summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Allow users to set TMPDIR environmentDaniel J Walsh2020-03-06
| | | | | | | Some users have small /var/tmp directories and need to be able to specify a different location for temporary files, which includes more space. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #5408 from vrothberg/goimportsOpenShift Merge Robot2020-03-06
|\ | | | | golangci: enable goimports
| * golangci: enable goimportsValentin Rothberg2020-03-05
|/ | | | | | Enable the goimports linter and fix reports. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #5039 from cevich/fix_gobin_exit_bugOpenShift Merge Robot2020-03-05
|\ | | | | Cirrus: Fix gate image & false-positive exits
| * Cirrus: Fix gate image & false-positive exitsChris Evich2020-03-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A number of scripts relating to tooling used and the gate container image were not exiting upon errors as intended. Coupled with external service unavailability (i.e. downloading golangci-lint) was observed to cause difficult to debug failures. This change corrects the scripts inside/out of the gate container as well as fixes many golang related path consistency problems vs other CI jobs. After this change, all jobs use consistent path names reducing the number of special-case overrides needed. Lastly, I also made a documentation-pass, updating/correcting as needed, including documenting a likely local validation-failure mode, related to `$EPOCH_TEST_COMMIT`. This is dependent on the developers git environment, so documentation is the only possible "fix". Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #5400 from vrothberg/systemd-gen-cleanupOpenShift Merge Robot2020-03-05
|\ \ | | | | | | generate systemd: remove leading slashes
| * | generate systemd: remove leading slashesValentin Rothberg2020-03-05
|/ / | | | | | | | | | | | | | | | | Remove leading slashes from the run-dir paths. It was meant to make it explicit that we're dealing with an absolute path but user feedback has shown that most are aware. It also cleans up the path in the systemctl status output. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #5382 from vrothberg/systemd-networkOpenShift Merge Robot2020-03-05
|\ \ | | | | | | generate systemd: add network dependencies
| * | generate systemd: add network dependenciesValentin Rothberg2020-03-03
| | | | | | | | | | | | | | | | | | | | | | | | Add network dependencies to generated systemd services to allow for enabling them at system startup and have a working network if needed. Fixes: #4130 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #5397 from rhatdan/vendorOpenShift Merge Robot2020-03-05
|\ \ \ | | | | | | | | Vendor buildah 1.14.2
| * | | Vendor buildah 1.14.2Daniel J Walsh2020-03-04
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #5396 from haircommander/fix_exec_errorOpenShift Merge Robot2020-03-04
|\ \ \ \ | | | | | | | | | | exec: fix error code when conmon fails
| * | | | exec: fix error code when conmon failsPeter Hunt2020-03-04
| |/ / / | | | | | | | | | | | | | | | | | | | | this is a cosmetic change that makes sure podman returns a sane error code when conmon dies underneath it Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | | Merge pull request #5389 from openSUSE/fix-image-sign-helpOpenShift Merge Robot2020-03-04
|\ \ \ \ | |/ / / |/| | | Fix podman image sign help output
| * | | Fix podman image sign help outputSascha Grunert2020-03-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Adjust the help output to mention `podman image sign` instead of just `podman sign`. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | | Merge pull request #5381 from vrothberg/ENVFIXOpenShift Merge Robot2020-03-04
|\ \ \ \ | | | | | | | | | | env: set "container" to current binary
| * | | | env: don't set "container" envValentin Rothberg2020-03-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Leave setting the "container" variable to consumers of pkg/env. Podman is now hard-setting it to "podman" while "libpod" will set it internally to "libpod" if it's unset. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #5370 from TomSweeneyRedHat/dev/tsweeney/b1141OpenShift Merge Robot2020-03-04
|\ \ \ \ \ | | | | | | | | | | | | Bump to Buildah v1.14.1
| * | | | | Bump to Buildah v1.14.1TomSweeneyRedHat2020-03-03
