summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #11551 from Luap99/rootlessport-restartOpenShift Merge Robot2021-09-14
|\ | | | | fix restart always with rootlessport
| * libpod: rootful close binded portsPaul Holzinger2021-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For rootful users ports are forwarded via iptables. To make sure no other process tries to use them, libpod will bind the ports and pass the fds to conmon. There seems to be race when a container is restarted because libpod tries to bind the port before the conmon process exited. The problem only hapens with the podman service because it keeps the connection open. Once we have the fd and passed it to conmon the podman service should close the connection. To verify run `sudo ss -tulpn` and check that only the conmon process keeps the port open. Previously you would also see the podman server process listed. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * fix restart always with rootlessportPaul Holzinger2021-09-13
| | | | | | | | | | | | | | | | When a container is automatically restarted due its restart policy and the container uses rootless cni networking with ports forwarded we have to start a new rootlessport process since it exits with conmon. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * remove rootlessport socket to prevent EADDRINUSEPaul Holzinger2021-09-13
| | | | | | | | | | | | | | | | | | When we restart a container via podman restart or restart policy the rootlessport process fails with `address already in use` because the socketfile still exists. This is a regression and was introduced in commit abdedc31a25e. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11520 from giuseppe/enable-cgroup-parent-testOpenShift Merge Robot2021-09-14
|\ \ | | | | | | test: enable --cgroup-parent test
| * | test: enable --cgroup-parent testGiuseppe Scrivano2021-09-14
| | | | | | | | | | | | | | | | | | | | | | | | and fix it for running with runc. Closes: https://github.com/containers/podman/issues/11165 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #11449 from simnalamburt/gvproxy-pathOpenShift Merge Robot2021-09-14
|\ \ \ | |/ / |/| | Make gvproxy path configurable with containers.conf
| * | Search gvproxy with config.FindHelperBinary()Hyeon Kim2021-09-14
|/ / | | | | | | | | | | | | | | Closes #11531 [NO TESTS NEEDED] Signed-off-by: Hyeon Kim <simnalamburt@gmail.com>
* | Merge pull request #11529 from n1hility/fix-oldfieldsOpenShift Merge Robot2021-09-13
|\ \ | | | | | | Add deprecated event fields for 1.22+ clients that still expect them
| * | Add deprecated fields for 1.22+ clients that still expect themJason T. Greene2021-09-10
| | | | | | | | | | | | Signed-off-by: Jason Greene <jason.greene@redhat.com>
* | | Merge pull request #11545 from rhatdan/exitcodesOpenShift Merge Robot2021-09-13
|\ \ \ | | | | | | | | If container exits with 125 podman should exit with 125
| * | | If container exits with 125 podman should exit with 125Daniel J Walsh2021-09-13
| | | | | | | | | | | | | | | | | | | | | | | | fixes: https://github.com/containers/podman/issues/11540 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #11549 from ↵OpenShift Merge Robot2021-09-13
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/json-iterator/go-1.1.12 Bump github.com/json-iterator/go from 1.1.11 to 1.1.12
| * | | | Bump github.com/json-iterator/go from 1.1.11 to 1.1.12dependabot[bot]2021-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/json-iterator/go](https://github.com/json-iterator/go) from 1.1.11 to 1.1.12. - [Release notes](https://github.com/json-iterator/go/releases) - [Commits](https://github.com/json-iterator/go/compare/v1.1.11...v1.1.12) --- updated-dependencies: - dependency-name: github.com/json-iterator/go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #11440 from ashley-cui/sshOpenShift Merge Robot2021-09-13
|\ \ \ \ \ | | | | | | | | | | | | Use default username for podman machine ssh
| * | | | | Use default username for podman machine sshAshley Cui2021-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using the defaut conection for podman machine ssh, use the default username too. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | | | Merge pull request #11552 from Luap99/commonOpenShift Merge Robot2021-09-13
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | bump c/common to v0.44.0
| * | | | | bump c/common to v0.44.0Paul Holzinger2021-09-13
| | |_|_|/ | |/| | | | | | | | | | | | | Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #11550 from atykhyy/patch-2OpenShift Merge Robot2021-09-13
|\ \ \ \ \ | |_|_|/ / |/| | | | Fix #11444: remote breaks with stdout redirection
| * | | | Fix #11444: remote breaks with stdout redirectionAnton Tykhyy2021-09-13
