summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* libpod: improve check to create conmon cgroupGiuseppe Scrivano2022-06-15
| | | | | | | | | | | | | | | | | | | | commit 1951ff168a63157fa2f4711fde283edfc4981ed3 introduced a check so that conmon is not moved to a new cgroup when podman is running inside of a systemd service. This is helpful to integrate podman in systemd so that the spawned conmon lives in the same cgroup as the service that created it. Unfortunately this breaks when podman daemon is running in a systemd service since the same check is in place thus all the conmon processes end up in the same cgroup as the podman daemon. When the podman daemon systemd service stops the conmon processes are also terminated as well as the containers they monitor. Improve the check to exclude podman running as a daemon. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2052697 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #14484 from marshall-lee/test/manifest-pushOpenShift Merge Robot2022-06-08
|\ | | | | Add missing tests for manifests API
| * Add missing tests for manifests APIVladimir Kochnev2022-06-07
| | | | | | | | | | | | | | | | | | | | Also: - It fixes a regression in parsing "images" parameter in ManifestAddV3 handler. - Refactors 12-imagesMore.at to use start_registry helper. - Removes some unsafe "exit 1" statements which skip clean up. Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
* | Merge pull request #14532 from rhatdan/manOpenShift Merge Robot2022-06-08
|\ \ | | | | | | --userns=keep-id,nomap are not allowed in rootful mode
| * | --userns=keep-id,nomap are not allowed in rootful modeDaniel J Walsh2022-06-08
|/ / | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #14220 from Luap99/resolvconfOpenShift Merge Robot2022-06-07
|\ \ | | | | | | use resolvconf package from c/common/libnetwork
| * | test/e2e: network dis-/connect test remove unhelpful assertionsPaul Holzinger2022-06-07
| | | | | | | | | | | | | | | | | | | | | | | | Using `To(BeTrue()/BeFalse())` provides very bas error messages. It is not clear to a log reader what went wrong. Using ContainsSubstring() make the error message much more useful. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | use resolvconf package from c/common/libnetworkPaul Holzinger2022-06-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman and Buildah should use the same code the generate the resolv.conf file. This mostly moved the podman code into c/common and created a better API for it so buildah can use it as well. [NO NEW TESTS NEEDED] All existing tests should continue to pass. Fixes #13599 (There is no way to test this in CI without breaking the hosts resolv.conf) Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | update c/common to latestPaul Holzinger2022-06-07
| | | | | | | | | | | | Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #14519 from rhatdan/DockerfileOpenShift Merge Robot2022-06-07
|\ \ \ | | | | | | | | [CI:DOCS] Podman images generated with empty /etc/containers/storage.conf
| * | | Podman images generated with empty /etc/containers/storage.confDaniel J Walsh2022-06-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Containerfiles were built with sed -i, which is leading to empty storage.conf files. This will cause Podman in a container to print warning information about storage.driver not being set to something. [NO NEW TESTS REQUIRED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #14516 from cevich/podmanimage_docsOpenShift Merge Robot2022-06-07
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Minor: Fix podmanimage README links
| * | | | Minor: Fix podmanimage README linksChris Evich2022-06-07
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | Merge pull request #14483 from ↵OpenShift Merge Robot2022-06-07
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | jakecorrenti/restart-privelaged-containers-after-host-device-change Privileged containers can now restart if the host devices change
| * | | | | Privileged containers can now restart if the host devices changeJake Correnti2022-06-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a privileged container is running, stops, and the devices on the host change, such as a USB device is unplugged, then a container would no longer start. Previously, the devices from the host were only being added to the container once: when the container was created. Now, this happens every time the container starts. I did this by adding a boolean to the container config that indicates whether to mount all of the devices or not, which can be set via an option. During spec generation, if the `MountAllDevices` option is set in the container config, all host devices are added to the container. Additionally, a couple of functions from `pkg/specgen/generate/config_linux.go` were moved into `pkg/util/utils_linux.go` as they were needed in multiple packages. Closes #13899 Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* | | | | | Merge pull request #14512 from cdoern/infraInheritOpenShift Merge Robot2022-06-07
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Infra Inheritance patch
| * | | | | Infra Inheritance patchcdoern2022-06-07
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | infra was overriding options that it should be appending rather than resetting. fix this by appending the given container's spec to the compatible options before marshaling/unmarshaling resolves #14454 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | Merge pull request #14479 from ibotty/patch-1OpenShift Merge Robot2022-06-07
