| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
| |
Switch from projectatomic/buildah to containers/buildah
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
When image is not tagged, we should just set the imageName to the
image.ID.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1501
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
Fixes #1481
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #1496
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When managing the containers with systemd, it takes a bit more than
250ms to have podman creating the pidfile.
Increasing the value to 1 second will avoid timeout issues when running
a lot of containers managed by systemd.
This patch was tested in a VM with 56 services (OpenStack) deployed by
TripleO and managed by systemd.
Fixes #1495
Signed-off-by: Emilien Macchi <emilien@redhat.com>
Closes: #1497
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Firstly, when adding the privileged catch-all resource device,
first remove the spec's default catch-all resource device.
Second, remove our default rootfs propogation config - Docker
does not set this by default, so I don't think we should either.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1491
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
|
|
|
| |
We seem to be having a few flakes on namespace sharing.
Adding this test to make sure sharing with the host is working correctly.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1485
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
ALso cleanup files section or podman man page
Add description of policy.json
Sort alphabetically.
Add more info on oci hooks
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1487
Approved by: umohnani8
|
| |\
| |
| | |
Bump to 0.9.2.1
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |\
| |
| | |
Update release notes for 0.9.2.1
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Buildah
Fixes to COPY and ADD to properly follow symbolic links is SRC is a symbolic link
Print out a digest message on successful push.
We should not drop the Bounding set when running as a non priv user in podman build
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1483
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
| |
Containers image has a fix docker tarfile: use the cached digest if existing
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1482
Approved by: rhatdan
|
| |\
| |
| | |
Bump to 0.9.2
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |\
| |
| | |
Update release notes for 0.9.2
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |\
| |
| | |
rootless: do not raise an error if the entrypoint is specified
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
do not error out when the storage is not initialized and the
entrypoint command is not available for the specified image. Check it
when we re-exec in an user namespace and can access the storage.
Closes: https://github.com/containers/libpod/issues/1452
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
Don't mount /dev/* if user mounted /dev
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Remove duplicate code between create.go and run.go
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Create two new createInit for checking if the cotnainer is initialized
correctly.
createContainer which creates the actual container and containerConfig
Also added libpodruntime.GetContainerRuntime to put common runtime code
into separate function.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Add a way to disable port reservation
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We've increased the default rlimits to allow Podman to hold many
ports open without hitting limits and crashing, but this doesn't
solve the amount of memory that holding open potentially
thousands of ports will use. Offer a switch to optionally disable
port reservation for performance- and memory-constrained use
cases.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |\ \ \
| | | |
| | | | |
add registry information to varlink info
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
when using the varlink api, we should pass on the registries information
as is present in the cli info command.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Add --interval flag to podman wait
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
Waiting uses a lot of CPU, so drop back to checking once/second
and allow user to pass in the interval.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
change search test to look for fedora and not fedora-minimal
|
| |/ / /
| | |
| | |
| | | |
Signed-off-by: baude <bbaude@redhat.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We were already writing these to our debug logs. But collecting them
and including them in the error message will make it easier for
callers who don't have debugging enabled to figure out what's going
wrong.
Using multierror gives us both pretty formatting (when we print this
for the user) and programmatic access (for any callers that need to
inspect the constituent errors). With this commit and a config like:
$ cat /etc/containers/registries.conf
[registries.search]
registries = ['registry.access.redhat.com', 'quay.io', 'docker.io']
pulling an unqualified missing image looks like:
$ podman pull does-not/exist
Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
Trying to pull quay.io/does-not/exist:latest...Failed
Trying to pull docker.io/does-not/exist:latest...Failed
error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:
* Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
* Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized
* Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
denied: requested access to the resource is denied
unauthorized: authentication required
A qualified image looks like:
$ podman pull quay.io/does-not/exist
Trying to pull quay.io/does-not/exist...Failed
error pulling image "quay.io/does-not/exist": unable to pull quay.io/does-not/exist: unable to pull image: Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized
If one of the searched repositories was offline, you'd get a more
useful routing error for that specific registry. For example:
$ cat /etc/hosts
127.0.0.1 quay.io
$ podman pull does-not/exist
Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
Trying to pull quay.io/does-not/exist:latest...Failed
Trying to pull docker.io/does-not/exist:latest...Failed
error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:
* Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
* Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: pinging docker registry returned: Get https://quay.io/v2/: dial tcp 127.0.0.1:443: connect: connection refused
* Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
denied: requested access to the resource is denied
unauthorized: authentication required
This is our first direct dependency on multierror, but we've been
vendoring it for a while now because opencontainers/runtime-tools uses
it for config validation.
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1456
Approved by: rhatdan
|
| |\ \
| | |
| | | |
Update gitvalidation epoch to avoid a bad commit
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |/ /
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |\ \
| | |
| | | |
Add Buildah Podman relationship to README.md
|
| |/ /
| |
| |
| | |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This matches Docker behavior more closely and should resolve an
issue we were seeing with /sys mounts
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1465
Approved by: rhatdan
|
| | |
| |
| |
| |
| |
| |
| | |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1462
Approved by: rhatdan
|
| | |
| |
| |
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1437
Approved by: rhatdan
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Every port we open consumes an open FD. This can easily consume
all available FDs for the podman process. Set rlimits to resolve
this.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1437
Approved by: rhatdan
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adds functionality to search registries implementing the v2
endpoint with an empty query, that is the results will be
all the available images on the registries.
If this is tried with a v1 registry an error will occur.
To search a whole registry, there needs to be a trailing slash
at the end, i.e `podman search registry.fedoraproject.org/`.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #1444
Approved by: rhatdan
|
| |/
|
|
|
|
|
|
|
| |
Picks up changes made to authentication for registry search.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #1444
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
While this is not implemented yet, it is needed for working with existing
docker scripts.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1460
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
| |
When running lots of podman commands simultaneously we were able to get
into a deadlock situation. The updated containers/storage should fix this issue.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1454
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
| |
as of now, we do not want to build with device mapper because it cannot
handle parallel requests which would be common-place in podman.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1445
Approved by: mheon
|
