summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* [CI:DOCS] troubleshooting.md: Improve language and fix typosErik Sjölund2022-03-05
| | | | Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Merge pull request #13413 from giuseppe/pod-no-use-cgroups-if-disabledOpenShift Merge Robot2022-03-04
|\ | | | | libpod: pods do not use cgroups if --cgroups=disabled
| * libpod: pods do not use cgroups if --cgroups=disabledGiuseppe Scrivano2022-03-03
| | | | | | | | | | | | | | | | | | do not attempt to use cgroups with pods if the cgroups are disabled. A similar check is already in place for containers. Closes: https://github.com/containers/podman/issues/13411 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #13416 from lsm5/release-artifacts-processOpenShift Merge Robot2022-03-03
|\ \ | | | | | | RELEASE_PROCESS.md: build artifacts locally
| * | RELEASE_PROCESS.md: build artifacts locallyLokesh Mandvekar2022-03-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current PR process for release bump has the HEAD commit which bumps version/version.go to the form `release+1-dev`. This makes Cirrus publish release artifacts with `release+1-dev` and not `release`. For example, the msi generated at https://cirrus-ci.com/task/5403901196238848 says podman-v4.0.3-dev.msi . Building locally by checking out the released tag would generate the correct artifacts and would also be faster and more convenient. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | Merge pull request #13404 from flouthoc/bump-to-race-free-depsOpenShift Merge Robot2022-03-03
|\ \ \ | |/ / |/| | deps: bump to race-free `c/image` and `c/storage` along with test to verify `concurrent/parallel` builds
| * | test: add a test to verify race free concurrent/parallel buildsAditya R2022-03-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Invoking parallel/concurrent builds from podman race against each other following behviour was fixed in https://github.com/containers/storage/pull/1153 and https://github.com/containers/image/pull/1480 Test verifies if following bug is fixed in new race-free API or not. Read more about this issue, see bz 2055487 for more details. More details here: https://github.com/containers/buildah/pull/3794 and https://github.com/containers/podman/pull/13339 Co-authored-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Aditya R <arajan@redhat.com>
| * | vendor: bump c/image to main/9a9cd9Aditya R2022-03-02
| | | | | | | | | | | | | | | | | | | | | Bump c/image to upstream main/9a9cd9 so podman could use new race-free code. Signed-off-by: Aditya R <arajan@redhat.com>
| * | vendor: bump c/storage to main/d06b0fAditya R2022-03-02
| |/ | | | | | | | | | | | | Bump c/storage to main/d06b0f so we podman could use new `race-free` `AddNames` and `RemoveNames` api Signed-off-by: Aditya R <arajan@redhat.com>
* | Merge pull request #13399 from flouthoc/resolve-workdir-symlinkOpenShift Merge Robot2022-03-02
|\ \ | |/ |/| container: workdir resolution must consider `symlink` if explicitly configured
| * container: workdir resolution must consider symlink if explicitly configuredAditya R2022-03-02
|/ | | | | | | | | | | | | | | | | | | | | | | While resolving `workdir` we mostly create a `workdir` when `stat` fails with `ENOENT` or `ErrNotExist` however following cases are not true when user explicitly specifies a `workdir` while `running` using `--workdir` which tells `podman` to only use workdir if its exists on the container. Following configuration is implicity set with other `run` mechanism like `podman play kube` Problem with explicit `--workdir` or similar implicit config in `podman play kube` is that currently podman ignores the fact that workdir can also be a `symlink` and actual `link` could be valid. Hence following commit ensures that in such scenarios when a `workdir` is not found and we cannot create a `workdir` podman must perform a check to ensure that if `workdir` is a `symlink` and `link` is resolved successfully and resolved link is present on the container then we return as it is. Docker performs a similar behviour. Signed-off-by: Aditya R <arajan@redhat.com>
* Merge pull request #13375 from kousu/repair-13123OpenShift Merge Robot2022-03-01
|\ | | | | Use storage that better supports rootless overlayfs
| * Use storage that better supports rootless overlayfsNick Guenther2022-03-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | overlayfs -- the kernel's version, not fuse-overlayfs -- recently learned (as of linux 5.16.0, I believe) how to support rootless users. Previously, rootless users had to use these storage.conf(5) settings: * storage.driver=vfs (aka STORAGE_DRIVER=vfs), or * storage.driver=overlay (aka STORAGE_DRIVER=overlay), storage.options.overlay.mount_program=/usr/bin/fuse-overlayfs (aka STORAGE_OPTS=/usr/bin/fuse-overlayfs) Now that a third backend is available, setting only: * storage.driver=overlay (aka STORAGE_DRIVER=overlay) https://github.com/containers/podman/issues/13123 reported EXDEV errors during the normal operation of their container. Tracing it out, the problem turned out to be that their container was being mounted without 'userxattr'; I don't fully understand why, but mount(8) mentions this is needed for rootless users: > userxattr > > Use the "user.overlay." xattr namespace instead of "trusted.overlay.". > This is useful for unprivileged mounting of overlayfs. https://github.com/containers/storage/pull/1156 found and fixed the issue in podman, and this just pulls in that via go get github.com/containers/storage@ebc90ab go mod vendor make vendor Closes https://github.com/containers/podman/issues/13123 Signed-off-by: Nick Guenther <nick.guenther@polymtl.ca>
