summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Add links to all SEE ALSO sectionsDaniel J Walsh2021-11-10
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #12227 from Luap99/net-setupOpenShift Merge Robot2021-11-09
|\ | | | | Fix rootless networking with userns and ports
| * Fix rootless networking with userns and portsPaul Holzinger2021-11-09
| | | | | | | | | | | | | | | | A rootless container created with a custom userns and forwarded ports did not work. I refactored the network setup to make the setup logic more clear. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #12195 from boaz0/closes_11998OpenShift Merge Robot2021-11-09
|\ \ | | | | | | podman-generate-kube - remove empty structs from YAML
| * | podman-generate-kube - remove empty structs from YAMLBoaz Shuster2021-11-07
| | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | Merge pull request #12239 from vrothberg/fix-12226OpenShift Merge Robot2021-11-09
|\ \ \ | | | | | | | | support health checks from image configs
| * | | support health checks from image configsValentin Rothberg2021-11-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Health checks may be defined in the container config or the config of an image. So far, Podman only looked at the container config. The plumbing happened in libimage but add a regression test to Podman as well to make sure the glue code will not regress. Note that I am pinning github.com/onsi/gomega to v1.16.0 since v1.17.0 requires go 1.16 which in turn is breaking CI. Fixes: #12226 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12235 from saschagrunert/fix-static-buildOpenShift Merge Robot2021-11-09
|\ \ \ \ | | | | | | | | | | Exclude already built sources for static build
| * | | | Exclude already built sources for static buildSascha Grunert2021-11-09
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We now do not copy the `bin` directory to the target nix sources to avoid skipping the build because "everything is up to date". Fixes https://github.com/containers/podman/issues/12198 Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* | | | Merge pull request #12232 from ianw/make-c-filesOpenShift Merge Robot2021-11-09
|\ \ \ \ | | | | | | | | | | Match .c files in Makefile
| * | | | Match .c files in MakefileIan Wienand2021-11-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensure that rebuilds happen when .c files are updated in the source tree. Signed-off-by: Ian Wienand <iwienand@redhat.com>
* | | | | Merge pull request #12233 from ianw/shm-lock-failure-messageOpenShift Merge Robot2021-11-09
|\ \ \ \ \ | |_|/ / / |/| | | | shm_lock: Handle ENOSPC better in AllocateSemaphore
| * | | | shm_lock: Handle ENOSPC better in AllocateSemaphoreIan Wienand2021-11-09
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When starting a container libpod/runtime_pod_linux.go:NewPod calls libpod/lock/lock.go:AllocateLock ends up in here. If you exceed num_locks, in response to a "podman run ..." you will see: Error: error allocating lock for new container: no space left on device As noted inline, this error is technically true as it is talking about the SHM area, but for anyone who has not dug into the source (i.e. me, before a few hours ago :) your initial thought is going to be that your disk is full. I spent quite a bit of time trying to diagnose what disk, partition, overlay, etc. was filling up before I realised this was actually due to leaking from failing containers. This overrides this case to give a more explicit message that hopefully puts people on the right track to fixing this faster. You will now see: $ ./bin/podman run --rm -it fedora bash Error: error allocating lock for new container: allocation failed; exceeded num_locks (20) [NO NEW TESTS NEEDED] (just changes an existing error message) Signed-off-by: Ian Wienand <iwienand@redhat.com>
* | | | Merge pull request #12230 from rhatdan/manOpenShift Merge Robot2021-11-09
|\ \ \ \ | | | | | | | | | | [ci:docs] Add links to podman build see also
| * | | | Add links to podman build,run, create see alsoDaniel J Walsh2021-11-08
|/ / / / | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #12222 from Luap99/pod-create-netOpenShift Merge Robot2021-11-09
|\ \ \ \ | | | | | | | | | | pod create: read network mode from config
