aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* libpod: Move ocicniPortsToNetTypesPorts and compareOCICNIPorts to ↵Doug Rabson2022-09-12
| | | | | | | | networking_common.go [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move NetworkDisconnect and NetworkConnect to networking_common.goDoug Rabson2022-09-12
| | | | | | | | | | | | | | | | This also moves Runtime methods ConnectContainerToNetwork and DisconnectContainerFromNetwork as well as support functions getFreeInterfaceName and normalizeNetworkName. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org> libpod: Move (Connect|Disconnect)Container(To|From)Network and normalizeNetworkName to networking_common.go [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move resultToBasicNetworkConfig to networking_common.goDoug Rabson2022-09-12
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Add support for getContainerNetworkInfo on FreeBSDDoug Rabson2022-09-12
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move getContainerNetworkInfo to networking_common.goDoug Rabson2022-09-12
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move isBridgeNetMode and reloadContainerNetwork to networking_common.goDoug Rabson2022-09-12
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move teardownNetwork and teardownCNI to networking_common.goDoug Rabson2022-09-12
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move setUpNetwork and getCNIPodName to networking_common.goDoug Rabson2022-09-12
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move convertPortMappings and getNetworkOptions to networking_common.goDoug Rabson2022-09-12
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Add FreeBSD implementation of container networkingDoug Rabson2022-09-12
| | | | | | | | | | | | | | This uses a jail to manage the container's network. Container jails for all containers in a pod are nested within this and share the network resources. There is some code in networking_freebsd.go which is common with networking_linux.go. Subsequent commits will move the shared code to networking_common.go to reduce this duplication. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Re-work the container's network state to help code sharingDoug Rabson2022-09-12
| | | | | | | | | | This replaces the NetworkJail string field with a struct pointer named NetNS. This does not try to emulate the complete NetNS interface but does help to re-use code that just refers to c.state.NetNS. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move platform-specific bind mounts to a per-platform methodDoug Rabson2022-09-12
| | | | | | | | | This adds a new per-platform method makePlatformBindMounts and moves the /etc/hostname mount. This file is only needed on Linux. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Avoid a nil dereference when generating resolv.conf on FreeBSDDoug Rabson2022-09-12
| | | | | | | | | The code which generates resolv.conf dereferenced c.config.Spec.Linux and this field is not set for FreeBSD containers. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* Merge pull request #15511 from rhatdan/codespellOpenShift Merge Robot2022-09-12
|\ | | | | Fix stutters
| * Fix stuttersDaniel J Walsh2022-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman adds an Error: to every error message. So starting an error message with "error" ends up being reported to the user as Error: error ... This patch removes the stutter. Also ioutil.ReadFile errors report the Path, so wrapping the err message with the path causes a stutter. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #15747 from vrothberg/docs-volumeOpenShift Merge Robot2022-09-12
|\ \ | | | | | | [CI:DOCS] --volume: consistent wording
| * | [CI:DOCS] --volume: consistent wordingValentin Rothberg2022-09-12
| | | | | | | | | | | | | | | | | | | | | Make sure that the wording of mounting something _from_ the source _into_ the destination is consistent. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | Merge pull request #15744 from dfr/vendorOpenShift Merge Robot2022-09-12
|\ \ \ | |/ / |/| | update c/storage to latest
| * | update c/storage to latestDoug Rabson2022-09-12
|/ / | | | | | | Signed-off-by: Doug Rabson <dfr@rabson.org>
* | Merge pull request #15737 from Juneezee/refactor/os.ReadDirOpenShift Merge Robot2022-09-12
|\ \ | | | | | | refactor: use `os.ReadDir` for lightweight directory reading
| * | refactor: use `os.ReadDir` for lightweight directory readingEng Zer Jun2022-09-11
| | | | | | | | | | | | | | | | | | | | | | | | `os.ReadDir` was added in Go 1.16 as part of the deprecation of `ioutil` package. It is a more efficient implementation than `ioutil.ReadDir`. Reference: https://pkg.go.dev/io/ioutil#ReadDir Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* | | Merge pull request #15734 from KenMacD/add-pathOpenShift Merge Robot2022-09-12
|\ \ \ | |/ / |/| | Include PATH in conmon env.
