summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* CI: smoke test: insist on adding tests on PRsEd Santiago2021-01-19
| | | | | | | | | | | | | | | | On each PR (with a few exceptions), check the list of git-touched files, and abort if no tests are added. Include instructions on how to bypass the check if tests really aren't needed. Include a hardcoded exception list for PRs that only touch a well-known subset of "safe" files: docs, .cirrus.yml, vendor, version, hack, contrib, or *.md. This list is likely to need tuning over time. Add a test suite, but not one recognized by the new script (because it's a "*.t" file), so: [NO TESTS NEEDED] Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #9004 from baude/existsoptionsOpenShift Merge Robot2021-01-19
|\ | | | | Add binding options for container|pod exists
| * Add binding options for container|pod existsbaude2021-01-18
| | | | | | | | | | | | | | | | It turns out an options was added to container exists so it makes sense to have pods and container exists calls have an optional structure for options. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #9001 from vrothberg/ginkgoOpenShift Merge Robot2021-01-19
|\ \ | | | | | | ginkgo: install on demand via `go get -u`
| * | ginkgo: install on demand via `go get -u`Valentin Rothberg2021-01-19
|/ / | | | | | | | | | | | | | | | | | | | | Install ginkgo on demand via `go get -u` rather than keeping a copy it's entire source code in the vendor dirctory. The main motivation for that is to make `golangci-lint` happy which is continuously throwing up on the import of a program (i.e., ginkgo). The linter is broken and stupid as it ignores flags to ignore dirs and ignores build tags (at least some linters do) which is blocking us from updating to newer versions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #9007 from baude/nocomposeoncidocsOpenShift Merge Robot2021-01-18
|\ \ | |/ |/| [CI:DOCS]Do not run compose tests with CI:DOCS
| * [CI:DOCS]Do not run compose tests with CI:DOCSbaude2021-01-18
|/ | | | Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #8995 from vrothberg/lint-lint-lintOpenShift Merge Robot2021-01-17
|\ | | | | [CI:DOCS] lint lint lint
| * hack/install_golangci.sh: smarter installValentin Rothberg2021-01-17
| | | | | | | | | | | | | | Detect if the installed version of golangci-lint is outdated and update it if needed. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * golangci-lint: install to ./binValentin Rothberg2021-01-17
| | | | | | | | | | | | | | | | | | Install golangci-lint to `./bin` instead of `$GOBIN`. The latter may be shared with other projects who require a different version. Having a shared version of golangci-lint is a reoccurring source of red herrings on my work station, so I think it's time to split them. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #8994 from vrothberg/fix-8989OpenShift Merge Robot2021-01-17
|\ \ | | | | | | Simplify bindings generation
| * | simplify bindings generationValentin Rothberg2021-01-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Run `go generate ./pkg/bindings/...` once for all bindings instead of generating them separately. This should speed up bindings generation as a given package is visited only once, and it fixes #8989 by dropping the use of pushd and popd. Fixes: #8989 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | make: generate bindings: use vendorValentin Rothberg2021-01-17
| |/ | | | | | | | | | | | | | | Set `-mod=vendor` when generating the bindings. We expect all dependencies to be vendored already. This should slightly speed up the bindings generation and prevent redundant network accesses. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #8992 from rhatdan/pushOpenShift Merge Robot2021-01-17
|\ \ | |/ |/| [ci:docs] Create release notes for V3.0.0
| * Create release notes for V3.0.0Daniel J Walsh2021-01-17
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8942 from rhatdan/pushOpenShift Merge Robot2021-01-17
|\ | | | | Allow podman push to push manifest lists
| * Allow podman push to push manifest listsDaniel J Walsh2021-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When doing a podman images, manifests lists look just like images, so it is logical that users would assume that they can just podman push them to a registry. The problem is we throw out weird errors when this happens and users need to somehow figure out this is a manifest list rather then an image, and frankly the user will not understand the difference. This PR will make podman push just do the right thing, by failing over and attempting to push the manifest if it fails to push the image. Fix up handling of manifest push Protocol should bring back a digest string, which can either be printed or stored in a file. We should not reimplement the manifest push setup code in the tunnel code but take advantage of the api path, to make sure remote and local work the same way. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8988 from Luap99/rename-port-completion-funcOpenShift Merge Robot2021-01-16
|\ \ | | | | | | [CI:DOCS] Rename AutocompletePortCommand func
| * | Rename AutocompletePortCommand funcPaul Holzinger2021-01-16
