summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #1846 from cgwalters/netns-dns-localhostOpenShift Merge Robot2018-11-28
|\ | | | | Use host's resolv.conf if no network namespace enabled
| * Use host's resolv.conf if no network namespace enabledColin Walters2018-11-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | My host system runs Fedora Silverblue 29 and I have NetworkManager's `dns=dnsmasq` setting enabled, so my `/etc/resolv.conf` only has `127.0.0.1`. I also run my development podman containers with `--net=host` for various reasons. If we have a host network namespace, there's no reason not to just use the host's nameserver configuration either. This fixes e.g. accessing content on a VPN, and is also faster since the container is using cached DNS. I know this doesn't solve the bigger picture issue of localhost-DNS conflicting with bridged networking, but that's far more involved, probably requiring a DNS proxy in the container. This patch makes my workflow a lot nicer and was easy to write. Signed-off-by: Colin Walters <walters@verbum.org>
* | Merge pull request #1879 from mheon/stop_stopped_is_validOpenShift Merge Robot2018-11-28
|\ \ | | | | | | Stopping a stopped container is not an error for Podman
| * | Add test to ensure stopping a stopped container worksMatthew Heon2018-11-28
| | | | | | | | | | | | | | | | | | | | | We regressed on this at some point. Adding a new test should help ensure that doesn't happen again. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | Stopping a stopped container is not an error for PodmanMatthew Heon2018-11-28
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | | Merge pull request #1848 from adrianreber/masterOpenShift Merge Robot2018-11-28
|\ \ \ | |/ / |/| | Add tcp-established to checkpoint/restore
| * | Added more checkpoint/restore test casesAdrian Reber2018-11-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds checkpoint/restore test cases for the newly added options * --leave-running * --tcp-established * --all * --latest Signed-off-by: Adrian Reber <areber@redhat.com>
| * | Fix podman container restore -aAdrian Reber2018-11-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman container restore -a was using the wrong filter to restore checkpointed containers. This switches from 'running' containers to 'exited' containers. Restoring with -a only works if all exited containers have been checkpointed. Maybe it would make sense to track which containers have been really checkpointed. This is just to fix '-a' to work at least if all exited containers have been checkpointed. Signed-off-by: Adrian Reber <areber@redhat.com>
| * | Update bash completion for checkpoint/restoreAdrian Reber2018-11-28
| | | | | | | | | | | | | | | | | | | | | This brings all the recent changes to checkpoint/restore to the bash completion. Signed-off-by: Adrian Reber <areber@redhat.com>
| * | Add '--tcp-established' to checkpoint/restore man pageAdrian Reber2018-11-28
| | | | | | | | | | | | Signed-off-by: Adrian Reber <areber@redhat.com>
| * | Added tcp-established to checkpoint/restoreAdrian Reber2018-11-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CRIU can checkpoint and restore processes/containers with established TCP connections if the correct option is specified. To implement checkpoint and restore with support for established TCP connections with Podman this commit adds the necessary options to runc during checkpoint and also tells conmon during restore to use 'runc restore' with '--tcp-established'. For this Podman feature to work a corresponding conmon change is required. Example: $ podman run --tmpfs /tmp --name podman-criu-test -d docker://docker.io/yovfiatbeb/podman-criu-test $ nc `podman inspect -l | jq -r '.[0].NetworkSettings.IPAddress'` 8080 GET /examples/servlets/servlet/HelloWorldExample Connection: keep-alive 1 GET /examples/servlets/servlet/HelloWorldExample Connection: keep-alive 2 $ # Using HTTP keep-alive multiple requests are send to the server in the container $ # Different terminal: $ podman container checkpoint -l criu failed: type NOTIFY errno 0 $ # Looking at the log file would show errors because of established TCP connections $ podman container checkpoint -l --tcp-established $ # This works now and after the restore the same connection as above can be used for requests $ podman container restore -l --tcp-established The restore would fail without '--tcp-established' as the checkpoint image contains established TCP connections. Signed-off-by: Adrian Reber <areber@redhat.com>
| * | Remove unused CRIU_COMMIT variableAdrian Reber2018-11-28
| | | | | | | | | | | | Signed-off-by: Adrian Reber <areber@redhat.com>
| * | Point CRIU_COMMIT to CRIU release 3.11Adrian Reber2018-11-28
