summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* rewrite podman-cpValentin Rothberg2020-12-04
| | | | | | | | | | | | | | | | | | | | | | | | * Add a new `pkg/copy` to centralize all container-copy related code. * The new code is based on Buildah's `copier` package. * The compat `/archive` endpoints use the new `copy` package. * Update docs and an several new tests. * Includes many fixes, most notably, the look-up of volumes and mounts. Breaking changes: * Podman is now expecting that container-destination paths exist. Before, Podman created the paths if needed. Docker does not do that and I believe Podman should not either as it's a recipe for masking errors. These errors may be user induced (e.g., a path typo), or internal typos (e.g., when the destination may be a mistakenly unmounted volume). Let's keep the magic low for such a security sensitive feature. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* e2e: bump pull timeout to 240 secondsValentin Rothberg2020-12-04
| | | | | | | I am constantly hitting the 90 seconds limit with my very slow connection. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #8479 from rhatdan/logOpenShift Merge Robot2020-12-03
|\ | | | | Drop default log-level from error to warn
| * Drop default log-level from error to warnDaniel J Walsh2020-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Our users are missing certain warning messages that would make debugging issues with Podman easier. For example if you do a podman build with a Containerfile that contains the SHELL directive, the Derective is silently ignored. If you run with the log-level warn you get a warning message explainging what happened. $ podman build --no-cache -f /tmp/Containerfile1 /tmp/ STEP 1: FROM ubi8 STEP 2: SHELL ["/bin/bash", "-c"] STEP 3: COMMIT --> 7a207be102a 7a207be102aa8993eceb32802e6ceb9d2603ceed9dee0fee341df63e6300882e $ podman --log-level=warn build --no-cache -f /tmp/Containerfile1 /tmp/ STEP 1: FROM ubi8 STEP 2: SHELL ["/bin/bash", "-c"] STEP 3: COMMIT WARN[0000] SHELL is not supported for OCI image format, [/bin/bash -c] will be ignored. Must use `docker` format --> 7bd96fd25b9 7bd96fd25b9f755d8a045e31187e406cf889dcf3799357ec906e90767613e95f These messages will no longer be lost, when we default to WARNing level. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8565 from jwhonce/wip/testingOpenShift Merge Robot2020-12-03
|\ \ | | | | | | hack/podman-socat captures the API stream
| * | hack/podman-socat captures the API streamJhon Honce2020-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | * verify socat and podman binaries exist * setup a sandboxed podman service * run podman service with socat proxy to capture API stream * clean up sandbox leaving the log files for review Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #8576 from Luap99/docs-network-rootlessOpenShift Merge Robot2020-12-03
|\ \ \ | | | | | | | | [CI:DOCS] Correct which network commands can be run as rootless
| * | | Correct which network commands can be run as rootlessPaul Holzinger2020-12-03
| | |/ | |/| | | | | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8551 from rhatdan/defaultOpenShift Merge Robot2020-12-03
|\ \ \ | |/ / |/| | Support --network=default as if it was private
| * | Support --network=default as if it was privateDaniel J Walsh2020-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker defines an option of "default" which means to use the default network. We should support this with the same code path as --network="". This is important for compatibility with the Docker API. Fixes: https://github.com/containers/podman/issues/8544 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8563 from giuseppe/exec-cgroup-createOpenShift Merge Robot2020-12-03
|\ \ \ | | | | | | | | podman, exec: move conmon to the correct cgroup
| * | | podman, exec: move conmon to the correct cgroupGiuseppe Scrivano2020-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | move the conmon process to the conmon cgroup also on exec. The previous implementation would fail to move the conmon process as the systemd unit already exists so its creation would fail. When the unit cannot be created, attempt to directly join the cgroup instead. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #8566 from jwhonce/wip/double_pingOpenShift Merge Robot2020-12-03
|\ \ \ \ | | | | | | | | | | Change bindings to stop two API calls for ping
| * | | | Change bindings to stop two API calls for pingJhon Honce2020-12-02
| | |_|/ | |/| | | | | | | | | | | | | | | | | | * existing code caused an unnecessary 301 redirect Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #8564 from edsantiago/batsOpenShift Merge Robot2020-12-03
|\ \ \ \ | | | | | | | | | | BATS: add new load test
| * | | | BATS: add new load testEd Santiago2020-12-02
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Looks like #7337 was fixed (by #8112). Reenable a disabled test for it; and make it actually work. Confirmed that newly-added test fails on d45676549 (the commit before #8112). Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #8408 from umohnani8/sec-optOpenShift Merge Robot2020-12-03
|\ \ \ \ | |/ / / |/| | | Add mask and unmask option to --security-opt
