summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #15833 from ↵OpenShift Merge Robot2022-09-16
|\ | | | | | | | | containers/dependabot/go_modules/github.com/coreos/go-systemd/v22-22.4.0 build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.4.0
| * build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.4.0dependabot[bot]2022-09-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) from 22.3.2 to 22.4.0. - [Release notes](https://github.com/coreos/go-systemd/releases) - [Commits](https://github.com/coreos/go-systemd/compare/v22.3.2...v22.4.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-systemd/v22 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | Merge pull request #15823 from rhatdan/dns-optOpenShift Merge Robot2022-09-16
|\ \ | | | | | | Default to --dns-option to match Docker and Buildah
| * | Default to --dns-option to match Docker and BuildahDaniel J Walsh2022-09-16
| | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Existing tests cover this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #15775 from cevich/gitlab_nightlyOpenShift Merge Robot2022-09-16
|\ \ \ | | | | | | | | Cirrus: Move gitlab test to cirrus-cron "main"
| * | | Cirrus: Move gitlab test to cirrus-cron "main"Chris Evich2022-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's little need to execute this test for (nearly) every PR. Further, since it always executes the *latest* upstream tests, there's no need to run it on any branch other than `main`. Arrange for it to only execute for the `main` cirrus-cron trigger. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #15173 from carljmosca/mainOpenShift Merge Robot2022-09-16
|\ \ \ \ | | | | | | | | | | [CI:DOCS] added docs for installing certificate authority
| * | | | added docs for installing certficate authorityCarl J. Mosca2022-08-13
| | | | | | | | | | | | | | | | | | | | | | | | | Co-authored-by: Tom Sweeney <tsweeney@redhat.com> Signed-off-by: Carl J. Mosca <carljmosca@gmail.com>
* | | | | Merge pull request #15755 from edsantiago/docs_for_formatsOpenShift Merge Robot2022-09-16
|\ \ \ \ \ | |_|_|_|/ |/| | | | [CI:DOCS] man pages: document some --format options
| * | | | [CI:DOCS] man pages: document some --format optionsEd Santiago2022-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Baby steps toward merging #14046: document a few of the Go format command-line options. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #15812 from sstosh/checkpoint-export-rawinputOpenShift Merge Robot2022-09-16
|\ \ \ \ \ | |_|_|_|/ |/| | | | remote: checkpoint --export prints a rawInput or an error on remote
| * | | | remote: checkpoint --export prints a rawInput or an error on remoteToshiki Sonoda2022-09-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit fixes `container checkpoint --export` to print a rawInput or an error. Fixes: #15743 Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | | | Merge pull request #15776 from cevich/no_ubuntu_unitOpenShift Merge Robot2022-09-16
|\ \ \ \ \ | | | | | | | | | | | | Cirrus: Only run unit-testing on Fedora.
| * | | | | Cirrus: Only run unit-testing on Fedora.Chris Evich2022-09-14
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's little practical reason to execute unit-level testing on multiple platforms, since there's so little platform interaction. Remove the unit-test runs on Ubuntu, only execute on root-full and root-less Fedora. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | Merge pull request #15817 from edsantiago/docs_dedup_dnsOpenShift Merge Robot2022-09-16
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] Man pages: Refactor common options: --dns
| * | | | | Man pages: Refactor common options: --dnsEd Santiago2022-09-15
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only between podman-build, create, and run. podman-pod-create is too different. As usual I went with the podman-run version. This means keeping the word "flag" (which should be "option"), for ease of review. I will fix in my in-progress cleanup PR. For podman-build, I removed "during the build" and changed it to a note for that man page only. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #15829 from edsantiago/shlintOpenShift Merge Robot2022-09-16
|\ \ \ \ \ | | | | | | | | | | | | Cleanup: fix problems reported by shell lint
| * | | | | Cleanup: fix problems reported by shell lintEd Santiago2022-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to #15616, which is not usable as it is (way, way, way too much noise) but actually found a few real nits that should be fixed. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #15825 from edsantiago/fix_readthedocsOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] Fix broken titles on readthedocs
| * | | | | | Fix broken titles on readthedocsEd Santiago2022-09-15
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to #15621, which (correctly) removed parentheses from md files. Turns out, a hidden part of our readthedocs process depended on those parentheses. Update that step so it handles the new, correct, <space><section-number> format. Also update local-testing documentation in README, and clean it up a little. Fixes: #15822 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #15722 from edsantiago/treadmill_improvementsOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ | |/ / / / / |/| | | | | [CI:DOCS] Buildah treadmill script: various fixes