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] Add docs of changing default netavark networks
| * | | | | Add docs of changing default netavark networksTobias Florek2022-06-07
| |/ / / / | | | | | | | | | | | | | | | Signed-off-by: Tobias Florek <tob@butter.sh>
* | | | | Merge pull request #14438 from cevich/replace_skipsOpenShift Merge Robot2022-06-07
|\ \ \ \ \ | |/ / / / |/| | | | Cirrus: Simplify only_if/skip + optimize multiarch
| * | | | Cirrus: Simplify only_if/skip + optimize multiarchChris Evich2022-06-07
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Using both the 'skip' and 'only_if' features at the same time may be hard for maintainers to decipher. Consolidate them into `only_if` since that bypasses creation of the task all together - meaning there are potentially fewer tasks for a developer to scroll through. Since the `multiarch` Cirrus-Cron build no-longer depends on the direct "build-ability" from the current repo. state, it can be further optimized. When operating in this context, avoid running many/most other tasks, depending instead only on `ext_svc_check`. Finally, add a simple document describing the various runtime contexts along with the list of expected tasks. Reference this prominently right in front of every `only_if` so it's impossible for a maintainer to miss. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #14507 from Luap99/userns-netOpenShift Merge Robot2022-06-07
|\ \ \ \ | | | | | | | | | | libpod: store network status when userns is used
| * | | | libpod: store network status when userns is usedPaul Holzinger2022-06-07
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container with a userns is created the network setup is special. Normally the netns is setup before the oci runtime container is created, however with a userns the container is created first and then the network is setup. In the second case we never saved the container state afterwards. Because of it, podman inspect would not show the network info and network teardown will not happen. This worked with local podman because there was a save() call later in the code path which then also saved the network status. But in the podman API code path this save never happened thus all containers started via API had this problem. Fixes #14465 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #14506 from ↵OpenShift Merge Robot2022-06-07
|\ \ \ \ | |/ / / |/| | | | | | | | | | | containers/dependabot/go_modules/github.com/docker/docker-20.10.17incompatible Bump github.com/docker/docker from 20.10.16+incompatible to 20.10.17+incompatible
| * | | Bump github.com/docker/dockerdependabot[bot]2022-06-07
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.16+incompatible to 20.10.17+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md) - [Commits](https://github.com/docker/docker/compare/v20.10.16...v20.10.17) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #14499 from giuseppe/make-error-clearerOpenShift Merge Robot2022-06-07
|\ \ \ | | | | | | | | runtime: make error clearer
| * | | runtime: make error clearerGiuseppe Scrivano2022-06-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | make the error clearer and state that images created by other tools might not be visible to Podman when it overrides the graph driver. Closes: https://github.com/containers/podman/issues/13970 [NO NEW TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #14502 from mheon/readme_updatesOpenShift Merge Robot2022-06-06
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Add some Readme updates around machine
| * | | | Add some Readme updates around machineMatthew Heon2022-06-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We really should be advertising our Mac and Windows support more prominently. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | Merge pull request #14474 from flouthoc/non-volatile-overlay-volumeOpenShift Merge Robot2022-06-06
|\ \ \ \ \ | |/ / / / |/| | | | overlay-volumes: add support for non-volatile `upperdir`,`workdir` for `overlay` volumes
| * | | | overlay-volumes: add support for non-volatile upperdir,workdir for anonymous ↵Aditya R2022-06-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | volumes Similar feature was added for named overlay volumes here: https://github.com/containers/podman/pull/12712 Following PR just mimics similar feature for anonymous volumes. Often users want their anonymous overlayed volumes to be `non-volatile` in nature that means that same `upper` dir can be re-used by one or more containers but overall of nature of volumes still have to be overlay so work done is still on a overlay not on the actual volume. Following PR adds support for more advanced options i.e custom `workdir` and `upperdir` for overlayed volumes. So that users can re-use `workdir` and `upperdir` across new containers as well. Usage ```console podman run -it -v /some/path:/data:O,upperdir=/path/persistant/upper,workdir=/path/persistant/work alpine sh ``` Signed-off-by: Aditya R <arajan@redhat.com>
* | | | | Merge pull request #14500 from cevich/tickle_podmanimageDaniel J Walsh2022-06-06
|\ \ \ \ \ | |_|/ / / |/| | | | [CI:BUILD] Minor: Remove useless addition of storage.conf
| * | | | Minor: Remove useless addition of storage.confChris Evich2022-06-06
