summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #14483 from ↵OpenShift Merge Robot2022-06-07
|\ | | | | | | | | jakecorrenti/restart-privelaged-containers-after-host-device-change Privileged containers can now restart if the host devices change
| * Privileged containers can now restart if the host devices changeJake Correnti2022-06-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a privileged container is running, stops, and the devices on the host change, such as a USB device is unplugged, then a container would no longer start. Previously, the devices from the host were only being added to the container once: when the container was created. Now, this happens every time the container starts. I did this by adding a boolean to the container config that indicates whether to mount all of the devices or not, which can be set via an option. During spec generation, if the `MountAllDevices` option is set in the container config, all host devices are added to the container. Additionally, a couple of functions from `pkg/specgen/generate/config_linux.go` were moved into `pkg/util/utils_linux.go` as they were needed in multiple packages. Closes #13899 Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* | Merge pull request #14512 from cdoern/infraInheritOpenShift Merge Robot2022-06-07
|\ \ | | | | | | Infra Inheritance patch
| * | Infra Inheritance patchcdoern2022-06-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | infra was overriding options that it should be appending rather than resetting. fix this by appending the given container's spec to the compatible options before marshaling/unmarshaling resolves #14454 Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #14479 from ibotty/patch-1OpenShift Merge Robot2022-06-07
|\ \ \ | | | | | | | | [CI:DOCS] Add docs of changing default netavark networks
| * | | Add docs of changing default netavark networksTobias Florek2022-06-07
| |/ / | | | | | | | | | Signed-off-by: Tobias Florek <tob@butter.sh>
* | | Merge pull request #14438 from cevich/replace_skipsOpenShift Merge Robot2022-06-07
|\ \ \ | |/ / |/| | Cirrus: Simplify only_if/skip + optimize multiarch
| * | Cirrus: Simplify only_if/skip + optimize multiarchChris Evich2022-06-07
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Using both the 'skip' and 'only_if' features at the same time may be hard for maintainers to decipher. Consolidate them into `only_if` since that bypasses creation of the task all together - meaning there are potentially fewer tasks for a developer to scroll through. Since the `multiarch` Cirrus-Cron build no-longer depends on the direct "build-ability" from the current repo. state, it can be further optimized. When operating in this context, avoid running many/most other tasks, depending instead only on `ext_svc_check`. Finally, add a simple document describing the various runtime contexts along with the list of expected tasks. Reference this prominently right in front of every `only_if` so it's impossible for a maintainer to miss. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #14507 from Luap99/userns-netOpenShift Merge Robot2022-06-07
|\ \ | | | | | | libpod: store network status when userns is used
| * | libpod: store network status when userns is usedPaul Holzinger2022-06-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container with a userns is created the network setup is special. Normally the netns is setup before the oci runtime container is created, however with a userns the container is created first and then the network is setup. In the second case we never saved the container state afterwards. Because of it, podman inspect would not show the network info and network teardown will not happen. This worked with local podman because there was a save() call later in the code path which then also saved the network status. But in the podman API code path this save never happened thus all containers started via API had this problem. Fixes #14465 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #14506 from ↵OpenShift Merge Robot2022-06-07
|\ \ \ | |/ / |/| | | | | | | | containers/dependabot/go_modules/github.com/docker/docker-20.10.17incompatible Bump github.com/docker/docker from 20.10.16+incompatible to 20.10.17+incompatible
| * | Bump github.com/docker/dockerdependabot[bot]2022-06-07
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.16+incompatible to 20.10.17+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md) - [Commits](https://github.com/docker/docker/compare/v20.10.16...v20.10.17) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | Merge pull request #14499 from giuseppe/make-error-clearerOpenShift Merge Robot2022-06-07
|\ \ | | | | | | runtime: make error clearer
| * | runtime: make error clearerGiuseppe Scrivano2022-06-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | make the error clearer and state that images created by other tools might not be visible to Podman when it overrides the graph driver. Closes: https://github.com/containers/podman/issues/13970 [NO NEW TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #14502 from mheon/readme_updatesOpenShift Merge Robot2022-06-06
|\ \ \ | | | | | | | | [CI:DOCS] Add some Readme updates around machine
| * | | Add some Readme updates around machineMatthew Heon2022-06-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We really should be advertising our Mac and Windows support more prominently. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #14474 from flouthoc/non-volatile-overlay-volumeOpenShift Merge Robot2022-06-06