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | `setConsoleMode` should do nothing if the handle is not a terminal. The proposed change is [exactly what `golang.org/x/term/IsTerminal()` does on Windows](https://cs.opensource.google/go/x/term/+/6886f2df:term_windows.go). [NO TESTS NEEDED] Signed-off-by: Anton Tykhyy <atykhyy@gmail.com>
* | | | Merge pull request #11548 from ↵OpenShift Merge Robot2021-09-13
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/storage-1.36.0 Bump github.com/containers/storage from 1.35.0 to 1.36.0
| * | | | Bump github.com/containers/storage from 1.35.0 to 1.36.0dependabot[bot]2021-09-13
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.35.0 to 1.36.0. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.35.0...v1.36.0) --- updated-dependencies: - dependency-name: github.com/containers/storage dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | Merge pull request #11537 from TomSweeneyRedHat/dev/tsweeney/fixhyphenOpenShift Merge Robot2021-09-13
|\ \ \ \ | |/ / / |/| | | [CI:DOCS] Remove short 'a' option from all-tags
| * | | [CI:DOCS] Remove short 'a' option from all-tagsTomSweeneyRedHat2021-09-13
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | The short option 'a' for the --all-tags option in the pull page is not valid, remove it. Addresses: #11536 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #11505 from cevich/enable_rootless_unitOpenShift Merge Robot2021-09-12
|\ \ \ | | | | | | | | Cirrus: Run unit-tests rootless
| * | | Cirrus: Run unit-tests rootlessChris Evich2021-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously (for various reasons) the unittests were limited by the Makefile to root-only. However, experimentation via PR #11490 shows they will actually execute and pass when run as a regular user. Enable this for only the latest Fedora VMs, so as to only add one new task to the (already large) set. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #11517 from jwhonce/issues/10053OpenShift Merge Robot2021-09-12
|\ \ \ \ | | | | | | | | | | Refactor API server emphasis on logging
| * | | | Refacter API server emphasis on loggingJhon Honce2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * To aid in debugging log API request and response bodies at trace level. Events can be correlated using the X-Reference-Id. * Server now echos X-Reference-Id from client if set, otherwise generates an unique id. * Move logic for X-Reference-Id into middleware * Change uses of Header.Add() to Set() when setting Content-Type * Log API operations in Apache format using gorilla middleware * Port server code to use BaseContext and ConnContext Fixes #10053 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | Merge pull request #11525 from rhatdan/healthcheckOpenShift Merge Robot2021-09-11
|\ \ \ \ \ | | | | | | | | | | | | Stop outputting 'healthy' on healthcheck
| * | | | | Stop outputting 'healthy' on healthcheckDaniel J Walsh2021-09-10
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should only print unhealthy if the check fails. Currently this is filling logs when users are running lots of healthchecks. Improves: https://github.com/containers/podman/issues/11157 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #11513 from Luap99/unshareOpenShift Merge Robot2021-09-11
|\ \ \ \ \ | | | | | | | | | | | | podman unshare keep exit code
| * | | | | podman unshare keep exit codePaul Holzinger2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In case the command inside the podman unshare env failed podman unshare always exits with 125 and prints `Error: exit status 125`. This is a bad user experience and makes it difficult to use in scripts which could expect certain exit codes. This commit makes sure podman unshare uses the same exit code as the command and does not print the useless `exit status X` message. Also to match podman run/exec it should return 126 for EPERM and 127 for ENOENT. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #11524 from ↵OpenShift Merge Robot2021-09-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/opencontainers/selinux-1.8.5 Bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
| * | | | | | Bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5dependabot[bot]2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.8.4 to 1.8.5. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.8.4...v1.8.5) --- updated-dependencies: - dependency-name: github.com/opencontainers/selinux dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | | | Merge pull request #11323 from umohnani8/initOpenShift Merge Robot2021-09-10
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | Add init containers to generate and play kube
| * | | | | | Add init containers to generate and play kubeUrvashi Mohnani2021-09-10
