aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* | | | | | Merge pull request #14997 from cdoern/pruneOpenShift Merge Robot2022-07-27
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | prune filter handling
| * | | | | prune filter handlingCharlie Doern2022-07-25
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | network and container prune could not handle the label!=... filter. vendor in c/common to fix this and add some podman level handling to make everything run smoothly resolves #14182 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | | Merge pull request #15087 from eriksjolund/socket_activation.md_clarify_delayOpenShift Merge Robot2022-07-27
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] socket_activation.md: Add start/stop sections
| * | | | | [CI:DOCS] socket_activation.md: Add start/stop sectionsErik Sjölund2022-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add section "Starting a socket-activated service". * Add section "Stopping a socket-activated service". * Clarify in the diagrams that socket activation only happens for the first client connection. Co-authored-by: Valentin Rothberg <vrothberg@redhat.com> Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | | | Merge pull request #14540 from anjannath/pkginstallerOpenShift Merge Robot2022-07-27
|\ \ \ \ \ \ | | | | | | | | | | | | | | Add support for building macOS pkg installer
| * | | | | | Add support for building macOS pkg installerAnjan Nath2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it installs podman and supporting binaries along with qemu to have a functioning podman install using a pkg podman and podman-mac-helper is compiled from source gvproxy binary is downloaded from its github releases and qemu from github release of containers/podman-machine-qemu [NO NEW TESTS NEEDED] Signed-off-by: Anjan Nath <kaludios@gmail.com>
* | | | | | | Merge pull request #15075 from cevich/latest_imgtsOpenShift Merge Robot2022-07-26
|\ \ \ \ \ \ \ | |_|_|_|/ / / |/| | | | | | [CI:DOCS] Cirrus: Use the latest imgts container
| * | | | | | Cirrus: Use the latest imgts containerChris Evich2022-07-26
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Contains important updates re: preserving release-branch CI VM images. Ref: https://github.com/containers/automation_images/pull/157 Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #15043 from eriksjolund/fix_sdnotify_option_docsOpenShift Merge Robot2022-07-26
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] podman-generate-systemd.1.md: document --sdnotify
| * | | | | | [CI:DOCS] podman-generate-systemd.1.md: document --sdnotifyErik Sjölund2022-07-26
| | |_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Document why the default value for --sdnotify is overridden. Some was included text from https://github.com/containers/podman/issues/15029#issuecomment-1192244755 * Document that --sdnotify=ignore is overridden. Fixes #15029 Co-authored-by: Valentin Rothberg <vrothberg@redhat.com> Co-authored-by: Tom Sweeney <tsweeney@redhat.com> Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | | | Merge pull request #15059 from cdoern/infraOpenShift Merge Robot2022-07-26
|\ \ \ \ \ \ | | | | | | | | | | | | | | pod create --share none should not create infra
| * | | | | | pod create --share none should not create infraCharlie Doern2022-07-25
| | |_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | for podman pod create, when we are not sharing any namespaces there is no point for the infra container. This is especially true since resources have also been decoupled from the container recently. handle this on the cmd level so that we can still create infra if set explicitly resolves #15048 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | | | Merge pull request #15061 from cfergeau/always-trueOpenShift Merge Robot2022-07-26
|\ \ \ \ \ \ | | | | | | | | | | | | | | machine: Fix check which is always true
| * | | | | | machine: Fix check which is always trueChristophe Fergeau2022-07-26
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before making / mutable/immutable, podman-machine checks if the mount is being done in /home or /mnt. However the current check is always going to be true: ``` !strings.HasPrefix(mount.Target, "/home") || !strings.HasPrefix(mount.Target, "/mnt") ``` is false when mount.Target starts with "/home" and mount.Target starts with "/mnt", which cannot happen at the same time. The correct check is: ``` !strings.HasPrefix(mount.Target, "/home") && !strings.HasPrefix(mount.Target, "/mnt") ``` which can also be written as: ``` !(strings.HasPrefix(mount.Target, "/home") || strings.HasPrefix(mount.Target, "/mnt")) ``` The impact is not too bad, it results in extra 'chattr -i' calls which should be unneeded. [NO NEW TESTS NEEDED] Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
* | | | | | Merge pull request #15057 from marshall-lee/tls-verify-default-trueOpenShift Merge Robot2022-07-26
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Set TLSVerify=true by default for API endpoints
| * | | | | Set TLSVerify=true by default for API endpointsVladimir Kochnev2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Option defaults in API must be the same as in CLI. ``` % podman image push --help % podman image pull --help % podman manifest push --help % podman image search --help ``` All of these CLI commands them have --tls-verify=true by default: ``` --tls-verify require HTTPS and verify certificates when accessing the registry (default true) ``` As for `podman image build`, it doesn't have any means to control `tlsVerify` parameter but it must be true by default. Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
* | | | | | Merge pull request #15058 from edsantiago/obsolete_skipsOpenShift Merge Robot2022-07-26
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Semiperiodoc cleanup of obsolete FIXMEs
| * | | | | Semiperiodoc cleanup of obsolete FIXMEsEd Santiago2022-07-25