| | | | | | | | | | | | | | | | | | The old commit points to the development branch and is not stable. Signed-off-by: Adrian Reber <areber@redhat.com>
| * | Updated CRIO_COMMIT to pull in new conmon for CRIUAdrian Reber2018-11-28
| | | | | | | | | | | | Signed-off-by: Adrian Reber <areber@redhat.com>
| * | Use also a struct to pass options to Restore()Adrian Reber2018-11-28
| |/ | | | | | | | | | | | | | | | | | | | | | | | | This is basically the same change as ff47a4c2d5485fc49f937f3ce0c4e2fd6bdb1956 (Use a struct to pass options to Checkpoint()) just for the Restore() function. It is used to pass multiple restore options to the API and down to conmon which is used to restore containers. This is for the upcoming changes to support checkpointing and restoring containers with '--tcp-established'. Signed-off-by: Adrian Reber <areber@redhat.com>
* | Merge pull request #1849 from giuseppe/report-rootless-netmodeOpenShift Merge Robot2018-11-28
|\ \ | | | | | | rootless: add new netmode "slirp4netns"
| * | network: allow slirp4netns mode also for root containersGiuseppe Scrivano2018-11-28
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: add new netmode "slirp4netns"Giuseppe Scrivano2018-11-27
| | | | | | | | | | | | | | | | | | | | | | | | so that inspect reports the correct network configuration. Closes: https://github.com/containers/libpod/issues/1453 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | tests: change return type for PodmanAsUser to PodmanTestIntegrationGiuseppe Scrivano2018-11-27
| |/ | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #1833 from giuseppe/remove-exec-pollingOpenShift Merge Robot2018-11-28
|\ \ | | | | | | exec: remove polling for PID file
| * | util: use fsnotify to wait for fileGiuseppe Scrivano2018-11-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | prefer a fsnotify watcher to polling the file, we take advantage of inotify on Linux and react more promptly to the PID file being created. If the watcher cannot be created, then fallback to the old polling mechanism. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | exec: don't wait for pidfile when the runtime exitedGiuseppe Scrivano2018-11-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | don't wait for the timeout to expire if the runtime process exited. I've noticed podman to hang on exit and keeping the container lock taken when the OCI runtime already exited. Additionally, it reduces the waiting time as we won't hit the 25 milliseconds waiting time in the worst case. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #1839 from giuseppe/storage-save-only-subsetOpenShift Merge Robot2018-11-28
|\ \ \ | | | | | | | | rootless: store only subset of storage.conf
| * | | rootless: store only subset of storage.confGiuseppe Scrivano2018-11-28
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | do not store the entire file but only the subset of what we have modified. Also, we were not writing the correct data. Since it is not trivial to serialize storage.conf correctly and all the various supported options, serialize only what we care about. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #1837 from giuseppe/vndr-selinuxOpenShift Merge Robot2018-11-28
|\ \ \ | | | | | | | | vendor: update selinux
| * | | vendor: update selinuxGiuseppe Scrivano2018-11-28
| |/ / | | | | | | | | | | | | | | | | | | inherit a change for not failing a recursive relabelling if the file is removed between the directory is read and the lsetxattr syscall. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #1861 from giuseppe/fix-rootless-cleanupOpenShift Merge Robot2018-11-28
|\ \ \ | |/ / |/| | rootless: fix cleanup
| * | rootless: fix cleanupGiuseppe Scrivano2018-11-28
|/ / | | | | | | | | | | | | | | | | | | | | | | | | The conmon exit command is running inside of a namespace where the process is running with uid=0. When it launches again podman for the cleanup, podman is not running in rootless mode as the uid=0. Export some more env variables to tell podman we are in rootless mode. Closes: https://github.com/containers/libpod/issues/1859 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #1878 from giuseppe/fix-static-ip-testOpenShift Merge Robot2018-11-27
|\ \ | | | | | | test: cleanup CNI network used by the tests
| * | test: cleanup CNI network used by the testsGiuseppe Scrivano2018-11-27
|/ / | | | | | | | | | | | | | | issue introduced with: https://github.com/containers/libpod/pull/1871 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #1874 from ypu/mount-testOpenShift Merge Robot2018-11-27
|\ \ | | | | | | Improve podman run --mount test
| * | Remove mount options relatime from podman run --mount with sharedYiqiao Pu2018-11-27
| | | | | | | | | | | | | | | | | | | | | In some test env, mount with shared options is not included relatime in the mountinfo file. So remove this from the test case. Signed-off-by: Yiqiao Pu <ypu@redhat.com>
