summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* logformatter: run on system tests & bindingsEd Santiago2020-10-05
| | | | | | | | | | | | (that got accidentally dropped in the new Cirrus makeover). Note that 'dotest' does not actually 'do tests', it's only used for a small subset of tests. Also, make logformatter work better in the new Cirrus setup. Remove duplicate test/subtest, remove no-longer-used SPECIALMODE, and make the Cirrus build/task display a little cleaner. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #7920 from cevich/fix_new_ci_smokeOpenShift Merge Robot2020-10-05
|\ | | | | Cirrus: Fix branch-validation failure
| * Cirrus: Fix branch-validation failureChris Evich2020-10-05
| | | | | | | | | | | | | | | | | | | | | | When validating code on a branch, determining a starting commit to check from isn't as straightforward as it would seem. Default to using the SHA from last time CI was green. If for some reason that isn't available, use an obviously wrong value to cause an intentional failure. Entirely skip this check on tag-push, since determining a starting point is incredibly difficult to do automatically. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #6784 from cevich/new_ci_cdBrent Baude2020-10-05
|\| | | | | Cirrus: Make efficient and performant
| * Cirrus: Implement podman automation 2.0Chris Evich2020-10-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reimplement CI-automation to remove accumulated technical-debt and optimize workflow. The task-dependency graph designed goal was to shorten it's depth and increase width (i.e. more parallelism). A reduction in redundant building (and 3rd party module download) was also realized by caching `$GOPATH` and `$GOCACHE` early on. This cache is then reused in favor of a fresh clone of the repository (when possible). Note: The system tests typically execute MUCH faster than the integration tests. However, contrary to a fail-fast/fail-early principal, they are executed last. This was implemented due to debug-ability related concerns/preferences of the primary (golang-centric) project developers. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #7913 from ↵OpenShift Merge Robot2020-10-05
|\ \ | | | | | | | | | | | | andylibrian/kube-generate-support-resource-limits-7855 Add support for resource memory limit to generate kube
| * | Add TODO for adding CPU limit supportAndy Librian2020-10-05
| | | | | | | | | | | | Signed-off-by: Andy Librian <andylibrian@gmail.com>
| * | Add support for resource memory limit to generate kubeAndy Librian2020-10-04
| | | | | | | | | | | | | | | | | | addresses #7855 Signed-off-by: Andy Librian <andylibrian@gmail.com>
* | | Merge pull request #7909 from zhangguanzhang/remote-ps-ns-brokenOpenShift Merge Robot2020-10-05
|\ \ \ | | | | | | | | Fix podman-remote ps --ns broken
| * | | Fix podman-remote ps --ns brokenzhangguanzhang2020-10-04
| | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | Merge pull request #7902 from rhatdan/selinuxOpenShift Merge Robot2020-10-05
|\ \ \ \ | |/ / / |/| | | Add SELinux support for pods
| * | | Add SELinux support for podsDaniel J Walsh2020-10-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All containers within a Pod need to run with the same SELinux label, unless overwritten by the user. Also added a bunch of SELinux tests to make sure selinux labels are correct on namespaces. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7899 from zhangguanzhang/service-panic-client-killOpenShift Merge Robot2020-10-03
|\ \ \ \ | | | | | | | | | | [podman-remote] Fix closed connection on pull causes service panic
| * | | | fix closed the remote connection on pull causes service paniczhangguanzhang2020-10-03
| | | | | | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | | Merge pull request #7856 from rhatdan/rootOpenShift Merge Robot2020-10-02
|\ \ \ \ \ | |_|/ / / |/| | | | podman-remote does not support most of the global flags
| * | | | podman-remote does not support most of the global flagsDaniel J Walsh2020-10-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman-remote --help is showing a bunch of global flags that it does not support Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7901 from vrothberg/fix-compat-images-createOpenShift Merge Robot2020-10-02
|\ \ \ \ \ | | | | | | | | | | | | compat: images/create: fix tag parsing
| * | | | | compat: images/create: fix tag parsingValentin Rothberg2020-10-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `tag` parameter of the compat `images/create` endpoint can be both, a tag and a digest. Fix parsing of the parameter to detect digests and use the appropriate `@` separator. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Merge pull request #7199 from jwhonce/jira/run-898OpenShift Merge Robot2020-10-02
|\ \ \ \ \ \ | | | | | | | | | | | | | | Restore "table" --format from V1
| * | | | | | Restore "table" --format from V1Jhon Honce2020-10-02
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * --format "table {{.field..." will print fields out in a table with headings. Table keyword is removed, spaces between fields are converted to tabs * Update parse.MatchesJSONFormat()'s regex to be more inclusive * Add report.Headers(), obtain all the field names to be used as column headers, a map of field name to column headers may be provided to override the field names * Update several commands to use new functions Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | Merge pull request #7882 from giuseppe/check-for-gids-before-adding-themOpenShift Merge Robot2020-10-02
