summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #14734 from giuseppe/copyup-switch-orderopenshift-ci[bot]2022-06-28
|\ | | | | volume: add two new options copy and nocopy
| * volume: new options [no]copyGiuseppe Scrivano2022-06-27
| | | | | | | | | | | | | | | | | | | | | | add two new options to the volume create command: copy and nocopy. When nocopy is specified, the files from the container image are not copied up to the volume. Closes: https://github.com/containers/podman/issues/14722 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * volume: drop TODO commentGiuseppe Scrivano2022-06-27
| | | | | | | | | | | | | | | | | | the two operations are equivalent since securejoin.SecureJoin() has solved the symlinks. Prefer the Lstat version though to make sure symlinks are never resolved and we do not end up using a path on the host. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * volumes: switch order of checksGiuseppe Scrivano2022-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | avoid any I/O operation on the volume if the source directory is empty. This is useful on network file systems (since CAP_DAC_OVERRIDE is not honored) where the root user might not have enough privileges to perform an I/O operation on the NFS mount but the user running inside the container has. [NO NEW TESTS NEEDED] it needs a setup with a network file system Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * vendor: update containers/commonGiuseppe Scrivano2022-06-27
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #14751 from dfr/freebsd-makeopenshift-ci[bot]2022-06-28
|\ \ | | | | | | FreeBSD build support
| * | Makefile: don't try to build rootlessport on FreeBSDDoug Rabson2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rootless containers are not possible on FreeBSD. While I would like to close that gap, getting the necessary changes into the FreeBSD kernel is a long term project so until then, this removes the rootlessport helper from the build on FreeBSD. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | Makefile: don't use '-t' to specify the directory to install manpagesDoug Rabson2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This option doesn't exist on freebsd or macos' install utility. In this case, we can use the 'install file1 file2 ... dir' pattern which is supported by all implementations of install that I'm aware of. The makefile rule already creates the target directory so there is no ambiguity. No new tests are needed here since the same files are being installed in the same places. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | Makefile: use GNU sed to convert manpages on FreeBSDDoug Rabson2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The sed implementation on FreeBSD has a strict interpretation of posix 'basic' regular expressions. It would be better to re-implement this using 'extended' regular expressions but for now, just use GNU sed. This should have no functional difference on currently supported platforms. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | Makefile: use bash to evaluate tool pathsDoug Rabson2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The makefile uses the pattern $(shell command -v path1 path2 ...) to deduce pathnames for various executables. On FreeBSD, the default shell does have a 'command' builtin which supports the '-v' option but only allows a single path as argument. Rather than work around this limitation with alternatives like for, just set bash as the default shell. We already require bash to be installed for various helper scripts. This change only affects FreeBSD so no new tests are needed. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | Merge pull request #14741 from giuseppe/pod-ps-no-raceopenshift-ci[bot]2022-06-28
|\ \ \ | |/ / |/| | pod: ps does not race with rm
| * | pod: ps does not race with rmGiuseppe Scrivano2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the "pod ps" command first retrieves the list of all pods, then iterates over the list to inspect each pod. This introduce a race since a pod could be deleted in the meanwhile by another process. Solve it by ignoring the define.ErrNoSuchPod error. Closes: https://github.com/containers/podman/issues/14736 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | pods: move code to a new functionGiuseppe Scrivano2022-06-28
| |/ | | | | | | | | | | it is a preparatory change for the next commit. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #14742 from rhatdan/machineopenshift-ci[bot]2022-06-28
|\ \ | | | | | | Show starting state when machine is starting
| * | Show starting state when machine is startingDaniel J Walsh2022-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently podman machine list never shows the starting state. Fixes: https://github.com/containers/podman/issues/14738 [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #14597 from containers/closes_14583openshift-ci[bot]2022-06-28
|\ \ \ | | | | | | | | Use Regexp in volume ls --filter name
| * | | Use Regexp in volume ls --filter nameBoaz Shuster2022-06-27
|/ / / | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | Merge pull request #14713 from Luap99/volume-pluginopenshift-ci[bot]2022-06-27
|\ \ \ | | | | | | | | add podman volume reload to sync volume plugins
| * | | add podman volume reload to sync volume pluginsPaul Holzinger2022-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Libpod requires that all volumes are stored in the libpod db. Because volume plugins can be created outside of podman, it will not show all available plugins. This podman volume reload command allows users to sync the libpod db with their external volume plugins. All new volumes from the plugin are also created in the libpod db and when a volume from the db no longer exists it will be removed if possible. There are some problems: - naming conflicts, in this case we only use the first volume we found. This is not deterministic. - race conditions, we have no control over the volume plugins. It is possible that the volumes changed while we run this command. Fixes #14207 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | test/testvol: rework testvol binaryPaul Holzinger2022-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add 4 new subcommands to the testvol binary, instead of just serving the volume api it now also can create/list/remove plugins. This is required to test new functionality where volumes are create outside of podman in the plugin. Podman should then be able to pick up the new volumes. The new testvol commands are: - serve: serve the podman api like the the testvol command before - create: create a volume with the given name - list: list all volume names - remove: remove the volume with the given name Also make a small update to the testvol Containerfile so that it can build correctly. