summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Unset SocketLabel after system finishes checkpointingDaniel J Walsh2021-11-23
| | | | | | | | | | | | This should fix the SELinux issue we are seeing with talking to /run/systemd/private. Fixes: https://github.com/containers/podman/issues/12362 Also unset the XDG_RUNTIME_DIR if set, since we don't know when running as a service if this will cause issue.s Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #12371 from jakub-dzon/env-config-mapsOpenShift Merge Robot2021-11-23
|\ | | | | Support env variables based on ConfigMaps sent in payload
| * Support env variables based on ConfigMaps sent in payloadJakub Dzon2021-11-23
| | | | | | | | | | | | Fixes #12363 Signed-off-by: Jakub Dzon <jdzon@redhat.com>
* | Merge pull request #12397 from mheon/warn_on_failed_updateDaniel J Walsh2021-11-23
|\ \ | | | | | | Warn on failing to update container status
| * | Warn on failing to update container statusMatthew Heon2021-11-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | failed to send a signal to the container's PID1, but ignored the results of that update. That's generally bad practice, since even if we can't directly take action on an error, we should still make an effort to report it for debugging purposes. I used Infof instead of something more serious to avoid duplicate reporting to the user if something has gone seriously wrong. [NO NEW TESTS NEEDED] this is just adding additional error reporting. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #12377 from markzhang1996/patch-1OpenShift Merge Robot2021-11-23
|\ \ \ | | | | | | | | [CI:DOCS] Update basic_networking.md
| * | | Update basic_networking.mdMark Zhang2021-11-23
| | | | | | | | | | | | | | | | | | | | | | | | Correct a missing link in basic networking tutorial. Signed-off-by: Mark Zhang <markzhang1994@gmail.com>
* | | | Merge pull request #12328 from serverwentdown/fix-compat-ipaddressDaniel J Walsh2021-11-23
|\ \ \ \ | | | | | | | | | | compat: Add subnet mask behind IP address to match Docker API
| * | | | compat: Add subnet mask behind IP address to match Docker APIAmbrose Chua2021-11-20
| |/ / / | | | | | | | | | | | | Signed-off-by: Ambrose Chua <ambrose@hey.com>
* | | | Merge pull request #12361 from rhatdan/remoteDaniel J Walsh2021-11-23
|\ \ \ \ | |_|/ / |/| | | podman-remote does not support signature-policy
| * | | podman-remote does not support signature-policyDaniel J Walsh2021-11-19
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/12357 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #12394 from flouthoc/oci_dont_send_signal_to_deadOpenShift Merge Robot2021-11-23
|\ \ \ \ | | | | | | | | | | oci: exit `gracefully` if container is already dead instead of trying to `kill` it.
| * | | | oci: ack crun output when container is not thereAditya Rajan2021-11-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `crun status ctrid` outputs `No such file or directory` when container is not there so podman much ack it. [NO NEW TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
| * | | | oci: exit gracefully if container is already deadAditya Rajan2021-11-23
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While trying to kill a container with a `signal` we cant do anything if container is already dead so `exit` gracefully instead of trying to delete container again. Get container status from runtime. [ NO NEW TESTS NEEDED ] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | | Merge pull request #12010 from vrothberg/fix-11964OpenShift Merge Robot2021-11-23
|\ \ \ \ | |/ / / |/| | | image lookup: do not match *any* tags
| * | | image lookup: do not match *any* tagsValentin Rothberg2021-11-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For reasons buried in the history of Podman, looking up an untagged image would match any tag of matching image. For instance, looking up centos would match a local image centos:foobar. Change that behavior to only match the latest tag. Fix: #11964 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12380 from vrothberg/fix-11618OpenShift Merge Robot2021-11-23
|\ \ \ \ | |/ / / |/| | | generate systemd: add --start-timeout flag
| * | | generate systemd: add --start-timeout flagValentin Rothberg2021-11-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new flag to set the start timeout for a generated systemd unit. To make naming consistent, add a new --stop-timeout flag as well and let the previous --time map to it. Fixes: #11618 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12387 from edsantiago/remove_betrueOpenShift Merge Robot2021-11-23
|\ \ \ \ | |/ / / |/| | | e2e tests: clean up antihelpful BeTrue()s
