summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Fix usermod call in rootless_tutorial.mdDan Čermák2022-05-05
| | | | | | | | The `usermod` calls in rootless_tutorial.md were only adding a very narrow range for subuids and subgids, which will cause failures with containers where a file is owned by a user or group with a uid/gid > 1001. Signed-off-by: Dan Čermák <dcermak@suse.com>
* Merge pull request #14092 from vrothberg/benchmarksOpenShift Merge Robot2022-05-05
|\ | | | | benchmarks: push/pull
| * benchmarks: push/pullValentin Rothberg2022-05-04
| | | | | | | | | | | | | | | | Polish the push and pull benchmarks. In particular, make sure to not be network bound during these benchmarks by running a local registry and pushing a local image that can later on be pulled. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #14037 from rhatdan/remoteuriOpenShift Merge Robot2022-05-04
|\ \ | | | | | | Report correct RemoteURI
| * | Report correct RemoteURIDaniel J Walsh2022-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rather than assuming a filesystem path, the API service URI is recorded in the libpod runtime configuration and then reported as requested. Note: All schemes other than "unix" are hard-coded to report URI exists. Fixes #12023 Signed-off-by: Jhon Honce <jhonce@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #14095 from baude/moreunittestsOpenShift Merge Robot2022-05-04
|\ \ \ | | | | | | | | Add more unit tests
| * | | Add more unit testsBrent Baude2022-05-04
| | | | | | | | | | | | | | | | | | | | | | | | Improve "code coverage" with more unit-tests. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #14066 from ashley-cui/sysresOpenShift Merge Robot2022-05-04
|\ \ \ \ | | | | | | | | | | podman system reset removed machines incorrectly
| * | | | podman system reset removed machines incorrectlyAshley Cui2022-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman system reset did not clean up machines fully, leaving some config files, and breaking machines. Now it removes all machines files fully. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | | Merge pull request #14109 from giuseppe/ignore-econnresetOpenShift Merge Robot2022-05-04
|\ \ \ \ \ | |_|_|/ / |/| | | | libpod: treat ECONNRESET as EOF
| * | | | libpod: treat ECONNRESET as EOFGiuseppe Scrivano2022-05-04
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when reading from the attach socket, treat ECONNRESET in the same way as EOF. [NO NEW TESTS NEEDED] Closes: https://github.com/containers/podman/issues/11446 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #14060 from nicrowe00/13781OpenShift Merge Robot2022-05-04
|\ \ \ \ | | | | | | | | | | play kube default log driver
| * | | | play kube default log driverNiall Crowe2022-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The default log driver is not used when using play kube without --log-driver. The LogDriver function needs to be called in order to use the default log driver. fixes #13781 Signed-off-by: Niall Crowe <nicrowe@redhat.com>
* | | | | Merge pull request #14107 from ↵OpenShift Merge Robot2022-05-04
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/storage-1.40.2 Bump github.com/containers/storage from 1.40.0 to 1.40.2
| * | | | | Bump github.com/containers/storage from 1.40.0 to 1.40.2dependabot[bot]2022-05-04
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.40.0 to 1.40.2. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.40.0...v1.40.2) --- updated-dependencies: - dependency-name: github.com/containers/storage dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #14108 from Luap99/machine-event-sockOpenShift Merge Robot2022-05-04
|\ \ \ \ \ | |_|/ / / |/| | | | machine events: only open sockets when needed
| * | | | machine events: only open sockets when neededPaul Holzinger2022-05-04
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should only open the socket when needed and not always at init time. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #14099 from jwhonce/wip/machine_inspectOpenShift Merge Robot2022-05-04
|\ \ \ \ | |/ / / |/| | | Implement --format for machine inspect
| * | | Implement --format for machine inspectJhon Honce2022-05-03
| | | | | | | | | | | | | | | | | | | | | | | | * Fix issue of nil pointer derefence Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #14085 from jwhonce/jira/RUN-1491OpenShift Merge Robot2022-05-03
|\ \ \ \ | |/ / / |/| | | Add podman machine events
| * | | Add podman machine eventsJhon Honce2022-05-03
|/ / / | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #14089 from vrothberg/generate-systemd-podsOpenShift Merge Robot2022-05-03
|\ \ \ | | | | | | | | generate systemd: pods: set exit policy
