summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Podman run --passwdcdoern2021-12-21
| | | | | | | | | added support for a new flag --passwd which, when false prohibits podman from creating entries in /etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint resolves #11805 Signed-off-by: cdoern <cdoern@redhat.com>
* Merge pull request #12626 from vrothberg/may-the-force-be-with-removalDaniel J Walsh2021-12-19
|\ | | | | image rm: allow for force-remove infra images
| * image rm: allow for force-remove infra imagesValentin Rothberg2021-12-17
| | | | | | | | | | | | | | | | | | | | | | Force removal of images will also remove associated containers. Historically, infra containers have been excluded resulting in rather annoying errors, for instance, when running `rmi -af`. Since there is not reasons to exclude infra containers, allow for removing the entire pod when an infra image is force removed. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #12641 from giuseppe/add-more-logging-setusernsDaniel J Walsh2021-12-19
|\ \ | | | | | | rootless: include the args in the debug message
| * | rootless: include the args in the debug messageGiuseppe Scrivano2021-12-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | include the arguments used to create the user namespace to help debugging. [NO NEW TESTS NEEDED] it changes a debug message Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #12625 from adrianreber/2021-12-16-podman-inspectOpenShift Merge Robot2021-12-17
|\ \ \ | | | | | | | | Add more checkpoint/restore information to 'inspect'
| * | | Test for checkpoint specific inspect fieldsAdrian Reber2021-12-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This extends one of the checkpoint/restore tests to see if the newly introduced checkpoint specific fields in 'inspect' work as intended. Signed-off-by: Adrian Reber <areber@redhat.com>
| * | | Add more checkpoint/restore information to 'inspect'Adrian Reber2021-12-17
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the following information to the output of 'podman inspect': * CheckpointedAt - time the container was checkpointed Only set if the container has been checkpointed * RestoredAt - time the container was restored Only set if the container has been restored * CheckpointLog - path to the checkpoint log file (CRIU's dump.log) Only set if the log file exists (--keep) * RestoreLog - path to the restore log file (CRIU's restore.log) Only set if the log file exists (--keep) * CheckpointPath - path to the actual (CRIU) checkpoint files Only set if the checkpoint files exists (--keep) * Restored - set to true if the container has been restored Only set if the container has been restored Signed-off-by: Adrian Reber <areber@redhat.com>
* | | Merge pull request #12622 from flouthoc/return_exit_code_for_buildOpenShift Merge Robot2021-12-17
|\ \ \ | | | | | | | | build: relay `exitcode` from imagebuildah to registry
| * | | tests: adjust old build test to expect exit codeAditya Rajan2021-12-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Old build tests were expecting genric error code `125` however another commit in this PR ensures that we relay exact exit code from build to registry. Hence adjusting tests Signed-off-by: Aditya Rajan <arajan@redhat.com>
| * | | build: relay exitcode from imagebuildah to registryAditya Rajan2021-12-17
| | |/ | |/| | | | | | | | | | | | | | | | | | | Podman does not relay exit code from buildah instead returns a generic error code `125`. Following PR allows `podman` to relay exit code from `imagebuildah` to `registry` as it is. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | Merge pull request #12634 from baude/bz2024229OpenShift Merge Robot2021-12-17
|\ \ \ | | | | | | | | Removed .service file for healthchecks
| * | | Removed .service file for healthchecksBrent Baude2021-12-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when a container with healthchecks exits due to stopping or failure, we need the cleanup process to remove both the timer file and the service file. Bz#:2024229 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #12609 from baude/tzOpenShift Merge Robot2021-12-16
|\ \ \ \ | | | | | | | | | | Set machine timezone
| * | | | Set machine timezoneBrent Baude2021-12-16
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added an option to podman machine init to declare the timezone of the resulting machine. the default is to use the value of the host name or else a given timezone name like America/Chicago. Fixes: #11895 Signed-off-by: Brent Baude <bbaude@redhat.com> [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #12608 from Luap99/cobraOpenShift Merge Robot2021-12-16
|\ \ \ \ | | | | | | | | | | bump cobra to 1.3.0
| * | | | bump cobra to 1.3.0Paul Holzinger2021-12-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This contains some fixes for the shell completion files. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #12610 from Luap99/cryptorandOpenShift Merge Robot2021-12-16
|\ \ \ \ \ | |_|/ / / |/| | | | MovePauseProcessToScope do not seed everytime
| * | | | MovePauseProcessToScope do not seed everytimePaul Holzinger2021-12-16
