aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* fix restart always with rootlessportPaul Holzinger2021-09-13
| | | | | | | | When a container is automatically restarted due its restart policy and the container uses rootless cni networking with ports forwarded we have to start a new rootlessport process since it exits with conmon. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* remove rootlessport socket to prevent EADDRINUSEPaul Holzinger2021-09-13
| | | | | | | | | When we restart a container via podman restart or restart policy the rootlessport process fails with `address already in use` because the socketfile still exists. This is a regression and was introduced in commit abdedc31a25e. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11505 from cevich/enable_rootless_unitOpenShift Merge Robot2021-09-12
|\ | | | | Cirrus: Run unit-tests rootless
| * Cirrus: Run unit-tests rootlessChris Evich2021-09-09
| | | | | | | | | | | | | | | | | | | | Previously (for various reasons) the unittests were limited by the Makefile to root-only. However, experimentation via PR #11490 shows they will actually execute and pass when run as a regular user. Enable this for only the latest Fedora VMs, so as to only add one new task to the (already large) set. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #11517 from jwhonce/issues/10053OpenShift Merge Robot2021-09-12
|\ \ | | | | | | Refactor API server emphasis on logging
| * | Refacter API server emphasis on loggingJhon Honce2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * To aid in debugging log API request and response bodies at trace level. Events can be correlated using the X-Reference-Id. * Server now echos X-Reference-Id from client if set, otherwise generates an unique id. * Move logic for X-Reference-Id into middleware * Change uses of Header.Add() to Set() when setting Content-Type * Log API operations in Apache format using gorilla middleware * Port server code to use BaseContext and ConnContext Fixes #10053 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #11525 from rhatdan/healthcheckOpenShift Merge Robot2021-09-11
|\ \ \ | | | | | | | | Stop outputting 'healthy' on healthcheck
| * | | Stop outputting 'healthy' on healthcheckDaniel J Walsh2021-09-10
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | We should only print unhealthy if the check fails. Currently this is filling logs when users are running lots of healthchecks. Improves: https://github.com/containers/podman/issues/11157 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #11513 from Luap99/unshareOpenShift Merge Robot2021-09-11
|\ \ \ | | | | | | | | podman unshare keep exit code
| * | | podman unshare keep exit codePaul Holzinger2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In case the command inside the podman unshare env failed podman unshare always exits with 125 and prints `Error: exit status 125`. This is a bad user experience and makes it difficult to use in scripts which could expect certain exit codes. This commit makes sure podman unshare uses the same exit code as the command and does not print the useless `exit status X` message. Also to match podman run/exec it should return 126 for EPERM and 127 for ENOENT. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #11524 from ↵OpenShift Merge Robot2021-09-11
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/opencontainers/selinux-1.8.5 Bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
| * | | | Bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5dependabot[bot]2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.8.4 to 1.8.5. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.8.4...v1.8.5) --- updated-dependencies: - dependency-name: github.com/opencontainers/selinux dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #11323 from umohnani8/initOpenShift Merge Robot2021-09-10
|\ \ \ \ \ | |_|_|/ / |/| | | | Add init containers to generate and play kube
| * | | | Add init containers to generate and play kubeUrvashi Mohnani2021-09-10
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kubernetes has a concept of init containers that run and exit before the regular containers in a pod are started. We added init containers to podman pods as well. This patch adds support for generating init containers in the kube yaml when a pod we are converting had init containers. When playing a kube yaml, it detects an init container and creates such a container in podman accordingly. Note, only init containers created with the init type set to "always" will be generated as the "once" option deletes the init container after it has run and exited. Play kube will always creates init containers with the "always" init container type. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | Merge pull request #11498 from vrothberg/fix-11489OpenShift Merge Robot2021-09-10
|\ \ \ \ | |_|/ / |/| | | [CI:DOCS] podman machine: enforce a single search registry
