summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* generate systemd: pods: set exit policyValentin Rothberg2022-05-03
| | | | | | | | | | Unless specified in the create command of the pod, enforce the exit policy to "stop". With "stop", a pod is stopped when the last container exits and does not continue running. This behavior integrates much better into systemd which is now able to tell whether the service running as pod is actually running/active or not. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #14081 from edsantiago/treadmill_revampOpenShift Merge Robot2022-05-02
|\ | | | | Treadmill script: revamp
| * Treadmill script: revampEd Santiago2022-05-02
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Major revamp: instead of stacking a vendor commit on top of the treadmill changes, do it the other way around: vendor, then apply treadmill diffs. Reason: the build-all-new-commits test. Sigh. It fails in the common case where our treadmill changes include a new struct element in cmd/podman/images/build.go Why this is good: well, superficially, it's more intuitive. Why this is horrible: omg the rebasing games are a nightmare. When the vendor commit is on top (HEAD), it's ultra-trivial to drop it, rebase the treadmill changes on main, then add a new vendor-buildah commit on top. As you can see from the diffs in this PR, treadmill-as-HEAD introduces all sorts of complex dance steps in which things can go catastrophically wrong and you can lose all your treadmill patches. I try very hard to prevent this, and to offer hints if there's a problem, and heck in the worst case it's still git so it's still possible to find lost commits... but it's still much riskier than the old way. Alternative I considered: using sed magic to disable the build-all-new-commits test. So tempting... but that would also disable the bloat check. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #14078 from Luap99/CIOpenShift Merge Robot2022-05-02
|\ | | | | CI: emergency fix for broken go get
| * CI: emergency fix for broken go getPaul Holzinger2022-05-02
| | | | | | | | | | | | | | | | | | | | go get is deprecated, we should use go install instead. Also for some reason go get -u golang.org/x/tools/cmd/goimports is broken at the moment, thus failing CI jobs where we have to install this. Switching to go install seems to fix it. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #13859 from vrothberg/fix-13464OpenShift Merge Robot2022-05-02
|\ \ | |/ |/| pod: add exit policies
| * pod: add exit policiesValentin Rothberg2022-05-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the notion of an "exit policy" to a pod. This policy controls the behaviour when the last container of pod exits. Initially, there are two policies: - "continue" : the pod continues running. This is the default policy when creating a pod. - "stop" : stop the pod when the last container exits. This is the default behaviour for `play kube`. In order to implement the deferred stop of a pod, add a worker queue to the libpod runtime. The queue will pick up work items and in this case helps resolve dead locks that would otherwise occur if we attempted to stop a pod during container cleanup. Note that the default restart policy of `play kube` is "Always". Hence, in order to really solve #13464, the YAML files must set a custom restart policy; the tests use "OnFailure". Fixes: #13464 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
| * vendor c/common@mainValentin Rothberg2022-05-02
| | | | | | | | | | | | Required for using the newly added pod exit policies. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #14063 from Luap99/libpod-networksOpenShift Merge Robot2022-05-02
|\ \ | | | | | | libpod: unset networks before storing container conf
| * | libpod: unset networks before storing container confPaul Holzinger2022-05-02
| |/ | | | | | | | | | | | | | | | | | | | | | | Since networks must always be read from the db bucket directly we should unset them in config to avoid caller from accidentally using them. I already tried this but it didn't work because the networks were unset after the config was marshalled. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #14069 from n1hility/wsl-inspectOpenShift Merge Robot2022-05-02
|\ \ | |/ |/| Implement machine inspect for WSL
| * Implement machine inspect for WSLJason T. Greene2022-05-01
|/ | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Merge pull request #14026 from n1hility/simulate-dualstackOpenShift Merge Robot2022-04-30
|\ | | | | Use simulated dual-stack binds when using WSL
| * Use simulated dual-stack binds when using WSLJason T. Greene2022-04-29
| | | | | | | | | | | | Resolves a WSL problem where traffic from only one stack is relayed Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | Merge pull request #14032 from edsantiago/treadmill_script_more_checksOpenShift Merge Robot2022-04-29
|\ \ | | | | | | [CI:DOCS] buildah-vendor-treadmill script: yet more checks
| * | buildah-vendor-treadmill script: yet more checksEd Santiago2022-04-29
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | More safety checks for the treadmill script: * for --sync: - issue warning if HEAD is not a vendor commit - if run-buildah-bud-tests fails, leave the working dir for user to investigate. And offer a long helpful warning. - tweak .cirrus.yml so buildah-bud tests run early, so we can fail early. (Remember, the top commit will never ever ever ever be merged) * for --pick: - check branch merge-base (of your vendor-update branch), compare against that of the treadmill PR. If treadmill is newer, bail, and suggest rebasing. This would've saved us some time in #14005. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #14062 from Luap99/resolv.confOpenShift Merge Robot2022-04-29