| * | | | pod create: read network mode from configPaul Holzinger2021-11-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we create a pod we have to parse the network mode form the config file. This is a regression in commit d28e85741f. Fixes #12207 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #12229 from edsantiago/minor_test_tweaksOpenShift Merge Robot2021-11-08
|\ \ \ \ \ | |_|/ / / |/| | | | Minor test tweaks
| * | | | Minor test tweaksEd Santiago2021-11-08
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - remove 'NO TESTS NEEDED' as a valid bypass string. Henceforth only 'NO NEW TESTS NEEDED' will work. - add a debugging aid for #11871, in which bodhi tests time out in nslookup. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #12223 from cevich/bump_catatonitOpenShift Merge Robot2021-11-08
|\ \ \ \ | |_|_|/ |/| | | Bump Catatonit up to v0.1.7
| * | | Bump Catatonit up to v0.1.7Chris Evich2021-11-08
| | | | | | | | | | | | | | | | | | | | | | | | Ref: https://github.com/containers/podman/pull/12218 Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #12036 from jwhonce/issues/11984OpenShift Merge Robot2021-11-08
|\ \ \ \ | | | | | | | | | | test connection add
| * | | | test connection addJhon Honce2021-11-08
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix connection JSON encoding * Add custom ginkgo matchers for connection testing * Cleanup code Fixes #11984 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #11953 from markusthoemmes/help-defaultOpenShift Merge Robot2021-11-08
|\ \ \ \ | |/ / / |/| | | Display help text on empty subcommand by default
| * | | Keep error semantics intactMarkus Thömmes2021-11-05
| | | | | | | | | | | | | | | | Signed-off-by: Markus Thömmes <markusthoemmes@me.com>
| * | | Adjust tests to verify all subcommands show the help messageMarkus Thömmes2021-10-14
| | | | | | | | | | | | | | | | Signed-off-by: Markus Thömmes <markusthoemmes@me.com>
| * | | Display help text on empty subcommand by defaultMarkus Thömmes2021-10-13
| | | | | | | | | | | | | | | | Signed-off-by: Markus Thömmes <markusthoemmes@me.com>
* | | | Merge pull request #12213 from flouthoc/system-connection-rm-allOpenShift Merge Robot2021-11-08
|\ \ \ \ | | | | | | | | | | system: Adds support for removing all named destination via `--all`
| * | | | system: Adds support for removing all named destination via --allAditya Rajan2021-11-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds support of dropping all named destination from system connections via `--all`. Closes: https://github.com/containers/podman/issues/12018 Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | | | Merge pull request #11958 from cdoern/scpOpenShift Merge Robot2021-11-08
|\ \ \ \ \ | | | | | | | | | | | | Podman Image SCP rootful to rootless transfer
| * | | | | Podman Image SCP rootful to rootless transfercdoern2021-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added functionality for users to transfer images from root storage to rootless storage without using sshd. This is done through rootful podman by running `sudo podman image scp root@localhost::image user@localhost:: the user is needed in order to find and use their uid/gid to exec a new process. added necessary tests, and functions for this implementation. Created new image function Transfer so that the underlying code is majorly removed from CLI Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | | Merge pull request #12137 from vrothberg/fix-11735OpenShift Merge Robot2021-11-08
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | pod/container create: resolve conflicts of generated names
| * | | | | pod/container create: resolve conflicts of generated namesValentin Rothberg2021-11-08
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Address the TOCTOU when generating random names by having at most 10 attempts to assign a random name when creating a pod or container. [NO TESTS NEEDED] since I do not know a way to force a conflict with randomly generated names in a reasonable time frame. Fixes: #11735 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #12172 from rhatdan/manOpenShift Merge Robot2021-11-08
|\ \ \ \ \ | |/ / / / |/| | | | [CI:DOCS] Add some information about disabling SELinux when using system volumes
| * | | | Add some information about disabling SELinux when using system volumesDaniel J Walsh2021-11-06
