summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #10997 from edsantiago/helpfuler_expectsOpenShift Merge Robot2021-07-21
|\ | | | | e2e tests: prevent 'Expect(ExitCode())' pattern
| * e2e tests: prevent 'Expect(ExitCode())' patternEd Santiago2021-07-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to #10932: add a validation check to prevent introduction of new 'Expect(foo.ExitCode()).To(...)' patterns. If such use is absolutely necessary -- there is one such instance in the code already -- require that the assertion include a description. Also: clean up instances that were introduced since the merging of #10932. Also: fix one remaining instance in run_exit_test.go: it had a FIXME comment mentioning a race condition, but unfortunately there was no issue or bug ID, hence no way to know if the race is fixed or not. We will assume it is. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #10993 from cevich/generic_stepsOpenShift Merge Robot2021-07-21
|\ \ | | | | | | [CI:DOCS] Multi-arch image workflow: Make steps generic
| * | [CI:DOCS] Multi-arch image workflow: Make steps genericChris Evich2021-07-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This duplicates the change from https://github.com/containers/skopeo/pull/1379 Since this workflow is duplicated across three repositories, maintaining changes becomes onerous if the item contents vary between implementations in any way. Improve this situation by encoding the repository-specific details into env. vars. then referencing those vars throughout. This way, a meaningful diff can be worked with to compare the contents across repositories. Also included are abstractions for the specific command used to obtain the project version, and needed details for filtering the output. Both of these vary across the Buildah, Skopeo, and Podman repos. NOTE: This change requires the names of two github action secrets to be updated: PODMAN_QUAY_USERNAME -> REPONAME_QUAY_USERNAME (and *PASSWORD). Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #10999 from rhatdan/quota1OpenShift Merge Robot2021-07-21
|\ \ \ | | | | | | | | Drop support for the --storage-opt container flag
| * | | Drop podman create --storage-opt container flagDaniel J Walsh2021-07-20
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The global flag will work in either location, and this flag just breaks users expectations, and is basically a noop. Also fix global storage-opt so that podman-remote can use it. [NO TESTS NEEDED] Since it would be difficult to test in ci/cd. Fixes: https://github.com/containers/podman/issues/10264 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10970 from vikas-goel/prepare-volumeOpenShift Merge Robot2021-07-21
|\ \ \ | |/ / |/| | Copy the content from the underlying image into the newly created volume
| * | Copy the content from the underlying image into the newly created volume.Vikas Goel2021-07-20
| | | | | | | | | | | | | | | | | | Fixes: #10262 Signed-off-by: Vikas Goel <vikas.goel@gmail.com>
* | | Merge pull request #10995 from edsantiago/systemd_ephemeralOpenShift Merge Robot2021-07-20
|\ \ \ | | | | | | | | system tests: cleaner, safer use of systemd
| * | | system tests: cleaner, safer use of systemdEd Santiago2021-07-20
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First and foremost: use ephemeral (/run, $XDG) directories for systemd unit files, so as not to vandalize a working system. Second, refactor common systemd-related functionality into a new helper file, loaded by the systemd-related tests. Shared functionality includes: * setting $XDG_RUNTIME_DIR if unset and rootless * setting $UNIT_DIR for use by tests * new systemctl() and journalctl() functions, which include "--user" when rootless (why can't systemd figure this out on its own?) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #10985 from edsantiago/batsOpenShift Merge Robot2021-07-20
|\ \ \ | |_|/ |/| | system test: auto-update: multiarch fixes, and cleanup
| * | system test: auto-update: multiarch fixesEd Santiago2021-07-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | auto-update test is failing on non-x86_64 arch: https://gitlab.com/cki-project/kernel-tests/-/issues/614#note_630010734 Reason: test was relying on alpine_nginx image; this is a custom libpod image that only has a x86_64 version. Solution: use busybox instead. Busybox was copied from docker.io using skopeo copy --all, so it has all arches. Signed-off-by: Ed Santiago <santiago@redhat.com>
| * | system test: auto-update: allow running as rootlessEd Santiago2021-07-20
|/ / | | | | | | | | | | | | | | | | | | | | | | | | They were being skipped for no clear reason. Also: use --files and --name option in generate-systemd. Before, output went to stdout, resulting in completely unreadable logs on test failure. Also: use volatile systemd directories (/run, $XDG_RUNTIME_DIR) instead of permanent ones. Thanks to @Luap99 for the reference. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #10979 from vrothberg/fix-10977OpenShift Merge Robot2021-07-20
|\ \ | | | | | | compat: image create: handle platform correctly
| * | compat: image create: handle platform correctlyValentin Rothberg2021-07-20