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | As the title says. Bumped to Buildah v1.14.1. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | Merge pull request #5373 from haircommander/exec-pipe-ecOpenShift Merge Robot2020-03-04
|\ \ \ \ \ | | | | | | | | | | | | exec: get the exit code from sync pipe instead of file
| * | | | | Exec: use ErrorConmonReadPeter Hunt2020-03-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before, we were using -1 as a bogus value in podman to signify something went wrong when reading from a conmon pipe. However, conmon uses negative values to indicate the runtime failed, and return the runtime's exit code. instead, we should use a bogus value that is actually bogus. Define that value in the define package as MinInt32 (-1<< 31 - 1), which is outside of the range of possible pids (-1 << 31) Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * | | | | exec: get the exit code from sync pipe instead of filePeter Hunt2020-03-03
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before, we were getting the exit code from the file, in which we waited an arbitrary amount of time (5 seconds) for the file, and segfaulted if we didn't find it. instead, we should be a bit more certain conmon has sent the exit code. Luckily, it sends the exit code along the sync pipe fd, so we can read it from there Adapt the ExecContainer interface to pass along a channel to get the pid and exit code from conmon, to be able to read both from the pipe Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | | | Merge pull request #5385 from baude/makemapOpenShift Merge Robot2020-03-04
|\ \ \ \ \ | | | | | | | | | | | | avoid adding to nil map
| * | | | | avoid adding to nil mapBrent Baude2020-03-03
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | we need to make the environment map to avoid throwing an error when trying to add an environment value from file. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #4772 from boaz0/closes_4628OpenShift Merge Robot2020-03-04
|\ \ \ \ \ | | | | | | | | | | | | Add the rmi flag to podman-run to delete container image
| * | | | | Add the rmi flag to podman-run to delete container imageBoaz Shuster2020-03-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The --rmi flag will delete the container image after its execution unless that image is already been used by another container(s). This is useful when one wants to execute a container once and remove any resources attached to it. Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | | | | Merge pull request #5344 from edsantiago/log_formatOpenShift Merge Robot2020-03-04
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | CI: format cirrus logs
| * | | | | CI: format cirrus logsEd Santiago2020-03-02
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This introduces a new cirrus helper script, logformatter. Usage is: [commands...] | logformatter TEST-NAME It reformats its input into a readable, highlighed, linkable form. Some features: - boring stuff (timestamps, standard podman options) is deemphasized - important stuff (warnings, errors) is emphasized - in-page links to the actual failures - active links to source files - jumps to bottom of page on load, because that's where the errors are. (All errors are linked) Add it to select test commands (integration, system) and add a new artifacts_html, run in the 'always' block, which uploads generated *.log.html into Cirrus; from there we generate a live URL that can be viewed in browser. Unfortunately, due to security concerns in Cirrus, it is not currently possible to make the link a live one. Kludge: add a line of dashes after Restoring images; without this, the first test ("systemd PID 1") has no dashes before it, so logformatter doesn't see it. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #5379 from edsantiago/test_apiv2OpenShift Merge Robot2020-03-03
|\ \ \ \ \ | |_|/ / / |/| | | | APIv2 tests: add tests for stop
| * | | | APIv2 tests: add tests for stopEd Santiago2020-03-03
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | ...and allow status 'stopped' in addition to 'exited'. Fixes: #5336 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #5206 from rhatdan/capabilitiesOpenShift Merge Robot2020-03-03
|\ \ \ \ | |_|/ / |/| | | Allow devs to set labels in container images for default capabilities.
