summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #3335 from cevich/imgpruneOpenShift Merge Robot2019-07-17
|\ | | | | Cirrus: Print images that should be pruned
| * Cirrus: Print images that should be prunedChris Evich2019-07-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Over time unless they're removed, the project could grow quite a large collection of VM images. While generally cheap (less than a penny each, per month), these will become a significant cost item if not kept in-check. Add a specialized container for handling image-pruning, but limit it to only finding and printing (not actually deleting) images. Also update the image-building workflow so that base-images used to compose cache-images are also labeled with metadata. N/B: As an additional safeguard, the service account which executes the new container in production *DOES NOT* have access to delete images. This can be enabled by adding the GCE IAM role: CustomComputeImagePrune Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #3548 from cevich/disable_periodic_activityOpenShift Merge Robot2019-07-16
|\ \ | | | | | | Cirrus: Disable most periodic services/timers
| * | Cirrus: Add image-test for locked dpkgChris Evich2019-07-16
| | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | Cirrus: Use images w/o periodic svcsChris Evich2019-07-16
| | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | Cirrus: Disable most periodic services/timersChris Evich2019-07-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For CI testing, it's important to remove as much variability from the overall system as possible. This permits focusing just on problems closely related to code-changes. To this end, and because VMs are very short-lived (2 hours at most), disable all systemd services and timers which perform periodic activities. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #3508 from csomh/healthcheck-flag-compatOpenShift Merge Robot2019-07-16
|\ \ \ | |/ / |/| | Make the healthcheck flags compatible with Docker CLI
| * | Completion: complete "--health-start-period" in bashHunor Csomortáni2019-07-16
| | | | | | | | | | | | Signed-off-by: Hunor Csomortáni <csomh@redhat.com>
| * | Make the healthcheck flags compatible with Docker CLIHunor Csomortáni2019-07-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker CLI calls the healthcheck flags "--health-*", instead of "--healthcheck-*". Introduce the former, in order to keep compatibility, and alias the later, in order to avoid breaking current usage. Change "--healthcheck-*" to "--health-*" in the docs and tests. Signed-off-by: Hunor Csomortáni <csomh@redhat.com>
| * | Completion: --no-healthcheck is not an optionHunor Csomortáni2019-07-16
| | | | | | | | | | | | Signed-off-by: Hunor Csomortáni <csomh@redhat.com>
* | | Merge pull request #3546 from cevich/abstract_dest_branchOpenShift Merge Robot2019-07-16
|\ \ \ | | | | | | | | Cirrus: Abstract destination branch refs.
| * | | Cirrus: Abstract destination branch refs.Chris Evich2019-07-15
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Various tasks and scripts behave differently depending on whether or not the build is running against a PR or on a branch, post-merge. However, a great number of them are hard-coded to the string 'master' as the destination. Since this is not always the case (there are other relevant branches), it makes sense to abstract the references with a single definition. Add a top-level `$DEST_BRANCH` variable to CI, and otherwise default to 'master' when unset. This enables running CI builds on additional branches without the overhead of updating all the static references to 'master'. Simply update `$DEST_BRANCH` at the top-level and all branch-conditional logic will function as intended. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #3539 from stefanb2/topic-pr-3507-3525OpenShift Merge Robot2019-07-16
|\ \ \ | | | | | | | | Fix handling of healthcheck from image
| * | | healthcheck: reject empty commandsStefan Becker2019-07-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | An image with "HEALTHCHECK CMD ['']" is valid but as there is no command defined the healthcheck will fail. Reject such a configuration. Fixes #3507 Signed-off-by: Stefan Becker <chemobejk@gmail.com>
| * | | create: ignore check if image has HEALTHCHECK NONEStefan Becker2019-07-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the image was built with "HEALTHCHECK NONE" then we should create a container without healthcheck configuration. Otherwise executing the healthcheck on the container will return "unhealthy" instead of the correct error message that the container doesn't have a healthcheck. We also ignore the healthcheck configuration if the command list is empty or the command string is empty. Fixes #3525 Signed-off-by: Stefan Becker <chemobejk@gmail.com>
