| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
Unless specified in the create command of the pod, enforce the exit
policy to "stop". With "stop", a pod is stopped when the last container
exits and does not continue running. This behavior integrates much
better into systemd which is now able to tell whether the service
running as pod is actually running/active or not.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|\
| |
| | |
Treadmill script: revamp
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Major revamp: instead of stacking a vendor commit on top of
the treadmill changes, do it the other way around: vendor,
then apply treadmill diffs.
Reason: the build-all-new-commits test. Sigh. It fails in the
common case where our treadmill changes include a new struct
element in cmd/podman/images/build.go
Why this is good: well, superficially, it's more intuitive.
Why this is horrible: omg the rebasing games are a nightmare.
When the vendor commit is on top (HEAD), it's ultra-trivial
to drop it, rebase the treadmill changes on main, then add
a new vendor-buildah commit on top. As you can see from the
diffs in this PR, treadmill-as-HEAD introduces all sorts
of complex dance steps in which things can go catastrophically
wrong and you can lose all your treadmill patches. I try very
hard to prevent this, and to offer hints if there's a problem,
and heck in the worst case it's still git so it's still possible
to find lost commits... but it's still much riskier than the
old way.
Alternative I considered: using sed magic to disable the
build-all-new-commits test. So tempting... but that would
also disable the bloat check.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\
| |
| | |
CI: emergency fix for broken go get
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
go get is deprecated, we should use go install instead.
Also for some reason go get -u golang.org/x/tools/cmd/goimports is
broken at the moment, thus failing CI jobs where we have to install
this. Switching to go install seems to fix it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| |/
|/| |
pod: add exit policies
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add the notion of an "exit policy" to a pod. This policy controls the
behaviour when the last container of pod exits. Initially, there are
two policies:
- "continue" : the pod continues running. This is the default policy
when creating a pod.
- "stop" : stop the pod when the last container exits. This is the
default behaviour for `play kube`.
In order to implement the deferred stop of a pod, add a worker queue to
the libpod runtime. The queue will pick up work items and in this case
helps resolve dead locks that would otherwise occur if we attempted to
stop a pod during container cleanup.
Note that the default restart policy of `play kube` is "Always". Hence,
in order to really solve #13464, the YAML files must set a custom
restart policy; the tests use "OnFailure".
Fixes: #13464
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Required for using the newly added pod exit policies.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|\ \
| | |
| | | |
libpod: unset networks before storing container conf
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since networks must always be read from the db bucket directly we should
unset them in config to avoid caller from accidentally using them.
I already tried this but it didn't work because the networks were unset
after the config was marshalled.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| |/
|/| |
Implement machine inspect for WSL
|
|/
|
|
| |
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
|\
| |
| | |
Use simulated dual-stack binds when using WSL
|
| |
| |
| |
| |
| |
| | |
Resolves a WSL problem where traffic from only one stack is relayed
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
|\ \
| | |
| | | |
[CI:DOCS] buildah-vendor-treadmill script: yet more checks
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
More safety checks for the treadmill script:
* for --sync:
- issue warning if HEAD is not a vendor commit
- if run-buildah-bud-tests fails, leave the working dir
for user to investigate. And offer a long helpful warning.
- tweak .cirrus.yml so buildah-bud tests run early, so
we can fail early. (Remember, the top commit will never
ever ever ever be merged)
* for --pick:
- check branch merge-base (of your vendor-update branch),
compare against that of the treadmill PR. If treadmill
is newer, bail, and suggest rebasing. This would've
saved us some time in #14005.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \
| | |
| | | |
libpod: host netns keep same /etc/resolv.conf
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When a container is run in the host network namespace we have to keep
the same resolv.conf content and not use the systemd-resolve detection
logic.
But also make sure we still allow --dns options.
Fixes #14055
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The files /etc/hosts, /etc/hostname and /etc/resolv.conf should always
be owned by the root user in the container. This worked correct for
/etc/hostname and /etc/hosts but not for /etc/resolv.conf.
A container run with --userns keep-id would have the reolv.conf file
owned by the current container user which is wrong.
Consolidate some common code in a new helper function to make the code more
cleaner.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \
| | | |
| | | | |
enable errcheck linter
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since the decoder is shared registering the decoder inside a single
endpoint will also register it for all others. Also the problem with
that is the it will register it everytime this endpoint is called which
is wrong.