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of using math/rand we can use crypto/rand which we do not have to seed. crypto/rand uses getrandom(2) Also instead of adding an int to the scope name we add a 4 byte hex string. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #12606 from vrothberg/fix-12441OpenShift Merge Robot2021-12-16
|\ \ \ \ | | | | | | | | | | bindings rmi test: clarify behavior
| * | | | bindings rmi test: clarify behaviorValentin Rothberg2021-12-16
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The libpod/images/remove endpoint is not very REST-ish but, after some debate, was decided to be implemented as for the following reasons. First, it allows for batch removing images which improves performance significantly. Note that Docker does support `rmi -a`! Second, it allows for hiding the logic of setting the right exit code to use from the client and keep all the logic on the server. Hence, when removing an image that does not exist, the server will return a 200. The response, however, includes the error message to be used *and* the exit code that podman-remote will use. Fixes: #12441 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12623 from giuseppe/revert-old-PR-templateOpenShift Merge Robot2021-12-16
|\ \ \ \ | |_|/ / |/| | | [CI:DOCS] .github: revert to the old template
| * | | .github: revert to the old templateGiuseppe Scrivano2021-12-16
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | we are not using any of the metadata in the new format, so we have only the downside that is more annoying to fill. [CI:DOCS] no need to run the CI Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #12618 from giuseppe/dev-cgroup-add-default-devicesOpenShift Merge Robot2021-12-16
|\ \ \ | |_|/ |/| | oci: configure the devices cgroup with default devices
| * | oci: configure the devices cgroup with default devicesGiuseppe Scrivano2021-12-16
| |/ | | | | | | | | | | | | always set the default devices to the devices cgroup when not running in a user namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #12603 from vrothberg/fix-killOpenShift Merge Robot2021-12-16
|\ \ | |/ |/| kill: fix output
| * kill: fix outputValentin Rothberg2021-12-16
|/ | | | | | | Make sure that `kill -a` is printing the IDs of killed containers. Previously, it was only printing empty lines. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12619 from vrothberg/fix-search-flakesOpenShift Merge Robot2021-12-16
|\ | | | | e2e: search flake: skip test on registry.redhat.io
| * e2e: search flake: skip test on registry.redhat.ioValentin Rothberg2021-12-16
|/ | | | | | | | | The search endpoint on registry.redhat.io is broken. Skip one test and update another to avoid hitting it. Also leave some breadcrumbs to revert once it's back in a working state. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12601 from edsantiago/apiv2_catch_errsOpenShift Merge Robot2021-12-16
|\ | | | | APIv2 tests: fail on syntax/logic errors
| * APIv2 tests: fail on syntax/logic errorsEd Santiago2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (i.e. not test failures, but actual programming bugs). We've had a number of syntax errors creep into this test, usually caused by a missing backslash on a test command. I've long wanted to 'set -e' but that causes other problems. This PR introduces error handling via 'trap', with useful diagnostics on failure. This PR also catches and fixes two previously-unknown bugs that were causing tests to not actually run. And, since /events takes eons on my high-uptime laptop, add /since Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #12600 from rhatdan/externalOpenShift Merge Robot2021-12-15
|\ \ | | | | | | Show --external containers even without --all option
| * | Show --external containers even without --all optionDaniel J Walsh2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We currently do not show --external containers when the user specifies it, unless they also specify the --all flag. This has led to confusion. I see no reason not to list them without the --all flag if the user specifies the option. Fixes: https://github.com/containers/podman/issues/12353 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12534 from Luap99/network-dbOpenShift Merge Robot2021-12-15
|\ \ \ | |_|/ |/| | network db rewrite
| * | specgen: check that networks are only set with bridgePaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because we cannot reqad the networking mode in the frontent because we should always use the server default we have to parse the mac and ip address to the server via a default network. Now when the server reads the default nsmode it has to reject the provided networks when the mode is not set to bridge. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | container restore/import: store networks from dbPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | It is important that we store the current networks from the db in the config. Also make sure to properly handle aliases and ignore static ip/mac addresses. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | play kube add support for multiple networksPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | Allow the same --network options for play kube as for podman run/create. