aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Move Attach under the OCI Runtime interfaceMatthew Heon2022-06-14
| | | | | | | | | | | | | | | | | | | | | | | With conmon-rs on the horizon, we need to disentangle Libpod from legacy Conmon to the greatest extent possible. There are definitely opportunities for codesharing between the two, but we have to assume the implementations will be largely disjoint given the different architectures. Fortunately, most of the work has already been done in the past. The conmon-managed OCI runtime mostly sits behind an interface, with a few exceptions - the most notable of those being attach. This PR thus moves Attach behind the interface, to ensure that we can have attach implementations that don't use our existing unix socket streaming if necessary. Still to-do is conmon cleanup. There's a lot of code that removes Conmon-specific files, or kills the Conmon PID, and all of it will need to be refactored behind the interface. [NO NEW TESTS NEEDED] Just moving some things around. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Document protocol usage for --publishDaniel Rudolf2022-06-14
| | | | | | This also unifies the documentation of `--publish` for `podman create`, `podman run`, and `podman pod create`. Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* pkg/specgen: parse default network mode on serverPaul Holzinger2022-06-14
| | | | | | | | | | | | | | | | | | | | | When podman-remote is used we should not resolve the default network mode on the client. Defaults should be set on the server. In this case this is important because we have different defaults for root/rootless. So when the client is rootless and the server is root we must pick the root default. Note that this already worked when --network was set since we did not parsed the flag in this case. To reproduce you need --network=default. Also removed a unused function. [NO NEW TESTS NEEDED] I tested it manually but I am not sure how I can hook a test like this up in CI. The client would need to run as rootless and the server as root or the other way around. Fixes #14368 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* healthcheck: wait for systemd operationsValentin Rothberg2022-06-14
| | | | | | | | | | | | Make sure to wait for the systemd operations to finish when starting/stopping healtcheck timers and services. Also make sure to stop the timer before the service to avoid a race with the timer. [NO NEW TESTS NEEDED] since it is a non-functional change and existing tests are expected to pass. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* podman pod create --uidmap patchcdoern2022-06-14
| | | | | | | | | | | | | podmans remote API does not marshal infra's spec due to the fact that if it did, all of those options would be available to the users on the command line. This means we need to manually map "backwards" some container spec items -> pod spec items before calling PodCreate, this was one of them that was forgotten resolves #14233 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* podman stats: work with network connect/disconnectPaul Holzinger2022-06-14
| | | | | | | | | | | | | | | | | Hardcoding the interface name is a bad idea. We have no control over the actual interface name since the user can change it. The correct thing is to read them from the network status. Since the contianer can have more than one interface we have to add the RX/TX values. The other values are currently not used. For podman 5.0 we should change it so that the API can return the statistics per interface and the client should sum the TX/RX for the command output. This is what docker is doing. Fixes #13824 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* fix bad import path for cmd/podman/utilsPaul Holzinger2022-06-14
| | | | | | | | | Libpod or packages under /pkg should never import from /cmd/... This will quickly result in import cycles and weird code paths. Also there is no reason to use this special code we can just use syscall.SIGHUB as SIGNAL. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Add ExecStop and dependencies to fix shutdownAndrin Brunner2022-06-14
| | | | Signed-off-by: Andrin Brunner <andrin@acloud.one>
* Removed `imageStream` hardcoded valueJake Correnti2022-06-14
| | | | | | | | [NO NEW TESTS NEEDED] Removed `imageStream` hardcoded value that was set to testing. Since podman4 is in the fcos trees, it should be removed. The respective comments have also been removed. Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* fix "tail 800 lines: journald" flakePaul Holzinger2022-06-14