|\ \ \ \ | |/ / / |/| | | overlay-volumes: add support for non-volatile `upperdir`,`workdir` for `overlay` volumes
| * | | overlay-volumes: add support for non-volatile upperdir,workdir for anonymous ↵Aditya R2022-06-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | volumes Similar feature was added for named overlay volumes here: https://github.com/containers/podman/pull/12712 Following PR just mimics similar feature for anonymous volumes. Often users want their anonymous overlayed volumes to be `non-volatile` in nature that means that same `upper` dir can be re-used by one or more containers but overall of nature of volumes still have to be overlay so work done is still on a overlay not on the actual volume. Following PR adds support for more advanced options i.e custom `workdir` and `upperdir` for overlayed volumes. So that users can re-use `workdir` and `upperdir` across new containers as well. Usage ```console podman run -it -v /some/path:/data:O,upperdir=/path/persistant/upper,workdir=/path/persistant/work alpine sh ``` Signed-off-by: Aditya R <arajan@redhat.com>
* | | | Merge pull request #14500 from cevich/tickle_podmanimageDaniel J Walsh2022-06-06
|\ \ \ \ | |_|/ / |/| | | [CI:BUILD] Minor: Remove useless addition of storage.conf
| * | | Minor: Remove useless addition of storage.confChris Evich2022-06-06
|/ / / | | | | | | | | | | | | | | | | | | | | | This was an accidental leftover from an in-development implementation. The `sed` command further down entirely replaces the file in the image. Strip out the unnecessary 'storage.conf' ADD instruction. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #14485 from ashley-cui/flakeOpenShift Merge Robot2022-06-06
|\ \ \ | | | | | | | | Fix secret-verify-leak flake: set build context to subdir
| * | | Fix secret-verify-leak flake: set build context to subdirAshley Cui2022-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Setting the build context to a dedicated subdir makes sure that the test does not flake when running in parallel, as the test is isolated from other tests that may dump secrets in a higher level context dir. This should have been done in https://github.com/containers/podman/pull/13457, as this makes that PR actually work. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | Merge pull request #14497 from ↵OpenShift Merge Robot2022-06-06
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | containers/dependabot/go_modules/github.com/stretchr/testify-1.7.2 Bump github.com/stretchr/testify from 1.7.1 to 1.7.2
| * | | Bump github.com/stretchr/testify from 1.7.1 to 1.7.2dependabot[bot]2022-06-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.7.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.7.1...v1.7.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | Merge pull request #14453 from ↵OpenShift Merge Robot2022-06-06
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | flouthoc/support-additional-build-context-on-remote remote: enable support for additional `--build-context` on macOS and remote
| * | | | tests: buildah-bud fix reason for skipAditya R2022-06-03
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Aditya R <arajan@redhat.com>
| * | | | podman-remote: enable support for additional build-context on macOS, remoteAditya R2022-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Feature of additional build context added here https://github.com/containers/buildah/pull/3978 already exists on `podman` following PR just enables this feature of `podman-remote` and `podman on macOS` setups. Signed-off-by: Aditya R <arajan@redhat.com>
* | | | | Merge pull request #14487 from TomSweeneyRedHat/dev/tsweeney/fiximagedocOpenShift Merge Robot2022-06-06
|\ \ \ \ \ | |_|/ / / |/| | | | [CI:DOCS] PodmanImage Readme touchup
| * | | | [CI:DOCS] PodmanImage Readme touchuptomsweeneyredhat2022-06-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | @cevich recently renamed all the files named Dockerfile to Containerfile in this directory. Touching up the README.md to reflect that. Also, as I was doing the submit, I noticed a couple of nits in the PR request template and cleaned those up. Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
* | | | | Merge pull request #14496 from tupyy/fix-lefovers-from-focusOpenShift Merge Robot2022-06-06
|\ \ \ \ \ | |/ / / / |/| | | | Cleanup the leftovers in `play kube` e2e test used for ginkgo focus option
| * | | | Cleanup the leftovers used with ginkgo focus optionCosmin Tupangiu2022-06-06
|/ / / / | | | | | | | | | | | | Signed-off-by: Cosmin Tupangiu <cosmin@redhat.com>
* | | | Merge pull request #14477 from Luap99/partial-logsOpenShift Merge Robot2022-06-03
|\ \ \ \ | | | | | | | | | | podman logs k8s-file: do not reassemble partial log lines
| * | | | podman logs k8s-file: do not reassemble partial log linesPaul Holzinger2022-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The backend should not convert partial lines to full log lines. While this works for most cases it cannot work when the last line is partial since it will just be lost. The frontend logic can already display partial lines correctly. The journald driver also works correctly since it does not such conversion. Fixes #14458 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #14466 from mheon/fix_9075OpenShift Merge Robot2022-06-03
|\ \ \ \ \ | | | | | | | | | | | | Improve robustness of `podman system reset`
