summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #11103 from jwhonce/wip/bindingsOpenShift Merge Robot2021-08-25
|\ | | | | Fix file descriptor leaks in bindings and add test
| * Fix file descriptor leaks and add testJhon Honce2021-08-24
| | | | | | | | | | | | | | | | | | | | * Add response.Body.Close() where needed to release HTTP connections to API server. * Add tests to ensure no general leaks occur. 100% coverage would be required to ensure no leaks on any call. * Update code comments to be godoc correct Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #11314 from Luap99/expose-portsOpenShift Merge Robot2021-08-25
|\ \ | | | | | | podman inspect show exposed ports
| * | podman inspect show exposed portsPaul Holzinger2021-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman inspect has to show exposed ports to match docker. This requires storing the exposed ports in the container config. A exposed port is shown as `"80/tcp": null` while a forwarded port is shown as `"80/tcp": [{"HostIp": "", "HostPort": "8080" }]`. Also make sure to add the exposed ports to the new image when the container is commited. Fixes #10777 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #11263 from nalind/journal-readOpenShift Merge Robot2021-08-24
|\ \ \ | | | | | | | | libpod/Container.readFromJournal(): don't skip the first entry
| * | | 130-kill.bats: increase timeouts from 10s to 60sNalin Dahyabhai2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Increase the amount of time we're willing to wait for a log message that a container should be printing to show up in the output of `logs -f`, since on at least one CI configuration we're seeing a turnaround as high as 46s, but it's not something we can directly control, so that's not a hard maximum. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * | | logs: adjust handling around partial log messagesNalin Dahyabhai2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In libpod/logs.LogLine.Write(), don't write a newline to stdout/stderr when the log message is only part of a line. In libpod.ConmonOCIRuntime.HTTPAttach(), don't send a newline over the HTTP connection when the log message is only part of a line. In pkg/api/handlers/compat.LogsFromContainer(), don't send a newline over the HTTP connection when the log message is only part of a line, and don't make doing so conditional on whether or not the client used the docker or podman endpoint. In pkg/domain/infra/tunnel.ContainerEngine.ContainerLogs(), don't add our own newline to log messages, since they already come through from the server when they need to. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * | | 330-corrupt-images: don't try to tag with a canonical nameNalin Dahyabhai2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In these tests, don't try to tag an image using a canonical ("with digest") image name. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * | | bump github.com/containers/commonNalin Dahyabhai2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | Update github.com/containers/common from 0.43.0 to 0.43.2. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * | | libpod/Container.readFromJournal(): don't skip the first entryNalin Dahyabhai2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When reading log entries from the journal, don't skip past the first matching entry after we've positioned the cursor at it. Make the first blank-line entry that we logged so that the container would always have at least one log entry for us to find (until it gets vacuumed out, at least) a fake history entry, so that `logs` doesn't pass it on for display. CI already has tests that exercise journal-based logging, so [NO TESTS NEEDED] Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * | | Switch eventlogger to journald by defaultDaniel J Walsh2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Since we are just testing the default. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #11315 from vrothberg/fix-11304OpenShift Merge Robot2021-08-24
|\ \ \ \ | |_|_|/ |/| | | generate systemd: use --cidfile again
| * | | generate systemd: use --cidfile againValentin Rothberg2021-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 9ac5267 changed the type of the generated systemd units from `forking` to `notify`. It further stopped using `--cidfile` and instead intended systemd to take care of stopping the container, which turned out to be a bad idea. Systemd will send the stop/kill signals to conmon which in turn may exit non-zero, depending on the signal, and ultimately breaking container cleanup. Hence, we need to use --cidfile again and let podman stop and remove the container to make sure that everything's in order. Fixes: #11304 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | Revert "generate systemd: custom stop signal"Valentin Rothberg2021-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 70801b3d714b067d64744697433c5841926dad4d. It turns out that letting systemd handle stopping the container is not working as I thought it will. Conmon is receiving the stop/kill signals and may exit non-zero, which in turn lets the systemd service transition into the `failed` state. We need to get back to letting Podman stop the containers and do a partial revert of commit 9ac5267 which removed using --cidfile. Happening in a following commit. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #11232 from Luap99/networkOpenShift Merge Robot2021-08-24
|\ \ \ \ | |/ / / |/| | | Network interface