| * | | machine: set filemodes in octalValentin Rothberg2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By popular request, turn decimals to octal. Most eyes are trained to parse file permissions in octal. [NO TESTS NEEDED] since machine isn't tested yet. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | podman machine: enforce a single search registryValentin Rothberg2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enforce "docker.io" to be the only search registry. Short-name resolution for remote clients is not fully supported since there is no means to prompt. Enforcing a single registry works around the problem since prompting only fires with more than one search registry. Fixes: #11489 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #11509 from ↵OpenShift Merge Robot2021-09-10
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/psgo-1.6.0 Bump github.com/containers/psgo from 1.5.2 to 1.6.0
| * | | | Bump github.com/containers/psgo from 1.5.2 to 1.6.0dependabot[bot]2021-09-10
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/psgo](https://github.com/containers/psgo) from 1.5.2 to 1.6.0. - [Release notes](https://github.com/containers/psgo/releases) - [Commits](https://github.com/containers/psgo/compare/v1.5.2...v1.6.0) --- updated-dependencies: - dependency-name: github.com/containers/psgo dependency-type: direct:production update-type: version-update:semver-minor ... [NO TESTS NEEDED] since it's migrating to a new version. Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #11519 from tnk4on/fix-missing-args-in-exampleOpenShift Merge Robot2021-09-10
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Fix missing args `NAME` in examples
| * | | | Fix missing args in name in exampleShion Tanaka2021-09-10
| | |/ / | |/| | | | | | | | | | Signed-off-by: Shion Tanaka <shtanaka@redhat.com>
* | | | Merge pull request #11506 from giuseppe/fix-stats-restart-containerOpenShift Merge Robot2021-09-10
|\ \ \ \ | | | | | | | | | | stats: detect container restart and allow paused containers
| * | | | stats: detect containers restartGiuseppe Scrivano2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | if the current cpu usage time is lower than what previously recorded, then it means the container was restarted and now it runs in a new cgroup. When this happens, reset the prevStats. Closes: https://github.com/containers/podman/issues/11469 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | api: correctly set the container statsGiuseppe Scrivano2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | override the outer scope variable instead of creating a local one. Otherwise the wrong variable would be used for the next iterations. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | stats: allow to read stats for paused containersGiuseppe Scrivano2021-09-10
| |/ / / | | | | | | | | | | | | | | | | | | | | paused containers still a cgroup we can use to grab the stats. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #11516 from jelly/swagger/containerstatsOpenShift Merge Robot2021-09-10
|\ \ \ \ | |_|_|/ |/| | | [CI:DOCS] Add response to /libpod/containers/stats documentation
| * | | Add /containers/stats response to API docsJelle van der Waa2021-09-10
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Include the response schema for a succesful request in the /containers/stats API documentation Additionally remove http 409 from /libpod/containers/stats docs, the documentation was copied from the deprecated stats endpoint, when a container is unavailabe the endpoint returns an empty list and no 409. Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
* | | Merge pull request #11523 from Luap99/e2e-warningOpenShift Merge Robot2021-09-10
|\ \ \ | |/ / |/| | try to create the runroot before we warn that it is not writable
| * | try to create the runroot before we warn that it is not writablePaul Holzinger2021-09-10
|/ / | | | | | | | | | | | | | | | | | | | | | | | | The rootless integration tests show the XDG_RUNTIME_DIR warning without any reasons. Podman runs without problems in these and yet the warning is shown. I think the problem is that we check the permission before we create the runroot directory. [NO TESTS NEEDED] Fixes #11521 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11426 from fj-tsubasa/system-test-scenarioOpenShift Merge Robot2021-09-09
|\ \ | | | | | | Add a system test to modify and import an exported container
| * | Add a system test to modify and import an exported container.Tsubasa Watanabe2021-09-10
| | | | | | | | | | | | | | | | | | | | | This test has completed one of TODO items in test/system/TODO.md. The item is "Implied pull, build, export, modify, import, tag, run, kill" Signed-off-by: Tsubasa Watanabe <w.tsubasa@fujitsu.com>
* | | Merge pull request #11508 from ↵OpenShift Merge Robot2021-09-09
