summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #11074 from vrothberg/auto-update-rollbackopenshift-ci[bot]2021-08-06
|\ | | | | auto-update: simple rollback
| * auto-update: simple rollbackValentin Rothberg2021-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for simple rollbacks during `podman auto-update`. Rollbacks are enabled by default. If a systemd unit cannot be restarted after an update, the previous image will be retagged and the unit will be restarted a second time. Add system tests for rollbacks. Also fix a bug in the restart sequence; we have to use the channel to actually know whether the restart was successful or not. NOTE: To make rollbacks really useful, users must run their containers with `--sdnotify=container` such that the containers send the ready message over the (mounted) socket. This way, restarting the systemd units during auto update will block until the message has been received (or a timeout kicked in). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #11141 from flouthoc/support-linux-execution-domainopenshift-ci[bot]2021-08-06
|\ \ | | | | | | personality: Add support for setting execution domain.
| * | personality: Add support for setting execution domain.flouthoc2021-08-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Execution domains tell Linux how to map signal numbers into signal actions. The execution domain system allows Linux to provide limited support for binaries compiled under other UNIX-like operating systems. Reference: https://man7.org/linux/man-pages/man2/personality.2.html Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | | Merge pull request #11142 from ↵openshift-ci[bot]2021-08-05
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/k8s.io/api-0.22.0 Bump k8s.io/api from 0.21.3 to 0.22.0
| * | | Bump k8s.io/api from 0.21.3 to 0.22.0dependabot[bot]2021-08-05
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.21.3 to 0.22.0. - [Release notes](https://github.com/kubernetes/api/releases) - [Commits](https://github.com/kubernetes/api/compare/v0.21.3...v0.22.0) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #11136 from baude/machinelogsshopenshift-ci[bot]2021-08-05
|\ \ \ | | | | | | | | show podman machine ssh command line
| * | | show podman machine ssh command lineBrent Baude2021-08-05
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A user contributed a one line PR that enabled logging the podman machine ssh command for debug. The user was not able to complete the submission so this PR replaces that. [NO TESTS NEEDED] Replaces #10798 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #11135 from matejvasek/fix_tsopenshift-ci[bot]2021-08-05
|\ \ \ | | | | | | | | Fix TS parsing for fractional values
| * | | Fix TS parsing for fractional valuesMatej Vasek2021-08-04
| | | | | | | | | | | | | | | | | | | | | | | | Parse Unix timestamps that contains fractional part. Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | | Merge pull request #11143 from ↵openshift-ci[bot]2021-08-05
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/k8s.io/apimachinery-0.22.0 Bump k8s.io/apimachinery from 0.21.3 to 0.22.0
| * | | | Bump k8s.io/apimachinery from 0.21.3 to 0.22.0dependabot[bot]2021-08-05
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.21.3 to 0.22.0. - [Release notes](https://github.com/kubernetes/apimachinery/releases) - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.21.3...v0.22.0) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | Merge pull request #11144 from ↵openshift-ci[bot]2021-08-05
|\ \ \ \ | |_|_|/ |/| | | | | | | | | | | containers/dependabot/go_modules/github.com/BurntSushi/toml-0.4.1 Bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1
| * | | Bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1dependabot[bot]2021-08-05
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) from 0.3.1 to 0.4.1. - [Release notes](https://github.com/BurntSushi/toml/releases) - [Commits](https://github.com/BurntSushi/toml/compare/v0.3.1...v0.4.1) --- updated-dependencies: - dependency-name: github.com/BurntSushi/toml dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #11011 from baude/initcontainersopenshift-ci[bot]2021-08-05
|\ \ \ | |/ / |/| | implement init containers in podman
| * | implement init containers in podmanBrent Baude2021-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this is the first pass at implementing init containers for podman pods. init containersare made popular by k8s as a way to run setup for pods before the pods standard containers run. unlike k8s, we support two styles of init containers: always and oneshot. always means the container stays in the pod and starts whenever a pod is started. this does not apply to pods restarting. oneshot means the container runs onetime when the pod starts and then is removed. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #11133 from cevich/fix_art_uploadopenshift-ci[bot]2021-08-04
|\ \ \ | | | | | | | | Cirrus: Fix not uploading logformatter html