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some refer to issues that are closed. Remove them. Some are runc bugs that will never be fixed. Say so, and remove the FIXME. One (bps/iops) should probably be fixed. File an issue for it, and update comment to include the issue# so my find-obsolete-skips script can track it. And one (rootless mount with a "kernel bug?" comment) is still not fixed. Leave the skip, but add a comment documenting the symptom. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #15064 from vrothberg/benchmarksOpenShift Merge Robot2022-07-25
|\ \ \ \ \ | |/ / / / |/| | | | benchmarks: fix create test
| * | | | benchmarks: fix create testValentin Rothberg2022-07-25
|/ / / / | | | | | | | | | | | | | | | | | | | | And a new one for `run --detach`. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | Merge pull request #15035 from cdoern/cgroupOpenShift Merge Robot2022-07-23
|\ \ \ \ | | | | | | | | | | fix container create/run throttle devices
| * | | | fix container create/run throttle devicesCharlie Doern2022-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pod resource limits introduced a regression where `FinishThrottleDevices` was not called for create/run Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | | Merge pull request #15042 from Luap99/int-remote-netbackendOpenShift Merge Robot2022-07-22
|\ \ \ \ \ | | | | | | | | | | | | integration test: fix network backend option with remote
| * | | | | integration test: fix network backend option with remotePaul Holzinger2022-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I honestly do not understand all this extra option parsing here but there is really no reason to exclude the option for remote, all the other global options are also set there. This fixes a problem with mixed cni/netavark use because the option was unset. Fixes #15017 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #15039 from Luap99/cni-docOpenShift Merge Robot2022-07-22
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] docs: remove CNI word where it is not applicable
| * | | | | | docs: remove CNI word where it is not applicablePaul Holzinger2022-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Most network commands/features work with both netavark and CNI. When we added added netavark most docs were not vetted and thus still use CNI network, it should just say network. Fixes #14990 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | Merge pull request #14976 from giuseppe/do-not-lock-containers-pod-rmOpenShift Merge Robot2022-07-22
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | libpod: do not lock all containers on pod rm
| * | | | | | libpod: do not lock all containers on pod rmGiuseppe Scrivano2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | do not attempt to lock all containers on pod rm since it can cause deadlocks when other podman cleanup processes are attempting to lock the same containers in a different order. [NO NEW TESTS NEEDED] Closes: https://github.com/containers/podman/issues/14929 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | Merge pull request #15038 from vrothberg/wait-errorOpenShift Merge Robot2022-07-22
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | container wait: improve error message
| * | | | | | | container wait: improve error messageValentin Rothberg2022-07-22
| | |/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Improve the error message when looking up the exit code of a container. The state of the container may help us track down #14859 which flakes rarely and is impossible to reproduce on my machine. [NO NEW TESTS NEEDED] Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | | | | Merge pull request #14967 from sstosh/pause-optionOpenShift Merge Robot2022-07-22
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Add pause/unpause --latest, --cidfile, --filter
| * | | | | | | Add pause/unpause --latest, --cidfile, --filterToshiki Sonoda2022-07-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | --latest : pause/unpause the latest container. --filter : pause/unpause the filtered container. --cidfile : Read container ID from the specified file and pause/unpause the container. Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | | | | | | Merge pull request #14957 from edsantiago/dont_remake_remoteOpenShift Merge Robot2022-07-22
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Makefile: use order-only prereq for podman-remote
| * | | | | | | | Makefile: use order-only prereq for podman-remoteEd Santiago2022-07-19
| | |_|/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman-remote has a dependency on $(SRCBINDIR), because on Mac and Windows that's a special dir that may not exist. But depending on a directory means depending on its mtime, which changes every time a file in it is updated, which means running 'make' twice in a row will rebuild podman-remote for no good reason. Solution: GNU Make has the concept of "order-only" prerequisites, precisely for this situation. Use it. Since it's an obscure feature, document it. UPDATE: This exposed some nasty duplication wrt podman-remote rules. Clean those up, and add comments to some confusing sections. Fixes: #14756 (Also, drive-by edit to remove a stray misdocumented non-option) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | | | Merge pull request #15040 from Luap99/api-umaskOpenShift Merge Robot2022-07-22
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | API: libpod/create use correct default umask
| * | | | | | | | API: libpod/create use correct default umaskPaul Holzinger2022-07-22
| | |_|_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure containers created via API have the correct umask from containers.conf set. Fixes #15036 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | | Merge pull request #14567 from cdoern/secretsOpenShift Merge Robot2022-07-22