Instead we should register it once like the other custom decoder
functions.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The test has been broken since it was added 4 years ago. Instead of
using hardcoded paths we should use tmp files.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The errcheck linter makes sure that errors are always check and not
ignored by accident. It spotted a lot of unchecked errors, mostly in the
tests but also some real problem in the code.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \
| | | |
| | | | |
[CI:DOCS] Github PR template: add release-note block
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Initial step toward automating the collection & generation
of release notes: add a markdown release-note block to our
PR template. This will be reaped by an existing Kubernetes
tool and gathered into a document that can be used as a
starting point for future releases.
Many more followup steps to come.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
libpod: unlock containers when removing pod
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It solves a race where a container cleanup process launched because of
the container process exiting normally would hang.
It also solves a problem when running as rootless on cgroup v1 since
it is not possible to force pids.max = 1 on conmon to limit spawning
the cleanup process.
Partially copied from https://github.com/containers/podman/pull/13403
Related to: https://github.com/containers/podman/issues/14057
[NO NEW TESTS NEEDED] it doesn't add any new functionality
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
remove unused codepath for creating/running ctr in a pod
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
`pod.CgroupPath()` currently includes a codepath that is never accessed,
which is supposed to start the infra ctr and obtain the cgroup path from there
that is never necessary/safe because p.state.CgroupPath is never empty
[NO NEW TESTS NEEDED]
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
|
|\ \ \ \
| | | | |
| | | | | |
Refactor machine inspect
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
I was asked to refactor machine inspect output to represent more common
and basic information. machine inspect now has information that would
be appropriate for different machines.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
shell completion --format: work with nil structs
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
podman image search accepts a go template, we can use the same shell
completion logic which is used everywhere else in the code.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
For the AutocompleteFormat function we expect the correct template
struct which is used in the golang template. The function can handle
both struct and pointer to a struct. Using the reference is more
efficient since it doe snot have to copy the whole struct.
Also change some structs to use he actual type from the template instead
of some nested one to make sure it has to correct fields.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
It used the wrong struct so not all fields were listed in the
completion.
Fixes podman images --format and podman image history --format
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
We should not include the anonymous twice in the suggestions.
one example is `podman network ls --format {{.` it will also show
`{{.Network` but since Network is the actual struct all fields are
already shown so there is no need for it to be suggested.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Make sure to autocomplete the go template for network inspect.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
AutocompleteFormat() takes the format struct as argument. Often the structs
are deeply nested and contain other structs. Up until now if there was a
pointer to a struct the logic was not able to get the field names from
that, simply because the pointer was nil. However it is possible to
create a new initialized type with reflect.New(). This allows us to
complete all struct fields/functions even when there nil pointers.
Therefore we can drop the extra initialization which was done by some
callers.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
podman machine starting test
|
| | |_|_|_|/
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
add a test to make sure machines are not running while still starting
in order to do this, I added a parameter to `run()` to delineate whether
or not the command should block or not. The non blocking run allows for tests
to get and use the `machineSession` pointer and check the exit code to see if it has finished.
also fix a bug (created by #13996) that before started, the machines would
always say "LastUp" and "Created" Less than one second ago
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
Report properly whether pod shares host network
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Fixes: https://github.com/containers/podman/issues/14028
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | |
| | | | | |
| | | | | | |
containers/dependabot/go_modules/github.com/containernetworking/cni-1.1.0
Bump github.com/containernetworking/cni from 1.0.1 to 1.1.0
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/containernetworking/cni/releases)
- [Commits](https://github.com/containernetworking/cni/compare/v1.0.1...v1.1.0)
---
updated-dependencies:
- dependency-name: github.com/containernetworking/cni
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
e2e tests: use HaveField() for better error checking
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Two for this error:
invalid indirect of pod.Spec.DNSConfig.Options[0]
...and one for a gofmt error (spaces).
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is a very late followup to my ginkgo-improving work of 2021.
It has been stuck since December because it requires gomega 1.17,
which we've just enabled.
This commit is simply a copy-paste of a command I saved in
my TODO list many months ago:
sed -i -e 's/Expect(\([^ ]\+\)\.\([a-zA-Z0-9]\+\))\.To(Equal(/Expect(\1).To(HaveField(\"\2\", /' test/e2e/*_test.go
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
volume: add new option -o o=noquota
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add a new option to completely disable xfs quota usage for a volume.
xfs quota set on a volume, even just for tracking disk usage, can
cause weird errors if the volume is later re-used by a container with
a different quota projid. More specifically, link(2) and rename(2)
might fail with EXDEV if the source file has a projid that is
different from the parent directory.
To prevent such kind of issues, the volume should be created
beforehand with `podman volume create -o o=noquota $ID`
Closes: https://github.com/containers/podman/issues/14049
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
podman search: truncate by default
|