| * | | Oops! Manual edits to broken testsEd Santiago2021-11-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 2 of 2: there were (still are?) a bunch of string checks that didn't have a corresponding Expect(). IIUC that means they were NOPs. Try to identify and fix those. The first few were caught by Go linting, "ok is defined but not used". When I realized the problem, I looked for more using: $ ack -A2 LineInOutputStartsWith ...and tediously eyeballing the results, looking for matches in which the next line was not Expect(). If test was wrong (e.g. "server" should've been "nameserver"), fix that. Also: remove the remove-betrue script. We don't need it in the repo, I just wanted to preserve it for posterity. Signed-off-by: Ed Santiago <santiago@redhat.com>
| * | | e2e tests: clean up antihelpful BeTrue()sEd Santiago2021-11-22
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Many ginkgo tests have been written to use this evil form: GrepString("foo") Expect(that to BeTrue()) ...which yields horrible useless messages on failure: false is not true Identify those (automatically, via script) and convert to: Expect(output to ContainSubstring("foo")) ...which yields: "this output" does not contain substring "foo" There are still many BeTrue()s left. This is just a start. This is commit 1 of 2. It includes the script I used, and all changes to *.go are those computed by the script. Commit 2 will apply some manual fixes. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #12389 from cevich/remove_staticOpenShift Merge Robot2021-11-22
|\ \ \ | | | | | | | | [CI:DOCS] Cirrus: Strip out static nix build
| * | | Cirrus: Strip out static nix buildChris Evich2021-11-22
| | | | | | | | | | | | | | | | | | | | | | | | Unfortunately the maintainer of this is no longer available Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #12386 from baude/playkuberenameDaniel J Walsh2021-11-22
|\ \ \ \ | | | | | | | | | | Rename pod on generate of container
| * | | | Rename pod on generate of containerBrent Baude2021-11-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When generating kube of a container, the podname and container name in the yaml are identical. This offends rules in podman where pods and containers cannot have the same name. We now append _pod to the podname to avoid that collision. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #12352 from Luap99/netavark-errDaniel J Walsh2021-11-22
|\ \ \ \ \ | | | | | | | | | | | | Fix netavark error handling and teardown issue
| * | | | | Fix netavark error handling and teardown issuePaul Holzinger2021-11-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The return error was not returned by podman , instead a different error was created. Also make sure to free assigned ips on an error to not leak them. Lastly podman container cleanup uses the default network backend instead of the provided one, we need to add `--network-backend` to the exit command. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #12301 from umohnani8/tableOpenShift Merge Robot2021-11-22
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Add note about volume with unprivileged container
| * | | | | Add note about volume with unprivileged containerUrvashi Mohnani2021-11-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a note to the generated kube yaml if we detect a volume is being mounted. The note lets the user know what needs to be done to avoid permission denied error when trying to access the volume for an unprivileged container. Add the same note to the man pages. NO NEW TESTS NEEDED Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | | | Merge pull request #12384 from ↵Daniel J Walsh2021-11-22
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/image/v5-5.17.0 Bump github.com/containers/image/v5 from 5.16.1 to 5.17.0
| * | | | | | Bump github.com/containers/image/v5 from 5.16.1 to 5.17.0dependabot[bot]2021-11-22
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.16.1 to 5.17.0. - [Release notes](https://github.com/containers/image/releases) - [Commits](https://github.com/containers/image/compare/v5.16.1...v5.17.0) --- updated-dependencies: - dependency-name: github.com/containers/image/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | | Merge pull request #12385 from umohnani8/docsOpenShift Merge Robot2021-11-22
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] Update notes on java TZ in man page
| * | | | | | [CI:DOCS] Update notes on java TZ in man pageUrvashi Mohnani2021-11-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | | | | Merge pull request #12381 from flouthoc/build-layer-docker-compatOpenShift Merge Robot2021-11-22
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | compat: add layer caching compatiblity for `non-podman` clients.
