summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* change error wording when conmon fails without logsValentin Rothberg2019-10-14
| | | | | | | | | | | | | | In some cases, conmon can fail without writing logs. Change the wording of the error message from "error reading container (probably exited) json message" to "container create failed (no logs from conmon)" to have a more helpful error message that is more consistent with other errors at that stage of execution. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #4233 from mheon/fix_ccOpenShift Merge Robot2019-10-12
|\ | | | | Allow giving path to Podman for cleanup command
| * Allow giving path to Podman for cleanup commandMatthew Heon2019-10-11
| | | | | | | | | | | | | | | | For non-Podman users of Libpod, we don't want to force the exit command to use ARGV[0], which probably does not support a cleanup command. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #4243 from TomSweeneyRedHat/dev/tsweeney/fixrunmdOpenShift Merge Robot2019-10-12
|\ \ | | | | | | Touch up bad math in run man page
| * | Touch up bad math in run man pageTomSweeneyRedHat2019-10-11
| | | | | | | | | | | | | | | | | | | | | | | | We'd an off by one error in the run man page spotted by @leorochael in Fixes: #4239 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #4238 from giuseppe/rootless-enable-ps-size-testsOpenShift Merge Robot2019-10-11
|\ \ \ | | | | | | | | tests: enable ps --size tests for rootless
| * | | tests: enable ps --size tests for rootlessGiuseppe Scrivano2019-10-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | rootless podman is using a single user namespace for all the containers so it can safely access the storage for all of them. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #4220 from mheon/null_runtimeOpenShift Merge Robot2019-10-11
|\ \ \ \ | | | | | | | | | | Move OCI runtime implementation behind an interface
| * | | | When restoring containers, reset cgroup pathMatthew Heon2019-10-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, `podman checkport restore` with exported containers, when told to create a new container based on the exported checkpoint, would create a new container, with a new container ID, but not reset CGroup path - which contained the ID of the original container. If this was done multiple times, the result was two containers with the same cgroup paths. Operations on these containers would this have a chance of crossing over to affect the other one; the most notable was `podman rm` once it was changed to use the --all flag when stopping the container; all processes in the cgroup, including the ones in the other container, would be stopped. Reset cgroups on restore to ensure that the path matches the ID of the container actually being run. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | Move OCI runtime implementation behind an interfaceMatthew Heon2019-10-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For future work, we need multiple implementations of the OCI runtime, not just a Conmon-wrapped runtime matching the runc CLI. As part of this, do some refactoring on the interface for exec (move to a struct, not a massive list of arguments). Also, add 'all' support to Kill and Stop (supported by runc and used a bit internally for removing containers). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #4221 from mheon/reset_runtimeOpenShift Merge Robot2019-10-11
|\ \ \ \ \ | |_|_|/ / |/| | | | Migrate can move containers to a user-defined runtime
| * | | | Migrate can move containers to a new runtimeMatthew Heon2019-10-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a horrible hack to work around issues with Fedora 31, but other distros might need it to, so we'll move it upstream. I do not recommend this functionality for general use, and the manpages and other documentation will reflect this. But for some upgrade cases, it will be the only thing that allows for a working system. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #4237 from giuseppe/ps-not-nullOpenShift Merge Robot2019-10-11
|\ \ \ \ \ | | | | | | | | | | | | container: initialize results list
| * | | | | container: initialize results listGiuseppe Scrivano2019-10-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it solves: $ podman ps --format=json null Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #4201 from TomSweeneyRedHat/dev/tsweeney/updatebuildmdOpenShift Merge Robot2019-10-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | Update build man page with latest Buildah changes
