summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* With --rm option remove container if podman run failsDaniel J Walsh2022-07-28
| | | | | | Fixes https://github.com/containers/podman/issues/15049 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #14801 from lsm5/ec2-aarch64OpenShift Merge Robot2022-07-28
|\ | | | | Cirrus: enable Fedora 36 aarch64 tasks on EC2
| * Cirrus: enable Fedora 36 aarch64 tasks on EC2Lokesh Mandvekar2022-07-27
| | | | | | | | | | | | | | | | | | | | | | new file: test/e2e/config_arm64.go Tests that fail on aarch64 have been skipped with `skip_if_aarch64`. Co-authored-by: Chris Evich <cevich@redhat.com> Co-authored-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | Merge pull request #15090 from vrothberg/fix-14859OpenShift Merge Robot2022-07-28
|\ \ | | | | | | cleanup: transition from `stopping` to `exited`
| * | syncContainer: transition from `stopping` to `exited`Valentin Rothberg2022-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow the cleanup process (and others) to transition the container from `stopping` to `exited`. This fixes a race condition detected in #14859 where the cleanup process kicks in _before_ the stopping process can read the exit file. Prior to this fix, the cleanup process left the container in the `stopping` state and removed the conmon files, such that the stopping process also left the container in this state as it could not read the exit files. Hence, `podman wait` timed out (see the 23 seconds execution time of the test [1]) due to the unexpected/invalid state and the test failed. Further turn the warning during stop to a debug message since it's a natural race due to the daemonless/concurrent architecture and nothing to worry about. [NO NEW TESTS NEEDED] since we can only monitor if #14859 continues flaking or not. [1] https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/6210434704343040/html/sys-remote-fedora-36-rootless-host.log.html#t--00205 Fixes: #14859 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | Merge pull request #15034 from sstosh/manifest-push-rmOpenShift Merge Robot2022-07-27
|\ \ \ | | | | | | | | Fix: manifest push --rm removes a correct manifest list
| * | | Fix: manifest push --rm removes a correct manifest listToshiki Sonoda2022-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This bug is reproduced when we execute the following command: 1. podman manifest add <manifest list> <images exist on local storage> 2. podman manifest push --rm <manifest list> dir:<directory> If pushing succeeds, it is expected to remove only a manifest list. However, manifest list remains on local storage and images are removed. This commit fixes `podman manifest push --rm` to remove only a manifest list. And, supports `manifest push --rm option` in remote environment, like host environment. Fixes: https://github.com/containers/podman/issues/15033 Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | | Merge pull request #15066 from sstosh/checkpoint-samenameOpenShift Merge Robot2022-07-27
|\ \ \ \ | |_|_|/ |/| | | Fix: Restore a container which name is equal to a image name
| * | | Fix: Restore a container which name is equal to a image nameToshiki Sonoda2022-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If there is a match for both container and image, we restore the container. Fixes: https://github.com/containers/podman/issues/15055 Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | | Merge pull request #14959 from rhatdan/rmOpenShift Merge Robot2022-07-27
|\ \ \ \ | | | | | | | | | | When removing objects specifying --force,podman should exit with 0
| * | | | When removing objects specifying --force,podman should exit with 0Daniel J Walsh2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This Patch will cause podman COMMAND rm --force bogus not fail This is how Docker works, so Podman should follow this to allow existing scripts to convert from Docker to Podman. Fixes: #14612 Oprignal version of this patch came from wufan 1991849113@qq.com Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #14997 from cdoern/pruneOpenShift Merge Robot2022-07-27
|\ \ \ \ \ | |_|_|_|/ |/| | | | prune filter handling
| * | | | prune filter handlingCharlie Doern2022-07-25
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | network and container prune could not handle the label!=... filter. vendor in c/common to fix this and add some podman level handling to make everything run smoothly resolves #14182 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | Merge pull request #15087 from eriksjolund/socket_activation.md_clarify_delayOpenShift Merge Robot2022-07-27
|\ \ \ \ | | | | | | | | | | [CI:DOCS] socket_activation.md: Add start/stop sections
| * | | | [CI:DOCS] socket_activation.md: Add start/stop sectionsErik Sjölund2022-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add section "Starting a socket-activated service". * Add section "Stopping a socket-activated service". * Clarify in the diagrams that socket activation only happens for the first client connection. Co-authored-by: Valentin Rothberg <vrothberg@redhat.com> Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | | Merge pull request #14540 from anjannath/pkginstallerOpenShift Merge Robot2022-07-27
|\ \ \ \ \ | | | | | | | | | | | | Add support for building macOS pkg installer