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | support advanced network configuration via cliPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rework the --network parse logic to support multiple networks with specific network configuration settings. --network can now be set multiple times. For bridge network mode the following options have been added: - **alias=name**: Add network-scoped alias for the container. - **ip=IPv4**: Specify a static ipv4 address for this container. - **ip=IPv6**: Specify a static ipv6 address for this container. - **mac=MAC**: Specify a static mac address address for this container. - **interface_name**: Specify a name for the created network interface inside the container. So now you can set --network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99 for the default bridge network as well as for network names. This is better than using --ip because we can set the ip per network without any confusion which network the ip address should be assigned to. The --ip, --mac-address and --network-alias options are still supported but --ip or --mac-address can only be set when only one network is set. This limitation already existed previously. The ability to specify a custom network interface name is new Fixes #11534 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | Add new networks format to spegecenPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | Add the new networks format to specgen. For api users cni_networks is still supported to make migration easier however the static ip and mac fields are removed. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | fix incorrect swagger doc for network dis/connectPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | The swagger api docs used the extra Body struct as part of the request which is wrong. We just want the plain type. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | network connect allow ip, ipv6 and mac addressPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | Network connect now supports setting a static ipv4, ipv6 and mac address for the container network. The options are added to the cli and api. Fixes #9883 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | network db: add new strucutre to container createPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure we create new containers in the db with the correct structure. Also remove some unneeded code for alias handling. We no longer need this functions. The specgen format has not been changed for now. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | remove unneeded return value from c.Networks()Paul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | We do not need to return a extra bool. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | network db rewrite: migrate existing settingsPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new network db structure stores everything in the networks bucket. Previously some network settings were not written the the network bucket and only stored in the container config. Instead of the old format which used the container ID as value in the networks buckets we now use the PerNetworkoptions struct there. To migrate existing users we use the state.GetNetworks() function. If it fails to read the new format it will automatically migrate the old config format to the new one. This is allows a flawless migration path. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #12596 from edsantiago/apiv2_test_refactorOpenShift Merge Robot2021-12-14
|\ \ \ | |_|/ |/| | apiv2 tests: refactor complicated curls
| * | apiv2 tests: refactor complicated curlsEd Santiago2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some months ago, apiv2 tests got added that needed new functionality: passing a tarball to the remote server. There was no mechanism to do so in the 't' helper, so these tests used complicated (and actually not-really- working) curl commands. This PR introduces and documents a new usage of 't', in which passing an argument ending in '.tar' adds the right magic syntax (--data-binary @PATH) to the existing curl. This lets us use all standard 't' checks, making for simpler tests and in the process fixing some bugs. Also: drive-by fix of a typo bug in the networks test. Also: set CONTAINERS_REGISTRIES_CONF when starting server and when running direct podman, to avoid docker.io throttling. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #12595 from Luap99/network-idOpenShift Merge Robot2021-12-14
|\ \ \ | |/ / |/| | fix network id handling
| * | fix network id handlingPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | We have to get the network ID from the network backend. With the netavark backend we no longer use the sha from the name as ID. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #12586 from jmguzik/secret-cmdOpenShift Merge Robot2021-12-14
|\ \ \ | | | | | | | | Add secret list --filter to cli
| * | | Add secret list --filter to cliJakub Guzik2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR is a follow-up of #11431. It adds possibility of filtering secret list based on id and name. Signed-off-by: Jakub Guzik <jguzik@redhat.com>