|/ / | | | | | | | | | | | | This function is now used for the port and rename command. Rename it to AutocompleteContainerOneArg. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8986 from baude/bindingreadmeOpenShift Merge Robot2021-01-15
|\ \ | | | | | | [CI:DOCS]Add README.md for golang bindings
| * | [CI:DOCS]Add README.md for golang bindingsbaude2021-01-15
| | | | | | | | | | | | | | | | | | | | | Add a brief description of the golang bindings and provide examples on how to use them Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8456 from kazimsarikaya/fix-send-tarOpenShift Merge Robot2021-01-15
|\ \ \ | | | | | | | | podman remote send tar
| * | | podman-remote fix sending tar contentKazım SARIKAYA2021-01-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1.) podman cannot send proper dockerfile when it is not inside root folder. 2.) support for sending symlinks and folders inside context dir 3.) when sending context dir as tar to remote, prevent sending items inside .dockerignore Signed-off-by: Kazım SARIKAYA <kazimsarikaya@sanaldiyar.com>
* | | | Merge pull request #8949 from giuseppe/sysfs-for-rootlessOpenShift Merge Robot2021-01-15
|\ \ \ \ | | | | | | | | | | specgen: improve heuristic for /sys bind mount
| * | | | specgen: improve heuristic for /sys bind mountGiuseppe Scrivano2021-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | partially revert 95c45773d7dbca2880152de681c81f0a2afec99b restrict the cases where /sys is bind mounted from the host. The heuristic doesn't detect all the cases where the bind mount is not necessary, but it is an improvement on the previous version where /sys was always bind mounted for rootless containers unless --net none was specified. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #8983 from rhatdan/testOpenShift Merge Robot2021-01-15
|\ \ \ \ \ | |_|_|/ / |/| | | | Turn on podman pod stats test for rootless cgroup v2
| * | | | Turn on podman pod stats test for rootless cgroup v2Daniel J Walsh2021-01-15
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | These tests should only be blocked for cgroups V1 Fixes: https://github.com/containers/podman/issues/8734 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8982 from Luap99/container-rename-bindingsOpenShift Merge Robot2021-01-15
|\ \ \ \ | |_|_|/ |/| | | Container rename bindings
| * | | Fix missing podman-container-rename man page linkPaul Holzinger2021-01-15
| | | | | | | | | | | | | | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * | | Container rename bindingsPaul Holzinger2021-01-15
| |/ / | | | | | | | | | | | | | | | Add bindings and podman-remote support for container rename. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8978 from rhatdan/buildahOpenShift Merge Robot2021-01-15
|\ \ \ | | | | | | | | Bump to containers/buildah 1.9.2
| * | | Bump to containers/buildah 1.9.2Daniel J Walsh2021-01-15
| |/ / | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8981 from ↵OpenShift Merge Robot2021-01-15
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/google/uuid-1.1.5 Bump github.com/google/uuid from 1.1.4 to 1.1.5
| * | | Bump github.com/google/uuid from 1.1.4 to 1.1.5dependabot-preview[bot]2021-01-15
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.1.4 to 1.1.5. - [Release notes](https://github.com/google/uuid/releases) - [Commits](https://github.com/google/uuid/compare/v1.1.4...v1.1.5) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #8977 from cevich/get_ci_hook_docsOpenShift Merge Robot2021-01-15
|\ \ \ | |/ / |/| | [CI:DOCS] Add hook-script example to get_ci_vm.sh
| * | [CI:DOCS] Add hook-script example to get_ci_vm.shChris Evich2021-01-14
| | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #8955 from mheon/renameOpenShift Merge Robot2021-01-14
|\ \ \ | | | | | | | | Container Rename
| * | | Initial implementation of renaming containersMatthew Heon2021-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Basic theory: We remove the container, but *only from the DB*. We leave it in c/storage, we leave the lock allocated, we leave it running (if it is). Then we create an identical container with an altered name, and add that back to the database. Theoretically we now have a renamed container. The advantage of this approach is that it doesn't just apply to rename - we can use this to make *any* configuration change to a container that does not alter its container ID. Potential problems are numerous. This process is *THOROUGHLY* non-atomic at present - if you `kill -9` Podman mid-rename things will be in a bad place, for example. Also, we can't rename containers that can't be removed normally - IE, containers with dependencies (pod infra containers, for example). The largest potential improvement will be to move the majority of the work into the DB, with a `RecreateContainer()` method - that will add atomicity, and let us remove the container without worrying about depencies and similar issues. Potential problems: long-running processes that edit the DB and may have an older version of the configuration around. Most notable example is `podman run --rm` - the removal command needed to be manually edited to avoid this one. This begins to get at the heart of me not wanting to do this in the first place... This provides CLI and API implementations for frontend, but no tunnel implementation. It will be added in a future release (just held back for time now - we need this in 3.0 and are running low on time). This is honestly kind of horrifying, but I think it will work. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #8604 from mheon/volume_plugin_implOpenShift Merge Robot2021-01-14
