summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #12351 from ↵OpenShift Merge Robot2021-11-22
|\ | | | | | | | | adrianreber/2021-11-18-restore-runtime-verification Restore runtime verification
| * Add tests for restore runtime verificationAdrian Reber2021-11-19
| | | | | | | | | | | | | | | | On container restore ensures that the same container runtime is used as during checkpointing and it also ensures that the user does not select a different runtime. Signed-off-by: Adrian Reber <areber@redhat.com>
| * Use same runtime to restore a container as during checkpointingAdrian Reber2021-11-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are at least two runtimes that support checkpoint and restore: runc and crun. Although the checkpoints created by these are almost compatible, it is not (yet) possible to restore a checkpoint created with one runtime with the other runtime. To make checkpoint/restore usage more comfortable this adds code to look into the checkpoint archive during restore and to set the runtime to the one used during checkpointing. This also adds a check, if the user explicitly sets a runtime during restore, that the runtime is also the same as used during checkpointing. If a different runtime is selected than the one used during checkpointing the restore will fail early. If runc and crun will create compatible checkpoints in the future the check can be changed to treat crun and runc as compatible checkpoint/restore runtimes. Signed-off-by: Adrian Reber <areber@redhat.com>
* | Merge pull request #12305 from colinbendell/add-expose-port-rangeOpenShift Merge Robot2021-11-21
|\ \ | | | | | | Support EXPOSE with port ranges
| * | Add EXPOSE e2e testColin Bendell2021-11-20
| | | | | | | | | | | | Signed-off-by: Colin Bendell <colin@bendell.ca>
| * | Support EXPOSE with port rangesColin Bendell2021-11-20
|/ / | | | | | | | | | | | | | | Fixes issue #12293. EXPOSE directive in images should mirror the --expose parameter. Specifically `EXPOSE 20000-20100/tcp` should work the same as `--expose 20000-20100/tcp` Signed-off-by: Colin Bendell <colin@bendell.ca>
* | Merge pull request #12216 from ↵OpenShift Merge Robot2021-11-20
|\ \ | | | | | | | | | | | | containers/dependabot/go_modules/github.com/rootless-containers/rootlesskit-0.14.6 Bump github.com/rootless-containers/rootlesskit from 0.14.5 to 0.14.6
| * | Bump github.com/rootless-containers/rootlesskit from 0.14.5 to 0.14.6Daniel J Walsh2021-11-19
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.14.5 to 0.14.6. - [Release notes](https://github.com/rootless-containers/rootlesskit/releases) - [Commits](rootless-containers/rootlesskit@v0.14.5...v0.14.6) --- updated-dependencies: - dependency-name: github.com/rootless-containers/rootlesskit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | Merge pull request #12364 from flouthoc/fix-filter-patternOpenShift Merge Robot2021-11-19
|\ \ | |/ |/| filter: use `filepath.Match` to maintain consistency with other pattern matching in podman
| * filter: use filepath.Match to maintain consistency with other patternAditya Rajan2021-11-19
|/ | | | | | | | | | | | | | | matching in podman Following commit ensures that we maintain consistency with how pattern matching is being carried out everywhere else in podman. Switch from `regexp` to `filepath.Match` For example https://github.com/containers/common/blob/main/libimage/filters.go#L162 [NO NEW TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* Merge pull request #12367 from rst0git/file-locks-1OpenShift Merge Robot2021-11-19
|\ | | | | test: Update error string for --file-locks test
| * api/handlers: Add checkpoint/restore FileLocksRadostin Stoyanov2021-11-19
| | | | | | | | Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
| * test: Update error string for --file-locks testRadostin Stoyanov2021-11-19
| | | | | | | | | | | | | | | | Use a substring matching the end of the error message. Closes: #12366 Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
* | Merge pull request #12311 from of2x/patch-1OpenShift Merge Robot2021-11-19
|\ \ | | | | | | [CI:DOCS] upload a translation file
| * | [CI:DOCS]upload a translation file二氟化氧2021-11-19
| | | | | | | | | | | | | | | | | | a tranlastion for the podman_tutorial.md Signed-off-by: sixways <lw.2675@qq.com>
* | | Merge pull request #12174 from ↵OpenShift Merge Robot2021-11-19
|\ \ \ | | | | | | | | | | | | | | | | fgimenez/fix-docker-networksettings-type-discrepancy Introduces Address type to be used in secondary IPv4 and IPv6 inspect data structure
| * | | Introduce Address type to be used in secondary IPv4 and IPv6 inspect dataFederico Gimenez2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | structure. Resolves a discrepancy between the types used in inspect for docker and podman. This causes a panic when using the docker client against podman when the secondary IP fields in the `NetworkSettings` inspect field are populated. Fixes containers#12165 Signed-off-by: Federico Gimenez <fgimenez@redhat.com>
