summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Unify ls --filter docs for networks and podsPatrycja Guzik2022-02-15
| | | | | | Signed-off-by: Patrycja Guzik <patrycja.k.guzik@gmail.com> #13078 follow-up
* Merge pull request #13237 from Luap99/net-docsOpenShift Merge Robot2022-02-15
|\ | | | | [CI:DOCS] podman network: add documentation for netavark
| * podman network: add documentation for netavarkPaul Holzinger2022-02-15
|/ | | | | | | Add some docs about the different network backends. Also remove the CNI word from network since we refer to either a netavark or CNI config. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #13209 from esendjer/mainOpenShift Merge Robot2022-02-14
|\ | | | | ignition: propagate proxy settings from a host into a vm
| * ignition: propagate proxy settings from a host into a vmesendjer2022-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set proxy settings (such as `HTTP_PROXY`, and others) for the whole guest OS with setting up `DefaultEnvironment` with a `systemd` configuration file `default-env.conf`, a `profile.d` scenario file - `default-env.sh` and a `environment.d` configuration file `default-env.conf` The **actual** environment variables are read by podman at a start, then they are encrypted with base64 into a single string and after are provided into a VM through QEMU Firmware Configuration (fw_cfg) Device Inside a VM a systemd service `envset-fwcfg.service` reads the providead encrypted string from fw_cfg, decrypts and then adds to the files - `/etc/systemd/system.conf.d/default-env.conf` - `/etc/profile.d/default-env.sh` - `/etc/environment.d/default-env.conf` At the end this service execute `systemctl daemon-reload` to propagate new variables for systemd manager [NO NEW TESTS NEEDED] Closes #13168 Signed-off-by: esendjer <esendjer@gmail.com>
* | Merge pull request #13223 from Foxboron/morten/fix-annotationOpenShift Merge Robot2022-02-14
|\ \ | | | | | | create: Fix key=value annotation in the flag output
| * | create: Fix key=value annotation in the flag outputMorten Linderud2022-02-14
| | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Morten Linderud <morten@linderud.pw>
* | | Merge pull request #13084 from ↵OpenShift Merge Robot2022-02-14
|\ \ \ | | | | | | | | | | | | | | | | eriksjolund/troubleshooting_userns_keep_id_uidmap_gidmap [CI:DOCS] Add --userns=keep-id, --uidmap, --gidmap troubleshooting
| * | | [CI:DOCS] Add --userns=keep-id, --uidmap, --gidmap troubleshootingErik Sjölund2022-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add troubleshooting advice: "Container creates a file that is not owned by the user's regular UID". The solution involves using the options --uidmap and --gidmap. * Add troubleshooting advice: "Passed-in devices or files can't be accessed in rootless container (UID/GID mapping problem)". The general solution involves using the options --uidmap and --gidmap. Sometimes --userns=keep-id could be used. Co-authored-by: Tom Sweeney <tsweeney@redhat.com> Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | Merge pull request #13220 from baude/podman4fcosOpenShift Merge Robot2022-02-14
|\ \ \ \ | |_|/ / |/| | | Temporarily pull machine images from side repo
| * | | Temporarily pull machine images from side repoBrent Baude2022-02-11
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Until podman4 is in the fcos trees, we need to pull the machine images from a side repository. There is a hard coded bit that forces the side repo download right now. Simple comment or removal of the bit will revert to normal download behavior. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #13144 from lsm5/e2e-netavarkOpenShift Merge Robot2022-02-11
|\ \ \ | | | | | | | | enable netavark specific tests
| * | | enable netavark specific testsLokesh Mandvekar2022-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | These are copies of the CNI tests with modifications wherever neccessary. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | | Merge pull request #13214 from adrianreber/2022-02-11-fix-testsOpenShift Merge Robot2022-02-11
|\ \ \ \ | |/ / / |/| | | Fix checkpoint/restore pod tests
| * | | Fix checkpoint/restore pod testsAdrian Reber2022-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Checkpoint/restore pod tests are not running with an older runc and now that runc 1.1.0 appears in the repositories it was detected that the tests were failing. This was not detected in CI as CI was not using runc 1.1.0 yet. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | Merge pull request #13210 from rhatdan/buildOpenShift Merge Robot2022-02-11
|\ \ \ \ | |_|/ / |/| | | Make sure building with relative paths work correctly.