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/godbus/dbus/v5-5.0.5 Bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
| * | | Bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5dependabot[bot]2021-09-09
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) from 5.0.4 to 5.0.5. - [Release notes](https://github.com/godbus/dbus/releases) - [Commits](https://github.com/godbus/dbus/compare/v5.0.4...v5.0.5) --- updated-dependencies: - dependency-name: github.com/godbus/dbus/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #11503 from Luap99/remote-attachOpenShift Merge Robot2021-09-09
|\ \ \ | |/ / |/| | Fix conmon attach socket buffer size
| * | Fix conmon attach socket buffer sizePaul Holzinger2021-09-09
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | The conmon buffer size is 8192, however the attach socket needs two extra bytes. The first byte of each message will be the STREAM type. The last byte is a null byte. So when we want to read 8192 message bytes we need to read 8193 bytes since the first one is special. check https://github.com/containers/conmon/blob/1ef246896b4f6566964ed861b98cd32d0e7bf7a2/src/ctr_stdio.c#L101-L107 This problem can be seen in podman-remote run/exec when it prints output with 8192 or more bytes. The output will miss the 8192 byte. Fixes #11496 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11502 from vrothberg/vendor-mpbOpenShift Merge Robot2021-09-09
|\ \ | | | | | | vendor mpb@v7.1.4
| * | test/e2e/search_test.go - relax testsValentin Rothberg2021-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some search tests were looking for an explicit amount of images to match. Since images are moving targets on these registries, make sure to use lower bounds instead of exact matches. Fixes CI which started to break when Red Hat images changed. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | vendor mpb@v7.1.4Valentin Rothberg2021-09-09
| | | | | | | | | | | | | | | | | | | | | | | | Fixes a race condition leading to a deadlock. Thanks to @mtrmac and @vbauerster for fixing the issue! Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #11447 from chenzhiwei/respect-configOpenShift Merge Robot2021-09-09
|\ \ \ | | | | | | | | fix play kube can't use infra_image in config file
| * | | fix play kube can't use infra_image in config fileChen Zhiwei2021-09-08
| | | | | | | | | | | | | | | | Signed-off-by: Chen Zhiwei <zhiweik@gmail.com>
* | | | Merge pull request #11499 from flouthoc/inspect-tmpl-flush-writerOpenShift Merge Robot2021-09-09
|\ \ \ \ | | | | | | | | | | inspect: printTmpl must Flush writer
| * | | | inspect: printTmpl must Flush writerAditya Rajan2021-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Flush should be called after the last call to Write to ensure that any data buffered in the Writer is written to output. Any incomplete escape sequence at the end is considered complete for formatting purposes. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | | | Merge pull request #11492 from rhatdan/manOpenShift Merge Robot2021-09-09
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] Fix spacing on --userns options in docs
| * | | | | Fix spacing on --userns options in docsDaniel J Walsh2021-09-08
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #11488 from rhatdan/machineOpenShift Merge Robot2021-09-09
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Add 'Machine %q started' message when podman machine start successful
| * | | | | Add 'Machine %q started' message when podman machine start successfulDaniel J Walsh2021-09-08
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently users are confused if podman machine prints warnings about whether or not podman machine was successful. Printing this message clears up the confusion. [NO TESTS NEEDED] Since we don't have a way to test podman machine in ci/cd system Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #11485 from Luap99/network-upgrade-testOpenShift Merge Robot2021-09-09
|\ \ \ \ \ | | | | | | | | | | | | podman upgrade tests for networking
| * | | | | podman upgrade tests for networkingPaul Holzinger2021-09-09
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | Test basic networking functionality in the upgrade tests. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #11430 from saschagrunert/normalize-keyOpenShift Merge Robot2021-09-09
|\ \ \ \ \ | |_|/ / / |/| | | | Normalize auth key before calling `SetAuthentication`
| * | | | Normalize auth key before calling `SetAuthentication`Sascha Grunert2021-09-09
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Recent changes in c/image caused the `SetAuthentication` API to be more restrictive in terms of validating the `key` (`server`) input. To ensure that manually modified or entries in `~/.docker/config.json` still work, we now strip the leading `http[s]://` prefix. Fixes https://github.com/containers/podman/issues/11235 Signed-off-by: Sascha Grunert <sgrunert@redhat.com>