| * | | Update docs/source/markdown/podman-build.1.mdDaniel J Walsh2020-03-02
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | Allow devs to set labels in container images for default capabilities.Daniel J Walsh2020-03-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch allows users to specify the list of capabilities required to run their container image. Setting a image/container label "io.containers.capabilities=setuid,setgid" tells podman that the contained image should work fine with just these two capabilties, instead of running with the default capabilities, podman will launch the container with just these capabilties. If the user or image specified capabilities that are not in the default set, the container will print an error message and will continue to run with the default capabilities. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #5367 from vrothberg/ENVFIXOpenShift Merge Robot2020-03-03
|\ \ \ \ | |_|/ / |/| | | consolidate env handling into pkg/env
| * | | consolidate env handling into pkg/envValentin Rothberg2020-03-03
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | Env-variable related code is scattered across several packages making it hard to maintain and extend. Consolidate the code into a new pkg/env package. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #5371 from edsantiago/apiv2_fixesOpenShift Merge Robot2020-03-02
|\ \ \ | | | | | | | | more swagger fixes
| * | | more swagger fixesEd Santiago2020-03-02
| | | | | | | | | | | | | | | | Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #5363 from mheon/add_ctr_validateOpenShift Merge Robot2020-03-02
|\ \ \ \ | | | | | | | | | | Add validate() for containers
| * | | | Add validate() for containersMatthew Heon2020-03-02
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Until now, we've been validating every part of container configuration through the With... functions that set the options. This if fine when we are just validating the options to an individual function, but things get complicated once we need to validate conflicts between different options. We don't know the order in which things were passed, so we need the validation on both of the potential options that can conflict, resulting in significant code duplication. To solve this, add a validate() function for containers, and use this to check whether everything is in a good state. We can probably move more into this function (there are other parts of container creation that also do validation of a sort) but this is a good start to simplifying our options. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #5333 from edsantiago/test_apiv2OpenShift Merge Robot2020-03-02
|\ \ \ \ | |_|_|/ |/| | | CI: add API v2 tests
| * | | CI: add API v2 testsEd Santiago2020-03-02
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | API v2 has been quiet for a few days, and the test script is actually passing. Let's take advantage of this opportunity to get them running in CI. Requires adding a check for cgroupsv2 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #5347 from baude/apiv2waitOpenShift Merge Robot2020-03-02
|\ \ \ | |_|/ |/| | rework apiv2 wait endpoint|binding
| * | rework apiv2 wait endpoint|bindingBrent Baude2020-02-28
| | | | | | | | | | | | | | | | | | | | | | | | added the ability to wait on a condition (stopped, running, paused...) for a container. if a condition is not provided, wait will default to the stopped condition which uses the original wait code paths. if the condition is stopped, the container exit code will be returned. also, correct a mux issue we discovered. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #5365 from ↵OpenShift Merge Robot2020-03-02
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/opencontainers/selinux-1.3.3 Bump github.com/opencontainers/selinux from 1.3.2 to 1.3.3
| * | | Bump github.com/opencontainers/selinux from 1.3.2 to 1.3.3dependabot-preview[bot]2020-03-02
| | |/ | |/| | | | | | | | | | | | | | | | | | | Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.3.2 to 1.3.3. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.3.2...v1.3.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* | | Merge pull request #5343 from lsm5/fix-exists-urlOpenShift Merge Robot2020-03-02
|\ \ \ | | | | | | | | container Exists: fix URL
| * | | container Exists: fix URLLokesh Mandvekar2020-02-27
| | | | | | | | | | | | | | | | Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | | Merge pull request #5320 from sujil02/podtestOpenShift Merge Robot2020-03-02
|\ \ \ \ | |_|/ / |/| | | Add test to validate prune pod apiv2 binding.
| * | | Update pod bindings and Add test to validate prune pod apiv2 binding.Sujil022020-02-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Modify the pod inspect bindings to hold current pod status. Includes test to validate on pod status and added test to check no or few pods are pruned,if the pods are in exited state. Signed-off-by: Sujil02 <sushah@redhat.com>
* | | | Merge pull request #5342 from cevich/runc_in_f30OpenShift Merge Robot2020-02-28
|\ \ \ \ | | | | | | | | | | Force using runc in F30