* | Merge pull request #13391 from baude/revertOpenShift Merge Robot2022-03-01
|\ \ | | | | | | Revert "use GetRuntimeDir() from c/common"
| * | Revert "use GetRuntimeDir() from c/common"Brent Baude2022-03-01
| |/ | | | | | | | | | | | | | | This reverts commit fc5cf812c81a10f8a021aae11df5f12ab2a6f6f6. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #13380 from jwhonce/wip/docker-pyOpenShift Merge Robot2022-03-01
|\ \ | |/ |/| Refactor docker-py compatibility tests
| * Refactor docker-py compatibility testsJhon Honce2022-03-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add which python client is being used to run tests, see "python client" below. * Remove redundate code from test classes * Update/Add comments to modules and classes ======================================================= test session starts ======================================================== platform linux -- Python 3.10.0, pytest-6.2.4, py-1.10.0, pluggy-0.13.1 python client -- DockerClient rootdir: /home/jhonce/Projects/go/src/github.com/containers/podman plugins: requests-mock-1.8.0 collected 33 items test/python/docker/compat/test_containers.py ...s.............. [ 54%] test/python/docker/compat/test_images.py ............ [ 90%] test/python/docker/compat/test_system.py ... [100%] Note: Follow-up PRs will verify the test results and expand the tests. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #13362 from keonchennl/pod-logs-add-flagOpenShift Merge Robot2022-03-01
|\ \ | | | | | | Add the names flag for pod logs
| * | Add the names flag for pod logsXueyuan Chen2022-03-01
| |/ | | | | | | | | | | Fixes containers#13261 Signed-off-by: Xueyuan Chen <X.Chen-47@student.tudelft.nl>
* | Merge pull request #13318 from rhatdan/volumeOpenShift Merge Robot2022-03-01
|\ \ | | | | | | Add podman volume mount support
| * | Add podman volume mount supportDaniel J Walsh2022-02-28
| |/ | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/12768 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13374 from cevich/fix_dupe_docker_testingOpenShift Merge Robot2022-02-28
|\ \ | | | | | | Clarify v2 API testing for podman vs docker clients
| * | Clarify v2 API testing for podman vs docker clientsChris Evich2022-02-28
| |/ | | | | | | | | | | Fixes: #13273 Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #13372 from ashley-cui/binarypathOpenShift Merge Robot2022-02-28
|\ \ | |/ |/| Allow setting binarypath from Makefile
| * Allow setting binarypath from MakefileAshley Cui2022-02-28
| | | | | | | | | | | | | | | | | | | | Packagers for other distributions and package managers may put their helper binaries in other location prefixes. Add HELPER_BINARIES_DIR to the makefile so packagers can set the prefix when building Podman. HELPER_BINARIES_DIR will be set at link-time. Example usage: make podman-remote HELPER_BINARIES_DIR=/my/location/prefix Signed-off-by: Ashley Cui <acui@redhat.com>
| * Vendor in containers/common@mainAshley Cui2022-02-28
| | | | | | | | Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #13353 from lsm5/copr-packaging-macroOpenShift Merge Robot2022-02-26
|\ \ | |/ |/| copr packaging: use generic macros for tmpfiles and modules load dirs
| * copr packaging: use generic macros for tmpfiles and modules load dirsLokesh Mandvekar2022-02-25
|/ | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* Merge pull request #13343 from afbjorklund/dpkg-packageOpenShift Merge Robot2022-02-25
|\ | | | | Show version of the deb package in info output
| * Show version of the deb package in info outputAnders F Björklund2022-02-24
|/ | | | | | | | | Previously just showing name of the package, followed by the path repeated again (already stated on the line above) [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* Merge pull request #13336 from ↵OpenShift Merge Robot2022-02-24
|\ | | | | | | | | containers/dependabot/go_modules/github.com/containernetworking/plugins-1.1.0 Bump github.com/containernetworking/plugins from 1.0.1 to 1.1.0
| * Bump github.com/containernetworking/plugins from 1.0.1 to 1.1.0dependabot[bot]2022-02-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.0.1 to 1.1.0. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.0.1...v1.1.0) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | Merge pull request #13325 from xordspar0/configmap-error-msgOpenShift Merge Robot2022-02-24
|\ \ | |/ |/| Improve the error message for usused configMaps