* | | | Merge pull request #12356 from Luap99/pod-logsOpenShift Merge Robot2021-11-19
|\ \ \ \ | |_|_|/ |/| | | fix duplicated logs command
| * | | fix duplicated logs commandPaul Holzinger2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman logs was defined twice, once for container logs and once for pod logs. This causes problems with the shell completion. Also podman --help showed this command twice. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #12344 from ↵OpenShift Merge Robot2021-11-19
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/docker/docker-20.10.11incompatible Bump github.com/docker/docker from 20.10.10+incompatible to 20.10.11+incompatible
| * | | | Bump github.com/docker/dockerdependabot[bot]2021-11-18
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.10+incompatible to 20.10.11+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md) - [Commits](https://github.com/docker/docker/compare/v20.10.10...v20.10.11) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | Merge pull request #12318 from mscherer/2nd_tryOpenShift Merge Robot2021-11-19
|\ \ \ \ | | | | | | | | | | Change error message for compatibility with docker
| * | | | Change error message for compatibility with dockerMichael Scherer2021-11-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix #12315 Signed-off-by: Michael Scherer <misc@redhat.com>
* | | | | Merge pull request #11795 from cevich/update_to_f35OpenShift Merge Robot2021-11-18
|\ \ \ \ \ | | | | | | | | | | | | Cirrus: Bump Fedora to release 35
| * | | | | Cirrus: Bump Fedora to release 35Chris Evich2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Fedora 35 cloud images have switched to UEFI boot with a GPT partition. Formerly, all Fedora images included support for runtime re-partitioning. However, the requirement to test alternate storage has since been dropped/removed. Rather than maintain a disused feature, and supporting scripts, these Fedora VM images have reverted to the default: Automatically resize to 100% on boot. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | Cirrus: Partially revert catatonit --force installChris Evich2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | VM Images created as of this commit contain the new/required version. Remove the `--force` install, but retain the hack script's ability to support this in the future. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | Revert "Cirrus: Temp. disable prior-fedora testing"Chris Evich2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit f35d7f4dc76ca02b741e37f31ddc68c1d3ca9331. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | Cirrus: Workaround log_driver=journald settingChris Evich2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In F35 the hard-coded default (from containers-common-1-32.fc35.noarch) is 'journald' despite the upstream repository having this line commented-out. Containerized integration tests cannot run with 'journald' as there is no daemon/process there to receive them. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | Cirrus: Fix bindings test hang b/c logging config mismatchChris Evich2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Massive thanks to @edsantiago for tracking this down. Ref: https://github.com/containers/podman/issues/12175 Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | Cirrus: Timeout bindings test after 30mChris Evich2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During initial testing of Fedora 35beta VM images in CI, the bindings task was timing out. In order to allow time for collection of system details (logs), execution needs to timeout earlier than the task. Under normal conditions, the bindings test finishes in about 10-minutes. Use the ginkgo timeout option to limit execution, so it times out after 30 minutes. Also add the `-progress` option so the output more closely resembles how ginkgo runs the integration tests. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | Cirrus: Log more things in bindings and unit testsChris Evich2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These tasks run earlier on, so it's useful to have more detail about the test VM (in general) in case something goes terribly wrong. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | Minor Makefile fixChris Evich2021-11-18
| | |/ / / | |/| | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | Merge pull request #12346 from ↵OpenShift Merge Robot2021-11-18
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/k8s.io/api-0.22.4 Bump k8s.io/api from 0.22.3 to 0.22.4
| * | | | | Bump k8s.io/api from 0.22.3 to 0.22.4dependabot[bot]2021-11-18
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.22.3 to 0.22.4. - [Release notes](https://github.com/kubernetes/api/releases) - [Commits](https://github.com/kubernetes/api/compare/v0.22.3...v0.22.4) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #12354 from Luap99/exit-commandOpenShift Merge Robot2021-11-18
|\ \ \ \ \ | | | | | | | | | | | | Do not store the exit command in container config