|\ \ \ \ \ \ \ \ | |_|_|_|_|/ / / |/| | | | | | | Implement kubernetes secret handling for podman play kube
| * | | | | | | kube secret handling for podman play kubecdoern2022-07-20
| | |_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add support for both creating a secret using yaml and mounting a secret as a volume given a yaml file. Kubernetes secrets have a different structure than podman and therefore have to be handeled differently. In this PR, I have introduced the basic usecases of kube secrets with more implementations like env secrets to come! resolves #12396 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | | | | Merge pull request #15016 from Luap99/compat-netnameOpenShift Merge Robot2022-07-22
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | compat api: allow default bridge name for networks
| * | | | | | compose test: remove cni config copyPaul Holzinger2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The network backend always has default config in memory so there is no need to copy it. Also netavark cannot use it. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | | compat api: always turn on network isolation for networksPaul Holzinger2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix some network option parsing logic to use constants. Always use the isolate option since this is what docker does. Remove the icc option, this is different from isolate and it is not implemented. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | | compat api: allow default bridge name for networksPaul Holzinger2022-07-21
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker uses "bridge" as default network name so some tools expect this to work with network list or inspect. To fix this we change "bridge" to the podman default ("podman") name. Fixes #14983 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #14972 from edsantiago/ubuntu_cgroups_v1OpenShift Merge Robot2022-07-22
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Bump VMs, to Ubuntu 2204 with cgroups v1
| * | | | | Bump VMs, to Ubuntu 2204 with cgroups v1Ed Santiago2022-07-21
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ...and enable the at-test-time confirmation, the one that double-checks that if CI requests runc we actually use runc. This exposed a nasty surprise in our setup: there are steps to define $OCI_RUNTIME, but that's actually a total fakeout! OCI_RUNTIME is used only in e2e tests, it has no effect whatsoever on actual podman itself as invoked via command line such as in system tests. Solution: use containers.conf Given how fragile all this runtime stuff is, I've also added new tests (e2e and system) that will check $CI_DESIRED_RUNTIME. Image source: https://github.com/containers/automation_images/pull/146 Since we haven't actually been testing with runc, we need to fix a few tests: - handle an error-message change (make it work in both crun and runc) - skip one system test, "survive service stop", that doesn't work with runc and I don't think we care. ...and skip a bunch, filing issues for each: - #15013 pod create --share-parent - #15014 timeout in dd - #15015 checkpoint tests time out under $CONTAINER - #15017 networking timeout with registry - #15018 restore --pod gripes about missing --pod - #15025 run --uidmap broken - #15027 pod inspect cgrouppath broken - ...and a bunch more ("podman pause") that probably don't even merit filing an issue. Also, use /dev/urandom in one test (was: /dev/random) because the test is timing out and /dev/urandom does not block. (But the test is still timing out anyway, even with this change) Also, as part of the VM switch we are now using go 1.18 (up from 1.17) and this broke the gitlab tests. Thanks to @Luap99 for a quick fix. Also, slight tweak to #15021: include the timeout value, and reword message so command string is at end. Also, fixed a misspelling in a test name. Fixes: #14833 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #14968 from jmguzik/compatOpenShift Merge Robot2022-07-22
|\ \ \ \ \ | | | | | | | | | | | | Compat API: unify pull/push and add missing progress info
| * | | | | Compat API: unify pull/push and add missing progress infoJakub Guzik2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Progress bar in JSONMessage is missing compared to docker output both in pull and push. Additionaly, pull was not using JSONMessage while push was using the type. [NO NEW TESTS NEEDED] Signed-off-by: Jakub Guzik <jguzik@redhat.com>
* | | | | | Merge pull request #15010 from Luap99/machine-e2eOpenShift Merge Robot2022-07-22
|\ \ \ \ \ \ | | | | | | | | | | | | | | enable linter for pkg/machine/e2e
| * | | | | | fix broken machine testPaul Holzinger2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The memory both local and in the CI test is converted to 3822. I don't know why this changed but I want to have this working again. For the future we should look at a more robust solution. Fixes #15012 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | | pkg/machine/e2e: do not import from cmd/podmanPaul Holzinger2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The same problem again as 4374038cc67405e3f5555b1870d5bb7f6570fa5d. Also fix the incorrect --format autocompletion struct. It should be avoided to import cmd/podman/... packages from outside of cmd/podman. This can lead in weird hard to debug import paths but also can have negative consequences when imported in unit tests. In this case it will set XDG_CONFIG_HOME and thus the machine tests this dir over the tmp HOME env variable which is set at a later point. This caused machine files to be leaked into the actual users home dir. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | | fix some pkg/machine/e2e test to read stderrPaul Holzinger2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also fix the machine ssh code order to provide a better error message. Signed-off-by: Paul Holzinger <pholzing@redhat.com>