| * Improve the error message for usused configMapsJordan Christiansen2022-02-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If you run `podman play kube` on a yaml file that only contains configMaps, podman will fail with the error: Error: YAML document does not contain any supported kube kind This is not strictly true; configMaps are a supported kube kind. The problem is that configMaps aren't a standalone entity. They have to be used in a container somewhere, otherwise they don't do anything. This change adds a new message in the case when there only configMaps resources. It would be helpful if podman reported which configMaps are unused on every invocation of kube play. However, even if that feedback were added, this new error messages still helpfully explains the reason that podman is not creating any resources. [NO NEW TESTS NEEDED] Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | Merge pull request #13333 from vrothberg/systemd-docs-infra-containerOpenShift Merge Robot2022-02-24
|\ \ | | | | | | [CI:DOCS] generate-systemd: pod requires an infra container
| * | docs: generate-systemd: pod requires an infra containerValentin Rothberg2022-02-24
|/ / | | | | | | | | | | | | | | | | | | | | Generating unit files for a pod requires the pod to be created with an infra container (see `--infra=true`). An infra container runs across the entire lifespan of a pod and is hence required for systemd to manage the life cycle of the pod's main unit. This issue came up on the mailing list. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #13157 from ydayagi/mainOpenShift Merge Robot2022-02-23
|\ \ | | | | | | play kube: set defaults to container resources
| * | play kube: set defaults to container resourcesYaron Dayagi2022-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this fixes https://github.com/containers/podman/issues/13115 the change tries to immitate k8s behavior. when limits are not set the container's limits are all CPU and all RAM when requests are missing then they are equal to limits Signed-off-by: Yaron Dayagi <ydayagi@redhat.com>
* | | Merge pull request #13314 from flouthoc/container-commit-squashOpenShift Merge Robot2022-02-23
|\ \ \ | | | | | | | | container-commit: support `--squash` to squash layers into one if users want.
| * | | container-commit: support --squash to squash layers into oneAditya R2022-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow users to commit containers into a single layer. Usage ```bash podman container commit --squash <name> ``` Signed-off-by: Aditya R <arajan@redhat.com>
* | | | Merge pull request #13323 from Luap99/iptables-moduleOpenShift Merge Robot2022-02-23
|\ \ \ \ | | | | | | | | | | Load ip_tables modules at boot
| * | | | Load ip_tables modules at bootPaul Holzinger2022-02-23
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rootless users cannot load the ip_tables module, in fedora 36 this module is no longer loaded by default so we have to add it manually. This is needed because rootless network setup tries to use iptables and if iptables-legacy is used instead of iptables-nft it will fail. To provide a better user experience we will load the module at boot. Note that this is not needed for RHEL because iptables-legacy is not supported on RHEL 8 and newer. [NO NEW TESTS NEEDED] Fixes #12661 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #13231 from ↵OpenShift Merge Robot2022-02-23
|\ \ \ \ | |_|_|/ |/| | | | | | | | | | | eriksjolund/troubleshooting_mention_systemd-run_and_machinectl [CI:DOCS] troubleshooting: mention machinectl and systemd-run
| * | | [CI:DOCS] troubleshooting: mention machinectl and systemd-runErik Sjölund2022-02-18
| | | | | | | | | | | | | | | | Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | Merge pull request #13317 from elezar/update-cdi-moduleOpenShift Merge Robot2022-02-23
|\ \ \ \ | | | | | | | | | | Update CDI go dependency to v0.3.0
| * | | | Bump CDI go dependency to v0.3.0Evan Lezar2022-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This updates the CDI dependency to the v0.3.0 tagged version instead of relying on a pseudo version. This also addresses the fact that cgroups are not set correctly for devices using the previous dependency. Signed-off-by: Evan Lezar <elezar@nvidia.com>
* | | | | Merge pull request #13320 from giuseppe/play-kube-honor-propagation-modeOpenShift Merge Robot2022-02-23
|\ \ \ \ \ | |_|_|/ / |/| | | | kube: honor mount propagation mode
| * | | | kube: honor mount propagation modeGiuseppe Scrivano2022-02-23
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | convert the propagation mode specified for the mount to the expected Linux mount option. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #13232 from rhatdan/volumesOpenShift Merge Robot2022-02-23
|\ \ \ \ | |/ / / |/| | | Don't log errors on removing volumes inuse, if container --volumes-from
| * | | Don't log errors on removing volumes inuse, if container --volumes-fromDaniel J Walsh2022-02-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When removing a container created with a --volumes-from a container created with a built in volume, we complain if the original container still exists. Since this is an expected state, we should not complain about it. Fixes: https://github.com/containers/podman/issues/12808 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>