| | | | | | | | | | | | The test calls podman run -d followed by podman logs. There is no guarantee the the container or conmon has written all its output. Adding an extra podman wait should fix this. Do not remove the -d to not print 1000 unnecessary lines in the logs. Fixes #14362 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* fix podman container restore without CreateNetNSPaul Holzinger2022-06-14
| | | | | | | | | | | | | | | | When a container does not use the default podman netns, for example --network none or --network ns:/path a restore would fail because the specgen check validates that c.config.StaticMAC is nil but the unmarshaller sets it to an empty slice. While we could make the check use len() > 0 I feel like it is more common to check with != nil for ip and mac addresses. Adding omitempty tag makes the json marshal/unmarshal work correctly. This should not cause any issues. Fixes #14389 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Podman no-new-privileges formatNiall Crowe2022-06-14
| | | | | | | | | | | | In docker, the format of no-new-privileges is "no-new-privileges:true". However, for Podman all that's required is "no-new-privileges", leading to issues when attempting to use features desgined for docker in podman. Adding support for the ":" format to be used along with the "=" format, depedning on which one is entered by the user. fixes #14133 Signed-off-by: Niall Crowe <nicrowe@redhat.com>
* Remove TODO commentJhon Honce2022-06-14
| | | | | | | | | | | | | | Allowing custom flags to provider has the potential to break all the hand-crafted commands currently in use. This could become a support nightmare. ```release-note NONE ``` [NO NEW TESTS NEEDED] Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Fix swagger model of `InspectPodResponse`Jakob Ahrer2022-06-14
| | | | | | | | | `net.IP` gets marshalled as `string` and not `[]uint8` [NO TESTS NEEDED] [NO NEW TESTS NEEDED] Signed-off-by: Jakob Ahrer <jakob@ahrer.dev>
* Combine the CheckAllLatest CID and PodID functionsUrvashi Mohnani2022-06-14
| | | | | | | | | | | These two functions were doing the exact same thing just with cidfile and pod-id-file separately. Combine the functionality to one function to remove repetative code. Fix the TODO in cmd/podman/validate/args.go [NO NEW TESTS NEEDED] Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* Cirrus: Fix several TODOsChris Evich2022-06-14
| | | | | | | | Most were simply deleted, the main one addressed is in the "pre-testing" `ext_svc_check.sh` script. It will now verify accessibility of several key test images we maintain in `quay.io`. Signed-off-by: Chris Evich <cevich@redhat.com>
* Fix TODO in parse/net.goUrvashi Mohnani2022-06-14
| | | | | | | | | | Fix up the parseEnv function to differentiate between a label and env when parsing. Don't do a system lookup when parsing labels. [NO NEW TESTS NEEDED] Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* Remove TODO from pods/ps.goUrvashi Mohnani2022-06-14
| | | | | | | | The TODO has already been fixed. Filters is now a []string [NO NEW TESTS NEEDED] Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* Support remote deadlock errors in rmJhon Honce2022-06-14
| | | | | | | | | | | | | | Refactor test for deadlock by comparing error text vs. actual ErrWillDeadlock constant. When running with --remote the error constant will always be not equal to the error returned by the API. ```release-note NONE ``` [NO NEW TESTS NEEDED] Signed-off-by: Jhon Honce <jhonce@redhat.com>
* fix f35 integration test network flakePaul Holzinger2022-06-14
| | | | | | | | | | | I am not 100% sure if this is actually causing the problem but I was able to reproduce locally and this change fixed it there. Without the `-n` option iptables tries to reverse lookup the ips to domain names. This is extremely slow for unknown reasons. Given the large amount of iptables entries due parallel test runs it will not succeed in the default 90 sec timeout. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Support running podman under a root v2 cgroupJason T. Greene2022-06-14
| | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Use containers/common/pkg/util.StringToSliceDaniel J Walsh2022-06-14
| | | | | | [NO NEW TESTS NEEDED] Just code cleanup for better reuse Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* compat, build: suppress step errors when quiet is setAditya R2022-06-14
| | | | | | | | Match with docker API and suppress step errors when field quiet is set. Closes: https://github.com/containers/podman/issues/14315 Signed-off-by: Aditya R <arajan@redhat.com>
* Remove TODO re: storage-driverJhon Honce2022-06-14