| * | | | | Add support for building macOS pkg installerAnjan Nath2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it installs podman and supporting binaries along with qemu to have a functioning podman install using a pkg podman and podman-mac-helper is compiled from source gvproxy binary is downloaded from its github releases and qemu from github release of containers/podman-machine-qemu [NO NEW TESTS NEEDED] Signed-off-by: Anjan Nath <kaludios@gmail.com>
* | | | | | Merge pull request #15075 from cevich/latest_imgtsOpenShift Merge Robot2022-07-26
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | [CI:DOCS] Cirrus: Use the latest imgts container
| * | | | | Cirrus: Use the latest imgts containerChris Evich2022-07-26
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Contains important updates re: preserving release-branch CI VM images. Ref: https://github.com/containers/automation_images/pull/157 Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | Merge pull request #15043 from eriksjolund/fix_sdnotify_option_docsOpenShift Merge Robot2022-07-26
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] podman-generate-systemd.1.md: document --sdnotify
| * | | | | [CI:DOCS] podman-generate-systemd.1.md: document --sdnotifyErik Sjölund2022-07-26
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Document why the default value for --sdnotify is overridden. Some was included text from https://github.com/containers/podman/issues/15029#issuecomment-1192244755 * Document that --sdnotify=ignore is overridden. Fixes #15029 Co-authored-by: Valentin Rothberg <vrothberg@redhat.com> Co-authored-by: Tom Sweeney <tsweeney@redhat.com> Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | | Merge pull request #15059 from cdoern/infraOpenShift Merge Robot2022-07-26
|\ \ \ \ \ | | | | | | | | | | | | pod create --share none should not create infra
| * | | | | pod create --share none should not create infraCharlie Doern2022-07-25
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | for podman pod create, when we are not sharing any namespaces there is no point for the infra container. This is especially true since resources have also been decoupled from the container recently. handle this on the cmd level so that we can still create infra if set explicitly resolves #15048 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | | Merge pull request #15061 from cfergeau/always-trueOpenShift Merge Robot2022-07-26
|\ \ \ \ \ | | | | | | | | | | | | machine: Fix check which is always true
| * | | | | machine: Fix check which is always trueChristophe Fergeau2022-07-26
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before making / mutable/immutable, podman-machine checks if the mount is being done in /home or /mnt. However the current check is always going to be true: ``` !strings.HasPrefix(mount.Target, "/home") || !strings.HasPrefix(mount.Target, "/mnt") ``` is false when mount.Target starts with "/home" and mount.Target starts with "/mnt", which cannot happen at the same time. The correct check is: ``` !strings.HasPrefix(mount.Target, "/home") && !strings.HasPrefix(mount.Target, "/mnt") ``` which can also be written as: ``` !(strings.HasPrefix(mount.Target, "/home") || strings.HasPrefix(mount.Target, "/mnt")) ``` The impact is not too bad, it results in extra 'chattr -i' calls which should be unneeded. [NO NEW TESTS NEEDED] Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
* | | | | Merge pull request #15057 from marshall-lee/tls-verify-default-trueOpenShift Merge Robot2022-07-26
|\ \ \ \ \ | |/ / / / |/| | | | Set TLSVerify=true by default for API endpoints
| * | | | Set TLSVerify=true by default for API endpointsVladimir Kochnev2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Option defaults in API must be the same as in CLI. ``` % podman image push --help % podman image pull --help % podman manifest push --help % podman image search --help ``` All of these CLI commands them have --tls-verify=true by default: ``` --tls-verify require HTTPS and verify certificates when accessing the registry (default true) ``` As for `podman image build`, it doesn't have any means to control `tlsVerify` parameter but it must be true by default. Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
* | | | | Merge pull request #15058 from edsantiago/obsolete_skipsOpenShift Merge Robot2022-07-26
|\ \ \ \ \ | |/ / / / |/| | | | Semiperiodoc cleanup of obsolete FIXMEs
| * | | | Semiperiodoc cleanup of obsolete FIXMEsEd Santiago2022-07-25
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some refer to issues that are closed. Remove them. Some are runc bugs that will never be fixed. Say so, and remove the FIXME. One (bps/iops) should probably be fixed. File an issue for it, and update comment to include the issue# so my find-obsolete-skips script can track it. And one (rootless mount with a "kernel bug?" comment) is still not fixed. Leave the skip, but add a comment documenting the symptom. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #15064 from vrothberg/benchmarksOpenShift Merge Robot2022-07-25
|\ \ \ \ | |/ / / |/| | | benchmarks: fix create test
| * | | benchmarks: fix create testValentin Rothberg2022-07-25
|/ / / | | | | | | | | | | | | | | | And a new one for `run --detach`. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | Merge pull request #15035 from cdoern/cgroupOpenShift Merge Robot2022-07-23
|\ \ \ | | | | | | | | fix container create/run throttle devices
| * | | fix container create/run throttle devicesCharlie Doern2022-07-22
