI:DOCS] fixes indentation of example pod yaml
| * [CI:DOCS] fixes indentation of example pod yamlMichael Hrivnak2022-01-07
|/ | | | | | | | | The example as previously shown would result in "Error: multi doc yaml could not be split". The change here has been tested to work, and it matches the example in the [kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables). Signed-off-by: Michael Hrivnak <mhrivnak@hrivnak.org>
* Merge pull request #12733 from rhatdan/copyOpenShift Merge Robot2022-01-07
|\ | | | | Set volume NeedsCopyUp to false iff data was copied up
| * Set volume NeedsCopyUp to false iff data was copied upDaniel J Walsh2022-01-06
| | | | | | | | | | | | | | | | | | | | | | | | Currently Docker copies up the first volume on a mountpoint with data. Fixes: https://github.com/containers/podman/issues/12714 Also added NeedsCopyUP, NeedsChown and MountCount to the podman volume inspect code. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12767 from riyad/fix-storage-opt-double-decodeOpenShift Merge Robot2022-01-07
|\ \ | | | | | | Prevent double decoding of storage options
| * | Prevent double decoding of storage optionsRiyad Preukschas2022-01-07
| | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] see #11991 Signed-off-by: Riyad Preukschas <riyad@informatik.uni-bremen.de>
* | | Merge pull request #12764 from edsantiago/batsOpenShift Merge Robot2022-01-07
|\ \ \ | | | | | | | | Emergency system-test fixes
| * | | Emergency system-test fixesEd Santiago2022-01-06
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Emergency fix to image-scp tests. DO NOT CREATE A USER! These tests are run in all sorts of environments. We do not have the right to vandalize a production system. Also remove some misleading unneeded tests; and refactor a little; and add a bunch of FIXMEs which will need to be addressed later. Also, super-low priority, add 'crun: ' to expected error message in a run test (minor followup to #12758). Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #12726 from hikhvar/remove-superflous-pod-renameOpenShift Merge Robot2022-01-07
|\ \ \ | |/ / |/| | Don't rename pod if container has the same name
| * | Don't rename pod if container has the same nameChristoph Petrausch2022-01-06
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | We enforce the naming scheme "<podname>-<containername>" here [1]. Therefore we must not rename the pod in case of a naming conflict between pod name and container name. Not renaming the pod increases the usability for the user and easies scripting based on the name. Otherwise a user must set some label to reliable find a pod after creation. Or have to implement the renaming logic in the script. [1] https://github.com/containers/podman/blob/main/pkg/specgen/generate/kube/kube.go#L140 Fixes #12722 Signed-off-by: Christoph Petrausch <chrobbert@gmail.com>
* | Merge pull request #12758 from rhatdan/runtimeOpenShift Merge Robot2022-01-06
|\ \ | | | | | | add OCI Runtime name to errors
| * | add OCI Runtime name to errorsDaniel J Walsh2022-01-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | It would be easier to diagnose OCI runtime errors if the error actually had the name of the OCI runtime that produced the error. [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12614 from baude/bz2028408OpenShift Merge Robot2022-01-06
|\ \ \ | |/ / |/| | fix healthcheck timeouts and ut8 coercion
| * | fix healthcheck timeouts and ut8 coercionBrent Baude2022-01-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this commit fixes two bugs and adds regression tests. when getting healthcheck values from an image, if the image does not have a timeout defined, this resulted in a 0 value for timeout. The default as described in the man pages is 30s. when inspecting a container with a healthcheck command, a customer observed that the &, <, and > characters were being converted into a unicode escape value. It turns out json marshalling will by default coerce string values to ut8. Fixes: bz2028408 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #11454 from afbjorklund/virtfs-volumesOpenShift Merge Robot2022-01-06
|\ \ \ | |/ / |/| | Implement virtfs volumes for podman machine
| * | Make it possible to select the volume driverAnders F Björklund2021-12-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use the same type of mounts for all the machine volumes. The default could change in the future, depending on OS. [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * | Check the mount type for future compatibilityAnders F Björklund2021-12-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are other mount types available, such as NFS or SMB, or one could use reverse sshfs for better compatibility. It could either be a global option, or it could perhaps be overridden for each volume (like the container volumes). Refactor the creation of the options string or array. Allow specifying the volume as read-only, if desired. [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * | Implement virtfs volumes for podman machineAnders F Björklund2021-12-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow using the built-in 9pfs feature of qemu, mounting host directories into vm mountpoints. The volumes are generic, the mounts are specific. Wait for the machine to be "running", otherwise the SSH function might throw an error instead. Increase the default msize from 8 KiB to 128 KiB [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | Merge pull request #11538 from mtrmac/http-credentialsOpenShift Merge Robot2022-01-06
|\ \ \ | |_|/ |/| | Fix HTTP credentials passing
| * | Make XRegistryAuthHeader and XRegistryConfigHeader privateMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... now that they have no public users. Also remove the HeaderAuthName type, we don't need the type-safety so much for private constants, and using plain strings results in less visual noise. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Remove the authfile parameter of MakeXRegistryAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Having a parameter that modifies the provides types.SystemContext seems rather unexpected and risky to have around - and the only user of that is actually a no-op, others only provide a nil SystemContext; so, remove that option and simplify (well, somewhat; many callers now have extra &types.SystemContext{AuthFilePath} boilerplate; at least that's consistent with that code carrying a TODO to create a larger-scope SystemContext). Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Simplify the header decision in pkg/bindings/images.Build a bitMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | ... now that two of the three cases are the same. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Remove the authfile parameter of MakeXRegistryConfigHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Having a parameter that modifies the provides types.SystemContext seems rather unexpected and risky to have around - and the only user of that is actually a no-op; so, remove that option and simplify. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Remove no-longer-useful name variablesMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | which used to contain more context, but now are just a pointless copy. Should not change (test) behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Consolidate creation of SystemContext with auth.json into a helperMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | Should not change (test) behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Remove pkg/auth.HeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is no longer used. Split the existing tests into MakeXRegistryConfigHeader and MakeXRegistryAuthHeader variants. For now we don't modify the implementations at all, to make review simpler; cleanups will follow. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Call MakeXRegistryAuthHeader instead of Header(..., XRegistryAuthHeader)Miloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | All callers hard-code a header value, so this is actually shorter. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Turn headerAuth into MakeXRegistryAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... which can be called independently. For now, there are no new callers, to test that the behavior has not changed. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Call MakeXRegistryConfigHeader instead of Header(..., XRegistryConfigHeader)Miloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | All callers hard-code a header value, so this is actually shorter. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Turn headerConfig into MakeXRegistryConfigHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... which can be called independently. For now, there are no new callers, to test that the behavior has not changed. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Move the auth file creation to GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | This shares the code, and makes getConfigCredentials and getAuthCredentials side-effect free and possibly easier to test. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Consolidate the error handling path in GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | We'll share even more code here in the future. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Only look up HTTP header values once in GetCredentialsMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | ... and have GetCredentials pass the values down to getConfigCredentials and getAuthCredentials. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Use Header.Values in GetCredentials.hasMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | It's possibly a bit more expensive, but semantically safer because it does header normalization. And we'll regain the cost by not looking up the value repeatedly. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Beautify GetCredentials.has a bitMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | Use separate lines, and use the provided .String() API. Should not change behaivor. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Pass a header value directly to parseSingleAuthHeader and parseMultiAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | Both have a single caller, so there's no point in looking up the header value twice. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Simplify parseSingleAuthHeaderMiloslav Trmač2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | In the "no input" case, return a constant instead of continuing with the decode/convert path, converting empty data. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>