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | test/testvol: update container image golang to 1.18Paul Holzinger2022-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the golang verion for the testvol image to the latest version 1.18. This requires us to build with GO111MODULE=off. Use the FQDN to prevent the shortnames prompt. Also add --network none to the podman build command to make sure we are only using the copied deps and nothing else. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | test/testvol: move Containerfile into testvol dirPaul Holzinger2022-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I think it is confusion to have this Containerfile in the repo root. It is used for the tests only so we should move it into the same dir. Also adapt the Makefile target to use the new path and add the current date as tag instead of using latest which can break CI easily when we have to update the image. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | libpod: volume plugin sendRequest remove body boolPaul Holzinger2022-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | There is no need for an extra parameter if the body is set. We can just check to interface for not nil. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #14705 from jakecorrenti/show-health-status-eventopenshift-ci[bot]2022-06-27
|\ \ \ \ | | | | | | | | | | Show Health Status events
| * | | | Show Health Status eventsJake Correnti2022-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, health status events were not being generated at all. Both the API and `podman events` will generate health_status events. ``` {"status":"health_status","id":"ae498ac3aa6c63db8b69a37583a6eae1a9cefbdbdbeeadcf8e1d66d745f0df63","from":"localhost/healthcheck-demo:latest","Type":"container","Action":"health_status","Actor":{"ID":"ae498ac3aa6c63db8b69a37583a6eae1a9cefbdbdbeeadcf8e1d66d745f0df63","Attributes":{"containerExitCode":"0","image":"localhost/healthcheck-demo:latest","io.buildah.version":"1.26.1","maintainer":"NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e","name":"healthcheck-demo"}},"scope":"local","time":1656082205,"timeNano":1656082205882271276,"HealthStatus":"healthy"} ``` ``` 2022-06-24 11:06:04.886238493 -0400 EDT container health_status ae498ac3aa6c63db8b69a37583a6eae1a9cefbdbdbeeadcf8e1d66d745f0df63 (image=localhost/healthcheck-demo:latest, name=healthcheck-demo, health_status=healthy, io.buildah.version=1.26.1, maintainer=NGINX Docker Maintainers <docker-maint@nginx.com>) ``` Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* | | | | Merge pull request #14732 from dfr/criuopenshift-ci[bot]2022-06-27
|\ \ \ \ \ | |_|_|_|/ |/| | | | Add missing criu symbols to criu_unsupported.go
| * | | | Fix spelling of GetCriuVersionDoug Rabson2022-06-27
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | Add missing criu symbols to criu_unsupported.goDoug Rabson2022-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | | | Merge pull request #14744 from giuseppe/fix-go-sumopenshift-ci[bot]2022-06-27
|\ \ \ \ \ | | | | | | | | | | | | go.sum: run make vendor
| * | | | | go.sum: run make vendorGiuseppe Scrivano2022-06-27
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | The CI is currently broken. Update go.sum. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #14733 from dfr/unix-signalopenshift-ci[bot]2022-06-27
|\ \ \ \ \ | | | | | | | | | | | | Implement CatchAll and StopCatch in signal_unix.go
| * | | | | Implement CatchAll and StopCatch in signal_common.goDoug Rabson2022-06-27
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is part of a set of changes to port podman to the FreeBSD platform. The pkg/signal parts are needed to enable ABI mode on FreeBSD. No tests are needed here because it should be a functional no-op for linux. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | | | Merge pull request #14654 from cdoern/cgroupopenshift-ci[bot]2022-06-27
|\ \ \ \ \ | | | | | | | | | | | | podman cgroup enhancement
| * | | | | podman cgroup enhancementcdoern2022-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | currently, setting any sort of resource limit in a pod does nothing. With the newly refactored creation process in c/common, podman ca now set resources at a pod level meaning that resource related flags can now be exposed to podman pod create. cgroupfs and systemd are both supported with varying completion. cgroupfs is a much simpler process and one that is virtually complete for all resource types, the flags now just need to be added. systemd on the other hand has to be handeled via the dbus api meaning that the limits need to be passed as recognized properties to systemd. The properties added so far are the ones that podman pod create supports as well as `cpuset-mems` as this will be the next flag I work on. Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | | | Merge pull request #14725 from Luap99/port-range-flakeopenshift-ci[bot]2022-06-27
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | Fix "podman run port forward range" flake
| * | | | | Fix "podman run port forward range" flakePaul Holzinger2022-06-27
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The test must ensure that all ports in the range are free not just the first. This flakes often because port 5355 is always in use by systemd-resolved on fedora. Fixes #14716 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #14687 from cdoern/volsopenshift-ci[bot]2022-06-27
|\ \ \ \ \ | | | | | | | | | | | | podman run/create -v relative filepath support