| * | | | | | swagger: add layers to build api docsAditya Rajan2021-11-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add missing `layer` entry to swagger docs for `/build`. Signed-off-by: Aditya Rajan <arajan@redhat.com>
| * | | | | | compat: add layer caching compatiblity for non podman clientsAditya Rajan2021-11-22
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Non-podman clients do not set `layers` while making request. This is supposed to be `true` bydefault but `non-podman-clients i.e Docker` dont know about this field as a result they end up setting this values to `false`. Causing builds to never use cache for layers. Adds compatiblity for `docker SDK`. [NO NEW TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | | | | Merge pull request #12373 from TomSweeneyRedHat/dev/tsweeney/jdocOpenShift Merge Robot2021-11-22
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] Add java TZ note to run manpage
| * | | | | | [CI:DOCS] Add java TZ note to run manpageTomSweeneyRedHat2021-11-19
| | |_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a note to show how to workaround the `--tz` option being ignored in the run command. Related to: https://bugzilla.redhat.com/show_bug.cgi?id=1984251 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | | Merge pull request #12382 from ↵Daniel J Walsh2021-11-22
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/opencontainers/selinux-1.10.0 Bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
| * | | | | | Bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0dependabot[bot]2021-11-22
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.9.1 to 1.10.0. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.9.1...v1.10.0) --- updated-dependencies: - dependency-name: github.com/opencontainers/selinux dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | | Merge pull request #12349 from edsantiago/clean_fixmesOpenShift Merge Robot2021-11-22
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Semiperiodic cleanup of obsolete Skip()s
| * | | | | Semiperiodic cleanup of obsolete Skip()sEd Santiago2021-11-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Found by my find-obsolete-skips script. Let's see which, if any, of these skipped tests can be reenabled. Some Skips are "this will never work", not "this is expected to work one day". Update the message on those to reflect that. Some were real bugs in the test framework. Fix those. And, joy of joys, some work today. Remove those skips. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #12372 from Luap99/syslog-netavarkOpenShift Merge Robot2021-11-22
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Make sure netavark output is logged to the syslog
| * | | | | Force iptables driver for netavark testsPaul Holzinger2021-11-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Firewalld cannot be used because it can connect to the dbus api but talks to firewalld in the host namespace. This will affact your host badly and also causes tests to fail. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | Make sure netavark output is logged to the syslogPaul Holzinger2021-11-19
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Create a custom writer which logs the netavark output to logrus. This will log to the syslog when it is enabled. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #12351 from ↵OpenShift Merge Robot2021-11-22
|\ \ \ \ \ | |_|/ / / |/| | | | | | | | | | | | | | adrianreber/2021-11-18-restore-runtime-verification Restore runtime verification
| * | | | Add tests for restore runtime verificationAdrian Reber2021-11-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On container restore ensures that the same container runtime is used as during checkpointing and it also ensures that the user does not select a different runtime. Signed-off-by: Adrian Reber <areber@redhat.com>
| * | | | Use same runtime to restore a container as during checkpointingAdrian Reber2021-11-19
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are at least two runtimes that support checkpoint and restore: runc and crun. Although the checkpoints created by these are almost compatible, it is not (yet) possible to restore a checkpoint created with one runtime with the other runtime. To make checkpoint/restore usage more comfortable this adds code to look into the checkpoint archive during restore and to set the runtime to the one used during checkpointing. This also adds a check, if the user explicitly sets a runtime during restore, that the runtime is also the same as used during checkpointing. If a different runtime is selected than the one used during checkpointing the restore will fail early. If runc and crun will create compatible checkpoints in the future the check can be changed to treat crun and runc as compatible checkpoint/restore runtimes. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | Merge pull request #12305 from colinbendell/add-expose-port-rangeOpenShift Merge Robot2021-11-21
|\ \ \ \ | |_|_|/ |/| | | Support EXPOSE with port ranges
| * | | Add EXPOSE e2e testColin Bendell2021-11-20
| | | | | | | | | | | | | | | | Signed-off-by: Colin Bendell <colin@bendell.ca>