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A comment was made on internal mailing list about confusion on SELinux labeling of volumes. This PR makes it a little more clear about when you should or should not relabel. We need a similar comment in podman pod create, but it does not support --security-opt processing yet. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #12184 from adrianreber/2021-11-05-stats-dumpOpenShift Merge Robot2021-11-08
|\ \ \ \ | |/ / / |/| | | Add 'stats-dump' file to exported checkpoint
| * | | Test to check for presence of 'stats-dump' in exported checkpointsAdrian Reber2021-11-05
| | | | | | | | | | | | | | | | Signed-off-by: Adrian Reber <areber@redhat.com>
| * | | Add 'stats-dump' file to exported checkpointAdrian Reber2021-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There was the question about how long it takes to create a checkpoint. CRIU already provides some statistics about how long it takes to create a checkpoint and similar. With this change the file 'stats-dump' is included in the checkpoint archive and the tool checkpointctl can be used to display these statistics: ./checkpointctl show -t /tmp/cp.tar --print-stats Displaying container checkpoint data from /tmp/dump.tar [...] CRIU dump statistics +---------------+-------------+--------------+---------------+---------------+---------------+ | FREEZING TIME | FROZEN TIME | MEMDUMP TIME | MEMWRITE TIME | PAGES SCANNED | PAGES WRITTEN | +---------------+-------------+--------------+---------------+---------------+---------------+ | 105405 us | 1376964 us | 504399 us | 446571 us | 492153 | 88689 | +---------------+-------------+--------------+---------------+---------------+---------------+ Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | Merge pull request #11890 from Luap99/portsOpenShift Merge Robot2021-11-06
|\ \ \ \ | | | | | | | | | | libpod: deduplicate ports in db
| * | | | libpod: deduplicate ports in dbPaul Holzinger2021-10-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The OCICNI port format has one big problem: It does not support ranges. So if a users forwards a range of 1k ports with podman run -p 1001-2000 we have to store each of the thousand ports individually as array element. This bloats the db and makes the JSON encoding and decoding much slower. In many places we already use a better port struct type which supports ranges, e.g. `pkg/specgen` or the new network interface. Because of this we have to do many runtime conversions between the two port formats. If everything uses the new format we can skip the runtime conversions. This commit adds logic to replace all occurrences of the old format with the new one. The database will automatically migrate the ports to new format when the container config is read for the first time after the update. The `ParsePortMapping` function is `pkg/specgen/generate` has been reworked to better work with the new format. The new logic is able to deduplicate the given ports. This is necessary the ensure we store them efficiently in the DB. The new code should also be more performant than the old one. To prove that the code is fast enough I added go benchmarks. Parsing 1 million ports took less than 0.5 seconds on my laptop. Benchmark normalize PortMappings in specgen: Please note that the 1 million ports are actually 20x 50k ranges because we cannot have bigger ranges than 65535 ports. ``` $ go test -bench=. -benchmem ./pkg/specgen/generate/ goos: linux goarch: amd64 pkg: github.com/containers/podman/v3/pkg/specgen/generate cpu: Intel(R) Core(TM) i7-10850H CPU @ 2.70GHz BenchmarkParsePortMappingNoPorts-12 480821532 2.230 ns/op 0 B/op 0 allocs/op BenchmarkParsePortMapping1-12 38972 30183 ns/op 131584 B/op 9 allocs/op BenchmarkParsePortMapping100-12 18752 60688 ns/op 141088 B/op 315 allocs/op BenchmarkParsePortMapping1k-12 3104 331719 ns/op 223840 B/op 3018 allocs/op BenchmarkParsePortMapping10k-12 376 3122930 ns/op 1223650 B/op 30027 allocs/op BenchmarkParsePortMapping1m-12 3 390869926 ns/op 124593840 B/op 4000624 allocs/op BenchmarkParsePortMappingReverse100-12 18940 63414 ns/op 141088 B/op 315 allocs/op BenchmarkParsePortMappingReverse1k-12 3015 362500 ns/op 223841 B/op 3018 allocs/op BenchmarkParsePortMappingReverse10k-12 343 3318135 ns/op 1223650 B/op 30027 allocs/op BenchmarkParsePortMappingReverse1m-12 3 403392469 ns/op 124593840 B/op 4000624 allocs/op BenchmarkParsePortMappingRange1-12 37635 28756 ns/op 131584 