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kubernetes has a concept of init containers that run and exit before the regular containers in a pod are started. We added init containers to podman pods as well. This patch adds support for generating init containers in the kube yaml when a pod we are converting had init containers. When playing a kube yaml, it detects an init container and creates such a container in podman accordingly. Note, only init containers created with the init type set to "always" will be generated as the "once" option deletes the init container after it has run and exited. Play kube will always creates init containers with the "always" init container type. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | | | Merge pull request #11498 from vrothberg/fix-11489OpenShift Merge Robot2021-09-10
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | [CI:DOCS] podman machine: enforce a single search registry
| * | | | | machine: set filemodes in octalValentin Rothberg2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By popular request, turn decimals to octal. Most eyes are trained to parse file permissions in octal. [NO TESTS NEEDED] since machine isn't tested yet. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | podman machine: enforce a single search registryValentin Rothberg2021-09-10
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enforce "docker.io" to be the only search registry. Short-name resolution for remote clients is not fully supported since there is no means to prompt. Enforcing a single registry works around the problem since prompting only fires with more than one search registry. Fixes: #11489 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #11509 from ↵OpenShift Merge Robot2021-09-10
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/psgo-1.6.0 Bump github.com/containers/psgo from 1.5.2 to 1.6.0
| * | | | | Bump github.com/containers/psgo from 1.5.2 to 1.6.0dependabot[bot]2021-09-10
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/psgo](https://github.com/containers/psgo) from 1.5.2 to 1.6.0. - [Release notes](https://github.com/containers/psgo/releases) - [Commits](https://github.com/containers/psgo/compare/v1.5.2...v1.6.0) --- updated-dependencies: - dependency-name: github.com/containers/psgo dependency-type: direct:production update-type: version-update:semver-minor ... [NO TESTS NEEDED] since it's migrating to a new version. Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #11519 from tnk4on/fix-missing-args-in-exampleOpenShift Merge Robot2021-09-10
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] Fix missing args `NAME` in examples
| * | | | | Fix missing args in name in exampleShion Tanaka2021-09-10
| | |/ / / | |/| | | | | | | | | | | | | Signed-off-by: Shion Tanaka <shtanaka@redhat.com>
* | | | | Merge pull request #11506 from giuseppe/fix-stats-restart-containerOpenShift Merge Robot2021-09-10
|\ \ \ \ \ | | | | | | | | | | | | stats: detect container restart and allow paused containers
| * | | | | stats: detect containers restartGiuseppe Scrivano2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | if the current cpu usage time is lower than what previously recorded, then it means the container was restarted and now it runs in a new cgroup. When this happens, reset the prevStats. Closes: https://github.com/containers/podman/issues/11469 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | api: correctly set the container statsGiuseppe Scrivano2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | override the outer scope variable instead of creating a local one. Otherwise the wrong variable would be used for the next iterations. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | stats: allow to read stats for paused containersGiuseppe Scrivano2021-09-10
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | paused containers still a cgroup we can use to grab the stats. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #11516 from jelly/swagger/containerstatsOpenShift Merge Robot2021-09-10
|\ \ \ \ \ | |_|_|/ / |/| | | | [CI:DOCS] Add response to /libpod/containers/stats documentation
| * | | | Add /containers/stats response to API docsJelle van der Waa2021-09-10
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Include the response schema for a succesful request in the /containers/stats API documentation Additionally remove http 409 from /libpod/containers/stats docs, the documentation was copied from the deprecated stats endpoint, when a container is unavailabe the endpoint returns an empty list and no 409. Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
* | | | Merge pull request #11523 from Luap99/e2e-warningOpenShift Merge Robot2021-09-10
|\ \ \ \ | |/ / / |/| | | try to create the runroot before we warn that it is not writable