| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We were already writing these to our debug logs. But collecting them
and including them in the error message will make it easier for
callers who don't have debugging enabled to figure out what's going
wrong.
Using multierror gives us both pretty formatting (when we print this
for the user) and programmatic access (for any callers that need to
inspect the constituent errors). With this commit and a config like:
$ cat /etc/containers/registries.conf
[registries.search]
registries = ['registry.access.redhat.com', 'quay.io', 'docker.io']
pulling an unqualified missing image looks like:
$ podman pull does-not/exist
Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
Trying to pull quay.io/does-not/exist:latest...Failed
Trying to pull docker.io/does-not/exist:latest...Failed
error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:
* Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
* Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized
* Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
denied: requested access to the resource is denied
unauthorized: authentication required
A qualified image looks like:
$ podman pull quay.io/does-not/exist
Trying to pull quay.io/does-not/exist...Failed
error pulling image "quay.io/does-not/exist": unable to pull quay.io/does-not/exist: unable to pull image: Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized
If one of the searched repositories was offline, you'd get a more
useful routing error for that specific registry. For example:
$ cat /etc/hosts
127.0.0.1 quay.io
$ podman pull does-not/exist
Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
Trying to pull quay.io/does-not/exist:latest...Failed
Trying to pull docker.io/does-not/exist:latest...Failed
error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:
* Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
* Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: pinging docker registry returned: Get https://quay.io/v2/: dial tcp 127.0.0.1:443: connect: connection refused
* Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
denied: requested access to the resource is denied
unauthorized: authentication required
This is our first direct dependency on multierror, but we've been
vendoring it for a while now because opencontainers/runtime-tools uses
it for config validation.
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1456
Approved by: rhatdan
|
| |\
| |
| | |
Update gitvalidation epoch to avoid a bad commit
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |\
| |
| | |
Add Buildah Podman relationship to README.md
|
| |/
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This matches Docker behavior more closely and should resolve an
issue we were seeing with /sys mounts
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1465
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1462
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1437
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
Every port we open consumes an open FD. This can easily consume
all available FDs for the podman process. Set rlimits to resolve
this.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1437
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds functionality to search registries implementing the v2
endpoint with an empty query, that is the results will be
all the available images on the registries.
If this is tried with a v1 registry an error will occur.
To search a whole registry, there needs to be a trailing slash
at the end, i.e `podman search registry.fedoraproject.org/`.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #1444
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
| |
Picks up changes made to authentication for registry search.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #1444
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
While this is not implemented yet, it is needed for working with existing
docker scripts.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1460
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
| |
When running lots of podman commands simultaneously we were able to get
into a deadlock situation. The updated containers/storage should fix this issue.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1454
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
| |
as of now, we do not want to build with device mapper because it cannot
handle parallel requests which would be common-place in podman.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1445
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
when running podman's integration tests, we need to be able to understand
our environment because the podman command will differ as will the results.
there is no 100% way to know if we are in a container, but using a combination
of container= and checking /proc seemed reasonable for our test suite. non of this
code is run in podman proper.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1441
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1443
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1438
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
|
|
|
| |
This is an incomplete fix, as it would be best for the libpod library to be in charge of coordinating the container's dependencies on the infra container. A TODO was left as such. UTS is a special case, because the docker library that namespace handling is based off of doesn't recognize a UTS based on another container as valid, despite the library being able to handle it correctly. Thus, it is left in the old way.
Signed-off-by: haircommander <pehunt@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1347
Approved by: mheon
|
| |\
| |
| | |
Bump to v0.9.1.1
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |\
| |
| | |
Update release notes for 0.9.1.1
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use the new firewall code vendored from CNI to replace the
existing iptables rule addition handler we had in place. This
adds proper support for firewalld and should be much better at
interacting with the firewall.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1431
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The upstream CNI project has a PR open for adding iptables and
firewalld support, but this has been stalled for the better part
of a year upstream.
On advice of several maintainers, we are vendoring this code into
libpod, to perform the relevant firewall configuration ourselves.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1431
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this change if an error is raised when fetching the size of the
image, the error string will be printed as the size (instead of
panicing). In this particular case, the error string is "unable to
determine size".
This fixes bug #1405
Signed-off-by: Steve Baker <sbaker@redhat.com>
Closes: #1423
Approved by: mheon
|
| |\
| |
| | |
Bump to v0.9.1
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |\
| |
| | |
Update RELEASE_NOTES for 0.9.1 release
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We should be sharing cgroups namespace by default in pods
uts namespace sharing was broken in pods.
Create a new libpod/pkg/namespaces for handling of namespace fields
in containers
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1418
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When there was a conflict between a user-added volume and a mount
already in the spec, we previously respected the mount already in
the spec and discarded the user-added mount. This is counter to
expected behavior - if I volume-mount /dev into the container, I
epxect it will override the default /dev in the container, and
not be ignored.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1419
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
|
|
|
|
| |
When user-specified volume mounts overlap with mounts already in
the spec, remove the mount in the spec to ensure there are no
conflicts.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1419
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1425
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
podman build docs should now reflect that the --layers default value is true.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1424
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to more closely mimic docker default behavior, the --layers
cli option is set to true by default for podman. the buildah
environment variable of BUILDAH_LAYERS is still honored and will
override the command line input.
this should be considered in place of PR #1383.
Many thanks for Scott McCarty for inspiring this welcome change.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1422
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
This bash script is meant to compliment the podman baseline
test script. It primarily focuses on exercising the common
actions of pods.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1421
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
This tests fails a lot, I think because of a race condition. Changing to
just make sure the inode of the /dev/shm on the host is the same as inside
the container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1420
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1416
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
| |
Small amount of clean up on the baseline script to handle failing
on error. I also added an option to not use docker at all for platoforms
where docker cannot be installed.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1411
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
Figuring out the difference between a User and a USERNS
as well as Cgroup and CGROUPNS
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1417
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
|
|
|
|
| |
When we create a pod that also has an infra container, we should
start the infra container automatically. This allows users to add
running containers to the pod immediately.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1415
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
We need to vendor in the latest containerd/cgroups for a fix related to
slice delegation and systemd <= 239. The opencontainer/runtime-spec is
brought along for the ride.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1414
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
Remove podman --config option, since it does not do anything.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1410
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
| |
Right now, we don't print errors from c/image while trying to
pull images. This prints the errors when log-level=debug is set
so we can debug errors while pulling.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #1409
Approved by: baude
|
| |
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1408
Approved by: rhatdan
|
