summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #13325 from xordspar0/configmap-error-msgOpenShift Merge Robot2022-02-24
|\ | | | | Improve the error message for usused configMaps
| * Improve the error message for usused configMapsJordan Christiansen2022-02-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If you run `podman play kube` on a yaml file that only contains configMaps, podman will fail with the error: Error: YAML document does not contain any supported kube kind This is not strictly true; configMaps are a supported kube kind. The problem is that configMaps aren't a standalone entity. They have to be used in a container somewhere, otherwise they don't do anything. This change adds a new message in the case when there only configMaps resources. It would be helpful if podman reported which configMaps are unused on every invocation of kube play. However, even if that feedback were added, this new error messages still helpfully explains the reason that podman is not creating any resources. [NO NEW TESTS NEEDED] Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | Merge pull request #13333 from vrothberg/systemd-docs-infra-containerOpenShift Merge Robot2022-02-24
|\ \ | | | | | | [CI:DOCS] generate-systemd: pod requires an infra container
| * | docs: generate-systemd: pod requires an infra containerValentin Rothberg2022-02-24
|/ / | | | | | | | | | | | | | | | | | | | | Generating unit files for a pod requires the pod to be created with an infra container (see `--infra=true`). An infra container runs across the entire lifespan of a pod and is hence required for systemd to manage the life cycle of the pod's main unit. This issue came up on the mailing list. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #13157 from ydayagi/mainOpenShift Merge Robot2022-02-23
|\ \ | | | | | | play kube: set defaults to container resources
| * | play kube: set defaults to container resourcesYaron Dayagi2022-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this fixes https://github.com/containers/podman/issues/13115 the change tries to immitate k8s behavior. when limits are not set the container's limits are all CPU and all RAM when requests are missing then they are equal to limits Signed-off-by: Yaron Dayagi <ydayagi@redhat.com>
* | | Merge pull request #13314 from flouthoc/container-commit-squashOpenShift Merge Robot2022-02-23
|\ \ \ | | | | | | | | container-commit: support `--squash` to squash layers into one if users want.
| * | | container-commit: support --squash to squash layers into oneAditya R2022-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow users to commit containers into a single layer. Usage ```bash podman container commit --squash <name> ``` Signed-off-by: Aditya R <arajan@redhat.com>
* | | | Merge pull request #13323 from Luap99/iptables-moduleOpenShift Merge Robot2022-02-23
|\ \ \ \ | | | | | | | | | | Load ip_tables modules at boot
| * | | | Load ip_tables modules at bootPaul Holzinger2022-02-23
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rootless users cannot load the ip_tables module, in fedora 36 this module is no longer loaded by default so we have to add it manually. This is needed because rootless network setup tries to use iptables and if iptables-legacy is used instead of iptables-nft it will fail. To provide a better user experience we will load the module at boot. Note that this is not needed for RHEL because iptables-legacy is not supported on RHEL 8 and newer. [NO NEW TESTS NEEDED] Fixes #12661 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #13231 from ↵OpenShift Merge Robot2022-02-23
|\ \ \ \ | |_|_|/ |/| | | | | | | | | | | eriksjolund/troubleshooting_mention_systemd-run_and_machinectl [CI:DOCS] troubleshooting: mention machinectl and systemd-run
| * | | [CI:DOCS] troubleshooting: mention machinectl and systemd-runErik Sjölund2022-02-18
| | | | | | | | | | | | | | | | Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | Merge pull request #13317 from elezar/update-cdi-moduleOpenShift Merge Robot2022-02-23
|\ \ \ \ | | | | | | | | | | Update CDI go dependency to v0.3.0
| * | | | Bump CDI go dependency to v0.3.0Evan Lezar2022-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This updates the CDI dependency to the v0.3.0 tagged version instead of relying on a pseudo version. This also addresses the fact that cgroups are not set correctly for devices using the previous dependency. Signed-off-by: Evan Lezar <elezar@nvidia.com>
* | | | | Merge pull request #13320 from giuseppe/play-kube-honor-propagation-modeOpenShift Merge Robot2022-02-23
|\ \ \ \ \ | |_|_|/ / |/| | | | kube: honor mount propagation mode
| * | | | kube: honor mount propagation modeGiuseppe Scrivano2022-02-23
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | convert the propagation mode specified for the mount to the expected Linux mount option. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #13232 from rhatdan/volumesOpenShift Merge Robot2022-02-23
|\ \ \ \ | |/ / / |/| | | Don't log errors on removing volumes inuse, if container --volumes-from
