summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Fix namespace flag parsing for podman buildPaul Holzinger2020-11-12
| | | | | | | | | | The namespace options for pid,ipc,uts were completely ignored. The network namespace did not accept `none`. This commit fixes these issues simply by calling `parse.NamespaceOptions` from buildah instead of implementing our own logic. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Add podman build --net alias for --networkPaul Holzinger2020-11-12
| | | | | | Fixes #8332 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #8304 from rhatdan/errorOpenShift Merge Robot2020-11-12
|\ | | | | Cleanup error reporting
| * Cleanup error reportingDaniel J Walsh2020-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The error message reported is overlay complicated and the added test does not really help the user. Currently the error looks like: podman run -p 80:80 fedora echo hello Error: failed to expose ports via rootlessport: "cannot expose privileged port 80, you might need to add "net.ipv4.ip_unprivileged_port_start=0" (currently 1024) to /etc/sysctl.conf, or choose a larger port number (>= 1024): listen tcp 0.0.0.0:80: bind: permission denied\n" After this change ./bin/podman run -p 80:80 fedora echo hello Error: cannot expose privileged port 80, you might need to add "net.ipv4.ip_unprivileged_port_start=0" (currently 1024) to /etc/sysctl.conf, or choose a larger port number (>= 1024): listen tcp 0.0.0.0:80: bind: permission denied Control chars have been eliminated. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8318 from Luap99/doc-consistent-flag-orderOpenShift Merge Robot2020-11-12
|\ \ | | | | | | [CI:DOCS] Maintain consistent order of short and long flag names in docs
| * | Maintain consistent order of short and long flag names in docsPaul Holzinger2020-11-12
| | | | | | | | | | | | | | | | | | | | | | | | Make the order of short and long flag names in the documentation consistent. Also adjust the man page validaten script to only allow the `**--long**, **-s**` syntax. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8107 from cevich/measure_testing_statsOpenShift Merge Robot2020-11-12
|\ \ \ | | | | | | | | Cirrus: Collect runner.sh stats
| * | | Cirrus: Detailed CPU/Memory/Time runner.sh statsChris Evich2020-11-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On several occasions, there have been questions about CPU/Memory/IO trends in testing over time. Start collecting this data for all jobs, using a common/stable format so that trending analysis can be performed within/across multiple Cirrus-CI builds. This PR doesn't add any related tooling, it simply arranges for the collection of the data. Stats generation is done at the orchestration level to guarantee they reflect everything happening inside `runner.sh`. For example, the container-based tests re-exec `runner.sh` inside a container, but we're only interested in the top-level stats. Update all tasks to include collection of the stats file. Unfortunately, due to the way the Cirrus-CI YAML parser works, it is *not* possible to alias the artifacts collection more clearly, for example: ```yaml always: <<: *runner_stats <<: *logs_artifacts ``` Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #8298 from mheon/db_network_connectOpenShift Merge Robot2020-11-12
|\ \ \ \ | |_|/ / |/| | | Add support for network connect / disconnect to DB
| * | | Add support for network connect / disconnect to DBMatthew Heon2020-11-11
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Convert the existing network aliases set/remove code to network connect and disconnect. We can no longer modify aliases for an existing network, but we can add and remove entire networks. As part of this, we need to add a new function to retrieve current aliases the container is connected to (we had a table for this as of the first aliases PR, but it was not externally exposed). At the same time, remove all deconflicting logic for aliases. Docker does absolutely no checks of this nature, and allows two containers to have the same aliases, aliases that conflict with container names, etc - it's just left to DNS to return all the IP addresses, and presumably we round-robin from there? Most tests for the existing code had to be removed because of this. Convert all uses of the old container config.Networks field, which previously included all networks in the container, to use the new DB table. This ensures we actually get an up-to-date list of in-use networks. Also, add network aliases to the output of `podman inspect`. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #8311 from ↵OpenShift Merge Robot2020-11-12
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/rootless-containers/rootlesskit-0.11.1 Bump github.com/rootless-containers/rootlesskit from 0.11.0 to 0.11.1
| * | | Bump github.com/rootless-containers/rootlesskit from 0.11.0 to 0.11.1dependabot-preview[bot]2020-11-12
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.11.0 to 0.11.1. - [Release notes](https://github.com/rootless-containers/rootlesskit/releases) - [Commits](https://github.com/rootless-containers/rootlesskit/compare/v0.11.0...v0.11.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8307 from mheon/fix_8221OpenShift Merge Robot2020-11-12