|\ \ | | | | | | libpod: host netns keep same /etc/resolv.conf
| * | libpod: host netns keep same /etc/resolv.confPaul Holzinger2022-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container is run in the host network namespace we have to keep the same resolv.conf content and not use the systemd-resolve detection logic. But also make sure we still allow --dns options. Fixes #14055 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | fix incorrect permissions for /etc/resolv.conf in usernsPaul Holzinger2022-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The files /etc/hosts, /etc/hostname and /etc/resolv.conf should always be owned by the root user in the container. This worked correct for /etc/hostname and /etc/hosts but not for /etc/resolv.conf. A container run with --userns keep-id would have the reolv.conf file owned by the current container user which is wrong. Consolidate some common code in a new helper function to make the code more cleaner. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #14031 from Luap99/errcheckOpenShift Merge Robot2022-04-29
|\ \ \ | | | | | | | | enable errcheck linter
| * | | pkg/api: do not register decoder in endpoint handlerPaul Holzinger2022-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since the decoder is shared registering the decoder inside a single endpoint will also register it for all others. Also the problem with that is the it will register it everytime this endpoint is called which is wrong. Instead we should register it once like the other custom decoder functions. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | fix broken hooks-dir testPaul Holzinger2022-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The test has been broken since it was added 4 years ago. Instead of using hardcoded paths we should use tmp files. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | enable errcheck linterPaul Holzinger2022-04-29
| |/ / | | | | | | | | | | | | | | | | | | | | | The errcheck linter makes sure that errors are always check and not ignored by accident. It spotted a lot of unchecked errors, mostly in the tests but also some real problem in the code. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #14036 from edsantiago/release_note_templateOpenShift Merge Robot2022-04-29
|\ \ \ | | | | | | | | [CI:DOCS] Github PR template: add release-note block
| * | | Github PR template: add release-note blockEd Santiago2022-04-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Initial step toward automating the collection & generation of release notes: add a markdown release-note block to our PR template. This will be reaped by an existing Kubernetes tool and gathered into a document that can be used as a starting point for future releases. Many more followup steps to come. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #14061 from giuseppe/unlock-before-pod-cgroup-cleanupOpenShift Merge Robot2022-04-29
|\ \ \ \ | |_|/ / |/| | | libpod: unlock containers when removing pod
| * | | libpod: unlock containers when removing podGiuseppe Scrivano2022-04-29
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It solves a race where a container cleanup process launched because of the container process exiting normally would hang. It also solves a problem when running as rootless on cgroup v1 since it is not possible to force pids.max = 1 on conmon to limit spawning the cleanup process. Partially copied from https://github.com/containers/podman/pull/13403 Related to: https://github.com/containers/podman/issues/14057 [NO NEW TESTS NEEDED] it doesn't add any new functionality Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #14045 from cdoern/cgroupPathOpenShift Merge Robot2022-04-28
|\ \ \ | | | | | | | | remove unused codepath for creating/running ctr in a pod
| * | | remove unused codepath for creating/running ctr in a podcdoern2022-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `pod.CgroupPath()` currently includes a codepath that is never accessed, which is supposed to start the infra ctr and obtain the cgroup path from there that is never necessary/safe because p.state.CgroupPath is never empty [NO NEW TESTS NEEDED] Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | | Merge pull request #14033 from baude/inspectredoOpenShift Merge Robot2022-04-28
|\ \ \ \ | | | | | | | | | | Refactor machine inspect
| * | | | Refactor machine inspectBrent Baude2022-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I was asked to refactor machine inspect output to represent more common and basic information. machine inspect now has information that would be appropriate for different machines. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #14053 from Luap99/shell-formatOpenShift Merge Robot2022-04-28
|\ \ \ \ \ | | | | | | | | | | | | shell completion --format: work with nil structs