| * | | Network interfacePaul Holzinger2021-08-24
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement a new network interface to abstract CNI from libpod. The interface is implemented for the CNI backend but in the future we can add more backends. The code is structured in three new packages: - `libpod/network/types`: contains the interface definition and the necessary types for it. - `libpod/network/cni` contains the interface implementation for the CNI backend. - `libpod/network/util` a set of utility functions related to networking. The CNI package uses ginkgo style unit tests. To test Setup/Teardown the test must be run as root. Each test will run in their own namespace to make the test independent from the host environment. New features with the CNI backend: - The default network will be created in memory if it does not exists on disk. - It can set more than one static IP per container network. - Networks are loaded once from disk and only if this interface is used, e.g. for commands such as `podman info` networks are not loaded. This reduces unnecessary disk IO. This commit only adds the interface it is not wired into libpod. This requires a lot of breaking changes which will be done in a followup commit. Once this is integrated into libpod the current network code under `libpod/network` should be removed. Also the dependency on OCICNI should be dropped. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #11312 from vrothberg/fix-11304OpenShift Merge Robot2021-08-24
|\ \ \ | | | | | | | | generate systemd: custom stop signal
| * | | generate systemd: custom stop signalValentin Rothberg2021-08-24
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 9ac5267598c3 changed the type of the generated systemd units from forking to notify. Parts of these changes was also removing the need to pass any information via the file system (e.g., PIDFILE, container ID). That in turn implies that systemd takes care of stopping the container. By default, systemd first sends a SIGTERM and after a certain timeout, it'll send a SIGKILL. That's pretty much what Podman is doing, unless the container was created with a custom stop signal which is the case when the --stop-signal flag was used or systemd is mounted. Account for that by using systemd's KillSignal option which allows for changing SIGTERM to another signal. Also make sure that we're using the correct timeout for units generated with --new. Fixes: #11304 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #11313 from nalind/leaked-bus-connectionOpenShift Merge Robot2021-08-24
|\ \ \ | |/ / |/| | utils.RunUnderSystemdScope(): always close Conn
| * | utils.RunUnderSystemdScope(): always close ConnNalin Dahyabhai2021-08-23
|/ / | | | | | | | | | | | | | | | | | | Make sure we close our private connection to the bus, even if we're not successful in in using it to ask systemd to move a unit's processes to a specific control group. [NO TESTS NEEDED] Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | Merge pull request #11311 from ↵OpenShift Merge Robot2021-08-23
|\ \ | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/buildah-1.22.3 Bump github.com/containers/buildah from 1.22.0 to 1.22.3
| * | Bump github.com/containers/buildah from 1.22.0 to 1.22.3dependabot[bot]2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/buildah](https://github.com/containers/buildah) from 1.22.0 to 1.22.3. - [Release notes](https://github.com/containers/buildah/releases) - [Changelog](https://github.com/containers/buildah/blob/v1.22.3/CHANGELOG.md) - [Commits](https://github.com/containers/buildah/compare/v1.22.0...v1.22.3) --- updated-dependencies: - dependency-name: github.com/containers/buildah dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #11290 from flouthoc/volume-exportOpenShift Merge Robot2021-08-23
|\ \ \ | | | | | | | | volumes: Add support for `volume export` which allows exporting content to external path.
| * | | volumes: Add support for exporting volumes to external tarflouthoc2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds support for transferring data between systems and backing up systems. Use cases: recover from disasters or move data between machines. Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | | | Merge pull request #11205 from Shivkumar13/shivkumar-tls-fixOpenShift Merge Robot2021-08-23
|\ \ \ \ | | | | | | | | | | Support for --tls-verify flag in podman-run & podman-create
| * | | | Support for --tls-verify flag in podman run & podman createShivkumar132021-08-21
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Shivkumar13 <sople@redhat.com>
* | | | | Merge pull request #11309 from ↵OpenShift Merge Robot2021-08-23
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/opencontainers/runc-1.0.2 Bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
| * | | | | Bump github.com/opencontainers/runc from 1.0.1 to 1.0.2dependabot[bot]2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.0.1 to 1.0.2. - [Release notes](https://github.com/opencontainers/runc/releases) - [Commits](https://github.com/opencontainers/runc/compare/v1.0.1...v1.0.2) --- updated-dependencies: - dependency-name: github.com/opencontainers/runc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | | Merge pull request #11308 from vrothberg/profilingOpenShift Merge Robot2021-08-23
|\ \ \ \ \ \ | |/ / / / / |/| | | | | profiling: higher memory sampling rate
| * | | | | profiling: higher memory sampling rateValentin Rothberg2021-08-23