| * | | generate systemd: pods: set exit policyValentin Rothberg2022-05-03
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | Unless specified in the create command of the pod, enforce the exit policy to "stop". With "stop", a pod is stopped when the last container exits and does not continue running. This behavior integrates much better into systemd which is now able to tell whether the service running as pod is actually running/active or not. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | Merge pull request #14083 from baude/machinestatsOpenShift Merge Robot2022-05-03
|\ \ \ | | | | | | | | Additional stats for podman info
| * | | Additional stats for podman infoBrent Baude2022-05-03
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In support of podman machine and its counterpart desktop, we have added new stats to podman info. For storage, we have added GraphRootAllocated and GraphRootUsed in bytes. For CPUs, we have added user, system, and idle percents based on /proc/stat. Fixes: #13876 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #14093 from edsantiago/treadmill_script_moreOpenShift Merge Robot2022-05-03
|\ \ \ | | | | | | | | [CI:DOCS] vendor treadmill script: run 'git add vendor'
| * | | vendor treadmill script: run 'git add vendor'Ed Santiago2022-05-03
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Situation encountered just now after buildah #3949 but before podman #14084: go.mod changed in such a way that other modules were updated, not just buildah, and those changes weren't git-added by 'make vendor'. This resulted in the dirty-tree CI test failing. Solution: check for untracked vendor files after 'make vendor', and git-add them. Show a friendly message that we're doing so: +---> Adding untracked files under containers/image, containers/storage, klauspost/compress, x/sys In order to do this safely, we run an untracked-files check under vendor as one of the first sanity checks. If there are any when we start the script, fail early. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #14071 from ↵Daniel J Walsh2022-05-03
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/rootless-containers/rootlesskit-1.0.1 Bump github.com/rootless-containers/rootlesskit from 1.0.0 to 1.0.1
| * | | Bump github.com/rootless-containers/rootlesskit from 1.0.0 to 1.0.1dependabot[bot]2022-05-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/rootless-containers/rootlesskit/releases) - [Commits](https://github.com/rootless-containers/rootlesskit/compare/v1.0.0...v1.0.1) --- updated-dependencies: - dependency-name: github.com/rootless-containers/rootlesskit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | Merge pull request #14084 from rhatdan/VENDORDaniel J Walsh2022-05-03
|\ \ \ \ | |_|/ / |/| | | Vendor in containers/(common, storage, image)
| * | | Vendor in containers/(common, storage, image)Daniel J Walsh2022-05-02
|/ / / | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #14081 from edsantiago/treadmill_revampOpenShift Merge Robot2022-05-02
|\ \ \ | |_|/ |/| | Treadmill script: revamp
| * | Treadmill script: revampEd Santiago2022-05-02
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Major revamp: instead of stacking a vendor commit on top of the treadmill changes, do it the other way around: vendor, then apply treadmill diffs. Reason: the build-all-new-commits test. Sigh. It fails in the common case where our treadmill changes include a new struct element in cmd/podman/images/build.go Why this is good: well, superficially, it's more intuitive. Why this is horrible: omg the rebasing games are a nightmare. When the vendor commit is on top (HEAD), it's ultra-trivial to drop it, rebase the treadmill changes on main, then add a new vendor-buildah commit on top. As you can see from the diffs in this PR, treadmill-as-HEAD introduces all sorts of complex dance steps in which things can go catastrophically wrong and you can lose all your treadmill patches. I try very hard to prevent this, and to offer hints if there's a problem, and heck in the worst case it's still git so it's still possible to find lost commits... but it's still much riskier than the old way. Alternative I considered: using sed magic to disable the build-all-new-commits test. So tempting... but that would also disable the bloat check. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #14078 from Luap99/CIOpenShift Merge Robot2022-05-02
|\ \ | | | | | | CI: emergency fix for broken go get
