summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Add --requires flag to podman run/createMatthew Heon2021-04-06
| | | | | | | | | | | | | | | | | | | | Podman has, for a long time, had an internal concept of dependency management, used mainly to ensure that pod infra containers are started before any other container in the pod. We also have the ability to recursively start these dependencies, which we use to ensure that `podman start` on a container in a pod will not fail because the infra container is stopped. We have not, however, exposed these via the command line until now. Add a `--requires` flag to `podman run` and `podman create` to allow users to manually specify dependency containers. These containers must be running before the container will start. Also, make recursive starting with `podman start` default so we can start these containers and their dependencies easily. Fixes #9250 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #9873 from baude/correctaarch64OpenShift Merge Robot2021-03-30
|\ | | | | resolve proper aarch64 image names
| * resolve proper aarch64 image namesbaude2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | when automatically downloading fcos for the Apple M1, we needed to replace a statically defined URL with the dynamically determined one. also, it appears boolean qemu options `server` and `onwait` are not defined as `server=on` and `wait=off`. [NO TESTS NEEDED] Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #9872 from baude/vmaltimageOpenShift Merge Robot2021-03-30
|\ \ | | | | | | podman machine init user input
| * | podman machine init user inputbaude2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | users may now provide a fully qualified local file path or a URL to seed the disk-image to be used in the VM. [NO TESTS NEEDED] Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #9886 from mheon/bump_main_310OpenShift Merge Robot2021-03-30
|\ \ \ | | | | | | | | [CI:DOCS] Update main branch to reflect the release of v3.1.0
| * | | Update main branch to reflect the release of v3.1.0Matthew Heon2021-03-30
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #9881 from Luap99/net-reload-silence-errorsOpenShift Merge Robot2021-03-30
|\ \ \ \ | |/ / / |/| | | Silence podman network reload errors with iptables-nft
| * | | Silence podman network reload errors with iptables-nftPaul Holzinger2021-03-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure we do not display the expected error when using podman network reload. This is already done for iptables-legacy however iptables-nft creates a slightly different error message so check for this as well. The error is logged at info level. [NO TESTS NEEDED] The test VMs do not use iptables-nft so there is no way to test this. It is already tested for iptables-legacy. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #9876 from edsantiago/apiv2_relax_versioncheckOpenShift Merge Robot2021-03-30
|\ \ \ \ | |_|_|/ |/| | | APIv2 basic test: relax APIVersion check
| * | | APIv2 basic test: relax APIVersion checkEd Santiago2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is tedious and error-prone to update the 'APIVersion=<exact>' test every time there's a minor bump. Change the test so it confirms only the major version. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #9846 from afbjorklund/qemu-arm64OpenShift Merge Robot2021-03-30
|\ \ \ \ | |/ / / |/| | | [NO TESTS NEEDED] Add machine support for qemu-system-aarch64 on linux
| * | | Add machine support for qemu-system-aarch64Anders F Björklund2021-03-29
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Build machine also for podman-linux-arm64 - Add default machine type for linux arm64 - Add the required qemu-uefi bios parameter - Remove hardcoded outdated path and show url Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | Merge pull request #9795 from mheon/bump_320_devOpenShift Merge Robot2021-03-29
|\ \ \ | | | | | | | | Bump to v3.2.0-dev
| * | | Bump to v3.2.0-devMatthew Heon2021-03-29
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #9870 from edsantiago/manpage_doubledash_helperOpenShift Merge Robot2021-03-29
|\ \ \ \ | |_|/ / |/| | | [CI:DOCS] manpage xref: helpful diagnostic for unescaped dash-dash
| * | | manpage xref: helpful diagnostic for unescaped dash-dashEd Santiago2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PR #9856 works around a buggy markdown processor that cleverly converts double dashes to em-dash. The unfortunate result is that the man page source files are unmaintainable, because every '--foo' has to be specified as '\-\-foo'. This is impossible for humans to remember, so let's add a helpful diagnostic message when we detect new options added without the escapes. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #9855 from giuseppe/fix-service-race-conditionOpenShift Merge Robot2021-03-29
|\ \ \ \ | | | | | | | | | | service: use LISTEN_FDS