| * | | create: apply defaults on image healthcheck optionsStefan Becker2019-07-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the image doesn't provide any options, e.g. interval, timeout, etc., then apply the Docker defaults when creating the container. Otherwise the defaults will be left 0 and podman doesn't schedule the healtcheck service & timer for the container or incorrectly reports unhealthy state when the check is executed. Fixes #3525 Signed-off-by: Stefan Becker <chemobejk@gmail.com>
| * | | healthcheck: improve command list parserStefan Becker2019-07-16
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | - remove duplicate check, already called in HealthCheck() - reject zero-length command list and empty command string as errorneous - support all Docker command list keywords: NONE, CMD or CMD-SHELL - use Docker default "/bin/sh -c" for CMD-SHELL Fixes #3507 Signed-off-by: Stefan Becker <chemobejk@gmail.com>
* | | Merge pull request #3513 from vrothberg/analysesOpenShift Merge Robot2019-07-16
|\ \ \ | |/ / |/| | Binary bloat analyses
| * | dependency/analyses: simplify scriptsValentin Rothberg2019-07-16
| | | | | | | | | | | | | | | | | | Credits to bash wizard @edsantiago for the changes. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | dependency-tree analysis: direct and transitiveValentin Rothberg2019-07-16
| | | | | | | | | | | | | | | | | | | | | Change the script to generate two files. One including direct dependencies, the other including direct and transitive dependencies. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | analyses: README: consistent code examplesValentin Rothberg2019-07-16
| | | | | | | | | | | | | | | | | | | | | Remove a blank line to make code examples more consistent and fix the path of the 2nd example. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | analyses: README: fix typosValentin Rothberg2019-07-16
| | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | analyses: add dependency-tree.shValentin Rothberg2019-07-16
| | | | | | | | | | | | | | | | | | Add a new analysis script to print the dependency tree. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | analyses: add README.mdValentin Rothberg2019-07-16
| | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | hack/analyses -> dependencies/analysesValentin Rothberg2019-07-16
| | | | | | | | | | | | | | | | | | | | | Move the analyses scripts to the dependencies directory to avoid scattering of the dependency management. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | hack/analyses/go-archive-analysis.sh: fix sortingValentin Rothberg2019-07-16
| | | | | | | | | | | | | | | | | | | | | Believe it or not: `sort -ruh` is loosing data while `sort -u | sort -rh` does not. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | add hack/analyses/nm-symbols-analysis.shValentin Rothberg2019-07-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The script allows for analyzing the symbols of a go binary passed as an argument. The tabular output looks as follows: 336 unicode/utf8.DecodeLastRune 323 unicode/utf8.DecodeLastRuneInString 518 unicode/utf8.DecodeRune 518 unicode/utf8.DecodeRuneInString 337 unicode/utf8.EncodeRune The first column indicates the size in bytes of the symbol in the second column. Note that only text symbols are considered, other symbols from the data or the bss segment are ignored to avoid information overload. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | analyse package sizesValentin Rothberg2019-07-16
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Analyse the size of all go-packages used during the build process via the newly added `hack/analyses/go-archive-analysis.sh` script. The script expects the `WORK` environment variable to be set, which points to a temporary work directory generated by `go build`. To generate such a work directory, set the `BUILDFLAGS="-work -a"`: * `-work` for creating the work directory * `-a` to force rebuilding all packages even when already cached The workflow may look as follows: ``` $ BUILDFLAGS="-work -a" make podman [...] WORK=/tmp/go-build127001249 $ WORK=/tmp/go-build127001249 ./hack/analyses/go-archive-analysis.sh ``` The output of the script has the format `$SIZE $PACKAGE` where $SIZE is the size of the compiled version of the go package (i.e., `.a` file) and $PACKAGE for the corresponding package, for instance, `math/big` for a stdlib package or vendor/... for vendored packages. Credits to the authors of https://github.com/jondot/goweight, which inspired this work. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #3574 from stefanb2/topic-health-cmd-parsingOpenShift Merge Robot2019-07-15
|\ \ | | | | | | Improve parser for --healthcheck-command