| |/ | | | | | | | | | | | | | | | | Handle the platform parameter correctly. The parameter was only parsed in presence of credentials and the code was a bit complex. Also add a regression test. Fixes: #10977 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #10982 from cevich/fix_listen_flakeOpenShift Merge Robot2021-07-20
|\ \ | | | | | | Flake Fix: Wait before connecting to container port
| * | Flake Fix: Wait before connecting container portChris Evich2021-07-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It was observed during periodic testing, this test can fail due to the container process being not fully running and listening on the expected port: ``` [+1069s] not ok 220 podman networking: port with --userns=keep-id [+1069s] # (in test file test/system/500-networking.bats, line 144) [+1069s] # `echo "$teststring" | nc 127.0.0.1 $myport' failed [+1069s] # # /var/tmp/go/src/github.com/containers/podman/bin/podman rm --all --force [+1069s] # # /var/tmp/go/src/github.com/containers/podman/bin/podman ps --all --external --format {{.ID}} {{.Names}} [+1069s] # # /var/tmp/go/src/github.com/containers/podman/bin/podman images --all --format {{.Repository}}:{{.Tag}} {{.ID}} [+1069s] # quay.io/libpod/testimage:20210610 9f9ec7f2fdef [+1069s] # # /var/tmp/go/src/github.com/containers/podman/bin/podman run -d --userns=keep-id -p 127.0.0.1:54322:54322 quay.io/libpod/testimage:20210610 nc -l -n -v -p 54322 [+1069s] # 252c562c9a3c96892d867d1d72fb52b2efdfe62855ebedbccd2d281c472c2988 [+1069s] # Ncat: No route to host. ``` Fix this by using a new `wait_for_port()` function (thanks @edsantiago) before attempting to communicate with the service. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #10984 from edsantiago/timeout_typoOpenShift Merge Robot2021-07-19
|\ \ \ | | | | | | | | (minor) typo fix: timeout variable
| * | | (minor) typo fix: timeout variableEd Santiago2021-07-19
| | |/ | |/| | | | | | | | | | | | | timeout variable was inconsistently spelled in helper function Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #10956 from flouthoc/kube-liveness-probe-systemdOpenShift Merge Robot2021-07-19
|\ \ \ | |_|/ |/| | Kube: Add liveness probe for containers backed by native (systemd) healthchecks instead of kubelet.
| * | Kube: Add liveness probe for containers.flouthoc2021-07-17
| | | | | | | | | | | | Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | | Merge pull request #10981 from ↵OpenShift Merge Robot2021-07-19
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/opencontainers/runc-1.0.1 Bump github.com/opencontainers/runc from 1.0.0 to 1.0.1
| * | | Bump github.com/opencontainers/runc from 1.0.0 to 1.0.1dependabot[bot]2021-07-19
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/opencontainers/runc/releases) - [Commits](https://github.com/opencontainers/runc/compare/v1.0.0...v1.0.1) --- updated-dependencies: - dependency-name: github.com/opencontainers/runc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #10980 from rhatdan/dockerfileOpenShift Merge Robot2021-07-19
|\ \ \ | |/ / |/| | [CI:DOCS] Just restore protections of shadow-utils
| * | Just restore protections of shadow-utilsDaniel J Walsh2021-07-19
|/ / | | | | | | | | | | | | | | | | | | Rather then reinstalling shadow-utils to fix permissions, just restore the correct permissions. [NO TESTS NEEDED] Since this does not affect Podman, just the prebuilt images on quay.io/podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10968 from ashley-cui/3.2.3masterOpenShift Merge Robot2021-07-17
|\ \ | | | | | | [CI:DOCS] Update Release Notes and README for 3.2.3
| * | Update Release Notes and README for 3.2.3Ashley Cui2021-07-16
|/ / | | | | | | Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #10961 from ↵OpenShift Merge Robot2021-07-16
|\ \ | | | | | | | | | | | | containers/dependabot/go_modules/k8s.io/api-0.21.3 Bump k8s.io/api from 0.21.2 to 0.21.3
| * | Bump k8s.io/api from 0.21.2 to 0.21.3dependabot[bot]2021-07-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.21.2 to 0.21.3. - [Release notes](https://github.com/kubernetes/api/releases) - [Commits](https://github.com/kubernetes/api/compare/v0.21.2...v0.21.3) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #10965 from vrothberg/vendor-commonOpenShift Merge Robot2021-07-16
|\ \ \ | | | | | | | | vendor containers/common@main
| * | | vendor containers/common@mainValentin Rothberg2021-07-16
| |/ / | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10950 from edsantiago/python_flake_fixOpenShift Merge Robot2021-07-16
|\ \ \ | |/ / |/| | APIv2 (python) tests: fix flake
| * | APIv2 (python) tests: fix flakeEd Santiago2021-07-16
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Python tests were flaking because they behave differently when $DEBUG is set. It looks like something in CI sets that envariable. Solution: do not use $DEBUG as a debug trigger, use a properly-named custom variable that is unlikely to be set accidentally. Also: get rid of AssertTrue(), which gives no visibility into what happened. Write in proper form that can emit useful diagnostics on failure. Fixes: #10948 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #10962 from vrothberg/fix-10655OpenShift Merge Robot2021-07-16