| * | | | | | Update build man page with latest Buildah changesTomSweeneyRedHat2019-10-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes include: Containerfile by default, add --device flags to bud, allow buildah bud to be called without arguments, and a couple of small typo corrections. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | | | Merge pull request #4232 from csomh/auth-file-pathOpenShift Merge Robot2019-10-11
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | Fix default path for auth.json
| * | | | | | Fix default path for auth.jsonHunor Csomortáni2019-10-10
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Default path should be ${XDG_RUNTIME_DIR}/containers/auth.json according to the docs. This regressed to ${XDG_RUNTIME_DIR}/auth.json in #3760. Fixes: #4227 Signed-off-by: Hunor Csomortáni <csomh@redhat.com>
* | | | | | Merge pull request #4235 from giuseppe/no-pids-cgroupfsOpenShift Merge Robot2019-10-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | rootless: do not set PIDs limit if --cgroup-manager=cgroupfs
| * | | | | | rootless: do not set PIDs limit if --cgroup-manager=cgroupfsGiuseppe Scrivano2019-10-11
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | even if the system is using cgroups v2, rootless is not able to setup limits when the cgroup-manager is not systemd. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #4231 from cgwalters/user-unit-wantedOpenShift Merge Robot2019-10-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | Make user io.podman.service unit WantedBy=default.target
| * | | | | | Make user io.podman.service unit WantedBy=default.targetColin Walters2019-10-11
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `multi-user.target` doesn't exist in the systemd *user* instance. We can't hook up the startup of a user unit to a system target. Doing so causes systemd to error out in Fedora CoreOS builds during presets. Make it depend on `default.target` instead. (Having the same unit in both system and user sessions has some tricky bits like this) Signed-off-by: Colin Walters <walters@verbum.org>
* | | | | | Merge pull request #4205 from manics/no-log-initOpenShift Merge Robot2019-10-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | troubleshooting: fix useradd no-log-init argument
| * | | | | | troubleshooting: fix useradd no-log-init argumentSimon Li2019-10-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | --log-no-init should be --no-log-init Signed-off-by: Simon Li <spli@dundee.ac.uk>
* | | | | | | Merge pull request #4223 from QiWang19/uidmapOpenShift Merge Robot2019-10-10
|\ \ \ \ \ \ \ | |_|_|_|/ / / |/| | | | | | show uid_map in podman info
| * | | | | | show uid_map in podman infoQi Wang2019-10-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | show uid_map gid_map in podman info Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | | Merge pull request #4206 from giuseppe/systemd-mode-look-full-pathOpenShift Merge Robot2019-10-10
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | systemd: expect full path /usr/sbin/init
| * | | | | | | cli: support --systemd=alwaysGiuseppe Scrivano2019-10-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it enforces the systemd mode also when the command name doesn't match /usr/sbin/init or systemd. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | | systemd: expect full path /usr/sbin/initGiuseppe Scrivano2019-10-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "init" is a quite common name for the command executed in a container image and Podman ends up using the systemd mode also when not required. Be stricter on enabling the systemd mode and not enable it automatically when the basename is "init" but expect the full path "/usr/sbin/init". Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | | Merge pull request #4181 from cevich/start_test_slower_pollOpenShift Merge Robot2019-10-10
|\ \ \ \ \ \ \ \ | |_|_|_|/ / / / |/| | | | | | | Raise start_test polling interval
| * | | | | | | Raise start_test polling intervalChris Evich2019-10-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to the documentation https://onsi.github.io/gomega/#eventually > the default value for the polling interval is 10 milliseconds That is excessively fast given the observed failures in issue #4021 are always using podman-remote. Lower the interval to 3-seconds, which should be plenty long enough for container removal. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | | | Merge pull request #4197 from vrothberg/fix-4192OpenShift Merge Robot2019-10-10
|\ \ \ \ \ \ \ \ | |_|_|_|_|_|_|/ |/| | | | | | | vendor c/psgo@v1.3.2
| * | | | | | | vendor c/psgo@v1.3.2Valentin Rothberg2019-10-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now supports cgroupsv2. Fixes: #4192 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | | | Merge pull request #4216 from baude/catchv2runcOpenShift Merge Robot2019-10-10