| * | create: improve parser for --healthcheck-commandStefan Becker2019-07-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix Docker CLI compatibility issue: the "--healthcheck-command" option value should not be split but instead be passed as single string to "CMD-SHELL", i.e. "/bin/sh -c <opt>". On the other hand implement the same extension as is already available for "--entrypoint", i.e. allow the option value to be a JSON array of strings. This will make life easier for tools like podman-compose. Updated "--healthcheck-command" option values in tests accordingly. Continuation of #3455 & #3507 Signed-off-by: Stefan Becker <chemobejk@gmail.com>
* | | Merge pull request #3531 from haraldh/fix_ReplySendFileOpenShift Merge Robot2019-07-15
|\ \ \ | |_|/ |/| | Fix the double replySendFile()
| * | Fix the double replySendFile()Harald Hoyer2019-07-12
| | | | | | | | | | | | Signed-off-by: Harald Hoyer <harald@redhat.com>
* | | Merge pull request #3532 from mheon/ensure_store_on_refreshOpenShift Merge Robot2019-07-15
|\ \ \ | | | | | | | | Ensure we have a valid store when we refresh
| * | | Ensure we have a valid store when we refreshMatthew Heon2019-07-10
| | | | | | | | | | | | | | | | | | | | | | | | Fixes #3520 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #3530 from deefin/deefin-3490-loggingOpenShift Merge Robot2019-07-14
|\ \ \ \ | |_|_|/ |/| | | Improves STD output/readability in combination
| * | | Improves STD output/readability in combinationdom finn2019-07-14
|/ / / | | | | | | | | | | | | | | | | | | | | | with debug output. Added \n char to specific standard output Signed-off-by: dom finn <dom.finn00@gmail.com>
* | | Merge pull request #3564 from giuseppe/cgroupsv2-no-controllers-last-pathOpenShift Merge Robot2019-07-13
|\ \ \ | | | | | | | | cgroupsv2: do not enable controllers for the last component
| * | | cgroupsv2: do not enable controllers for the last componentGiuseppe Scrivano2019-07-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | do not automatically enable the controllers for the last path component. It is necessary as once there are enabled controllers in a cgroup, it won't possible to add processes to it. Fix conmon being moved to the correct cgroup path when using --cgroup-manager cgroupfs. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #3563 from giuseppe/fix-single-mapping-rootlessOpenShift Merge Robot2019-07-12
|\ \ \ \ | | | | | | | | | | spec: fix userns with less than 5 gids
| * | | | spec: fix userns with less than 5 gidsGiuseppe Scrivano2019-07-12
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | when the container is running in a user namespace, check if gid=5 is available, otherwise drop the option gid=5 for /dev/pts. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #3537 from QiWang19/volumeabsOpenShift Merge Robot2019-07-12
|\ \ \ \ | | | | | | | | | | fix bug convert volume host path to absolute
| * | | | fix bug convert volume host path to absoluteQi Wang2019-07-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fix #3504 If --volume host:dest host is not a named volume, convert the host to a absolute directory path. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | Merge pull request #3534 from cevich/img_sys_tstOpenShift Merge Robot2019-07-12
|\ \ \ \ \ | |_|_|_|/ |/| | | | Cirrus: Execute system-tests during image-validation
| * | | | Cirrus: Update to freshly built cache-imagesChris Evich2019-07-12
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | Cirrus: Execute system-tests during image-validationChris Evich2019-07-12
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | Cirrus: Fix missing removal of packaged podmanChris Evich2019-07-12
|/ / / / | | | | | | | | | | | | | | | | | | | | This was originally intended, but somehow omitted from #1936 Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #3557 from rhatdan/envOpenShift Merge Robot2019-07-12
|\ \ \ \ | | | | | | | | | | Add support for --env-host
| * | | | Fix spelling mistakes in man pages and other docsDaniel J Walsh2019-07-11
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | | Add glob parsing for --env flagDaniel J Walsh2019-07-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sometimes you want to add a few environmen variables based on the last field being a "*". Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | | Add support for -env-hostDaniel J Walsh2019-07-11
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This flag passes the host environment into the container. The basic idea is to leak all environment variables from the host into the container. Environment variables from the image, and passed in via --env and --env-file will override the host environment. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>