|\ \ \ \ \ \ | | | | | | | | | | | | | | libpod: check there are enough gids before adding them
| * | | | | | libpod: check the gid is present before adding itGiuseppe Scrivano2020-10-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | check there are enough gids in the user namespace before adding supplementary gids from /etc/group. Follow-up for baede7cd2776b1f722dcbb65cff6228eeab5db44 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | rootless: use sync.Once for GetAvailableGids()Giuseppe Scrivano2020-10-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | rootless: move GetAvailableGids to the rootless pkgGiuseppe Scrivano2020-10-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | Merge pull request #7895 from zhangguanzhang/run-ctr-restartPolicy-with-rmOpenShift Merge Robot2020-10-02
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | [podman run] --rm option shold conflicts with --restart
| * | | | | | | --rm option shold conflicts with --restartzhangguanzhang2020-10-02
| | |_|_|/ / / | |/| | | | | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | | | | Merge pull request #7893 from ashley-cui/journaldOpenShift Merge Robot2020-10-02
|\ \ \ \ \ \ \ | |_|_|_|_|_|/ |/| | | | | | Fix Podman logs reading journald
| * | | | | | Fix Podman logs reading journaldAshley Cui2020-10-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A podman could not read logs written to journald properly, due to a tail config bug. Added a system test to check this - since e2e tests don't like journald Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | | | | Merge pull request #7887 from vrothberg/fix-7872OpenShift Merge Robot2020-10-02
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | image prune: remove all candidates
| * | | | | | | image prune: remove all candidatesValentin Rothberg2020-10-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure to remove images until there's nothing left to prune. A single iteration may not be sufficient. Fixes: #7872 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | | | Merge pull request #7884 from ↵OpenShift Merge Robot2020-10-02
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/common-0.24.0 Bump github.com/containers/common from 0.23.0 to 0.24.0
| * | | | | | | | Bump github.com/containers/common from 0.23.0 to 0.24.0Daniel J Walsh2020-10-02
| | |_|_|_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/common](https://github.com/containers/common) from 0.23.0 to 0.24.0. - [Release notes](https://github.com/containers/common/releases) - [Commits](https://github.com/containers/common/compare/v0.23.0...v0.24.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | | Merge pull request #7873 from edsantiago/logformatter_envOpenShift Merge Robot2020-10-02
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | logformatter: add Synopsis at top of each page
| * | | | | | | | logformatter: add Synopsis at top of each pageEd Santiago2020-10-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At the top of each generated page, add a Synopsis table with: PR number/name, and link to github Author name(s) Test name (fedora/ubuntu, rootless, etc) Cirrus build ID (usually uninteresting) Cirrus task ID (usu. important), with link to Cirrus The value of $SPECIALMODE This is all we can get from the Cirrus environment in which logformatter runs; we can't get things like cgroup manager or username that the test runs under. Note that the table is at the top, which is usually unseen because we autoscroll to the bottom on page load. I tentatively think that top is a more natural place for this info than bottom, but am willing to listen to arguments against. Also, one minor tweak: highlight podman commands in the BATS output. The idea is to make it easier for the eye to spot those, then copy/paste them to find a reproducer. And, sigh, disable the new 'podman network create' system test. It is flaking much too much. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | | | | Merge pull request #7881 from elgohr/masterOpenShift Merge Robot2020-10-02
|\ \ \ \ \ \ \ \ \ | |_|/ / / / / / / |/| | | | | | | | Correct to latest version
| * | | | | | | | Correct to latest versionLars2020-10-02
| | |/ / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Lars Gohr <elgohr@oss.volkswagen.com>
* | | | | | | | Merge pull request #7885 from ↵OpenShift Merge Robot2020-10-02
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/buildah-1.16.4 Bump github.com/containers/buildah from 1.16.2 to 1.16.4
| * | | | | | | | Bump github.com/containers/buildah from 1.16.2 to 1.16.4dependabot-preview[bot]2020-10-02
| |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/buildah](https://github.com/containers/buildah) from 1.16.2 to 1.16.4. - [Release notes](https://github.com/containers/buildah/releases) - [Changelog](https://github.com/containers/buildah/blob/master/CHANGELOG.md) - [Commits](https://github.com/containers/buildah/compare/v1.16.2...v1.16.4) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | | Merge pull request #7456 from giuseppe/modprobe-fuseOpenShift Merge Robot2020-10-02
|\ \ \ \ \ \ \ \ | |_|_|_|/ / / / |/| | | | | | | spec: modprobe fuse with --device .*/fuse
