| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
The namespace options for pid,ipc,uts were completely ignored.
The network namespace did not accept `none`.
This commit fixes these issues simply by calling `parse.NamespaceOptions`
from buildah instead of implementing our own logic.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|
|
|
|
|
| |
Fixes #8332
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\
| |
| | |
Cleanup error reporting
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The error message reported is overlay complicated and the added test does not
really help the user.
Currently the error looks like:
podman run -p 80:80 fedora echo hello
Error: failed to expose ports via rootlessport: "cannot expose privileged port 80, you might need to add "net.ipv4.ip_unprivileged_port_start=0" (currently 1024) to /etc/sysctl.conf, or choose a larger port number (>= 1024): listen tcp 0.0.0.0:80: bind: permission denied\n"
After this change
./bin/podman run -p 80:80 fedora echo hello
Error: cannot expose privileged port 80, you might need to add "net.ipv4.ip_unprivileged_port_start=0" (currently 1024) to /etc/sysctl.conf, or choose a larger port number (>= 1024): listen tcp 0.0.0.0:80: bind: permission denied
Control chars have been eliminated.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
[CI:DOCS] Maintain consistent order of short and long flag names in docs
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Make the order of short and long flag names in the documentation
consistent. Also adjust the man page validaten script to only allow
the `**--long**, **-s**` syntax.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \
| | | |
| | | | |
Cirrus: Collect runner.sh stats
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
On several occasions, there have been questions about CPU/Memory/IO
trends in testing over time. Start collecting this data for all jobs,
using a common/stable format so that trending analysis can be performed
within/across multiple Cirrus-CI builds. This PR doesn't add any related
tooling, it simply arranges for the collection of the data.
Stats generation is done at the orchestration level to guarantee they
reflect everything happening inside `runner.sh`. For example, the
container-based tests re-exec `runner.sh` inside a container, but
we're only interested in the top-level stats.
Update all tasks to include collection of the stats file.
Unfortunately, due to the way the Cirrus-CI YAML parser works,
it is *not* possible to alias the artifacts collection more clearly,
for example:
```yaml
always:
<<: *runner_stats
<<: *logs_artifacts
```
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Add support for network connect / disconnect to DB
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Convert the existing network aliases set/remove code to network
connect and disconnect. We can no longer modify aliases for an
existing network, but we can add and remove entire networks. As
part of this, we need to add a new function to retrieve current
aliases the container is connected to (we had a table for this
as of the first aliases PR, but it was not externally exposed).
At the same time, remove all deconflicting logic for aliases.
Docker does absolutely no checks of this nature, and allows two
containers to have the same aliases, aliases that conflict with
container names, etc - it's just left to DNS to return all the
IP addresses, and presumably we round-robin from there? Most
tests for the existing code had to be removed because of this.
Convert all uses of the old container config.Networks field,
which previously included all networks in the container, to use
the new DB table. This ensures we actually get an up-to-date list
of in-use networks. Also, add network aliases to the output of
`podman inspect`.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
containers/dependabot/go_modules/github.com/rootless-containers/rootlesskit-0.11.1
Bump github.com/rootless-containers/rootlesskit from 0.11.0 to 0.11.1
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.11.0 to 0.11.1.
- [Release notes](https://github.com/rootless-containers/rootlesskit/releases)
- [Commits](https://github.com/rootless-containers/rootlesskit/compare/v0.11.0...v0.11.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Ensure we do not double-lock the same volume in create
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When making containers, we want to lock all named volumes we are
adding the container to, to ensure they aren't removed from under
us while we are working. Unfortunately, this code did not account
for a container having the same volume mounted in multiple places
so it could deadlock. Add a map to ensure that we don't lock the
same name more than once to resolve this.
Fixes #8221
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
Test podman-remote logs works the same as podman logs
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes: https://github.com/containers/podman/issues/7942
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Add podman(1) to the list of man pages on docs.podman.io
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
As the title says.
Addresses: #7219
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Cirrus: update VMs
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Reason: include perl-FindBin RPM in f33 VM, needed for
hack/xref-helpmsgs-manpages
Ref: https://github.com/containers/automation_images/pull/39
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
[CI:DOCS] Restore man page cross-checker
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Somewhere in the CIv2 migration we lost the man page vs --help
cross-checker. Add it back, by adding it into the man-page-check
Makefile target; this is part of 'make validate', which is run
in CI even on CI:DOCS PRs.