B/op 9 allocs/op BenchmarkParsePortMappingRange100-12 39604 28935 ns/op 131584 B/op 9 allocs/op BenchmarkParsePortMappingRange1k-12 38384 29921 ns/op 131584 B/op 9 allocs/op BenchmarkParsePortMappingRange10k-12 29479 40381 ns/op 131584 B/op 9 allocs/op BenchmarkParsePortMappingRange1m-12 927 1279369 ns/op 143022 B/op 164 allocs/op PASS ok github.com/containers/podman/v3/pkg/specgen/generate 25.492s ``` Benchmark convert old port format to new one: ``` go test -bench=. -benchmem ./libpod/ goos: linux goarch: amd64 pkg: github.com/containers/podman/v3/libpod cpu: Intel(R) Core(TM) i7-10850H CPU @ 2.70GHz Benchmark_ocicniPortsToNetTypesPortsNoPorts-12 663526126 1.663 ns/op 0 B/op 0 allocs/op Benchmark_ocicniPortsToNetTypesPorts1-12 7858082 141.9 ns/op 72 B/op 2 allocs/op Benchmark_ocicniPortsToNetTypesPorts10-12 2065347 571.0 ns/op 536 B/op 4 allocs/op Benchmark_ocicniPortsToNetTypesPorts100-12 138478 8641 ns/op 4216 B/op 4 allocs/op Benchmark_ocicniPortsToNetTypesPorts1k-12 9414 120964 ns/op 41080 B/op 4 allocs/op Benchmark_ocicniPortsToNetTypesPorts10k-12 781 1490526 ns/op 401528 B/op 4 allocs/op Benchmark_ocicniPortsToNetTypesPorts1m-12 4 250579010 ns/op 40001656 B/op 4 allocs/op PASS ok github.com/containers/podman/v3/libpod 11.727s ``` Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #12187 from Luap99/fix-swaggerOpenShift Merge Robot2021-11-05
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] Fix swagger definition for the new mac address type
| * | | | | Fix swagger definition for the new mac address typePaul Holzinger2021-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new mac address type broke the api docs. While we could successfully generate the swagger file it could not be viewed in a browser. The problem is that the swagger generation create two type definitions with the name `HardwareAddr` and this pointed back to itself. Thus the render process was stucked in an endless loop. To fix this manually rename the new type to MacAddress and overwrite the types to string because the json unmarshaller accepts the mac as string. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #12186 from jwhonce/issues/12181OpenShift Merge Robot2021-11-05
|\ \ \ \ \ \ | | | | | | | | | | | | | | Log Apache access_log-like entries at Info level
| * | | | | | Log Apache access_log-like entries at Info level [NO NEW TESTS NEEDED]Jhon Honce2021-11-05
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only log API access entries when --log-level set to Info or below. Fixes #12181 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | Merge pull request #12182 from ↵OpenShift Merge Robot2021-11-05
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/checkpoint-restore/go-criu/v5-5.2.0 Bump github.com/checkpoint-restore/go-criu/v5 from 5.1.0 to 5.2.0
| * | | | | | Bump github.com/checkpoint-restore/go-criu/v5 from 5.1.0 to 5.2.0dependabot[bot]2021-11-05
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/checkpoint-restore/go-criu/v5](https://github.com/checkpoint-restore/go-criu) from 5.1.0 to 5.2.0. - [Release notes](https://github.com/checkpoint-restore/go-criu/releases) - [Commits](https://github.com/checkpoint-restore/go-criu/compare/v5.1.0...v5.2.0) --- updated-dependencies: - dependency-name: github.com/checkpoint-restore/go-criu/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | | Merge pull request #12178 from matejvasek/swagger-make-filed-optionalOpenShift Merge Robot2021-11-05
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Update swagger doc make field optional
| * | | | | Update swagger doc make filed optionalMatej Vasek2021-11-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | | | | Merge pull request #12183 from Luap99/rootless-netns-cleanupOpenShift Merge Robot2021-11-05
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Fix rootless cni netns cleanup logic and rename to rootless netns
| * | | | | rename rootless cni ns to rootless netnsPaul Holzinger2021-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since we want to use the rootless cni ns also for netavark we should pick a more generic name. The name is now "rootless network namespace" or short "rootless netns". The rename might cause some issues after the update but when the all containers are restarted or the host is rebooted it should work correctly. Signed-off-by: Paul Holzinger <pholzing@redhat.com>