| * | | | | | | spec: open fuse with --device .*/fuseGiuseppe Scrivano2020-10-02
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the container uses the /dev/fuse device, attempt to load the fuse kernel module first so that nested containers can use it. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1872240 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | Merge pull request #7867 from vrothberg/fix-7837OpenShift Merge Robot2020-10-02
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | remote: fix name and ID collisions of containers and pods
| * | | | | | | remote: fix name and ID collisions of containers and podsValentin Rothberg2020-10-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the look up of containers and pods in the remote client. User input can refer to both, names or IDs of containers and pods, so there is a fair chance of collisions (e.g., "c1" name with a "c1...." ID). Those collisions are well handled (and battle tested) in the local client which is directly using the libpod backend. Hence, the remote client should not attempt to introduce its own logic to prevent bugs and divergence between the local and the remote clients. To prevent collisions such as in #7837, do a container/pod inspect on the user-provided input to find the corresponding ID and eventually do full ID comparisons to avoid potential collisions with names. Note that this has a cost that I am not entirely happy with. Looking at issue #7837, the collisions are happening when removing the two containers. Remote container removal is now very chatty with the server as it first queries for all containers, then iterates over the provided names or IDs and does a remote inspect to figure out the IDs and find a matching container object. However, remote removal could just pass the names and IDs directly to the batch removal endpoint. Querying for all containers could be prevented if the batch removal endpoint would remove all if the slice is empty. In other words, the bug is fixed but there's room for performance improvements. Fixes: #7837 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | | | Merge pull request #7622 from hxtk/masterOpenShift Merge Robot2020-10-02
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Fix for incorrect evaluation of error condition within libpod.LabelVolumePath.
| * | | | | | | | Fix mismatch between log messages and behavior of libpod.LabelVolumePath.Peter2020-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A reading of LabelVolumePath suggests that the intended behavior upon encountering ENOTSUP is to log the issue and continue without error, while all other errors in the Relabeling operation should be considered errors of LabelVolumePath and passed up accordingly. This is not the behavior that is encountered, as this test shows: it is instead considered an error if and only if the Relabeling operation returns ENOTSUP, spitting out a somewhat incongruous error message, while all other error types that may be returned are logged without being propogated, with an even more incongruous error message saying that the operation was not supported. The comparison was changed to match the behavior documented by the log messages, and a test was added that will simulate executing this function on a path where the mounted filesystem does not support SELinux labels, with the assertion that the function should not return an error in order to highlight the condition these changes seek to alleviate. Signed-off-by: Peter <peter@psanders.me>
* | | | | | | | | Merge pull request #7711 from cevich/migrate_imgsOpenShift Merge Robot2020-10-02
|\ \ \ \ \ \ \ \ \ | |_|_|_|_|_|_|/ / |/| | | | | | | | Migrate container images to automation_images
| * | | | | | | | Migrate container images to automation_imagesChris Evich2020-10-01
| | |_|_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | | | Merge pull request #7815 from jwhonce/wip/creds_remoteOpenShift Merge Robot2020-10-02
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Add X-Registry-Config support
| * | | | | | | | Add X-Registry-Config supportJhon Honce2020-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactor auth pkg to support X-Registry-Config * Refactor build endpoint to support X-Registry-Config. Supports: * --creds * --authfile * Added X-Reference-Id Header to http.Request to support log event correlation * Log headers from http.Request Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | | | | Merge pull request #7877 from baude/compatapiprivOpenShift Merge Robot2020-10-02
|\ \ \ \ \ \ \ \ \ | |_|_|_|_|/ / / / |/| | | | | | | | fix compat api privileged and entrypoint code
| * | | | | | | | fix compat api privileged and entrypoint codebaude2020-10-01
| | |/ / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when adding /dev to a privileged container using the compatibility API, we need to make sure we dont pass on devices that are simply symlinks. this was already being done by specgen but not on the compat. side. the entrypoint code that was recently rewritten for the compatibility layer was also failing due to the odd inputs that docker is willing to accept in its json, specifically [] vs "". in the case of the latter, this was being made into a []string with a len of one but no content. this would then be used to prefix the command to run in the container and would fail. For example " ls" vs "ls". Signed-off-by: baude <bbaude@redhat.com>