| * | | Add mask and unmask option to --security-optUrvashi Mohnani2020-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the mask and unmask option to the --security-opt flag to allow users to specify paths to mask and unmask in the container. If unmask=ALL, this will unmask all the paths we mask by default. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | Merge pull request #8556 from mheon/fix_8539OpenShift Merge Robot2020-12-02
|\ \ \ \ | | | | | | | | | | Use Libpod tmpdir for pause path
| * | | | Use Libpod tmpdir for pause pathMatthew Heon2020-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, we always computed pause path from the Rootless runtime directory. Problem: this does not match the behavior of Libpod when the directory changes. Libpod will continue to use the previous directory, cached in the database; Pause pidfiles will swap to the new path. This is problematic when the directory needs to exist to write the pidfile, and Libpod is what creates the directory. There are two potential solutions - allow the pause pidfile to move and just make the directory when we want to write it, or use the cached Libpod paths for a guaranteed location. This patch does the second, because it seems safer - we will never miss a previously-existing pidfile because the location is now consistent. Fixes #8539 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | Merge pull request #8112 from QiWang19/load-optional-nameOpenShift Merge Robot2020-12-02
|\ \ \ \ \ | | | | | | | | | | | | Drop name argument from Load API
| * | | | | Do not pass name argument to Load APIQi Wang2020-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Not pass the name argument to Load API. Specify in the document the usage of the optional argument is tagging an additional image. Close #7337 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | Merge pull request #8392 from jwhonce/wip/reportOpenShift Merge Robot2020-12-02
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix `podman images...` missing headers in table templates
| * | | | | | Fix `podman images...` missing headers in table templatesJhon Honce2020-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | | Merge pull request #8557 from baude/mountcommasOpenShift Merge Robot2020-12-02
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | add commas between mount options
| * | | | | | add commas between mount optionsbaude2020-12-02
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when formatting mount options into a string for the compat container create, the options need to be comma delimited. Signed-off-by: baude <bbaude@redhat.com>
* | | | | | Merge pull request #8552 from baude/buildtargetOpenShift Merge Robot2020-12-02
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | target is not tag
| * | | | | target is not tagbaude2020-12-02
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | remove mistaken use of target being used for tag Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #8549 from Luap99/network-id-supportOpenShift Merge Robot2020-12-02
|\ \ \ \ \ | |/ / / / |/| | | | Add support for network ids
| * | | | Add support for network idsPaul Holzinger2020-12-02
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The network ID is not stored. It is just the sha256 hash from the network name. There is a risk of a potential hash collision. However it's very unlikely and even if we hit this it will complain that more than network with this ID exists. The main benefit is that the compat api can have proper network ID support. Also this adds the support for `podman network ls --format "{{.ID}}"` and `--filter id=<ID>`. It also ensures that we can do network rm <ID> and network inspect <ID>. Since we use a hash this commit is backwards compatible even for already existing networks. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #8550 from Luap99/fix-completion-ancestor-filterOpenShift Merge Robot2020-12-02
|\ \ \ \ | |/ / / |/| | | Fix shell completion for ps --filter ancestor
| * | | Fix shell completion for ps --filter ancestorPaul Holzinger2020-12-02
|/ / / | | | | | | | | | | | | | | | | | | The `ancestor` option was missing an equal sign. Therefore the completion did not work as expected. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8543 from mheon/no_syslog_trueOpenShift Merge Robot2020-12-02
|\ \ \ | | | | | | | | Do not use "true" after "syslog" in exit commands
| * | | Do not use "true" after "syslog" in exit commandsMatthew Heon2020-12-01
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of being interpreted as an argument to the boolean flag, the 'true' is being intepreted as the Podman command to be run - so we're trying to run `podman true`, which does not exist. This causes the cleanup command to fail when `--log-level=debug` is set, so containers are not cleaned up or removed. This problem is easily reproduced with any command combining the `--rm`, `-d`, and `--log-level=debug` flags - the command will execute and exit, but the container will not be removed. Separate, but worth looking into later: the errors we get on trying `podman true` with any flags are terrible - if you just type `podman true` you get a quite sane "Unrecognized command" error, but if you try `podman true --rm` you get an "unknown flag --rm" error - which makes very little sense given the command itself doesn't exist. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #8457 from afbjorklund/bridge-mtuOpenShift Merge Robot2020-12-02