| * | | Don't log errors on removing volumes inuse, if container --volumes-fromDaniel J Walsh2022-02-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When removing a container created with a --volumes-from a container created with a built in volume, we complain if the original container still exists. Since this is an expected state, we should not complain about it. Fixes: https://github.com/containers/podman/issues/12808 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #13247 from rhatdan/trustOpenShift Merge Robot2022-02-23
|\ \ \ \ | | | | | | | | | | Cleanup display of trust with transports
| * | | | Cleanup display of trust with transportsDaniel J Walsh2022-02-22
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #13276 from rhatdan/containers-commonOpenShift Merge Robot2022-02-22
|\ \ \ \ \ | |/ / / / |/| | | | Add containers-common spec and command to podman
| * | | | Add containers-common spec and command to podmanDaniel J Walsh2022-02-22
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since containers-common package is tied to specific versions of Podman, add tools to build the package into the contrib directory This should help other distributions to figure out which commont package to ship. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #13311 from mheon/remove_runtime_lockOpenShift Merge Robot2022-02-22
|\ \ \ \ | | | | | | | | | | Remove the runtime lock
| * | | | Remove the runtime lockMatthew Heon2022-02-22
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This primarily served to protect us against shutting down the Libpod runtime while operations (like creating a container) were happening. However, it was very inconsistently implemented (a lot of our longer-lived functions, like pulling images, just didn't implement it at all...) and I'm not sure how much we really care about this very-specific error case? Removing it also removes a lot of potential deadlocks, which is nice. [NO NEW TESTS NEEDED] Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #13059 from cdoern/cloneOpenShift Merge Robot2022-02-22
|\ \ \ \ | | | | | | | | | | Implement Podman Container Clone
| * | | | Implement Podman Container Clonecdoern2022-02-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman container clone takes the id of an existing continer and creates a specgen from the given container's config recreating all proper namespaces and overriding spec options like resource limits and the container name if given in the cli options this command utilizes the common function DefineCreateFlags meaning that we can funnel as many create options as we want into clone over time allowing the user to clone with as much or as little of the original config as they want. container clone takes a second argument which is a new name and a third argument which is an image name to use instead of the original container's the current supported flags are: --destroy (remove the original container) --name (new ctr name) --cpus (sets cpu period and quota) --cpuset-cpus --cpu-period --cpu-rt-period --cpu-rt-runtime --cpu-shares --cpuset-mems --memory --run resolves #10875 Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | Merge pull request #13280 from baude/updatetutorialsOpenShift Merge Robot2022-02-22
|\ \ \ \ \ | |_|_|_|/ |/| | | | [CI:DOCS]Update networking tutorial for netavark
| * | | | [CI:DOCS]Update networking tutorial for netavarkBrent Baude2022-02-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With netavark being the default networking implementation for Podman v4, the tutorial needed some updating. [NO NEW TESTS] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #13308 from Luap99/remove-netsOpenShift Merge Robot2022-02-21
|\ \ \ \ \ | |_|_|/ / |/| | | | system tests: cleanup networks on teardown
| * | | | system tests: cleanup networks on teardownPaul Holzinger2022-02-21
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a test which creates a network fail it will not remove the network. The teardown logic should remove the networks. Since there is no --all option for network rm we use network prune --force. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #13286 from flouthoc/kube-build-false-defaultOpenShift Merge Robot2022-02-21
|\ \ \ \ | | | | | | | | | | kube: honor `--build=false` if specified.
| * | | | kube: honor --build=false and make --build=true by defaultAditya R2022-02-21
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | `podman play kube` tries to build images even if `--build` is set to false so lets honor that and make `--build` , `true` by default so it matches the original behviour. Signed-off-by: Aditya R <arajan@redhat.com>
* | | | Merge pull request #13304 from Luap99/runtimedirOpenShift Merge Robot2022-02-21
|\ \ \ \ | | | | | | | | | | use GetRuntimeDir() from c/common
| * | | | use GetRuntimeDir() from c/commonPaul Holzinger2022-02-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To prevent duplication and potential bugs we should use the same GetRuntimeDir function that is used in c/common. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #13296 from ↵OpenShift Merge Robot2022-02-21
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Romain-Geissler-1A/url-and-connection-implies-remote Option --url and --connection should imply --remote.