| * | | | | Improve robustness of `podman system reset`Matthew Heon2022-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Firstly, reset is now managed by the runtime itself as a part of initialization. This ensures that it can be used even with runtimes that would otherwise fail to be created - most notably, when the user has changed a core path (runroot/root/tmpdir/staticdir). Secondly, we now attempt a best-effort removal even if the store completely fails to be configured. Third, we now hold the alive lock for the entire reset operation. This ensures that no other Podman process can start while we are running a system reset, and removes any possibility of a race where a user tries to create containers or pull images while we are trying to perform a reset. [NO NEW TESTS NEEDED] we do not test reset last I checked. Fixes #9075 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | | Merge pull request #14478 from nicrowe00/kubefixOpenShift Merge Robot2022-06-03
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Use logDriver instead of query.LogDriver for podman play kube
| * | | | | Using logDriver instead of query.LogDriver for podman play kubeNiall Crowe2022-06-03
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Quick fix in play.go to use logDriver to set the correct log driver rather than overwriting query.LogDriver. [NO NEW TESTS NEEDED] Signed-off-by: Niall Crowe <nicrowe@redhat.com>
* | | | | Merge pull request #14437 from cevich/fix_podmanimageOpenShift Merge Robot2022-06-03
|\ \ \ \ \ | | | | | | | | | | | | [CI:BUILD] Podman image: Mass cleanup + fix missing storage.conf
| * | | | | Podman image: Mass cleanup + fix missing storage.confChris Evich2022-06-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As of Fedora 36, `/etc/containers/storage.conf` with defaults is installed under `/usr/share/containers/`. This was causing builds to fail in the necessary `sed` command that enables fuse-overlayfs. Fix this by using sed on the new location with an output redirect into the `etc` location. Also, perform a mass-cleanup of the three files to make them easier to read/maintain. Including renaming them to `Containerfile`, since all native build tooling is now used to produce them. Lastly, take advantage of the `podman-next` copr repository to install the latest/greatest podman from `main`, rather than building it from scratch. This will greatly speed up the image build speed. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #14475 from vrothberg/fix-14468OpenShift Merge Robot2022-06-03
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | test/e2e/save_test.go: fix flake
| * | | | | test/e2e/save_test.go: fix flakeValentin Rothberg2022-06-03
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Save at most three images and sort them by size. The test started to flake as _all_ local images were saved which is not neccessary. Fixes: #14468 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | | Merge pull request #14470 from shanesmith/machine-force-remove-doesnt-stopOpenShift Merge Robot2022-06-03
|\ \ \ \ \ | | | | | | | | | | | | Stop machine before force removing files
| * | | | | Stop machine before force removing filesShane Smith2022-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In #13466 the ability to force remove a machine while it's running was added but it did not first stop the machine, all files get deleted but the qemu VM would essentially be orphaned. [NO NEW TESTS NEEDED] Signed-off-by: Shane Smith <shane.smith@shopify.com>
* | | | | | Merge pull request #14461 from cdoern/infraOpenShift Merge Robot2022-06-02
|\ \ \ \ \ \ | | | | | | | | | | | | | | fix pod network handling with a host network
| * | | | | | fix pod network handling with a host networkcdoern2022-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the function `GetDefaultNamespaceMode` for pods checks if we are sharing each namespace and if not, returns the default which in the case of a network is slirp. add a switch case for explicitly checking if the pod's network mode is host and if so, return specgen.Host for the container resolves #13763 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | | | Merge pull request #14455 from ↵OpenShift Merge Robot2022-06-02
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containernetworking/cni-1.1.1 Bump github.com/containernetworking/cni from 1.1.0 to 1.1.1
| * | | | | | | Bump github.com/containernetworking/cni from 1.1.0 to 1.1.1dependabot[bot]2022-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 1.1.0 to 1.1.1. - [Release notes](https://github.com/containernetworking/cni/releases) - [Commits](https://github.com/containernetworking/cni/compare/v1.1.0...v1.1.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/cni dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | | | | Merge pull request #14460 from cipherboy/align-docker-podman-load-outputOpenShift Merge Robot2022-06-02
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Align docker load and podman load output
| * | | | | | | | Update test output expectationAlexander Scheel2022-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
| * | | | | | | | Align docker load and podman load outputAlexander Scheel2022-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The comma-separated podman load output isn't conducive for using the subsequent images. For tarballs with multiple images, the comma separator must be manually identified and a suitable range identified. Docker CLI on the other hand, has one image identifier per line: Loaded image: repo1/name1:latest Loaded image: repo1/name1:tag1 Loaded image: repo2/name2:tag1 (as of Docker version 20.10.16, build aa7e414). Switch `podman load` to this format for consistency and usability. [NO NEW TESTS NEEDED] Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>