| * | | | | image search --format: add completion for go templatePaul Holzinger2022-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman image search accepts a go template, we can use the same shell completion logic which is used everywhere else in the code. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | shell completion --format: use structs by referencePaul Holzinger2022-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For the AutocompleteFormat function we expect the correct template struct which is used in the golang template. The function can handle both struct and pointer to a struct. Using the reference is more efficient since it doe snot have to copy the whole struct. Also change some structs to use he actual type from the template instead of some nested one to make sure it has to correct fields. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | image --format: fix add completion for go templatePaul Holzinger2022-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It used the wrong struct so not all fields were listed in the completion. Fixes podman images --format and podman image history --format Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | shell completion --format: use anonymous struct field oncePaul Holzinger2022-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should not include the anonymous twice in the suggestions. one example is `podman network ls --format {{.` it will also show `{{.Network` but since Network is the actual struct all fields are already shown so there is no need for it to be suggested. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | network inspect --format: add completion for go templatePaul Holzinger2022-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure to autocomplete the go template for network inspect. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | shell completion --format: work with nil structsPaul Holzinger2022-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | AutocompleteFormat() takes the format struct as argument. Often the structs are deeply nested and contain other structs. Up until now if there was a pointer to a struct the logic was not able to get the field names from that, simply because the pointer was nil. However it is possible to create a new initialized type with reflect.New(). This allows us to complete all struct fields/functions even when there nil pointers. Therefore we can drop the extra initialization which was done by some callers. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #14024 from cdoern/machineOpenShift Merge Robot2022-04-28
|\ \ \ \ \ \ | | | | | | | | | | | | | | podman machine starting test
| * | | | | | podman machine starting testcdoern2022-04-27
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add a test to make sure machines are not running while still starting in order to do this, I added a parameter to `run()` to delineate whether or not the command should block or not. The non blocking run allows for tests to get and use the `machineSession` pointer and check the exit code to see if it has finished. also fix a bug (created by #13996) that before started, the machines would always say "LastUp" and "Created" Less than one second ago Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | | | | Merge pull request #14039 from rhatdan/hostsOpenShift Merge Robot2022-04-28
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Report properly whether pod shares host network
| * | | | | Report properly whether pod shares host networkDaniel J Walsh2022-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/14028 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #14052 from ↵OpenShift Merge Robot2022-04-28
|\ \ \ \ \ \ | |/ / / / / |/| | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containernetworking/cni-1.1.0 Bump github.com/containernetworking/cni from 1.0.1 to 1.1.0
| * | | | | Bump github.com/containernetworking/cni from 1.0.1 to 1.1.0dependabot[bot]2022-04-28
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 1.0.1 to 1.1.0. - [Release notes](https://github.com/containernetworking/cni/releases) - [Commits](https://github.com/containernetworking/cni/compare/v1.0.1...v1.1.0) --- updated-dependencies: - dependency-name: github.com/containernetworking/cni dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #14040 from edsantiago/gomega_havefieldOpenShift Merge Robot2022-04-28
|\ \ \ \ \ | | | | | | | | | | | | e2e tests: use HaveField() for better error checking
| * | | | | Three manual fixesEd Santiago2022-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Two for this error: invalid indirect of pod.Spec.DNSConfig.Options[0] ...and one for a gofmt error (spaces). Signed-off-by: Ed Santiago <santiago@redhat.com>
| * | | | | Ginkgo: use HaveField() for better error checkingEd Santiago2022-04-28
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a very late followup to my ginkgo-improving work of 2021. It has been stuck since December because it requires gomega 1.17, which we've just enabled. This commit is simply a copy-paste of a command I saved in my TODO list many months ago: sed -i -e 's/Expect(\([^ ]\+\)\.\([a-zA-Z0-9]\+\))\.To(Equal(/Expect(\1).To(HaveField(\"\2\", /' test/e2e/*_test.go Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #14051 from giuseppe/volume-create-noquota-optionOpenShift Merge Robot2022-04-28
|\ \ \ \ \ | |/ / / / |/| | | | volume: add new option -o o=noquota
| * | | | volume: add new option -o o=noquotaGiuseppe Scrivano2022-04-28
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add a new option to completely disable xfs quota usage for a volume. xfs quota set on a volume, even just for tracking disk usage, can cause weird errors if the volume is later re-used by a container with a different quota projid. More specifically, link(2) and rename(2) might fail with EXDEV if the source file has a projid that is different from the parent directory. To prevent such kind of issues, the volume should be created beforehand with `podman volume create -o o=noquota $ID` Closes: https://github.com/containers/podman/issues/14049 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #14047 from vrothberg/fix-14044OpenShift Merge Robot2022-04-28
|\ \ \ \ | |_|_|/ |/| | | podman search: truncate by default