| * | | Make sure building with relative paths work correctly.Daniel J Walsh2022-02-10
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/12763 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #13205 from jwhonce/wip/network_versionOpenShift Merge Robot2022-02-11
|\ \ \ \ | |_|/ / |/| | | Add 409 response to swagger godoc
| * | | Add 409 response to swagger godocJhon Honce2022-02-10
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | When attempting to create a network with a name that already exists, a 409 status code will be returned [NO NEW TESTS NEEDED] Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #13202 from TomSweeneyRedHat/dev/tsweeney/newhelloOpenShift Merge Robot2022-02-10
|\ \ \ | |/ / |/| | Make the hello image leaner
| * | Make the hello image leanertomsweeneyredhat2022-02-10
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Change from using a bash script to a c file for running the image. With thanks to discussions with @afbjorklund, the Containerfile was rigged up to make the final image be only KB's in size. Also add USER 1000 to make the image test/run as non-root, and update the README.md Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
* | Merge pull request #13197 from giuseppe/doc-cannot-write-loginuidOpenShift Merge Robot2022-02-10
|\ \ | | | | | | [CI:DOCS] troubleshooting: add doc for ssh into a container
| * | troubleshooting: add doc for ssh into a containerGiuseppe Scrivano2022-02-10
| |/ | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #13191 from mheon/resolvconf_fixesOpenShift Merge Robot2022-02-10
|\ \ | | | | | | Modify /etc/resolv.conf when connecting/disconnecting
| * | Modify /etc/resolv.conf when connecting/disconnectingMatthew Heon2022-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `podman network connect` and `podman network disconnect` commands give containers access to different networks than the ones they were created with; these networks can also have DNS servers associated with them. Until now, however, we did not modify resolv.conf as network membership changed. With this PR, `podman network connect` will add any new nameservers supported by the new network to the container's /etc/resolv.conf, and `podman network disconnect` command will do the opposite, removing the network's nameservers from `/etc/resolv.conf`. Fixes #9603 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #13178 from vrothberg/sym-helloOpenShift Merge Robot2022-02-10
|\ \ \ | | | | | | | | helloimage: header symmetry
| * | | helloimage: header symmetryValentin Rothberg2022-02-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Make the header symmetric by adding a whitespace before the `!` on the righthand side. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | Merge pull request #13189 from jwhonce/wip/network_versionOpenShift Merge Robot2022-02-10
|\ \ \ \ | | | | | | | | | | Add version guard to libpod API endpoints
| * | | | Add version guard to libpod API endpointsJhon Honce2022-02-09
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Ensure meaningful behaviour when called with /v3.x.x semantics * Change return code to 409 from 500 when client attempts to use an existing network name * Update API bats test runner to support /v4.0.0 endpoints by default Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #13192 from TomSweeneyRedHat/dev/tsweeney/bumpcommonOpenShift Merge Robot2022-02-10
|\ \ \ \ | |_|_|/ |/| | | Bump c/common to v0.47.4
| * | | Bump c/common to v0.47.4tomsweeneyredhat2022-02-09
|/ / / | | | | | | | | | | | | | | | As the title says. Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
* | | Merge pull request #13184 from Luap99/cni-dirOpenShift Merge Robot2022-02-09
|\ \ \ | | | | | | | | Do not set the network config dir to cni plugin dir
| * | | Do not set the network config dir to cni plugin dirPaul Holzinger2022-02-09
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I do not know why this code was added but it is wrong. We should never use a plugin dir as config dir. Also this will fail for netavark. The correct default will be set in c/common so podman should not touch it. [NO NEW TESTS NEEDED] Ref #13183 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #13182 from Luap99/api-docOpenShift Merge Robot2022-02-09
|\ \ \ | |/ / |/| | [CI:DOCS] Show API doc for several versions
| * | Show API doc for several versionsPaul Holzinger2022-02-09
|/ / | | | | | | | | | | | | | | | | | | | | Right now it is not possible to look at the API version for a specific version. docs.podman.io always show the latest version from the main branch. This is not want many users want so they now have the ability to select a different version. Fixes #12796 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #13142 from tmds/ImageCreate_200_schemaOpenShift Merge Robot2022-02-09
|\ \ | | | | | | [CI:DOCS] Add schema for ImageCreate 200 response.
