summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* --authfile command line argument for image sign command.José Guilherme Vanz2021-11-11
| | | | | | | | | | | Adds the --authfile command line argument to allow users to use alternative authfile paths when signing images. Replaces: https://github.com/containers/podman/pull/10975 Fixes: https://github.com/containers/podman/issues/10866 Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #12267 from giuseppe/safely-create-etc-mtabOpenShift Merge Robot2021-11-11
|\ | | | | libpod: create /etc/mtab safely
| * libpod: create /etc/mtab safelyGiuseppe Scrivano2021-11-11
| | | | | | | | | | | | | | | | | | | | | | make sure the /etc/mtab symlink is created inside the rootfs when /etc is a symlink. Closes: https://github.com/containers/podman/issues/12189 [NO NEW TESTS NEEDED] there is already a test case Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #12214 from giuseppe/fix-rootless-error-messageOpenShift Merge Robot2021-11-11
|\ \ | | | | | | rootless: adjust error message
| * | rootless: adjust error messageGiuseppe Scrivano2021-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | since we now support reading additional IDs with libsubid, clarify that the /etc/subuid and /etc/subgid files are honored only when shadow-utils is configured to use them. [NO TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #12131 from Luap99/netavark-interfaceOpenShift Merge Robot2021-11-11
|\ \ \ | |_|/ |/| | Netavark interface
| * | Add failing run test for netavarkPaul Holzinger2021-11-11
| | | | | | | | | | | | Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | Add flag to overwrite network backend from configPaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | | | | To make testing easier we can overwrite the network backend with the global `--network-backend` option. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | Add network backend to podman infoPaul Holzinger2021-11-11
| | | | | | | | | | | | Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | Add more netavark testsPaul Holzinger2021-11-11
| | | | | | | | | | | | Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | select network backend based on configPaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | | | | You can change the network backendend in containers.conf supported values are "cni" and "netavark". Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | Fix RUST_LOG envar for netavarkPaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | THe rust netlink library is very verbose. It contains way to much debug and trave logs. We can set `RUST_LOG=netavark=<level>` to make sure this log level only applies to netavark and not the libraries. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | netavark IPAM assignmentPaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new boltdb to handle IPAM assignment. The db structure is the following: Each network has their own bucket with the network name as bucket key. Inside the network bucket there is an ID bucket which maps the container ID (key) to a json array of ip addresses (value). The network bucket also has a bucket for each subnet, the subnet is used as key. Inside the subnet bucket an ip is used as key and the container ID as value. The db should be stored on a tmpfs to ensure we always have a clean state after a reboot. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | netavark network interfacePaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | Implement a new network interface for netavark. For now only bridge networking is supported. The interface can create/list/inspect/remove networks. For setup and teardown netavark will be invoked. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | Make networking code reusablePaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To prevent code duplication when creating new network backends move reusable code into a separate internal package. This allows all network backends to use the same code as long as they implement the new NetUtil interface. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #12193 from yahavi/patch-1OpenShift Merge Robot2021-11-11
|\ \ \ | |/ / |/| | [CI:DOCS] Fix Zsh completion command documentation
| * | Fix Zsh completion command documentationYahav Itzhak2021-11-09
| | | | | | | | | | | | Signed-off-by: yahavi <yahavi@jfrog.com>
* | | Merge pull request #12260 from Luap99/upgrade-flakeOpenShift Merge Robot2021-11-11
|\ \ \ | | | | | | | | Fix flake in upgrade tests