| * | | Cirrus: Fix not uploading logformatter htmlChris Evich2021-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously we were generating the annotated results but never uploading them. Fix this so visiting the advertised URL actually works. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #11132 from rhatdan/VENDORopenshift-ci[bot]2021-08-04
|\ \ \ \ | |/ / / |/| | | Bump Buildah to v1.22.0 [NO TESTS NEEDED]
| * | | Bump Buildah to v1.22.0 [NO TESTS NEEDED]TomSweeneyRedHat2021-08-04
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | Bump Buildah to v1.22.0 in preparation for RHEL 8.5 and RHEL 9.0beta. Also bump c/common to v0.42.1 [NO TESTS NEEDED] Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #11128 from rhatdan/timezoneopenshift-ci[bot]2021-08-04
|\ \ \ | | | | | | | | Handle timezone on server containers.conf
| * | | Handle timezone on server containers.confDaniel J Walsh2021-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11124 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@localhost.localdomain> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #11113 from rhatdan/unpauseopenshift-ci[bot]2021-08-04
|\ \ \ \ | |_|/ / |/| | | Fix podman unpause to work like podman stop
| * | | Fix podman unpause,pause,kill --all to work like podman stop --allDaniel J Walsh2021-08-04
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if you execute podman unpause --all, podman pause --all Podman shows attempts to unpause containers that are not paused and prints an error. This PR catches this error and only prints errors if a paused container was not able to be unpaused. Currently if you execute podman pause --all or podman kill --all, Podman Podman shows attempts to pause or kill containers that are not running and prints an error. This PR catches this error and only prints errors if a running container was not able to be paused or killed. Also change printing of multiple errors to go to stderr and to prefix "Error: " in front to match the output of the last error. Fixes: https://github.com/containers/podman/issues/11098 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #11096 from baude/gvproxystaticpathopenshift-ci[bot]2021-08-04
|\ \ \ | | | | | | | | Use static path for gvproxy
| * | | Use static path for gvproxyBrent Baude2021-08-03
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | Given that we do not want to support gvproxy for anything other than podman machine, we have decided to use a static path of /usr/lib/podman/gvproxy instead of a lookpath. [NO TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #11118 from mheon/use_host_resolveconfopenshift-ci[bot]2021-08-04
|\ \ \ | | | | | | | | Do not add an entry to /etc/hosts with `--net=host`
| * | | Do not add an entry to /etc/hosts with `--net=host`Matthew Heon2021-08-04
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To match Docker's behavior, in the `--net=host` case, we need to use the host's `/etc/hosts` file, unmodified (without adding an entry for the container). We will still respect hosts from `--add-host` but will not make any automatic changes. Fortuntely, this is strictly a matter of removal and refactoring as we already base our `/etc/hosts` on the host's version - just need to remove the code that added entries when net=host was set. Fixes #10319 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #10973 from rhatdan/quotaopenshift-ci[bot]2021-08-04
|\ \ \ | | | | | | | | Support size options on builtin volumes
| * | | Support size and inode options on builtin volumesDaniel J Walsh2021-08-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Since it is difficult to setup xfs quota Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1982164 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #11127 from ↵openshift-ci[bot]2021-08-04
|\ \ \ \ | |_|_|/ |/| | | | | | | | | | | containers/dependabot/go_modules/github.com/docker/docker-20.10.8incompatible Bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible
| * | | Bump github.com/docker/dockerdependabot[bot]2021-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.7+incompatible to 20.10.8+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md) - [Commits](https://github.com/docker/docker/compare/v20.10.7...v20.10.8) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | Merge pull request #11003 from pascomnet/f_statsopenshift-ci[bot]2021-08-04
|\ \ \ \ | | | | | | | | | | stats: add a interval parameter to cli and api stats streaming
| * | | | e2e tests: re-enable and fix podman stats testsThomas Weber2021-08-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Renamed podman pod stats test specs to distinguish them from podman stats tests. podman stats tests where disabled by a +build flag. Fix podman stats format test, add negative test. Fix podman stats cli command, exit non-zero on invalid format string. Add tests for podman stats interval flag. Signed-off-by: Thomas Weber <towe75@googlemail.com>
| * | | | stats: add a interval parameter to cli and api stream modeThomas Weber2021-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman stats polled by default in a 1 sec period. This can put quite some load on a machine if you run many containers. The default value is now 5 seconds. You can change this interval with a new, optional, --interval, -i cli flag. The api request got also a interval query parameter for the same purpose. Additionally a unused const was removed. Api and cli will fail the request if a 0 or negative value is passed in. Signed-off-by: Thomas Weber <towe75@googlemail.com>