| * | | | | Buildah treadmill script: various fixesEd Santiago2022-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ...gathered up from the last few months of almost-daily runs. The principal difference is, ditching the git-am approach in favor of git-cherry-pick. It's so much nicer! I keep forgetting how clumsy git-am is. With the new approach, saved checkpoints are kept as git branches, not in an easy-to-lose text file. And, conflict resolution is MUCH EASIER. (Conflict resolution is necessary when, e.g., the treadmill PR includes fixes for some new vendoring that buildah has done but not podman, then podman vendors in that same module but fixes broken tests in a different way than I did). Also a lot of smaller fixes for bugs reported by @Luap99. Thank you for testing and for letting me know of problems! Cursory review is OK: this will not break anything in the repo, and I've been testing/finetuning these changes heavily over the past month or two. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #15821 from ↵OpenShift Merge Robot2022-09-15
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | vrothberg/revert-c20abf12c714f359c7bbb291c444530f70cb1185 Revert "generate systemd: drop ExecStop"
| * | | | | | Revert "generate systemd: drop ExecStop"Valentin Rothberg2022-09-15
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit c20abf12c714f359c7bbb291c444530f70cb1185. In the absence of `ExecStop` step, systemd will send the stop/kill signals to the main PID while I asummed that systemd would jump directly to an ExecStopPost step instead. Hence revert the commit to let Podman take care of stopping rather than systemd. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | | | Merge pull request #15757 from mheon/fix_15526OpenShift Merge Robot2022-09-15
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Introduce graph-based pod container removal
| * | | | | Introduce graph-based pod container removalMatthew Heon2022-09-14
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Originally, during pod removal, we locked every container in the pod at once, did a number of validity checks to ensure everything was safe, and then removed all the containers in the pod. A deadlock was recently discovered with this approach. In brief, we cannot lock the entire pod (or much more than a single container at a time) without causing a deadlock. As such, we converted to an approach where we just looped over each container in the pod, removing them individually. Unfortunately, this removed a lot of the validity checking of the earlier approach, allowing for a lot of unintended bad things. Infra containers could be removed while containers in the pod still depended on them, for example. There's no easy way to do validity checks while in a simple loop, so I implemented a version of our graph-traversal logic that currently handles pod start. This version acts in the reverse order of startup: startup starts from containers which depend on nothing and moves outwards, while removal acts on containers which have nothing depend on them and moves inwards. By doing graph traversal, we can guarantee that nothing is removed while something that depends on it still exists - so the infra container should be the last thing in a pod that is removed, for example. In the (unlikely) case that a graph of the pod's containers cannot be built (most likely impossible without database editing) the old method of pod removal has been retained to ensure that even misbehaving pods can be forcibly evicted from the state. I'm fairly confident that this resolves the problem, but there are a lot of assumptions around dependency structure built into the original pod removal code and I am not 100% sure I have captured all of them. Fixes #15526 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #15792 from dfr/freebsd-inspectOpenShift Merge Robot2022-09-15
|\ \ \ \ \ | | | | | | | | | | | | Add support for 'podman inspect' on FreeBSD
| * | | | | libpod: Make getContainerInspectData work on FreeBSDDoug Rabson2022-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes setting EffectiveCaps and BoundingCaps conditional on whether the capabilites field in the spec is non-nil. This allows 'podman inspect' to work on FreeBSD. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | | libpod: Factor out platform-specfic code from generateInspectContainerHostConfigDoug Rabson2022-09-15
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | | | Merge pull request #15816 from vrothberg/15686-drop-execstopOpenShift Merge Robot2022-09-15
|\ \ \ \ \ | | | | | | | | | | | | generate systemd: drop ExecStop
| * | | | | generate systemd: drop ExecStopValentin Rothberg2022-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop the ExecStop step to simplify the generated units a bit. The extra ExecStopPost step was added by commit e5c343294424. If the main PID (i.e., conmon) is killed, systemd will not execute ExecStop (since the main PID is already down) but only execute the *Post steps. Credits to the late Ulrich Obergfell for tracking this issue down; he is missed. The ExecStop step can safely be dropped since the Post step will take of stopping (and removing) in any case. Context: #15686 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | | | Merge pull request #15815 from edsantiago/docs_dedup_no-streamOpenShift Merge Robot2022-09-15
|\ \ \ \ \ \ | |/ / / / / |/| | | | | [CI:DOCS] Man pages: refactor common options: 2 stats opts
| * | | | | Man pages: refactor common options: 2 stats optsEd Santiago2022-09-15
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | --no-reset and --no-stream, in podman-stats and pod-stats. Very minor tweak to --no-stream to account for pods. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #15811 from giuseppe/fix-memory-stats-apiOpenShift Merge Robot2022-09-15