| | | | | | | | | | | Currently this list is not exported from c/storage and the group decided this will not be changed. ```release-note NONE ``` Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Instead of erroring, clean up after dangling IDs in DBMatthew Heon2022-06-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | For various (mostly legacy) reasons, Podman presently maintains a unified namespace for pods and containers - IE, we cannot have both a pod and a container named "test" at the same time. To implement this, we use a global database table of every pod and container ID (and another of every pod and container name). These entries should be added when containers/pods are added, and removed when containers/pods are removed, with the database's transactional integrity providing a guarantee that this is batched with the overall removal and that the DB should remain sane and consistent no matter what. As such, we treat a dangling ID as a hard error that stops the use of Podman. Unfortunately, we have someone run into this last Friday. I'm still not certain how exactly their DB got into this state, but without further clarification there, we can consider removing the error and making Podman instead clean up and remove any dangling IDs, which should restore Podman to a serviceable state. Drop an error message if we do this, though, because people should know that the DB is in a bad state. [NO NEW TESTS NEEDED] it is deliberately impossible to produce a configuration that would test this without hex-editing the DB file. Signed-off-by: Matthew Heon <mheon@redhat.com>
* auto update: create an eventValentin Rothberg2022-06-14
| | | | | | | | | Create an auto-update event for each invocation, independent if images and containers are updated or not. Those events will be indicated in the events already but users will now know why. Fixes: #14283 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Swagger refactor/cleanupJhon Honce2022-06-14
| | | | | | | | | | | | | | | | | | * Remove duplicate or unused types and constants * Move all documetation-only models and responses into swagger package * Remove all unecessary names, go-swagger will determine names from struct declarations * Use Libpod suffix to differentiate between compat and libpod models and responses. Taken from swagger:operation declarations. * Models and responses that start with lowercase are for swagger use only while uppercase are used "as is" in the code and swagger comments * Used gofumpt on new code ```release-note ``` Signed-off-by: Jhon Honce <jhonce@redhat.com>
* linter: enable unconvert linterValentin Rothberg2022-06-14
| | | | | | | Detects unneccessary type conversions and helps in keeping the code base cleaner. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Deleting an n use image should return conflict not system errorDaniel J Walsh2022-06-14
| | | | | | Fixes: https://github.com/containers/podman/issues/14208 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Make errors on removing exec sessions nonfatalMatthew Heon2022-06-14
| | | | | | | | | | | | | | | | | Removing exec sessions is guaranteed to evict them from the DB, but in the case of a zombie process (or similar) it may error and block removal of the container. A subsequent run of `podman rm` would succeed (because the exec sessions have been purged from the DB), which is potentially confusing to users. So let's just continue, instead of erroring out, if removing exec sessions fails. [NO NEW TESTS NEEDED] I wouldn't want to spawn a zombie in our test VMs even if I could. Fixes #14252 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Don't complain about XDG_RUNTIME_DIR, Closes #1424Kevin Downey2022-06-14
| | | | | | | | | | | | | | Code is not directly reading XDG_RUNTIME_DIR, it is reading a value in the state that may initially be from XDG_RUNTIME_DIR, but then is overriden by a value from the boltdb that podman stores some state in. XDG_RUNTIME_DIR and the RunRoot path may not have the same value, so complaining about XDG_RUNTIME_DIR here may cause confusion when trying to debug things. [NO TESTS NEEDED] Signed-off-by: Kevin Downey <hiredman@thelastcitadel.com>
* Update WSL machine OS to enable user lingeringJason T. Greene2022-06-14
| | | | | | Also migrate old machines that were missing this setting Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Robust whitespace split of cpu utilization line from /proc/statSandroCasagrande2022-06-14
| | | | Signed-off-by: Sandro Casagrande <sc.casagrande@gmail.com>
* Make sure tests are cleaned up when they completeDaniel J Walsh2022-06-14
| | | | | | Fixes: https://github.com/containers/podman/issues/13789 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix broken pwdEd Santiago2022-06-14
| | | | | | Broken in #14191, merged unintentionally Signed-off-by: Ed Santiago <santiago@redhat.com>
* [CI:DOCS] fix `make localbenchmarks`Valentin Rothberg2022-06-14