| * | Include more environment variables in conmon env.Kenny MacDermid2022-09-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Include the path and helper binary dir so that the podman environment more closely matches when conmon calls it as an exit command. Also match the CONTAINERS_CONF lookup to the codestyle of other environment lookups. [NO NEW TESTS NEEDED] Resolves #15707 Signed-off-by: Kenny MacDermid <kenny@macdermid.ca>
* | | Merge pull request #15728 from tyler92/fix-cpu-millis-limitOpenShift Merge Robot2022-09-10
|\ \ \ | |_|/ |/| | Fix CPU usage limitation in play kube for non integer values
| * | Fix CPU usage limitation in play kube for non integer valuesMikhail Khachayants2022-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This logic has been broken by commit 9c6c981928c3e020ff6eef9454c7ee86aa8c83d1 (kube: fix conversion from milliCPU to period/quota). [NO NEW TESTS NEEDED] Fixes: #15726 Signed-off-by: Mikhail Khachayants <tyler92@inbox.ru>
* | | Merge pull request #15725 from cevich/no_multiarch_winOpenShift Merge Robot2022-09-10
|\ \ \ | |/ / |/| | [CI:BUILD] Cirrus: Don't run win_installer in multiarch cron
| * | Cirrus: Don't run win_installer in multiarch cronChris Evich2022-09-09
|/ / | | | | | | | | | | | | | | | | | | The win_installer task fails on the `multiarch` cirrus-cron build. This is because it depends on the `Windows Cross` (alt_build) task which is bypassed in this context. This will cause the `repo.tbz` download to constantly throw 404s. Fix this by skipping the win_installer task for the `multiarch` (container images) build. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #15706 from edsantiago/docs_dedup_volumeOpenShift Merge Robot2022-09-09
|\ \ | | | | | | [CI:DOCS] Man pages: refactor common options: --volume
| * | Man pages: refactor common options: --volumeEd Santiago2022-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This one is a nightmare, because --volume has been edited in four different files throughout the years (five if you count podman-build, which I am not including in this PR). Those edits have not always been done in sync. The list of options was reordered 2022-06-28 by Giuseppe in #14734, but only in podman-create and -run (not in podman-pod-*). No explanation of why, but I'll assume he knew what he was doing, and have accepted that for the reference copy. There was also a big edit in #8519. The "Propagation property...bind mounted" sentence first appeared in pod-clone, in #14299 by cdoern, with no obvious source of where it came from. I choose to include it in the reference copy. The "**copy**" option seems to work in pod-create, so I'm including it in the reference copy. Someone please yell loudly if this is not the case. The "disables SELinux separation for containers used in the build", no idea, changed that to just "for the container/pod" The "advanced users / overlay / upperdir / workdir" paragraph makes zero sense to me, but hey, I assume it applies to all the commands, so I put it in the reference copy. Finally, there's still a mishmash of backticks, asterisks, underscores, and even quotation marks. Someone is gonna have to perform major cleanup on this one day, but at least it'll be in only one place. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #15719 from ↵OpenShift Merge Robot2022-09-09
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/docker/docker-20.10.18incompatible build(deps): bump github.com/docker/docker from 20.10.17+incompatible to 20.10.18+incompatible
| * | | build(deps): bump github.com/docker/dockerdependabot[bot]2022-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.17+incompatible to 20.10.18+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md) - [Commits](https://github.com/docker/docker/compare/v20.10.17...v20.10.18) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | Merge pull request #15716 from vrothberg/fix-15661OpenShift Merge Robot2022-09-09
|\ \ \ \ | |_|/ / |/| | | stop: fix error handling
| * | | stop: fix error handlingValentin Rothberg2022-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the error handling in the fallback logic of `stop` when Podman resorts to killing a container; the error message wrapped the wrong error. [NO NEW TESTS NEEDED] as it is a rare flake in the tests and I do not know how to reliably reproduce it. Fixes: #15661 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | Merge pull request #15687 from vrothberg/RUN-1639OpenShift Merge Robot2022-09-09
|\ \ \ \ | | | | | | | | | | health check: add on-failure actions