|\ \ \ \ | |/ / / |/| | | Initial implementation of volume plugins
| * | | Add tests for volume pluginsMatthew Heon2021-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This involves a new test binary (a basic implementation of the volume plugin protocol) and a new image on quay.io (Containerfile to produce it and all sources located in this commit). The image is used to run a containerized plugin we can test against. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | Initial implementation of volume pluginsMatthew Heon2021-01-14
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This implements support for mounting and unmounting volumes backed by volume plugins. Support for actually retrieving plugins requires a pull request to land in containers.conf and then that to be vendored, and as such is not yet ready. Given this, this code is only compile tested. However, the code for everything past retrieving the plugin has been written - there is support for creating, removing, mounting, and unmounting volumes, which should allow full functionality once the c/common PR is merged. A major change is the signature of the MountPoint function for volumes, which now, by necessity, returns an error. Named volumes managed by a plugin do not have a mountpoint we control; instead, it is managed entirely by the plugin. As such, we need to cache the path in the DB, and calls to retrieve it now need to access the DB (and may fail as such). Notably absent is support for SELinux relabelling and chowning these volumes. Given that we don't manage the mountpoint for these volumes, I am extremely reluctant to try and modify it - we could easily break the plugin trying to chown or relabel it. Also, we had no less than *5* separate implementations of inspecting a volume floating around in pkg/infra/abi and pkg/api/handlers/libpod. And none of them used volume.Inspect(), the only correct way of inspecting volumes. Remove them all and consolidate to using the correct way. Compat API is likely still doing things the wrong way, but that is an issue for another day. Fixes #4304 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #8956 from rhatdan/MakefileOpenShift Merge Robot2021-01-14
|\ \ \ | | | | | | | | Makefile: add target to generate bindings
| * | | Makefile: add target to generate bindingsValentin Rothberg2021-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a `.generate-bindings` make target that only runs in the absence of the `.generate-bindings` file or when a `types.go` file below `pkg/bindings` has changed. This will regenerate the go bindings and make sure the code is up2date. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8906 from vrothberg/fix-8501OpenShift Merge Robot2021-01-14
|\ \ \ \ | | | | | | | | | | container stop: release lock before calling the runtime
| * | | | container stop: release lock before calling the runtimeValentin Rothberg2021-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman defers stopping the container to the runtime, which can take some time. Keeping the lock while waiting for the runtime to complete the stop procedure, prevents other commands from acquiring the lock as shown in #8501. To improve the user experience, release the lock before invoking the runtime, and re-acquire the lock when the runtime is finished. Also introduce an intermediate "stopping" to properly distinguish from "stopped" containers etc. Fixes: #8501 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #8974 from Luap99/vendor-ocicniOpenShift Merge Robot2021-01-14
|\ \ \ \ \ | |_|/ / / |/| | | | Bump github.com/cri-o/ocicni to latest master
| * | | | Bump github.com/cri-o/ocicni to latest masterPaul Holzinger2021-01-14
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The changes from https://github.com/cri-o/ocicni/pull/83 are needed to improve the user experience when using the new network reload command. see: https://github.com/containers/podman/pull/8571#discussion_r535167473 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #8973 from cevich/no_check_mirrorMatthew Heon2021-01-14
|\ \ \ \ | |_|/ / |/| | | [CI:DOCS] Cirrus: Upd. ext. service check host list
| * | | Cirrus: Upd. ext. service check host listChris Evich2021-01-14
|/ / / | | | | | | | | | | | | | | | | | | | | | Since CI doesn't depend heavily on installing packages at runtime (there is some minor use) there's no need to exhaustively check repository mirror hosts. Remove them from the list. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #8969 from ↵OpenShift Merge Robot2021-01-14
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/stretchr/testify-1.7.0 Bump github.com/stretchr/testify from 1.6.1 to 1.7.0