| * | | | service: use LISTEN_FDSGiuseppe Scrivano2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | if LISTEN_FDS is specified by systemd, we need to use the first fd after the std files (so fd=3) to read from the activation socket instead of manually opening the UNIX socket. [NO TESTS NEEDED] Closes: https://github.com/containers/podman/issues/9251 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | rootless: use is_fd_inheritedGiuseppe Scrivano2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | since we already have an exported function that does the check, refactor the code to use it instead of duplicating the logic. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #9516 from rhatdan/shrinkOpenShift Merge Robot2021-03-29
|\ \ \ \ \ | | | | | | | | | | | | [NO TESTS NEEDED] Shrink the size of podman bindings
| * | | | | [NO TESTS NEEDED] Shrink the size of podman-remoteDaniel J Walsh2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #9842 from AlbanBedel/play-kube-env-from-secretsOpenShift Merge Robot2021-03-29
|\ \ \ \ \ \ | | | | | | | | | | | | | | Add support for env from secrets in play kube
| * | | | | | play kube: add support for env vars defined from secretsAlban Bedel2021-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for secretRef and secretKeyRef to allow env vars to be set from a secret. As K8S secrets are dictionaries the secret value must be a JSON dictionary compatible with the data field of a K8S secret object. The keys must consist of alphanumeric characters, '-', '_' or '.', and the values must be base64 encoded strings. Signed-off-by: Alban Bedel <albeu@free.fr>
| * | | | | | play kube: support optional/mandatory env var from config mapAlban Bedel2021-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In K8S the pod creation fails if an env var reference a non existing config map key. It can be marked as optional, but per default it is mandatory. Podman on the other hand always treat such references as optional. Rework envVarsFrom() and envVarValue() to additionaly return an error and add support for the optional attribute in configMapRef and configMapKeyRef. Signed-off-by: Alban Bedel <albeu@free.fr>
| * | | | | | play kube: prepare supporting other env source than config mapsAlban Bedel2021-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rework envVarsFromConfigMap() and envVarValue() to simplify supporting other env sources than config maps. For this we pass the whole spec generator options struct as parameter instead of just the config maps list. Then we rename envVarsFromConfigMap() to envVarsFrom() and in envVarValue() we reposition the loop over the config maps to only run it when a configMapRef element exists. Signed-off-by: Alban Bedel <albeu@free.fr>
* | | | | | | Merge pull request #9858 from rhatdan/warnOpenShift Merge Robot2021-03-29
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted
| * | | | | | | [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mountedDaniel J Walsh2021-03-29
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If I run podman within a container without /sys/fs/cgroups mounted, we get this warning, which the user can not do much about. I don't see a reason for requiring this warning to show by default, so we should drop it to Info. User can not do anything about it either, and code works well with the somewhat expected error. Helps fix: https://github.com/containers/podman/issues/9753 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | Merge pull request #9861 from TristanCacqueray/version-swaggerOpenShift Merge Robot2021-03-29
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | [CI:DOCS] swagger: update system version response body
| * | | | | | swagger: update system version response bodyTristan Cacqueray2021-03-29
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change updates the swagger documentation of the system version response body to match the actual response. Fixes: #9522 Signed-off-by: Tristan Cacqueray <tdecacqu@redhat.com>
* | | | | | Merge pull request #9862 from edsantiago/bud_reenable_pull_neverOpenShift Merge Robot2021-03-29
|\ \ \ \ \ \ | | | | | | | | | | | | | | buildah-bud tests: reenable pull-never test
| * | | | | | buildah-bud tests: reenable pull-never testEd Santiago2021-03-29
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue #9573 (podman build --pull-never is a NOP) is fixed. Remove the 'skip' in the buildah-bud pull-never test. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #9307 from Luap99/powershell-completionOpenShift Merge Robot2021-03-29
|\ \ \ \ \ \ | | | | | | | | | | | | | | Add powershell completions
| * | | | | | Add powershell completionsPaul Holzinger2021-03-29
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for generating powershell completion files. This is especially useful for people using the podman remote client on windows. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | | Merge pull request #9856 from Luap99/fix-longflagOpenShift Merge Robot2021-03-29
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] Fix long option format on docs.podman.io