* | | | | Merge pull request #11104 from jwhonce/bz/1988252openshift-ci[bot]2021-08-04
|\ \ \ \ \ | |_|/ / / |/| | | | Only support containers stats using cgroups v2
| * | | | Only support containers stats using cgroups v2Jhon Honce2021-08-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1988252 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | Merge pull request #11125 from ↵openshift-ci[bot]2021-08-04
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/rootless-containers/rootlesskit-0.14.4 Bump github.com/rootless-containers/rootlesskit from 0.14.3 to 0.14.4
| * | | | | Bump github.com/rootless-containers/rootlesskit from 0.14.3 to 0.14.4dependabot[bot]2021-08-04
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.14.3 to 0.14.4. - [Release notes](https://github.com/rootless-containers/rootlesskit/releases) - [Commits](https://github.com/rootless-containers/rootlesskit/compare/v0.14.3...v0.14.4) --- updated-dependencies: - dependency-name: github.com/rootless-containers/rootlesskit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #11114 from mlegenovic/masteropenshift-ci[bot]2021-08-03
|\ \ \ \ \ | | | | | | | | | | | | Compat API: Fix healthcheck status and healthcheck config
| * | | | | Compat API: Fix healthcheck status and healthcheck configMilivoje Legenovic2021-08-03
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: - Do not show healthcheck status if not available or if container status is "created" (Docker behaviour) - Show healthcheck configuration if present (Config.Healthcheck) Tests: - Ensure State.Health is not present if container status is "created" - Ensure Config.Healthcheck is present and values correct - Ensure State.Health is present if container started Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* | | | | Merge pull request #11122 from edsantiago/qfileopenshift-ci[bot]2021-08-03
|\ \ \ \ \ | |_|/ / / |/| | | | podman info: try qfile before equery
| * | | | podman info: try qfile before equeryEd Santiago2021-08-03
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman info takes >20s on Gentoo, because equery is s..l..o..w. qfile is much faster and, I suspect, present in most Gentoo installations, so let's try it first. And, because packageVersion() was scarily unmaintainable, refactor it. Define a simple (string) list of packaging tools to query (rpm, dpkg, ...) and iterate until we find one that works. IMPORTANT NOTE: the Debian (and, presumably, Ubuntu) query does not include version number! There is no standard way on Debian to get a package version from a file path, you can only do it via pipes of chained commands, and I have no desire to implement that. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #11091 from Luap99/connect-disconnectopenshift-ci[bot]2021-08-03
|\ \ \ \ | | | | | | | | | | fix rootless port forwarding with network dis-/connect
| * | | | fix rootless port forwarding with network dis-/connectPaul Holzinger2021-08-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The rootlessport forwarder requires a child IP to be set. This must be a valid ip in the container network namespace. The problem is that after a network disconnect and connect the eth0 ip changed. Therefore the packages are dropped since the source ip does no longer exists in the netns. One solution is to set the child IP to 127.0.0.1, however this is a security problem. [1] To fix this we have to recreate the ports after network connect and disconnect. To make this work the rootlessport process exposes a socket where podman network connect/disconnect connect to and send to new child IP to rootlessport. The rootlessport process will remove all ports and recreate them with the new correct child IP. Also bump rootlesskit to v0.14.3 to fix a race with RemovePort(). Fixes #10052 [1] https://nvd.nist.gov/vuln/detail/CVE-2021-20199 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #11111 from ↵openshift-ci[bot]2021-08-03
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/opencontainers/selinux-1.8.3 Bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
| * | | | | Bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3dependabot[bot]2021-08-03
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/opencontainers/selinux dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #11117 from vrothberg/scp-typoopenshift-ci[bot]2021-08-03
|\ \ \ \ \ | | | | | | | | | | | | image scp: fix typo in output
| * | | | | image scp: fix typo in outputValentin Rothberg2021-08-03
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | s/Loaded images(s)/Loaded image(s)/ [NO TESTS NEEDED] (I think we should test the output at some point) Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #11068 from giuseppe/drop-dir-cgroup-testopenshift-ci[bot]2021-08-03
|\ \ \ \ \ | |/ / / / |/| | | | test: move container process to a sub-cgroup