| | | | | | | | | | | | | | | | | | | | | | | | pod resource limits introduced a regression where `FinishThrottleDevices` was not called for create/run Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | Merge pull request #15042 from Luap99/int-remote-netbackendOpenShift Merge Robot2022-07-22
|\ \ \ \ | | | | | | | | | | integration test: fix network backend option with remote
| * | | | integration test: fix network backend option with remotePaul Holzinger2022-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I honestly do not understand all this extra option parsing here but there is really no reason to exclude the option for remote, all the other global options are also set there. This fixes a problem with mixed cni/netavark use because the option was unset. Fixes #15017 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #15039 from Luap99/cni-docOpenShift Merge Robot2022-07-22
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] docs: remove CNI word where it is not applicable
| * | | | | docs: remove CNI word where it is not applicablePaul Holzinger2022-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Most network commands/features work with both netavark and CNI. When we added added netavark most docs were not vetted and thus still use CNI network, it should just say network. Fixes #14990 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #14976 from giuseppe/do-not-lock-containers-pod-rmOpenShift Merge Robot2022-07-22
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | libpod: do not lock all containers on pod rm
| * | | | | libpod: do not lock all containers on pod rmGiuseppe Scrivano2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | do not attempt to lock all containers on pod rm since it can cause deadlocks when other podman cleanup processes are attempting to lock the same containers in a different order. [NO NEW TESTS NEEDED] Closes: https://github.com/containers/podman/issues/14929 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #15038 from vrothberg/wait-errorOpenShift Merge Robot2022-07-22
|\ \ \ \ \ \ | | | | | | | | | | | | | | container wait: improve error message
| * | | | | | container wait: improve error messageValentin Rothberg2022-07-22
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Improve the error message when looking up the exit code of a container. The state of the container may help us track down #14859 which flakes rarely and is impossible to reproduce on my machine. [NO NEW TESTS NEEDED] Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | | | Merge pull request #14967 from sstosh/pause-optionOpenShift Merge Robot2022-07-22
|\ \ \ \ \ \ | | | | | | | | | | | | | | Add pause/unpause --latest, --cidfile, --filter
| * | | | | | Add pause/unpause --latest, --cidfile, --filterToshiki Sonoda2022-07-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | --latest : pause/unpause the latest container. --filter : pause/unpause the filtered container. --cidfile : Read container ID from the specified file and pause/unpause the container. Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | | | | | Merge pull request #14957 from edsantiago/dont_remake_remoteOpenShift Merge Robot2022-07-22
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Makefile: use order-only prereq for podman-remote
| * | | | | | | Makefile: use order-only prereq for podman-remoteEd Santiago2022-07-19
| | |_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman-remote has a dependency on $(SRCBINDIR), because on Mac and Windows that's a special dir that may not exist. But depending on a directory means depending on its mtime, which changes every time a file in it is updated, which means running 'make' twice in a row will rebuild podman-remote for no good reason. Solution: GNU Make has the concept of "order-only" prerequisites, precisely for this situation. Use it. Since it's an obscure feature, document it. UPDATE: This exposed some nasty duplication wrt podman-remote rules. Clean those up, and add comments to some confusing sections. Fixes: #14756 (Also, drive-by edit to remove a stray misdocumented non-option) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | | Merge pull request #15040 from Luap99/api-umaskOpenShift Merge Robot2022-07-22
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | API: libpod/create use correct default umask
| * | | | | | | API: libpod/create use correct default umaskPaul Holzinger2022-07-22
| | |_|_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure containers created via API have the correct umask from containers.conf set. Fixes #15036 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | Merge pull request #14567 from cdoern/secretsOpenShift Merge Robot2022-07-22
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | Implement kubernetes secret handling for podman play kube
| * | | | | | kube secret handling for podman play kubecdoern2022-07-20
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add support for both creating a secret using yaml and mounting a secret as a volume given a yaml file. Kubernetes secrets have a different structure than podman and therefore have to be handeled differently. In this PR, I have introduced the basic usecases of kube secrets with more implementations like env secrets to come! resolves #12396 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | | | Merge pull request #15016 from Luap99/compat-netnameOpenShift Merge Robot2022-07-22
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | compat api: allow default bridge name for networks