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | This was an accidental leftover from an in-development implementation. The `sed` command further down entirely replaces the file in the image. Strip out the unnecessary 'storage.conf' ADD instruction. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #14485 from ashley-cui/flakeOpenShift Merge Robot2022-06-06
|\ \ \ \ | | | | | | | | | | Fix secret-verify-leak flake: set build context to subdir
| * | | | Fix secret-verify-leak flake: set build context to subdirAshley Cui2022-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Setting the build context to a dedicated subdir makes sure that the test does not flake when running in parallel, as the test is isolated from other tests that may dump secrets in a higher level context dir. This should have been done in https://github.com/containers/podman/pull/13457, as this makes that PR actually work. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | | Merge pull request #14497 from ↵OpenShift Merge Robot2022-06-06
|\ \ \ \ \ | |_|/ / / |/| | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/stretchr/testify-1.7.2 Bump github.com/stretchr/testify from 1.7.1 to 1.7.2
| * | | | Bump github.com/stretchr/testify from 1.7.1 to 1.7.2dependabot[bot]2022-06-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.7.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.7.1...v1.7.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #14453 from ↵OpenShift Merge Robot2022-06-06
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | flouthoc/support-additional-build-context-on-remote remote: enable support for additional `--build-context` on macOS and remote
| * | | | | tests: buildah-bud fix reason for skipAditya R2022-06-03
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Aditya R <arajan@redhat.com>
| * | | | | podman-remote: enable support for additional build-context on macOS, remoteAditya R2022-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Feature of additional build context added here https://github.com/containers/buildah/pull/3978 already exists on `podman` following PR just enables this feature of `podman-remote` and `podman on macOS` setups. Signed-off-by: Aditya R <arajan@redhat.com>
* | | | | | Merge pull request #14487 from TomSweeneyRedHat/dev/tsweeney/fiximagedocOpenShift Merge Robot2022-06-06
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | [CI:DOCS] PodmanImage Readme touchup
| * | | | | [CI:DOCS] PodmanImage Readme touchuptomsweeneyredhat2022-06-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | @cevich recently renamed all the files named Dockerfile to Containerfile in this directory. Touching up the README.md to reflect that. Also, as I was doing the submit, I noticed a couple of nits in the PR request template and cleaned those up. Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
* | | | | | Merge pull request #14496 from tupyy/fix-lefovers-from-focusOpenShift Merge Robot2022-06-06
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Cleanup the leftovers in `play kube` e2e test used for ginkgo focus option
| * | | | | Cleanup the leftovers used with ginkgo focus optionCosmin Tupangiu2022-06-06
|/ / / / / | | | | | | | | | | | | | | | Signed-off-by: Cosmin Tupangiu <cosmin@redhat.com>
* | | | | Merge pull request #14477 from Luap99/partial-logsOpenShift Merge Robot2022-06-03
|\ \ \ \ \ | | | | | | | | | | | | podman logs k8s-file: do not reassemble partial log lines
| * | | | | podman logs k8s-file: do not reassemble partial log linesPaul Holzinger2022-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The backend should not convert partial lines to full log lines. While this works for most cases it cannot work when the last line is partial since it will just be lost. The frontend logic can already display partial lines correctly. The journald driver also works correctly since it does not such conversion. Fixes #14458 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #14466 from mheon/fix_9075OpenShift Merge Robot2022-06-03
|\ \ \ \ \ \ | | | | | | | | | | | | | | Improve robustness of `podman system reset`
| * | | | | | Improve robustness of `podman system reset`Matthew Heon2022-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Firstly, reset is now managed by the runtime itself as a part of initialization. This ensures that it can be used even with runtimes that would otherwise fail to be created - most notably, when the user has changed a core path (runroot/root/tmpdir/staticdir). Secondly, we now attempt a best-effort removal even if the store completely fails to be configured. Third, we now hold the alive lock for the entire reset operation. This ensures that no other Podman process can start while we are running a system reset, and removes any possibility of a race where a user tries to create containers or pull images while we are trying to perform a reset. [NO NEW TESTS NEEDED] we do not test reset last I checked. Fixes #9075 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | | | Merge pull request #14478 from nicrowe00/kubefixOpenShift Merge Robot2022-06-03
|\ \ \ \ \ \ \ | |_|_|_|/ / / |/| | | | | | Use logDriver instead of query.LogDriver for podman play kube
| * | | | | | Using logDriver instead of query.LogDriver for podman play kubeNiall Crowe2022-06-03
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Quick fix in play.go to use logDriver to set the correct log driver rather than overwriting query.LogDriver. [NO NEW TESTS NEEDED] Signed-off-by: Niall Crowe <nicrowe@redhat.com>