| * | | | | Option --url and --connection should imply --remote.Romain Geissler2022-02-19
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | Closes #13242 Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
* | | | | Merge pull request #13055 from cevich/new_python_imagesOpenShift Merge Robot2022-02-21
|\ \ \ \ \ | | | | | | | | | | | | [main] Cirrus: Update VM Images for 4.0 release
| * | | | | Cirrus: Disable F34 aka prior-fedora testingChris Evich2022-02-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman 4.0 will never be supported in F34, and the use of F35 in CI is temporary until F36 is brought up to speed. Rather than fight with testing issues that will never be fixed/supported, simply disable it. This commit may be reverted at a future date when F36 VM support is added. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | Cirrus: Use updated VM imagesChris Evich2022-02-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mainly this is to confirm some changes needed for the podman-py CI setup don't disrupt operations here. Ref: https://github.com/containers/automation_images/pull/111 Also includes a minor steup fix WRT setting up for test-rpm build. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #13306 from Luap99/flag-errorOpenShift Merge Robot2022-02-21
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | provide better error on invalid flag
| * | | | | provide better error on invalid flagPaul Holzinger2022-02-21
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a extra `See 'podman command --help'` to the error output. With this patch you now get: ``` $ podman run -h Error: flag needs an argument: 'h' in -h See 'podman run --help' ``` Fixes #13082 Fixes #13002 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #13307 from edsantiago/bats_infoOpenShift Merge Robot2022-02-21
|\ \ \ \ \ | | | | | | | | | | | | System tests: show one-line config overview
| * | | | | System tests: show one-line config overviewEd Santiago2022-02-21
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We're running into problems that are impossible to diagnose because we have no idea if the SUT is using netavark or CNI. We've previously run into similar problems with runc/crun, or cgroups 1/2. This adds a one-line 'echo' with important system info. Now, when viewing a full test log, it will be possible to view system settings in one glance. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #13305 from nalind/troubleshootingOpenShift Merge Robot2022-02-21
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] troubleshooting.md: tweak subuid paragraph, encryption
| * | | | | troubleshooting.md: tweak subuid paragraph, encryptionNalin Dahyabhai2022-02-21
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Expand the bit about needing to allocate UIDs so that we don't appear to imply that adding a range of 10000 IDs to /etc/subuid will allow people to use UID 1000000, which isn't in the range that we'd map a range of that size to. TLS is an acronym, so capitalize when we're talking about the protocol. TLS verification is about encryption, not authentication. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | | | Merge pull request #13284 from ↵OpenShift Merge Robot2022-02-21
|\ \ \ \ \ | |/ / / / |/| | | | | | | | | | | | | | eriksjolund/troubleshooting_mention_rootfs_overlay_option [CI:DOCS] troubleshooting: mention overlay option for --rootfs
| * | | | [CI:DOCS] troubleshooting: mention overlay option for --rootfsErik Sjölund2022-02-18
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | * Mention overlay option for --rootfs. Overlay description text is from commit 020d81f113ea1e11398ea77495cc4b8e05a91d38 by Qi Wang Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | Merge pull request #12918 from dgibson/propagate-conf-envOpenShift Merge Robot2022-02-21
|\ \ \ \ | |/ / / |/| | | Propagate CONTAINERS_CONF to conmon
| * | | Propagate $CONTAINERS_CONF to conmonDavid Gibson2022-02-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The CONTAINERS_CONF environment variable can be used to override the configuration file, which is useful for testing. However, at the moment this variable is not propagated to conmon. That means in particular, that conmon can't propagate it back to podman when invoking its --exit-command. The mismatch in configuration between the starting and cleaning up podman instances can cause a variety of errors. This patch also adds two related test cases. One checks explicitly that the correct CONTAINERS_CONF value appears in conmon's environment. The other checks for a possible specific impact of this bug: if we use a nonstandard name for the runtime (even if its path is just a regular crun), then the podman container cleanup invoked at container exit will fail. That has the effect of meaning that a container started with -d --rm won't be correctly removed once complete. Fixes #12917 Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
| * | | tests: Remove inaccurate commentDavid Gibson2022-02-18
|/ / / | | | | | | | | | | | | | | | | | | | | | This comment refers to overiding $PODMAN although the code below does nothing of the sort. Presumbly the comment has been outdated by altering the containers.conf / $CONTAINERS_CONF instead. Signed-off-by: David Gibson <david@gibson.dropbear.id.au>