|\ \ | | | | | | systemd: require network*-online*.target
| * | systemd: require network*-online*.targetValentin Rothberg2021-07-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | Require the network to be online in all (generated) systemd units to make sure that containers and Podman run only after the network has been fully configured. Fixes: #10655 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10848 from vrothberg/update-libimageOpenShift Merge Robot2021-07-16
|\ \ \ | | | | | | | | vendor containers/common@main
| * | | vendor containers/common@mainValentin Rothberg2021-07-16
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `IgnorePlatform` options has been removed from the `LookupImageOptions` in libimage to properly support multi-arch images. Skip one buildah-bud test which requires updated CI images. This is currently being done in github.com/containers/podman/pull/10829 but we need to unblock merging common and buildah into podman. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10960 from ↵OpenShift Merge Robot2021-07-16
|\ \ \ | |_|/ |/| | | | | | | | containers/dependabot/go_modules/k8s.io/apimachinery-0.21.3 Bump k8s.io/apimachinery from 0.21.2 to 0.21.3
| * | Bump k8s.io/apimachinery from 0.21.2 to 0.21.3dependabot[bot]2021-07-16
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.21.2 to 0.21.3. - [Release notes](https://github.com/kubernetes/apimachinery/releases) - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.21.2...v0.21.3) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | Merge pull request #10820 from jvanz/indfra-container-name-issue-10794OpenShift Merge Robot2021-07-16
|\ \ | | | | | | --infra-name command line argument
| * | --infra-name command line argumentJosé Guilherme Vanz2021-07-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | Adds the new --infra-name command line argument allowing users to define the name of the infra container Issue #10794 Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com>
* | | Merge pull request #10942 from vrothberg/fix-10935OpenShift Merge Robot2021-07-16
|\ \ \ | |_|/ |/| | podman start: remove containers configured for auto removal
| * | podman start: remove containers configured for auto removalValentin Rothberg2021-07-16
|/ / | | | | | | | | | | | | | | | | Make sure that containers configured for auto removal (e.g., via `podman create --rm`) are removed in `podman start` if starting the container failed. Fixes: #10935 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #10947 from edsantiago/multiarch_imagesOpenShift Merge Robot2021-07-16
|\ \ | | | | | | System tests: fix a multiarch problem
| * | System tests: fix a multiarch problemEd Santiago2021-07-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The multi-image load test was failing on non-x86_64 arch, because the images used by the test (:00000000, :20200902) did not have manifests for the given arch. Solution: all we need are two nonlocal images. Use the predefined NONLOCAL_IMAGE for one, and a new :multiimage tag (manually created, currently == :20210610) for the other. Document, so if/when RHEL adds new supported arches, the test will fail but a maintainer will have a clue what to do. Also, as long as I'm in here: add 'image prune -f' to teardown in build.bats, to avoid seeing lots of red "stray image" warnings in test logs. Also: skip a broken/flaky python test Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #10951 from rugk/patch-1OpenShift Merge Robot2021-07-16
|\ \ \ | |_|/ |/| | Randomize the auto-update of podman containers
| * | Randomize the auto-update of podman containersrugk2021-07-15
| |/ | | | | | | | | | | | | | | | | | | | | | | This makes sure, that the podman auto-update is not executed exactly at midnight for the same time always. If many things do the same and many services use this keyword and react at midnight, this can cause a lot of stress to a server. Thus, this adds a 900s/15min delay. As [the arch wiki says](https://wiki.archlinux.org/title/Systemd/Timers#Realtime_timer): > Special event expressions like daily and weekly refer to specific start times and thus any timers sharing such calendar events will start simultaneously. Timers sharing start events can cause poor system performance if the timers' services compete for system resources. The RandomizedDelaySec option in the [Timer] section avoids this problem by randomly staggering the start time of each timer. See systemd.timer(5). Signed-off-by: rugk <rugk+git@posteo.de>
* | Merge pull request #10894 from cdoern/pidPodOpenShift Merge Robot2021-07-15
|\ \ | | | | | | podman pod create --pid flag
| * | podman pod create --pid flagcdoern2021-07-15
| | | | | | | | | | | | | | | | | | | | | | | | added support for --pid flag. User can specify ns:file, pod, private, or host. container returns an error since you cannot point the ns of the pods infra container to a container outside of the pod. Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #10940 from tartina/doctypoOpenShift Merge Robot2021-07-15
|\ \ \ | |_|/ |/| | [CI:DOCS] Correct a typo in documentation