|\ \ \ | | | | | | | | Ensure we do not double-lock the same volume in create
| * | | Ensure we do not double-lock the same volume in createMatthew Heon2020-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When making containers, we want to lock all named volumes we are adding the container to, to ensure they aren't removed from under us while we are working. Unfortunately, this code did not account for a container having the same volume mounted in multiple places so it could deadlock. Add a map to ensure that we don't lock the same name more than once to resolve this. Fixes #8221 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #8272 from rhatdan/logsOpenShift Merge Robot2020-11-12
|\ \ \ \ | | | | | | | | | | Test podman-remote logs works the same as podman logs
| * | | | Add tests to make sure podman-remote logs works correctly.Daniel J Walsh2020-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/7942 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #8300 from TomSweeneyRedHat/dev/tsweeney/addmainOpenShift Merge Robot2020-11-12
|\ \ \ \ \ | |_|_|/ / |/| | | | Add podman(1) to the list of man pages on docs.podman.io
| * | | | Add podman(1) to the list of man pages on docs.podman.ioTomSweeneyRedHat2020-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As the title says. Addresses: #7219 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | Merge pull request #8306 from edsantiago/ci_update_vmsOpenShift Merge Robot2020-11-11
|\ \ \ \ \ | | | | | | | | | | | | Cirrus: update VMs
| * | | | | Cirrus: update VMsEd Santiago2020-11-11
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reason: include perl-FindBin RPM in f33 VM, needed for hack/xref-helpmsgs-manpages Ref: https://github.com/containers/automation_images/pull/39 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #8299 from edsantiago/ci_reenable_manpage_xrefOpenShift Merge Robot2020-11-11
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] Restore man page cross-checker
| * | | | | [CI:DOCS] Restore man page cross-checkerEd Santiago2020-11-11
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Somewhere in the CIv2 migration we lost the man page vs --help cross-checker. Add it back, by adding it into the man-page-check Makefile target; this is part of 'make validate', which is run in CI even on CI:DOCS PRs. As happens when CI doesn't run, things broke. Man pages got out of sync with --help. This PR: 1) Fixes hack/xref-helpmsgs-manpages to deal with the new "Options" (instead of "Flags") form of podman help. #8034 did part of that, but one of my review comments was accidentally left out. 2) Fixes hack/xref-helpmsgs-manpages to deal with the new option syntax in man pages, post- #8292, in which each option is preceded by four hashes so as to make them HTML <h4> elements with named anchors. 3) Fixes man pages that #8292 accidentally missed. 4) Adds man page entries for two flags that got added to podman but not documented (pod create --network-alias, play kube --log-driver) Fixes: #8296 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #8297 from cevich/restore_docs_testingOpenShift Merge Robot2020-11-11
|\ \ \ \ \ | | | | | | | | | | | | Cirrus: Run validation tests in CI:DOCS mode
| * | | | | Cirrus: Run validation tests in CI:DOCS modeChris Evich2020-11-11
| |/ / / / | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | Merge pull request #8295 from baude/issue8294OpenShift Merge Robot2020-11-11
|\ \ \ \ \ | |/ / / / |/| | | | Set default network driver for APIv2 networks
| * | | | Set default network driver for APIv2 networksbaude2020-11-10
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Recent changes in networking require that the cni network driver be set. If the user provides no driver, we set the driver to the defaultnetworkdriver which currently is "bridge". Fixes: #8294 Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #8252 from baude/playkubetospecgenOpenShift Merge Robot2020-11-10
|\ \ \ \ | | | | | | | | | | migrate play kube to spec gen
| * | | | migrate play kube to spec genbaude2020-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we need to migrate play kube away from using the old container creation method. the new approach is specgen and this aligns play kube with container creation in the rest of podman. Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #8287 from ↵OpenShift Merge Robot2020-11-10
|\ \ \ \ \ | |_|/ / / |/| | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/common-0.27.0 Bump github.com/containers/common from 0.26.3 to 0.27.0
| * | | | Bump github.com/containers/common from 0.26.3 to 0.27.0dependabot-preview[bot]2020-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/common](https://github.com/containers/common) from 0.26.3 to 0.27.0. - [Release notes](https://github.com/containers/common/releases) - [Commits](https://github.com/containers/common/compare/v0.26.3...v0.27.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #8292 from Luap99/doc-anchorsOpenShift Merge Robot2020-11-10
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] Add anchors for flag names on docs.podman.io
