| Commit message (Collapse) | Author | Age |
... | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Make sure that the container's authfile label is used when pulling down
a new image.
[NO TESTS NEEDED] since it would require some larger rewrite of the
auto-update system tests that I currently have no time for. I added a
reminder to have some breadcrumbs when there is more time.
Fixes: #11171
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| |_|/
|/| | |
container: resolve workdir during initialization after all the mounts are completed.
|
| |/
| |
| |
| |
| |
| |
| |
| | |
There are use-cases where users would want to use overlay-mounts as
workdir. For such cases workdir should be resolved after all the mounts
are completed during the container init process.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
|\ \
| | |
| | | |
clean up socket and pid files from podman machine
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
to avoid segvs, we should clean up as much of the socket and regular
files from podman machine as possible on stop. also, on start, we
should add logic to remove these files before starting in case the start
process is stopped prematurely (due to an error for example).
[NO TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| |_|/
|/| | |
rootless cni: resolve absolute symlinks correctly
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When /etc/resolv.conf is a symlink to an absolute path use it and not
join it the the previous path.
[NO TESTS NEEDED] This depends on the host layout.
Fixes #11358
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| | |
| | | |
Add support for mount options to API
|
| |/
| |
| |
| |
| |
| |
| |
| | |
When creating containers the specialized mount options where not
populated via the API.
Fixes: #10831
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \
| | |
| | | |
Globally replace http:// with https://
|
| | |
| | |
| | |
| | |
| | |
| | | |
[NO TESTS NEEDED] Hopefully existing tests will find issues.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Add support for libsubid
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This will enable remote access to /etc/subuid and /etc/subgid
information from ldap services, if shadow-utils ships with a libsubid.
[NO TESTS NEEDED] Since we have no way to test this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
InfraContainer Rework
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
InfraContainer should go through the same creation process as regular containers. This change was from the cmd level
down, involving new container CLI opts and specgen creating functions. What now happens is that both container and pod
cli options are populated in cmd and used to create a podSpecgen and a containerSpecgen. The process then goes as follows
FillOutSpecGen (infra) -> MapSpec (podOpts -> infraOpts) -> PodCreate -> MakePod -> createPodOptions -> NewPod -> CompleteSpec (infra) -> MakeContainer -> NewContainer -> newContainer -> AddInfra (to pod state)
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \ \
| |_|/
|/| |
| | |
| | | |
containers/dependabot/go_modules/github.com/containers/image/v5-5.16.0
Bump github.com/containers/image/v5 from 5.15.2 to 5.16.0
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.15.2 to 5.16.0.
- [Release notes](https://github.com/containers/image/releases)
- [Commits](https://github.com/containers/image/compare/v5.15.2...v5.16.0)
---
updated-dependencies:
- dependency-name: github.com/containers/image/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \
| |_|/
|/| | |
Shell completion for --format with anonymous fields
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In commit d81021ed265e I introduced shell completion for the `--format`
flag. This is a very nice way to complete go template field names.
However it did not work correct for anonymous fields. In this case the
child fields can be accessed directly from the parent.
For example:
```
type Anonymous struct {
Field1 string
Field2 string
...
}
type MyType struct {
Anonymous
}
var s = MyType{}
```
Now if you want to access a field from the Anonymous struct you can just
do `s.Field1`. The same is allowed for go templates, using `{{.Field1}}`
should work. This commit adds this functionality, if the field is anonymous
read the child field names recursively and add them to the suggestions.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| | |
| | | |
teardown play kube
|
| | |
| | |
| | |
| | |
| | |
| | | |
Add special case for op PlayKubeDownLibpod Heuristic for guessing swagger operation id too limited for PlayKubeDownLibpod
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
add the ability for play kube to tear down based on the yaml used to
play it. it is indicated by --down in the play kube command. volumes
are NOT deleted during the teardown. pods and their containers are
stopped and removed.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
[CI:DOCS] Add filter params description to volume list/prune docs
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Description adjusted to the standard seen in other man pages.
[CI:DOCS]
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
[NO TESTS NEEDED] Allow setting of machine stream and image path from containers.conf
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Default is "testing"
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
logFile until flag issue, negative duration replaced with positive
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
we were adding a negative duration in podman events, causing inputs like
-5s to be correct and 5s to be incorrect.
fixes #11158
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \ \ \ \
| |_|_|_|/
|/| | | | |
volumes: Add support for `volume import` which allows importing contents of external tarballs into podman volumes.
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
Following feature makes sure that users can load contents of external
tarball into the podman volumes.
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
containers/dependabot/go_modules/github.com/fsnotify/fsnotify-1.5.1
Bump github.com/fsnotify/fsnotify from 1.4.9 to 1.5.1
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) from 1.4.9 to 1.5.1.