| * | | Fix flake in upgrade testsPaul Holzinger2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The cni plugins need access to /run/cni and the dnsname plugin needs access to /run/containers. The race condition was basically that a `podman stop` could either do the cleanup itself or the spawned cleanup process would do the cleanup if it was fast enough. The `podman stop` is executed on the host while the podman cleanup process is executed in the "parent container". The parent container contains older plugins than on the host. The dnsname plugin before version 1.3 could error and this would prevent CNI from doing a proper cleanup. The plugin errors because it could not find its files in /run/containers. On my system the test always failed because the cleanup process was always faster than the stop process. However in the CI VMs the stop process was usually faster and so it failed only sometimes. Fixes #11558 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #12261 from rhatdan/DockerfileOpenShift Merge Robot2021-11-11
|\ \ \ \ | | | | | | | | | | [CI:DOCS] VOLUME must be declared after RUN chown command
| * | | | VOLUME must be declared after RUN chown commandJindrich Novy2021-11-10
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman and Docker will not commit changes via RUN command of a VOLUME directory, so we need to chown path first. Not doing do will cause: https://bugzilla.redhat.com/show_bug.cgi?id=2009266 Signed-off-by: Jindrich Novy <jnovy@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #12240 from umohnani8/tableOpenShift Merge Robot2021-11-10
|\ \ \ \ | | | | | | | | | | Print headers for system connection ls
| * | | | Print headers for system connection lsUrvashi Mohnani2021-11-10
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | Print out the headers even if the system connection list is empty to match the behavior of other list commands. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | Merge pull request #12242 from Luap99/port-reloadOpenShift Merge Robot2021-11-10
|\ \ \ \ | | | | | | | | | | network reload without ports should not reload ports
| * | | | network reload return error if we cannot reload portsPaul Holzinger2021-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As rootless we have to reload the port mappings. If it fails we should return an error instead of the warning. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | network reload without ports should not reload portsPaul Holzinger2021-11-10
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When run as rootless the podman network reload command tries to reload the rootlessport ports because the childIP could have changed. However if the containers has no ports we should skip this instead of printing a warning. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #12258 from edsantiago/xref_manpages_see_alsoOpenShift Merge Robot2021-11-10
|\ \ \ \ | |/ / / |/| | | [CI:DOCS] Add CI check for SEE ALSO in man pages
| * | | [CI:DOCS] Add CI check for SEE ALSO in man pagesEd Santiago2021-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add new CI check to confirm that links and references in SEE ALSO sections are properly formatted and that links are valid (at least in theory: we do no actual URL fetching to test for 404). The check is piggybacked into existing xref-helpmsgs-manpages script. It could conceivably be more elegant to write a separate tool for this purpose, but I don't wish to duplicate the logic for finding and reading markdown files. Script identified various problems, which I fix in this PR: . missing '**' (asterisks) around some references, or '**' in the wrong place. . links pointing to github.com/.../tree/ instead of /blob/ (github redirects those automatically, but I like consistency) . a few copy-paste errors, e.g. subgid linking to subuid. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #12255 from vrothberg/fix-11970OpenShift Merge Robot2021-11-10
|\ \ \ \ | |/ / / |/| | | podman load: support downloading files
| * | | podman load: support downloading filesValentin Rothberg2021-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support downloading files, for instance via `podman load -i server.com/image.tar`. The specified URL is downloaded in the frontend and stored as a temp file that gets passed down to the backend. Also vendor in c/common@main to use the new `pkg/download`. Fixes: #11970 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12241 from rhatdan/manOpenShift Merge Robot2021-11-10
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Add links to all SEE ALSO sections
| * | | | Add links to all SEE ALSO sectionsDaniel J Walsh2021-11-10
| |/ / / | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #12250 from vrothberg/fix-12245OpenShift Merge Robot2021-11-10
|\ \ \ \ | |/ / / |/| | | pod create: read infra image from containers.conf
| * | | pod create: read infra image from containers.confValentin Rothberg2021-11-10