| * | | | | | Fix long option format on docs.podman.ioPaul Holzinger2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Escape the two dashes, otherwise they are combined into one long dash. I tested that this change is safe and still renders correctly on github and with the man pages. This commit also contains a small change to make it build locally. Assuming you have the dependencies installed you can do: ``` cd docs make html ``` Preview the html files in docs/build/html with `python -m http.server 8000 --directory build/html`. Fixes containers/podman.io#373 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | | | Merge pull request #9857 from edsantiago/batsOpenShift Merge Robot2021-03-29
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | system tests: friendier messages for 2-arg is()
| * | | | | | | system tests: friendier messages for 2-arg is()Ed Santiago2021-03-29
| | |/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The 'is' check was intended to be called with three arguments, the last one being a nice helpful test name. There's a fallback for two-argument calls, but it was a horrible FIXME. New fallback: the most recently run podman command. We keep track of it in each run_podman() invocation. This is not ideal, because it's theoretically possible to invoke 'is' on something other than the output of run_podman, but this at least fixes the by-far-most-common case. [NO TESTS NEEDED] Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | | Merge pull request #9848 from Luap99/fix-9776OpenShift Merge Robot2021-03-29
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | podman generate systemd --new do not duplicate params
| * | | | | | | podman generate systemd --new do not duplicate paramsPaul Holzinger2021-03-28
| | |/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman generate systemd --new inserts extra idfile arguments. The generated unit can break when the user did provide their own idfile arguments as they overwrite the arguments added by generate systemd. This also happens when a user tries to generate the systemd unit on a container already create with a --new unit. This should now create a identical unit. The solution is to remove all user provided idfile arguments. This commit also ensures that we do not remove arguments that are part off the containers entrypoint. Fixes #9776 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | | | Merge pull request #9844 from afbjorklund/qemu-kvmOpenShift Merge Robot2021-03-29
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | Add machine support for more Linux distros
| * | | | | | Add machine support for more Linux distrosAnders F Björklund2021-03-28
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are no regression tests for machine [NO TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | | | | Merge pull request #9631 from rhatdan/pullOpenShift Merge Robot2021-03-29
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Fix podman build --pull-never
| * | | | | Fix podman build --pull-neverDaniel J Walsh2021-03-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently pull policy is set incorrectly when users set --pull-never. Also pull-policy is not being translated correctly when using podman-remote. Fixes: #9573 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #9854 from vrothberg/fix-9853OpenShift Merge Robot2021-03-29
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | [CI:DOCS] man pages: correct seccomp-policy label
| * | | | | man pages: correct seccomp-policy labelValentin Rothberg2021-03-29
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The implementation uses `io.containers.seccomp.profile` while the docs mentioned `io.podman`. Correct the two references in the docs to reflect the implementation. Fixes: #9853 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #9829 from rhatdan/rmiOpenShift Merge Robot2021-03-28
|\ \ \ \ \ | |_|/ / / |/| | | | [NO TESTS NEEDED] Use same function podman-remote rmi as podman
| * | | | [NO TESTS NEEDED] Use same function podman-remote rmi as podmanDaniel J Walsh2021-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure fixes that go into local podman commands also work in podman-remote, by using the same function. Since this is just a rewrite of existing code, existing tests should handle it. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #9467 from rhatdan/buildahOpenShift Merge Robot2021-03-28
|\ \ \ \ \ | | | | | | | | | | | | [NO TESTS NEEDED] Turn on podman-remote build --isolation
| * | | | | [NO TESTS NEEDED] Turn on podman-remote build --isolationDaniel J Walsh2021-03-26
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently podman only works with --isolation chroot. This PR fixes this by allowing the isolation mode to default to OCI and to also allow users to pass the isolation mode into the containers. The current tests for --isolation should cause this code to be tested. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>