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Increase the memory-sampling rate to the same default as github.com/pkg/profile. Allow for custom rates by reading the `MemProfileRate` env variable. [NO TESTS NEEDED] since it's a dev only flag and not part of CI. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #11310 from ↵OpenShift Merge Robot2021-08-23
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/onsi/gomega-1.16.0 Bump github.com/onsi/gomega from 1.15.0 to 1.16.0
| * | | | | Bump github.com/onsi/gomega from 1.15.0 to 1.16.0dependabot[bot]2021-08-23
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.15.0 to 1.16.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.15.0...v1.16.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #11305 from Luap99/fix-11303OpenShift Merge Robot2021-08-23
|\ \ \ \ \ | | | | | | | | | | | | Use pod netns with --pod-id-file
| * | | | | Use pod netns with --pod-id-filePaul Holzinger2021-08-23
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When `--pod-id-file` is used do not parse the default network namespace and let specgen handle it instead. This regression was introduced in commit 7ef3981abe24. Fixes #11303 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #11291 from ↵OpenShift Merge Robot2021-08-23
|\ \ \ \ \ | |_|/ / / |/| | | | | | | | | | | | | | containers/dependabot/go_modules/k8s.io/api-0.22.1 Bump k8s.io/api from 0.22.0 to 0.22.1
| * | | | Bump k8s.io/api from 0.22.0 to 0.22.1dependabot[bot]2021-08-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.22.0 to 0.22.1. - [Release notes](https://github.com/kubernetes/api/releases) - [Commits](https://github.com/kubernetes/api/compare/v0.22.0...v0.22.1) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #11202 from chuanchang/fix_issue_11201OpenShift Merge Robot2021-08-23
|\ \ \ \ \ | |_|/ / / |/| | | | e2e tests: fix overlay: Unknown option vfs.imagestore
| * | | | e2e tests: fix overlay: Unknown option vfs.imagestoreAlex Jia2021-08-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11201 The STORAGE_FS is hard code in test/e2e/config_amd64.go, it will hit error like this "overlay: Unknown option vfs.imagestore" when setting STORAGE_OPTIONS="--storage-driver overlay". With this patch, the STORAGE_FS is exported as environment variable, if STORAGE_FS is set, then set storageOptions to --storage-driver $STORAGE_FS. Signed-off-by: Alex Jia <chuanchang.jia@gmail.com>
* | | | | Merge pull request #11301 from mheon/330_mainOpenShift Merge Robot2021-08-22
|\ \ \ \ \ | |_|/ / / |/| | | | Update README for 3.3.0 release
| * | | | Update README for 3.3.0 releaseMatthew Heon2021-08-20
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | Merge pull request #11296 from vrothberg/memory-profileOpenShift Merge Robot2021-08-21
|\ \ \ \ \ | | | | | | | | | | | | add flag to record memory profiles
| * | | | | add flag to record memory profilesValentin Rothberg2021-08-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new flag `--memory-profile=$path` which creates a memory profile. The generated profile can later be analyzed via `go tool pprof`. [NO TESTS NEEDED] since it's a hidden flag, devs-only. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Merge pull request #11292 from ↵OpenShift Merge Robot2021-08-21
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | | | | | | | | | | | | | containers/dependabot/go_modules/k8s.io/apimachinery-0.22.1 Bump k8s.io/apimachinery from 0.22.0 to 0.22.1
| * | | | | Bump k8s.io/apimachinery from 0.22.0 to 0.22.1dependabot[bot]2021-08-20
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.22.0 to 0.22.1. - [Release notes](https://github.com/kubernetes/apimachinery/releases) - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.22.0...v0.22.1) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #11286 from jwhonce/issues/11227OpenShift Merge Robot2021-08-20
|\ \ \ \ \ | | | | | | | | | | | | Update /version endpoint to add components
| * | | | | Update /version endpoint to add componentsJhon Honce2021-08-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Include OCI and conmon information as components Fixes #11227 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | Merge pull request #11289 from Luap99/net-alias-idOpenShift Merge Robot2021-08-20
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Fix network aliases with network id
| * | | | | Fix network aliases with network idPaul Holzinger2021-08-20
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a network id is used to create a container we translate it to use the name internally for the db. The network aliases are also stored with the network name as key so we have to also translate them for the db. Also removed some outdated skips from the e2e tests. Fixes #11285 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #11246 from vrothberg/sdnotify=containerOpenShift Merge Robot2021-08-20
|\ \ \ \ \ | |/ / / / |/| | | | Implement SD-NOTIFY proxy in conmon
| * | | | Implement SD-NOTIFY proxy in conmonDaniel J Walsh2021-08-20
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This leverages conmon's ability to proxy the SD-NOTIFY socket. This prevents locking caused by OCI runtime blocking, waiting for SD-NOTIFY messages, and instead passes the messages directly up to the host. NOTE: Also re-enable the auto-update tests which has been disabled due to flakiness. With this change, Podman properly integrates into systemd. Fixes: #7316 Signed-off-by: Joseph Gooch <mrwizard@dok.org> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>