| * | [NO NEW TEST NEEDED] Add schema for ImageCreate 200 response.Tom Deseyn2022-02-09
| | | | | | | | | | | | Signed-off-by: Tom Deseyn <tom.deseyn@gmail.com>
* | | Merge pull request #13170 from rhatdan/idmapOpenShift Merge Robot2022-02-09
|\ \ \ | |_|/ |/| | idmap should be able to be specified along with other options
| * | idmap should be able to be specified along with other optionsDaniel J Walsh2022-02-08
|/ / | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] crun is not available everywhere to test idmap. Kernel might not be recent enough and not all file systems support idmap option. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13164 from ↵OpenShift Merge Robot2022-02-08
|\ \ | | | | | | | | | | | | containers/dependabot/go_modules/github.com/docker/distribution-2.8.0incompatible Bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.0+incompatible
| * | Bump github.com/docker/distributiondependabot[bot]2022-02-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.7.1+incompatible to 2.8.0+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.7.1...v2.8.0) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #13163 from myml/myml/fix-durationOpenShift Merge Robot2022-02-08
|\ \ \ | | | | | | | | fix: Multiplication of durations
| * | | fix: Multiplication of durationsmyml2022-02-08
| |/ / | | | | | | | | | | | | | | | | | | 'killContainerTimeout' is already 5 second [NO NEW TESTS NEEDED] Signed-off-by: myml <wurongjie1@gmail.com>
* | | Merge pull request #13159 from Luap99/slirp4-scopeOpenShift Merge Robot2022-02-08
|\ \ \ | |/ / |/| | move rootless netns slirp4netns process to systemd user.slice
| * | move rootless netns slirp4netns process to systemd user.slicePaul Holzinger2022-02-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running podman inside systemd user units, it is possible that systemd kills the rootless netns slirp4netns process because it was started in the default unit cgroup. When the unit is stopped all processes in that cgroup are killed. Since the slirp4netns process is run once for all containers it should not be killed. To make sure systemd will not kill the process we move it to the user.slice. Fixes #13153 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #13156 from flouthoc/fix-compat-build-response-headerOpenShift Merge Robot2022-02-07
|\ \ \ | | | | | | | | compat: endpoint `/build` must set header `content type` as `application/json` in response header.
| * | | compat: endpoint /build must set header content type as application/json in ↵Aditya R2022-02-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | reponse Lot of clients are expecting proper `Content-type: application/json` configured in response headers of `/build` compat api. Following commit fixes that. Fixes issues where code is setting header field after writing header which is wrong. We must set `content-type` before we write and flush http header. Signed-off-by: Aditya R <arajan@redhat.com>
* | | | Merge pull request #13158 from edsantiago/batsOpenShift Merge Robot2022-02-07
|\ \ \ \ | | | | | | | | | | Cleanup: remove obsolete/misleading bug workaround
| * | | | Cleanup: remove obsolete/misleading bug workaroundEd Santiago2022-02-07
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | Followup to #13129: remove a no-longer-necessary workaround for a healthcheck bug. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #13129 from flouthoc/healthcheck-session-read-from-pipeOpenShift Merge Robot2022-02-07
|\ \ \ \ | |_|/ / |/| | | healthcheck, libpod: Read healthcheck event output from os pipe