| * | Update test case name to podman run with --mount flagYiqiao Pu2018-11-27
| | | | | | | | | | | | | | | | | | | | | Update the test case name to make it easier to filter --mount related test cases with -ginkgo.focus. Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* | | Merge pull request #1863 from afbjorklund/podman_versionOpenShift Merge Robot2018-11-27
|\ \ \ | | | | | | | | Actually set version for podman module / pypodman
| * | | Actually set version for podman module / pypodmanAnders F Björklund2018-11-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The environment variable wasn't set, giving 0.0.0 It is a still a problem if you use python3 to build, rather than make. You *need* to set $PODMAN_VERSION, or your module and packages won't have the version. Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | | Merge pull request #1832 from giuseppe/always-make-explicit-tty-to-execOpenShift Merge Robot2018-11-27
|\ \ \ \ | | | | | | | | | | exec: always make explicit the tty value
| * | | | exec: always make explicit the tty valueGiuseppe Scrivano2018-11-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | otherwise runc will take by default the value used for creating the container. Setting it explicit overrides its default value and we won't end up trying to use a terminal when not available. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1625876 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #1871 from ypu/ip-testOpenShift Merge Robot2018-11-27
|\ \ \ \ \ | |_|_|_|/ |/| | | | Add some tests for --ip flag with run and create command
| * | | | Add some tests for --ip flag with run and create commandYiqiao Pu2018-11-27
| | |_|/ | |/| | | | | | | | | | Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* | | | Merge pull request #1850 from vrothberg/mount-propagationOpenShift Merge Robot2018-11-27
|\ \ \ \ | | | | | | | | | | set root propagation based on volume properties
| * | | | set root propagation based on volume propertiesValentin Rothberg2018-11-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set the root propagation based on the properties of volumes and default mounts. To remain compatibility, follow the semantics of Docker. If a volume is shared, keep the root propagation shared which works for slave and private volumes too. For slave volumes, it can either be shared or rshared. Do not change the root propagation for private volumes and stick with the default. Fixes: #1834 Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
* | | | | Merge pull request #1734 from rhatdan/networkOpenShift Merge Robot2018-11-27
|\ \ \ \ \ | |_|/ / / |/| | | | libpod should know if the network is disabled
| * | | | libpod should know if the network is disabledDaniel J Walsh2018-11-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | /etc/resolv.conf and /etc/hosts should not be created and mounted when the network is disabled. We should not be calling the network setup and cleanup functions when it is disabled either. In doing this patch, I found that all of the bind mounts were particular to Linux along with the generate functions, so I moved them to container_internal_linux.go Since we are checking if we are using a network namespace, we need to check after the network namespaces has been created in the spec. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #1868 from QiWang19/issue860OpenShift Merge Robot2018-11-26
|\ \ \ \ \ | | | | | | | | | | | | Add history field to image inspect
| * | | | | Add history and namespaceoptions to image inspectQi Wang2018-11-26
| | |/ / / | |/| | | | | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | Merge pull request #1838 from umohnani8/vendorOpenShift Merge Robot2018-11-26
|\ \ \ \ \ | | | | | | | | | | | | Vendor in latest containers/buildah
| * | | | | Vendor in latest containers/buildahUrvashi Mohnani2018-11-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulls in fix for COPY --from when using --layers Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | | | Merge pull request #1865 from baude/existsOpenShift Merge Robot2018-11-26
|\ \ \ \ \ \ | | | | | | | | | | | | | | add podman container|image exists
| * | | | | | add podman container|image existsbaude2018-11-26
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add an exists subcommand to podman container and podman image that allows users to verify the existence of a container or image by ID or name. The return code can be 0 (success), 1 (failed to find), or 125 (failed to work with runtime). Issue #1845 Signed-off-by: baude <bbaude@redhat.com>
* | | | | | Merge pull request #1860 from TomasTomecek/version-add-formatOpenShift Merge Robot2018-11-25
|\ \ \ \ \ \ | | | | | | | | | | | | | | implement --format for version command