- [Release notes](https://github.com/fsnotify/fsnotify/releases)
- [Changelog](https://github.com/fsnotify/fsnotify/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fsnotify/fsnotify/compare/v1.4.9...v1.5.1)
---
updated-dependencies:
- dependency-name: github.com/fsnotify/fsnotify
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \ \
| | | | |
| | | | | |
Fix file descriptor leaks in bindings and add test
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Add response.Body.Close() where needed to release HTTP
connections to API server.
* Add tests to ensure no general leaks occur. 100% coverage would be
required to ensure no leaks on any call.
* Update code comments to be godoc correct
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
podman inspect show exposed ports
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Podman inspect has to show exposed ports to match docker. This requires
storing the exposed ports in the container config.
A exposed port is shown as `"80/tcp": null` while a forwarded port is
shown as `"80/tcp": [{"HostIp": "", "HostPort": "8080" }]`.
Also make sure to add the exposed ports to the new image when the
container is commited.
Fixes #10777
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
libpod/Container.readFromJournal(): don't skip the first entry
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Increase the amount of time we're willing to wait for a log message that
a container should be printing to show up in the output of `logs -f`,
since on at least one CI configuration we're seeing a turnaround as high
as 46s, but it's not something we can directly control, so that's not a
hard maximum.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In libpod/logs.LogLine.Write(), don't write a newline to stdout/stderr
when the log message is only part of a line.
In libpod.ConmonOCIRuntime.HTTPAttach(), don't send a newline over the
HTTP connection when the log message is only part of a line.
In pkg/api/handlers/compat.LogsFromContainer(), don't send a newline
over the HTTP connection when the log message is only part of a line,
and don't make doing so conditional on whether or not the client used
the docker or podman endpoint.
In pkg/domain/infra/tunnel.ContainerEngine.ContainerLogs(), don't add
our own newline to log messages, since they already come through from
the server when they need to.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In these tests, don't try to tag an image using a canonical ("with
digest") image name.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Update github.com/containers/common from 0.43.0 to 0.43.2.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When reading log entries from the journal, don't skip past the first
matching entry after we've positioned the cursor at it.
Make the first blank-line entry that we logged so that the container
would always have at least one log entry for us to find (until it gets
vacuumed out, at least) a fake history entry, so that `logs` doesn't
pass it on for display.
CI already has tests that exercise journal-based logging, so
[NO TESTS NEEDED]
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
[NO TESTS NEEDED] Since we are just testing the default.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
generate systemd: use --cidfile again
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Commit 9ac5267 changed the type of the generated systemd units from
`forking` to `notify`. It further stopped using `--cidfile` and instead
intended systemd to take care of stopping the container, which turned
out to be a bad idea.
Systemd will send the stop/kill signals to conmon which in turn may exit
non-zero, depending on the signal, and ultimately breaking container
cleanup.
Hence, we need to use --cidfile again and let podman stop and remove the
container to make sure that everything's in order.
Fixes: #11304
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This reverts commit 70801b3d714b067d64744697433c5841926dad4d.
It turns out that letting systemd handle stopping the container is not
working as I thought it will. Conmon is receiving the stop/kill signals
and may exit non-zero, which in turn lets the systemd service transition
into the `failed` state.
We need to get back to letting Podman stop the containers and do a
partial revert of commit 9ac5267 which removed using --cidfile.
Happening in a following commit.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
Network interface
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Implement a new network interface to abstract CNI from libpod. The
interface is implemented for the CNI backend but in the future we can
add more backends.
The code is structured in three new packages:
- `libpod/network/types`: contains the interface definition
and the necessary types for it.
- `libpod/network/cni` contains the interface implementation for the CNI
backend.
- `libpod/network/util` a set of utility functions related to
networking.
The CNI package uses ginkgo style unit tests. To test Setup/Teardown the
test must be run as root. Each test will run in their own namespace to
make the test independent from the host environment.
New features with the CNI backend:
- The default network will be created in memory if it does not exists on
disk.
- It can set more than one static IP per container network.
- Networks are loaded once from disk and only if this interface is
used, e.g. for commands such as `podman info` networks are not loaded.
This reduces unnecessary disk IO.
This commit only adds the interface it is not wired into libpod. This
requires a lot of breaking changes which will be done in a followup
commit.
Once this is integrated into libpod the current network code under
`libpod/network` should be removed. Also the dependency on OCICNI
should be dropped.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
generate systemd: custom stop signal
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Commit 9ac5267598c3 changed the type of the generated systemd units from
forking to notify. Parts of these changes was also removing the need to
pass any information via the file system (e.g., PIDFILE, container ID).
That in turn implies that systemd takes care of stopping the container.
By default, systemd first sends a SIGTERM and after a certain timeout,
it'll send a SIGKILL. That's pretty much what Podman is doing, unless
the container was created with a custom stop signal which is the case
when the --stop-signal flag was used or systemd is mounted.
Account for that by using systemd's KillSignal option which allows for
changing SIGTERM to another signal. Also make sure that we're using the
correct timeout for units generated with --new.
Fixes: #11304
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|