As happens when CI doesn't run, things broke. Man pages got out
of sync with --help. This PR:
1) Fixes hack/xref-helpmsgs-manpages to deal with the new
"Options" (instead of "Flags") form of podman help. #8034
did part of that, but one of my review comments was
accidentally left out.
2) Fixes hack/xref-helpmsgs-manpages to deal with the new
option syntax in man pages, post- #8292, in which each
option is preceded by four hashes so as to make them
HTML <h4> elements with named anchors.
3) Fixes man pages that #8292 accidentally missed.
4) Adds man page entries for two flags that got added
to podman but not documented (pod create --network-alias,
play kube --log-driver)
Fixes: #8296
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Cirrus: Run validation tests in CI:DOCS mode
|
| |/ / / /
| | | | |
| | | | |
| | | | | |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
Set default network driver for APIv2 networks
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Recent changes in networking require that the cni network driver be set.
If the user provides no driver, we set the driver to the
defaultnetworkdriver which currently is "bridge".
Fixes: #8294
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
migrate play kube to spec gen
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
we need to migrate play kube away from using the old container creation
method. the new approach is specgen and this aligns play kube with
container creation in the rest of podman.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | |
| | | | |
| | | | | |
containers/dependabot/go_modules/github.com/containers/common-0.27.0
Bump github.com/containers/common from 0.26.3 to 0.27.0
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.26.3 to 0.27.0.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](https://github.com/containers/common/compare/v0.26.3...v0.27.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
[CI:DOCS] Add anchors for flag names on docs.podman.io
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Change the docs markdown so that flag names will be h4 headers.
Sphinx will automatically add anchors to headers. Add css to
make sure the flag names are not to big compared to the text.
The man pages also still renders fine but it looks a bit different.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
network aliases for container creation
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
podman can now support adding network aliases when running containers
(--network-alias). It requires an updated dnsname plugin as well as an
updated ocicni to work properly.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
[CI:DOCS] Add example of fuse-overlay to podman system reset
|
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
A fairly common mistake users are hitting is running rootless podman without
installing fuse-overlay. Then they want to reset storage. Sometimes they
modify storage.conf first and `podman system reset` fails.
This PR attempts to explain how to convert properly.
Fixes: https://github.com/containers/podman/issues/7446
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
enable ipv6 networks
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The IPv6 e2e tests on the CI for rootles mode fails because
it needs the ip6tables modules loaded.
Example error:
stdout="", stderr="failed to list chains: running [/sbin/ip6tables -t nat -S --wait]: exit status 3: modprobe: can't change directory to '/lib/modules': No such file or directory\nip6tables v1.8.4 (legacy): can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)\nPerhaps ip6tables or your kernel needs to be upgraded.\n\n"
Signed-off-by: Antonio Ojea <aojea@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
add e2e test that checks that is not possible to create
different networks with the same subnet, in IPv6 neither
in IPv4
Signed-off-by: Antonio Ojea <aojea@redhat.com>
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
enable the ipv6 flag in podman network to be able to create
dual-stack networks for containers.
This is required to be compatible with docker, where --ipv6
really means dual stack.
podman, unlike docker, support IPv6 only containers since
07e3f1bba9674c0cb93a0fa260930bfebbf75728.
Signed-off-by: Antonio Ojea <aojea@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Add --log-driver to play kube
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
addresses #6604
Signed-off-by: Andy Librian <andylibrian@gmail.com>
|
|\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
make network name uniq for dnsname tests
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
ed identified that the dnsname integration test does not use a unique
name and therefore cannot be cleaned up. this was made worse by a
improper defer statement to remove the network should the test fail.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
system tests: skip journald tests on RHEL8
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
(actually, on any system exhibiting the symptom wherein
journalctl fails due to insufficient permissions, which
for all practical purposes means only RHEL8)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
[CI:DOCS] Update podman build man page to match buildah bud man page
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \ \
| |_|_|/ / / /
|/| | | | | | |
Update CI tests to run python docker library against API
|
| | |_|/ / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* Update reference to docker-py to docker to reflect change in library
name
* Update tests to create storage sandbox
* Enable all tests that endpoints support
* Refactor containers/{id}/rename to return 404 not 500
* Refactor tests to use quay.io vs. docker.io
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|