|\ \ \ \ \ \ \ \ | |_|_|_|/ / / / |/| | | | | | | catch runc v2 error
| * | | | | | | catch runc v2 errorbaude2019-10-09
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when runc returns an error about not being v2 complient, catch the error and logrus an actionable message for users. Signed-off-by: baude <bbaude@redhat.com>
* | | | | | | Merge pull request #4225 from giuseppe/rootless-create-pause-automaticallyOpenShift Merge Robot2019-10-09
|\ \ \ \ \ \ \ | |_|_|_|/ / / |/| | | | | | rootless: automatically recreate the pause.pid file
| * | | | | | rootless: automatically recreate the pause.pid fileGiuseppe Scrivano2019-10-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | if the pause process cannot be joined, remove the pause.pid while keeping a lock on it, and try to recreate it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | rootless: do not close files twiceGiuseppe Scrivano2019-10-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | refresh: do not access network ns if not in the namespaceGiuseppe Scrivano2019-10-09
| |/ / / / / | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #4222 from cevich/collect_varlink_logOpenShift Merge Robot2019-10-09
|\ \ \ \ \ \ | | | | | | | | | | | | | | Cirrus: Produce and collect varlink output
| * | | | | | Cirrus: Produce and collect varlink outputChris Evich2019-10-08
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When executing 'make remotesystem' testing, a varlink process is started up but it's stdio is dumped due to the production of excessive data. However, this also means if the process has a problem, any errors will not be accessible. Instead, grab only the last 100 lines and direct them into a file. Also update automation's log collection to retrieve this file when the `$REMOTE_CLIENT` env. var. is `true`. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #4200 from mheon/fix_sigproxy_startOpenShift Merge Robot2019-10-09
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Respect --sig-proxy flag with podman start --attach
| * | | | | Respect --sig-proxy flag with podman start --attachMatthew Heon2019-10-09
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If it's explicitly set, use it, instead of trying to set a sane default. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | Merge pull request #4218 from jlebon/pr/drop-alsoOpenShift Merge Robot2019-10-09
|\ \ \ \ \ | |_|_|_|/ |/| | | | io.podman.socket: drop Also=multi-user.target
| * | | | io.podman.socket: drop Also=multi-user.targetJonathan Lebon2019-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Using `Also=` means that the target unit will also be installed/uninstalled together with our unit. Doing `Also=multi-user.target` essentially says: disable `multi-user.target` if `io.podman.socket` is disabled, which sounds... not at all like what we want. In practice, systemd thankfully ignores this (likely because it's the default target). I think having `Also=io.podman.socket` in the `io.podman.service` already does what we want here: it gets installed under `sockets.target` whenever the service is. (And the fact that systemd ignored this means that it wasn't actually playing a role in resolving #3998.) This was causing `systemctl preset-all` to dump core in Fedora CoreOS: https://github.com/coreos/fedora-coreos-tracker/issues/290 (Likely there's a systemd bug around here too.) Signed-off-by: Jonathan Lebon <jonathan@jlebon.com>
* | | | | Merge pull request #4189 from cevich/install_conmonOpenShift Merge Robot2019-10-08
|\ \ \ \ \ | |/ / / / |/| | | | Cirrus: Install conmon in Fedora VMs
| * | | | Cirrus: Remove broken/failing testing_crun taskChris Evich2019-10-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This task was to enable cross-environment testing of crun. However it was decided to only run testing w/ crun on F31. Since F31 release is imminent, remove this task. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | Cirrus: Use new VM cache imagesChris Evich2019-10-07
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | Cirrus: Install conmon in Fedora VMsChris Evich2019-10-07
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is needed because older versions of podman (1.5.1) do not automatically install the new conmon package. Also, include removal of `/usr/libexec/podman/conmon` when preparing to install and test podman built from source. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #4032 from rhatdan/pids-limitOpenShift Merge Robot2019-10-07
|\ \ \ \ | |/ / / |/| | | Setup a reasonable default for pids-limit 4096