| * | | | | Do not store the exit command in container configPaul Holzinger2021-11-18
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a problem with creating and storing the exit command when the container was created. It only contains the options the container was created with but NOT the options the container is started with. One example would be a CNI network config. If I start a container once, then change the cni config dir with `--cni-config-dir` ans start it a second time it will start successfully. However the exit command still contains the wrong `--cni-config-dir` because it was not updated. To fix this we do not want to store the exit command at all. Instead we create it every time the conmon process for the container is startet. This guarantees us that the container cleanup process is startet with the correct settings. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #11957 from edsantiago/batsOpenShift Merge Robot2021-11-18
|\ \ \ \ \ | | | | | | | | | | | | System tests: new checkpoint test
| * | | | | System tests: new checkpoint testsEd Santiago2021-11-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Includes a test for the stdout-goes-away bug (crun #756). Skip on Ubuntu due to a many-months-old kernel bug that keeps getting fixed and then un-fixed. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #12295 from flouthoc/filter-label-patternOpenShift Merge Robot2021-11-18
|\ \ \ \ \ \ | | | | | | | | | | | | | | filters: add basic pattern matching for label keys i.e `--filter label=<pattern>`
| * | | | | | filter: add basic pattern matching for label keysAditya Rajan2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following PR adds basic pattern matching to filter by labels for `keys`. Adds support for use-cases like `--filter label=some.prefix.com/key/*` where end-users want to match a pattern for keys as compared to exact value. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | | | | | Merge pull request #12298 from giuseppe/idmapped-bind-mountsOpenShift Merge Robot2021-11-18
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | volumes: add new option idmap
| * | | | | | | volumes: add new option idmapGiuseppe Scrivano2021-11-18
| | |_|_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pass down the "idmap" mount option to the OCI runtime. Needs: https://github.com/containers/crun/pull/780 Closes: https://github.com/containers/podman/issues/12154 [NO NEW TESTS NEEDED] there is no crun version yet that support the new feature. Test case (must run as root): podman run --rm -v foo:/foo alpine touch /foo/bar podman run --uidmap 0:1:1000 --rm -v foo:/foo:idmap alpine ls -l /foo total 0 -rw-r--r-- 1 root root 0 Nov 15 14:01 bar Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | Merge pull request #12314 from Luap99/machine-wait-sshdOpenShift Merge Robot2021-11-18
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | podman machine start wait for ssh
| * | | | | | | podman machine start wait for sshPaul Holzinger2021-11-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Wait for sshd to be ready before we return from start. This should make podman machine ssh immediately available without any race conditions. Fixes #11532 [NO NEW TESTS NEEDED] I could not reproduce the issue so I am not sure if this fixes it. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | | Merge pull request #12348 from Luap99/rootless-netnsOpenShift Merge Robot2021-11-18
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | rootless netns, one netns per libpod tmp dir
| * | | | | | | | rootless netns, one netns per libpod tmp dirPaul Holzinger2021-11-18
| | |/ / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The netns cleanup code is checking if there are running containers, this can fail if you run several libpod instances with diffrent root/runroot. To fix it we use one netns for each libpod instances. To prevent name conflicts we use a hash from the static dir as part of the name. Previously this worked because we would use the CNI files to check if the netns was still in use. but this is no longer possible with netavark. [NO NEW TESTS NEEDED] Fixes #12306 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | | Merge pull request #12333 from rst0git/file-locksOpenShift Merge Robot2021-11-18
|\ \ \ \ \ \ \ \ | |_|_|_|_|/ / / |/| | | | | | | Add --file-locks checkpoint/restore option
| * | | | | | | Add test for checkpoint/restore with --file-locksRadostin Stoyanov2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
| * | | | | | | Add --file-locks checkpoint/restore optionRadostin Stoyanov2021-11-18
|/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CRIU supports checkpoint/restore of file locks. This feature is required to checkpoint/restore containers running applications such as MySQL. Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
* | | | | | | Merge pull request #12342 from vrothberg/fix-12334OpenShift Merge Robot2021-11-18
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | remote checkpoint/restore: more fixes