| * | | | health check: add on-failure actionsValentin Rothberg2022-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For systems that have extreme robustness requirements (edge devices, particularly those in difficult to access environments), it is important that applications continue running in all circumstances. When the application fails, Podman must restart it automatically to provide this robustness. Otherwise, these devices may require customer IT to physically gain access to restart, which can be prohibitively difficult. Add a new `--on-failure` flag that supports four actions: - **none**: Take no action. - **kill**: Kill the container. - **restart**: Restart the container. Do not combine the `restart` action with the `--restart` flag. When running inside of a systemd unit, consider using the `kill` or `stop` action instead to make use of systemd's restart policy. - **stop**: Stop the container. To remain backwards compatible, **none** is the default action. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | | Merge pull request #15462 from edsantiago/system_tests_for_updateOpenShift Merge Robot2022-09-09
|\ \ \ \ \ | |_|_|/ / |/| | | | system tests for update
| * | | | System tests for podman-updateEd Santiago2022-09-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The e2e tests are incomplete, because they're just too hard for any human to read/maintain. This defines tests in a table, so they're easily reviewed and updated. This makes it very easy to see which options are actually tested and which are not, under root/rootless cgroups v1/v2. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #15695 from Luap99/update-buildahOpenShift Merge Robot2022-09-09
|\ \ \ \ \ | | | | | | | | | | | | Update buildah and c/common to latest
| * | | | | Fixes for vendoring BuildahEd Santiago2022-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit was automatically cherry-picked by buildah-vendor-treadmill v0.3 from the buildah vendor treadmill PR, #13808 Changes since 2022-08-16: - buildah 4139: minor line-number changes to the diff file because helpers.bash got edited - buildah 4190: skip the new test if remote - buildah 4195: add --retry / --retry-delay - changes to deal with vendoring gomega, units - changes to the podman login error message in system test Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | update buildah and c/common to latestPaul Holzinger2022-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | also includes bumps for c/storage and c/image Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #15692 from giuseppe/pod-spec-usernsOpenShift Merge Robot2022-09-09
|\ \ \ \ \ \ | | | | | | | | | | | | | | kube: plug HostUsers in the pod spec
| * | | | | | generate, kube: plug HostUsersGiuseppe Scrivano2022-09-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | kube: plug HostUsers in the pod specGiuseppe Scrivano2022-09-08
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | map HostUsers=false to userns=auto. One difference with the current implementation in the Kubelet is that the podman default size is 1024 while the Kubelet uses 65536. This is done on purpose, because 65536 is a problem for rootless as the entire IDs space would be allocated to a single pod. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #15712 from sstosh/fix-swaggerOpenShift Merge Robot2022-09-09
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Fix swagger documentation
| * | | | | Fix swagger documentationToshiki Sonoda2022-09-09
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * ContainerKillLibpod "signal" query default is SIGKILL. * ContainerStopLibpod "all" query doesn't exist. [NO NEW TESTS NEEDED] Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | | | Merge pull request #15658 from rhatdan/configOpenShift Merge Robot2022-09-09
|\ \ \ \ \ | | | | | | | | | | | | Add --config for Docker compatibility
| * | | | | Add --config for Docker compatibilityDaniel J Walsh2022-09-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/14767 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #15713 from sstosh/cpu-rt-cgroupsv2OpenShift Merge Robot2022-09-09
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Ignore cpu realtime options on cgroups V2 systems
| * | | | | Ignore cpu realtime options on cgroups V2 systemsToshiki Sonoda2022-09-09
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `--cpu-rt-period` and `--cpu-rt-runtime` options are only supported on cgroups V1 rootful systems. Therefore, podman prints an warning message and ignores these options when we use cgroups V2 systems. Related to: #15666 Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | | | Merge pull request #15607 from fpoirotte/mainOpenShift Merge Robot2022-09-08
|\ \ \ \ \ | |_|/ / / |/| | | | Fix #15243 Set AutomountServiceAccountToken to false
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-15 05:28:31 +0000