| * | | | | Add anchors for flag names on docs.podman.ioPaul Holzinger2020-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change the docs markdown so that flag names will be h4 headers. Sphinx will automatically add anchors to headers. Add css to make sure the flag names are not to big compared to the text. The man pages also still renders fine but it looks a bit different. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | | Merge pull request #8251 from baude/networkaliasesOpenShift Merge Robot2020-11-10
|\ \ \ \ \ \ | |/ / / / / |/| | | | | network aliases for container creation
| * | | | | network aliases for container creationbaude2020-11-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman can now support adding network aliases when running containers (--network-alias). It requires an updated dnsname plugin as well as an updated ocicni to work properly. Signed-off-by: baude <bbaude@redhat.com>
* | | | | | Merge pull request #8278 from rhatdan/man1OpenShift Merge Robot2020-11-10
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] Add example of fuse-overlay to podman system reset
| * | | | | | Add example of fuse-overlay to podman system resetDaniel J Walsh2020-11-10
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A fairly common mistake users are hitting is running rootless podman without installing fuse-overlay. Then they want to reset storage. Sometimes they modify storage.conf first and `podman system reset` fails. This PR attempts to explain how to convert properly. Fixes: https://github.com/containers/podman/issues/7446 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #8143 from aojea/dualOpenShift Merge Robot2020-11-10
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | enable ipv6 networks
| * | | | | skip ipv6 e2e tests on rootlessAntonio Ojea2020-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The IPv6 e2e tests on the CI for rootles mode fails because it needs the ip6tables modules loaded. Example error: stdout="", stderr="failed to list chains: running [/sbin/ip6tables -t nat -S --wait]: exit status 3: modprobe: can't change directory to '/lib/modules': No such file or directory\nip6tables v1.8.4 (legacy): can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)\nPerhaps ip6tables or your kernel needs to be upgraded.\n\n" Signed-off-by: Antonio Ojea <aojea@redhat.com>
| * | | | | add e2e test for network with same subnetAntonio Ojea2020-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add e2e test that checks that is not possible to create different networks with the same subnet, in IPv6 neither in IPv4 Signed-off-by: Antonio Ojea <aojea@redhat.com>
| * | | | | enable ipv6 network configuration optionsAntonio Ojea2020-11-10
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | enable the ipv6 flag in podman network to be able to create dual-stack networks for containers. This is required to be compatible with docker, where --ipv6 really means dual stack. podman, unlike docker, support IPv6 only containers since 07e3f1bba9674c0cb93a0fa260930bfebbf75728. Signed-off-by: Antonio Ojea <aojea@redhat.com>
* | | | | Merge pull request #8270 from andylibrian/log-driver-option-for-play-kubeOpenShift Merge Robot2020-11-10
|\ \ \ \ \ | | | | | | | | | | | | Add --log-driver to play kube
| * | | | | Add --log-driver to play kubeAndy Librian2020-11-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | addresses #6604 Signed-off-by: Andy Librian <andylibrian@gmail.com>
* | | | | | Merge pull request #8286 from baude/dnsnamecleanupOpenShift Merge Robot2020-11-10
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | make network name uniq for dnsname tests
| * | | | | make network name uniq for dnsname testsbaude2020-11-09
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ed identified that the dnsname integration test does not use a unique name and therefore cannot be cleaned up. this was made worse by a improper defer statement to remove the network should the test fail. Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #8284 from edsantiago/batsOpenShift Merge Robot2020-11-10
|\ \ \ \ \ | | | | | | | | | | | | system tests: skip journald tests on RHEL8
| * | | | | system tests: skip journald tests on RHEL8Ed Santiago2020-11-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (actually, on any system exhibiting the symptom wherein journalctl fails due to insufficient permissions, which for all practical purposes means only RHEL8) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #8256 from rhatdan/manOpenShift Merge Robot2020-11-09
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] Update podman build man page to match buildah bud man page
| * | | | | | Update podman build man page to match buildah bud man pageDaniel J Walsh2020-11-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | Merge pull request #8236 from jwhonce/jira/run-976OpenShift Merge Robot2020-11-09
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | Update CI tests to run python docker library against API
| * | | | | | Update CI tests to run python docker library against APIJhon Honce2020-11-09
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Update reference to docker-py to docker to reflect change in library name * Update tests to create storage sandbox * Enable all tests that endpoints support * Refactor containers/{id}/rename to return 404 not 500 * Refactor tests to use quay.io vs. docker.io Signed-off-by: Jhon Honce <jhonce@redhat.com>