|\ \ \ | | | | | | | | Add podman network create flag for bridge mtu
| * | | Validate that the bridge option is supportedAnders F Björklund2020-12-01
| | | | | | | | | | | | | | | | | | | | | | | | Thanks Luap99 for the validation suggestion Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * | | Add integration test for the bridge optionsAnders F Björklund2020-12-01
| | | | | | | | | | | | | | | | | | | | | | | | Thanks Luap99 for doing the implementation Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * | | Add podman network create option for bridge vlanAnders F Björklund2020-12-01
| | | | | | | | | | | | | | | | Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * | | Add podman network create option for bridge mtuAnders F Björklund2020-12-01
| | | | | | | | | | | | | | | | Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | | Merge pull request #8542 from rhatdan/testOpenShift Merge Robot2020-12-01
|\ \ \ \ | | | | | | | | | | Fix typo in tests
| * | | | Fix typo in testsDaniel J Walsh2020-12-01
| | |/ / | |/| | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8357 from mheon/add_volume_interface_packageOpenShift Merge Robot2020-12-01
|\ \ \ \ | |_|/ / |/| | | Add API for communicating with Docker volume plugins
| * | | Add API for communicating with Docker volume pluginsMatthew Heon2020-12-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker provides extensibility through a plugin system, of which several types are available. This provides an initial library API for communicating with one type of plugins, volume plugins. Volume plugins allow for an external service to create and manage a volume on Podman's behalf. This does not integrate the plugin system into Libpod or Podman yet; that will come in subsequent pull requests. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #8541 from rhatdan/manOpenShift Merge Robot2020-12-01
|\ \ \ \ | | | | | | | | | | Fix potential race condition in testing
| * | | | Fix potential race condition in testingDaniel J Walsh2020-12-01
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The It("podman wait to pause|unpause condition"... test is flaking every so often when a messages is sent in the second function to a channel. It is my believe that in between the time the first function sends a message to the channel and before it closes the channel the second errChan=make() has happened. This would mean that the fist function closes the second errChan, and then when the second function sends a message to the second errChan, it fails and blows up with the error you are seeing. By creating a different variable for the second channel, we eliminate the race. Fixes: https://github.com/containers/podman/issues/6518 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8488 from rhatdan/platformOpenShift Merge Robot2020-12-01
|\ \ \ \ | | | | | | | | | | Add support for --platform
| * | | | Add support for --platformDaniel J Walsh2020-11-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For docker compatibility we need to support --platform flag. podman create --platform podman run --platform podman pull --platform Since we have --override-os and --override-arch already this can be done just by modifying the client to split the --platform call into os and arch and then pass those options to the server side. Fixes: https://github.com/containers/podman/issues/6244 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #8505 from Luap99/network-labelsOpenShift Merge Robot2020-12-01
|\ \ \ \ \ | | | | | | | | | | | | podman network label support
| * | | | | podman network label supportPaul Holzinger2020-11-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add label support for podman network create. Use the `args` field in the cni config file to store the podman labels. Use `podman_labels` as key name and store the labels as map[string]string. For reference: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md#args-in-network-config https://github.com/containernetworking/cni/blob/spec-v0.4.0/SPEC.md#network-configuration Example snippet: ``` ... "args": { "podman_labels": { "key1":"value1", "key2":"value2" } } ... ``` Make podman network list support several filters. Supported filters are name, plugin, driver and label. Filters with different keys work exclusive. Several label filters work exclusive and the other filter keys are working inclusive. Also adjust the compat api to support labels in network create and list. Breaking changes: - podman network ls -f shortform is used for --filter instead --format This matches docker and other podman commands (container ps, volume ps) - libpod network list endpoint filter parameter is removed. Instead the filters paramter should be used as json encoded map[string][]string. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | | Merge pull request #8534 from Luap99/revert-Luap99-cobra-vendorOpenShift Merge Robot2020-12-01
|\ \ \ \ \ \ | | | | | | | | | | | | | | Revert the custom cobra vendor