| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
| |
Add support for the ipvlan cni plugin. This allows us to create,
inspect and list ipvlan networks correctly.
Fixes #10478
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
|
|
|
|
| |
Support setting the macvlan mode with `podman network create -d macvlan
--opt mode=bridge`. This will correctly set the specified macvlan mode
in the cni conflist file.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\
| |
| | |
fix inverted condition
|
|/
|
|
|
|
| |
[NO TESTS NEEDED]
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|\
| |
| | |
Wire network interface into libpod
|
| |
| |
| |
| |
| |
| |
| | |
Drivers should return the list of supported network drivers by this
plugin. This is useful for podman info.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Rootless cni with ipv6 needs the `ip6_tables` module loaded, normally
the cni plugins will load this module but as rootless it does not have
the necessary permission to do so. Therefore we load it manually.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We do not use the ocicni code anymore so let's get rid of it. Only the
port struct is used but we can copy this into libpod network types so
we can debloat the binary.
The next step is to remove the OCICNI port mapping form the container
config and use the better PortMapping struct everywhere.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make use of the new network interface in libpod.
This commit contains several breaking changes:
- podman network create only outputs the new network name and not file
path.
- podman network ls shows the network driver instead of the cni version
and plugins.
- podman network inspect outputs the new network struct and not the cni
conflist.
- The bindings and libpod api endpoints have been changed to use the new
network structure.
The container network status is stored in a new field in the state. The
status should be received with the new `c.getNetworkStatus`. This will
migrate the old status to the new format. Therefore old containers should
contine to work correctly in all cases even when network connect/
disconnect is used.
New features:
- podman network reload keeps the ip and mac for more than one network.
- podman container restore keeps the ip and mac for more than one
network.
- The network create compat endpoint can now use more than one ipam
config.
The man pages and the swagger doc are updated to reflect the latest
changes.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
When configs are loaded from disk we need to check if they contain a
ipv6 subnet and set ipv6 enables to true in this case.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The default network should not be validated against used subnets, we have to ensure
that this network can always be created even when a subnet is already used on the host.
This could happen if you run a container on this net, then the cni interface will be
created on the host and "block" this subnet from being used again.
Therefore the next podman command tries to create the default net again and it would
fail because it thinks the network is used on the host.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
Check that the given subnet does not conflict with existing ones (other
configs or host interfaces).
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| | |
| | | |
Fix /auth compat endpoint
|
| |/
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|\ \
| | |
| | | |
container runlabel remove image tag from name
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When no name is given for podman container runlabel it will default to
the image base name. However this can contain a tag. Since podman does
not accept container names with a colon the run command will fail if it
contains something like `podman run --name NAME ...`.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2004263
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Set default storage from containers.conf for temporary images
|
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes: https://github.com/containers/podman/issues/11107
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |/ /
|/| | |
libpod: honor --cgroups=split also with pods
|
| | |
| | |
| | |
| | |
| | |
| | | |
Honor --cgroups=split also when the container is running in a pod.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
vendor: Bump github.com/containers/buildah from 1.22.3 to 1.23.0
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix copy tests after https://github.com/containers/buildah/pull/3486
[NO TESTS NEEDED]
Signed-off-by: Aditya Rajan <arajan@gmail.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Following commit makes sure that podman mirrors --authfile to a temporary
file in filesystem if arg is pointing to an FD instead of actual file
as FD can be only consumed once.
Reference:
* https://github.com/containers/buildah/pull/3498
* https://github.com/containers/buildah/issues/3070
[NO TESTS NEEDED]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[NO TESTS NEEDED]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Pod Volumes Support
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
added support for the --volume flag in pods using the new infra container design.
users can specify all volume options they can with regular containers
resolves #10379
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Show variant and codename of the distribution
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Along with the name (id) and the version(_id)
But only show the information if is available
Examples: Fedora CoreOS, Ubuntu Focal
[NO TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
api: handle nil pointer dereference in api endpoints
|
| | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When `?all=garbage` is passed to an API endpoint schema validation fails
and err is nil. Wrapf uses err to create an error message causing a nil
pointer dereference.
Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
build: take advantage of --platform lists
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The builder can take a list of platforms in the Platforms field of its
BuildOptions argument, and we should definitely take advantage of that.
The `bud-multiple-platform-values` test from buildah exercises support
for this, so
[NO TESTS NEEDED]
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
|\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
[CI:DOCS] Fix example in podman machine init man page
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes #11582
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
[CI:DOCS] Document `all` query parameter for /libpod/images/prune
|
| | |/ / /
| |/| | |
| | | | |
| | | | | |
Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
tests: simplify --cgroups=disabled test and enable for rootless
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | | |
read the cgroup directly from the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
rootfs: Add support for rootfs-overlay.
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Allows users to specify a readonly rootfs with :O, in exchange podman will create a writable overlay.
bump builah to v1.22.1-0.20210823173221-da2b428c56ce
[NO TESTS NEEDED]
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
Use new aarch64 fcos repos
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Now that aarch64 fcos is an official thing, we no longer need to use the side repo (for lack of a better word). We can now use the same image lookup technique as x86_64. I removed the special lookup, moved the x86_64 lookup to generic arch, and removed the arch specific files that we no longer needed.
[NO TESTS NEEDED]
Signed-off-by: baude <baude@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Enhance bindings for IDE hints
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Follow https://pkg.go.dev/cmd/go#hdr-Generate_Go_files_by_processing_source
for leading comment
* Add godoc strings for all exposed methods for IDE support
* Copy field godoc strings into generated code as function godoc string
* Remove unused/unnecessary fields from generator.go structures
* Cleanup code regarding template usage
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \
| | | |
| | | | |
Cirrus: NM/CNI workaround + Remove prior-Ubuntu
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Ref: https://github.com/containers/automation_images/pull/88
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
fix restart always with rootlessport
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
For rootful users ports are forwarded via iptables. To make sure no
other process tries to use them, libpod will bind the ports and pass the
fds to conmon. There seems to be race when a container is restarted
because libpod tries to bind the port before the conmon process exited.
The problem only hapens with the podman service because it keeps the
connection open. Once we have the fd and passed it to conmon the
podman service should close the connection.
To verify run `sudo ss -tulpn` and check that only the conmon process
keeps the port open. Previously you would also see the podman server
process listed.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When a container is automatically restarted due its restart policy and
the container uses rootless cni networking with ports forwarded we have
to start a new rootlessport process since it exits with conmon.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|