| * | CI: emergency fix for broken go getPaul Holzinger2022-05-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | go get is deprecated, we should use go install instead. Also for some reason go get -u golang.org/x/tools/cmd/goimports is broken at the moment, thus failing CI jobs where we have to install this. Switching to go install seems to fix it. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #13859 from vrothberg/fix-13464OpenShift Merge Robot2022-05-02
|\ \ \ | |/ / |/| | pod: add exit policies
| * | pod: add exit policiesValentin Rothberg2022-05-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the notion of an "exit policy" to a pod. This policy controls the behaviour when the last container of pod exits. Initially, there are two policies: - "continue" : the pod continues running. This is the default policy when creating a pod. - "stop" : stop the pod when the last container exits. This is the default behaviour for `play kube`. In order to implement the deferred stop of a pod, add a worker queue to the libpod runtime. The queue will pick up work items and in this case helps resolve dead locks that would otherwise occur if we attempted to stop a pod during container cleanup. Note that the default restart policy of `play kube` is "Always". Hence, in order to really solve #13464, the YAML files must set a custom restart policy; the tests use "OnFailure". Fixes: #13464 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
| * | vendor c/common@mainValentin Rothberg2022-05-02
| |/ | | | | | | | | | | Required for using the newly added pod exit policies. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #14063 from Luap99/libpod-networksOpenShift Merge Robot2022-05-02
|\ \ | | | | | | libpod: unset networks before storing container conf
| * | libpod: unset networks before storing container confPaul Holzinger2022-05-02
| |/ | | | | | | | | | | | | | | | | | | | | | | Since networks must always be read from the db bucket directly we should unset them in config to avoid caller from accidentally using them. I already tried this but it didn't work because the networks were unset after the config was marshalled. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #14069 from n1hility/wsl-inspectOpenShift Merge Robot2022-05-02
|\ \ | |/ |/| Implement machine inspect for WSL
| * Implement machine inspect for WSLJason T. Greene2022-05-01
|/ | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Merge pull request #14026 from n1hility/simulate-dualstackOpenShift Merge Robot2022-04-30
|\ | | | | Use simulated dual-stack binds when using WSL
| * Use simulated dual-stack binds when using WSLJason T. Greene2022-04-29
| | | | | | | | | | | | Resolves a WSL problem where traffic from only one stack is relayed Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | Merge pull request #14032 from edsantiago/treadmill_script_more_checksOpenShift Merge Robot2022-04-29
|\ \ | | | | | | [CI:DOCS] buildah-vendor-treadmill script: yet more checks
| * | buildah-vendor-treadmill script: yet more checksEd Santiago2022-04-29
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | More safety checks for the treadmill script: * for --sync: - issue warning if HEAD is not a vendor commit - if run-buildah-bud-tests fails, leave the working dir for user to investigate. And offer a long helpful warning. - tweak .cirrus.yml so buildah-bud tests run early, so we can fail early. (Remember, the top commit will never ever ever ever be merged) * for --pick: - check branch merge-base (of your vendor-update branch), compare against that of the treadmill PR. If treadmill is newer, bail, and suggest rebasing. This would've saved us some time in #14005. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #14062 from Luap99/resolv.confOpenShift Merge Robot2022-04-29
|\ \ | | | | | | libpod: host netns keep same /etc/resolv.conf
| * | libpod: host netns keep same /etc/resolv.confPaul Holzinger2022-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container is run in the host network namespace we have to keep the same resolv.conf content and not use the systemd-resolve detection logic. But also make sure we still allow --dns options. Fixes #14055 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | fix incorrect permissions for /etc/resolv.conf in usernsPaul Holzinger2022-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The files /etc/hosts, /etc/hostname and /etc/resolv.conf should always be owned by the root user in the container. This worked correct for /etc/hostname and /etc/hosts but not for /etc/resolv.conf. A container run with --userns keep-id would have the reolv.conf file owned by the current container user which is wrong. Consolidate some common code in a new helper function to make the code more cleaner. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #14031 from Luap99/errcheckOpenShift Merge Robot2022-04-29
|\ \ \ | | | | | | | | enable errcheck linter