| * | | | | podman run/create -v relative filepath supportCharlie Doern2022-06-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman currently does not support relative volume paths. Add parsing for relative paths in specgen, converting whatever volume was given to an absolute path. Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | | | Merge pull request #14695 from boaz0/closes_14682openshift-ci[bot]2022-06-27
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix machine list: --format implies --noheading
| * | | | | | Use HaveLen instead of len in podman machine list e2e testsBoaz Shuster2022-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
| * | | | | | Fix machine list: --format implies --noheadingBoaz Shuster2022-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It seems like previously if --format was changed then listFlag.noHeading is changed accordingly however printHeader is used to determine whether to print header or not. This patch fixes that problem. Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | | | | | Merge pull request #14665 from Luap99/machine-nowopenshift-ci[bot]2022-06-27
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | podman machine init --now: respect proxy envs
| * | | | | | | podman machine init --now: respect proxy envsPaul Holzinger2022-06-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman machine start contains more logic than just the simple vm.Start() call. Instead of duplicating this into inti we just call start(). [NO NEW TESTS NEEDED] I have no way to test this right now. Fixes #14640 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | | Merge pull request #14724 from ↵openshift-ci[bot]2022-06-27
|\ \ \ \ \ \ \ \ | |_|_|_|/ / / / |/| | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/stretchr/testify-1.7.5 Bump github.com/stretchr/testify from 1.7.4 to 1.7.5
| * | | | | | | Bump github.com/stretchr/testify from 1.7.4 to 1.7.5dependabot[bot]2022-06-24
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.4 to 1.7.5. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.7.4...v1.7.5) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | | | Merge pull request #14685 from mheon/gitlabopenshift-ci[bot]2022-06-27
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Followon to #14559
| * | | | | | | Two fixes for DB exit code handlingMatthew Heon2022-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Firstly: don't prune exit codes after a refresh - instead, clear the table entirely. We are guaranteed that all containers are gone after a refresh, we should not worry about exit codes given this. Secondly: alter the way pruning was done. We were updating the DB by calling Update from within an existing View, and stacking an RW transaction on top of an existing RO one seems dodgy; further, modifying a bucket while iterating over it with ForEach is undefined behavior. Hopefully this will resolve our CI issues. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | | | | libpod: fix wait and exit-code logicValentin Rothberg2022-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit addresses three intertwined bugs to fix an issue when using Gitlab runner on Podman. The three bug fixes are not split into separate commits as tests won't pass otherwise; avoidable noise when bisecting future issues. 1) Podman conflated states: even when asking to wait for the `exited` state, Podman returned as soon as a container transitioned to `stopped`. The issues surfaced in Gitlab tests to fail [1] as `conmon`'s buffers have not (yet) been emptied when attaching to a container right after a wait. The race window was extremely narrow, and I only managed to reproduce with the Gitlab runner [1] unit tests. 2) The clearer separation between `exited` and `stopped` revealed a race condition predating the changes. If a container is configured for autoremoval (e.g., via `run --rm`), the "run" process competes with the "cleanup" process running in the background. The window of the race condition was sufficiently large that the "cleanup" process has already removed the container and storage before the "run" process could read the exit code and hence waited indefinitely. Address the exit-code race condition by recording exit codes in the main libpod database. Exit codes can now be read from a database. When waiting for a container to exit, Podman first waits for the container to transition to `exited` and will then query the database for its exit code. Outdated exit codes are pruned during cleanup (i.e., non-performance critical) and when refreshing the database after a reboot. An exit code is considered outdated when it is older than 5 minutes. While the race condition predates this change, the waiting process has apparently always been fast enough in catching the exit code due to issue 1): `exited` and `stopped` were conflated. The waiting process hence caught the exit code after the container transitioned to `stopped` but before it `exited` and got removed. 3) With 1) and 2), Podman is now waiting for a container to properly transition to the `exited` state. Some tests did not pass after 1) and 2) which revealed the third bug: `conmon` was executed with its working directory pointing to the OCI runtime bundle of the container. The changed working directory broke resolving relative paths in the "cleanup" process. The "cleanup" process error'ed before actually cleaning up the container and waiting "main" process ran indefinitely - or until hitting a timeout. Fix the issue by executing `conmon` with the same working directory as Podman. Note that fixing 3) *may* address a number of issues we have seen in the past where for *some* reason cleanup processes did not fire. [1] https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27119#note_970712864 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com> [MH: Minor reword of commit message] Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | | | | conmon: silence json-file errorValentin Rothberg2022-06-23
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should just silently fall through. The log was flooding the system-service logs when running Gitlab runner. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | | | | Merge pull request #14703 from cdoern/connectionopenshift-ci[bot]2022-06-25
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | fix system connection and scp testing