|\ \ \ \ \ | | | | | | | | | | | | stats: cap memory limit to the available memory
| * | | | | stats: cap memory limit to the available memoryGiuseppe Scrivano2022-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker compatibility: cap the memory limit reported by the cgroup to the maximum available memory. Closes: https://github.com/containers/podman/issues/15765 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | stats: map MaxUsage to the correct valueGiuseppe Scrivano2022-09-15
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | and make sure it is not set for cgroup v2 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #15810 from edsantiago/docs_dedup_shmsizeOpenShift Merge Robot2022-09-15
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] Man pages: refactor common options: --shm-size
| * | | | | Man pages: refactor common options: --shm-sizeEd Santiago2022-09-14
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mostly went with the podman-run version. For ease of review, I kept the "you" word -- I will fix that in my in-progress cleanup PR. This affects lots of files, each of which had slightly different wording, but this actually isn't as bad as it looks. The diffs were minor, and I'm pretty sure the new refactored text applies equally well to all the man pages. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #15781 from cevich/fix_win_installer_cloneOpenShift Merge Robot2022-09-15
|\ \ \ \ \ | |/ / / / |/| | | | Cirrus: Fix win_installer task clone failure
| * | | | Cirrus: Fix win_installer task clone failureChris Evich2022-09-14
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix error in this task happening on `main`: Failed to force reset to 5ab...6d4: object not found! Ref: https://cirrus-ci.com/task/6674361678561280?logs=clone#L2 Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #15786 from edsantiago/format_test_fixesOpenShift Merge Robot2022-09-14
|\ \ \ \ | | | | | | | | | | System tests: cleanup in --format test
| * | | | System tests: cleanup in --format testEd Santiago2022-09-14
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to #15673 (--format with newlines). I cobbled up a test for it, but I was sloppy, so the test had issues that I kept having to band-aid. This is a cleaner way to handle podman-machine. ...and, another unexpected surprise with podman stats. It fails under rootless cgroupsv1. We can't sweep it under the rug via skip_if_ubuntu because tests will then fail on RHEL8. So, add a similar mechanism for testing podman stats. ...plus a non-surprise, the 'search' test flakes. Try minimizing that by searching only $IMAGE. If quay.io is down, other tests will certainly fail. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #15799 from mheon/fix_2126697OpenShift Merge Robot2022-09-14
|\ \ \ \ | | | | | | | | | | Ensure that a broken OCI spec does not break inspect
| * | | | Ensure that a broken OCI spec does not break inspectMatthew Heon2022-09-14
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The process of saving the OCI spec is not particularly reboot-safe. Normally, this doesn't matter, because we recreate the spec every time a container starts, but if one was to reboot (or SIGKILL, or otherwise fatally interrupt) Podman in the middle of writing the spec to disk, we can end up with a malformed spec that sticks around until the container is next started. Some Podman commands want to read the latest version of the spec off disk (to get information only populated after a container is started), and will break in the case that a partially populated spec is present. Swap to just ignoring these errors (with a logged warning, to let folks know something went wrong) so we don't break important commands like `podman inspect` in these cases. [NO NEW TESTS NEEDED] Provided reproducer involves repeatedly rebooting the system Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #15809 from edsantiago/docs_dedup_userOpenShift Merge Robot2022-09-14
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Man pages: refactor common options: --user
| * | | | Man pages: refactor common options: --userEd Santiago2022-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In podman-create, exec, and run. Went with the podman-run version. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #15794 from edsantiago/bats_racesOpenShift Merge Robot2022-09-14
|\ \ \ \ \ | |/ / / / |/| | | | System tests: fix three races
| * | | | System tests: fix three racesEd Santiago2022-09-14
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Three tests were running 'container rm' on 'start'ed containers that might not yet have exited. Fix. Also, tighten up the tests themselves, to make even more sure that they test what they're supposed to test. Discovered, in CI, that 'podman-remote logs --timestamps' was unimplemented. Thanks to @Luap99 for the fix to that. Fixes: #15783 Fixes: #15795 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #15793 from giuseppe/fix-volume-subpath-lookupOpenShift Merge Robot2022-09-14
|\ \ \ \ | | | | | | | | | | libpod: fix lookup for subpath in volumes
| * | | | libpod: fix lookup for subpath in volumesGiuseppe Scrivano2022-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a subdirectory that is below a mount destination is detected as a subpath. Closes: https://github.com/containers/podman/issues/15789 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>