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | Fix a bug where pods would be created with the hard-coded default infra image instead of the custom one from containers.conf. Add a simple regression test. Fixes: #12245 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #12227 from Luap99/net-setupOpenShift Merge Robot2021-11-09
|\ \ \ | | | | | | | | Fix rootless networking with userns and ports
| * | | Fix rootless networking with userns and portsPaul Holzinger2021-11-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A rootless container created with a custom userns and forwarded ports did not work. I refactored the network setup to make the setup logic more clear. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #12195 from boaz0/closes_11998OpenShift Merge Robot2021-11-09
|\ \ \ \ | | | | | | | | | | podman-generate-kube - remove empty structs from YAML
| * | | | podman-generate-kube - remove empty structs from YAMLBoaz Shuster2021-11-07
| | |/ / | |/| | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | | Merge pull request #12239 from vrothberg/fix-12226OpenShift Merge Robot2021-11-09
|\ \ \ \ | | | | | | | | | | support health checks from image configs
| * | | | support health checks from image configsValentin Rothberg2021-11-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Health checks may be defined in the container config or the config of an image. So far, Podman only looked at the container config. The plumbing happened in libimage but add a regression test to Podman as well to make sure the glue code will not regress. Note that I am pinning github.com/onsi/gomega to v1.16.0 since v1.17.0 requires go 1.16 which in turn is breaking CI. Fixes: #12226 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #12235 from saschagrunert/fix-static-buildOpenShift Merge Robot2021-11-09
|\ \ \ \ \ | | | | | | | | | | | | Exclude already built sources for static build
| * | | | | Exclude already built sources for static buildSascha Grunert2021-11-09
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We now do not copy the `bin` directory to the target nix sources to avoid skipping the build because "everything is up to date". Fixes https://github.com/containers/podman/issues/12198 Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* | | | | Merge pull request #12232 from ianw/make-c-filesOpenShift Merge Robot2021-11-09
|\ \ \ \ \ | | | | | | | | | | | | Match .c files in Makefile
| * | | | | Match .c files in MakefileIan Wienand2021-11-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensure that rebuilds happen when .c files are updated in the source tree. Signed-off-by: Ian Wienand <iwienand@redhat.com>
* | | | | | Merge pull request #12233 from ianw/shm-lock-failure-messageOpenShift Merge Robot2021-11-09
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | shm_lock: Handle ENOSPC better in AllocateSemaphore
| * | | | | shm_lock: Handle ENOSPC better in AllocateSemaphoreIan Wienand2021-11-09
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When starting a container libpod/runtime_pod_linux.go:NewPod calls libpod/lock/lock.go:AllocateLock ends up in here. If you exceed num_locks, in response to a "podman run ..." you will see: Error: error allocating lock for new container: no space left on device As noted inline, this error is technically true as it is talking about the SHM area, but for anyone who has not dug into the source (i.e. me, before a few hours ago :) your initial thought is going to be that your disk is full. I spent quite a bit of time trying to diagnose what disk, partition, overlay, etc. was filling up before I realised this was actually due to leaking from failing containers. This overrides this case to give a more explicit message that hopefully puts people on the right track to fixing this faster. You will now see: $ ./bin/podman run --rm -it fedora bash Error: error allocating lock for new container: allocation failed; exceeded num_locks (20) [NO NEW TESTS NEEDED] (just changes an existing error message) Signed-off-by: Ian Wienand <iwienand@redhat.com>
* | | | | Merge pull request #12230 from rhatdan/manOpenShift Merge Robot2021-11-09
|\ \ \ \ \ | | | | | | | | | | | | [ci:docs] Add links to podman build see also
| * | | | | Add links to podman build,run, create see alsoDaniel J Walsh2021-11-08
|/ / / / / | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #12222 from Luap99/pod-create-netOpenShift Merge Robot2021-11-09
|\ \ \ \ \ | | | | | | | | | | | | pod create: read network mode from config
| * | | | | pod create: read network mode from configPaul Holzinger2021-11-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we create a pod we have to parse the network mode form the config file. This is a regression in commit d28e85741f. Fixes #12207 Signed-off-by: Paul Holzinger <pholzing@redhat.com>