| | | | | | | | Since `./hack` has been removed from the Makefile's path, add it back for `make localbenchmarks` to make `podman-registry` binary available for running local registries. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* sdnotify: send MAINPID only onceValentin Rothberg2022-06-14
| | | | | | | | | Send the main PID only once. Previously, `(*Container).start()` and the conmon handler sent them ~simultaneously and went into a race. I noticed the issue while debugging a WIP PR. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Fix hang in build-each-commit testEd Santiago2022-06-14
| | | | | | | | | | Followup to #14178: I broke CI. "--fork-point" does not do what I thought it did, so remove it. Also, add 'set -x' to help us debug the next time something like this happens. Signed-off-by: Ed Santiago <santiago@redhat.com>
* test: update fedora toolbox imageGiuseppe Scrivano2022-06-14
| | | | | | f32 is already EOL. Let's use the latest version. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* [CI:DOCS] man pages: fix inconsistenciesEd Santiago2022-06-14
| | | | | | | | As part of work done in #14046, fix bugs found in man pages, basically just moving a few descriptions to the right place and removing some undesired asterisks. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Add more machine testsAshley Cui2022-06-14
| | | | | | Add more machine tests for flags in init, inspect, and list. Signed-off-by: Ashley Cui <acui@redhat.com>
* test: simplify cleanup codeGiuseppe Scrivano2022-06-14
| | | | | | | do not try to first stop and then rm but combine the two operations in a single command. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Cirrus: Guarantee $DEST_BRANCH is passed throughChris Evich2022-06-14
| | | | | | | | | | | | | There are several runtime contexts (rootless and container) where `$DEST_BRANCH` is needed but was not supplied. A prior commit (c4865767171b) removed the default value, `main` which was being set incorrectly when CI ran on release branches. Fix this by ensuring the variable is non-empty upon entry to `setup_environment.sh`, then ensure it gets passed through to child environments by way of the `/etc/ci_environment` file. This will maintain compatibility with both CI and `hack/get_ci_vm.sh` use. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Fix Makefile including 'hack' in $PATHChris Evich2022-06-14
| | | | | | | | This path should never, ever, ever be included in `$PATH` as it is almost guaranteed to cause serious and non-obvious breakage in CI. Fix it and include a warning comment. Signed-off-by: Chris Evich <cevich@redhat.com>
* bloat check: make more robustEd Santiago2022-06-14
| | | | | | | | | | | | | | | | | | | The use of 'C^' (parent) in 'git rebase' is counterintuitive, at least to me: when C is a merge of multiple commits, rebase picks each of those commits. That probably makes good sense to a git expert, which I'm not. Solution: forget using '^', just calculate the baseline sizes by doing a checkout of the PR's parent. Also: compute PR parent using git-merge-base instead of blindly trusting $DEST_BRANCH (which may be volatile as other PRs are merged). Also: run git-rebase directly, not via make rule. That indirection is too confusing here. Signed-off-by: Ed Santiago <santiago@redhat.com>
* fix: Container.cGroupPath() skip empty line to avoid false error loggingttyS32022-06-14
| | | | | | Signed-off-by: ttyS3 <ttys3.rust@gmail.com> [NO NEW TESTS NEEDED]
* fix broken CI testPaul Holzinger2022-06-14
| | | | | | | | | | Commit b58e7e7f11 was not fully rebased before merging and is now breaking CI because commit 69c479b16e19 made the underlying error visible. Using journald inside the container tests is not supported. Fixes #14162 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* play kube log tag handlingcdoern2022-06-14
| | | | | | | | | currently tags cause a panic due to an uninitialized map. Initialize the map and add parsing to make sure we are only tagging with journald resolves #13356 Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* Merge pull request #14337 from ↵OpenShift Merge Robot2022-05-24
|\ | | | | | | | | openshift-cherrypick-robot/cherry-pick-14294-to-v4.1 [v4.1] fix compat image resolution
| * fix compat image resolutionValentin Rothberg2022-05-24
|/ | | | | | | | | | | | Fix a bug in the resolution of images in the Docker compat API. When looking up an image by a short name, the name may match an image that does not live on Docker Hub. The resolved name should be used for normalization instead of the input name to make sure that `busybox` can resolve to `registry.com/busybox` if present in the local storage. Fixes: #14291 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>