aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
| * | auto-update: fix authfile labelValentin Rothberg2021-08-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure that the container's authfile label is used when pulling down a new image. [NO TESTS NEEDED] since it would require some larger rewrite of the auto-update system tests that I currently have no time for. I added a reminder to have some breadcrumbs when there is more time. Fixes: #11171 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #11353 from flouthoc/resolve-workdir-after-mountsOpenShift Merge Robot2021-08-30
|\ \ \ | |_|/ |/| | container: resolve workdir during initialization after all the mounts are completed.
| * | container: resolve workdir after all the mounts happen.flouthoc2021-08-30
| |/ | | | | | | | | | | | | | | There are use-cases where users would want to use overlay-mounts as workdir. For such cases workdir should be resolved after all the mounts are completed during the container init process. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | Merge pull request #11342 from baude/machinecleanupsMatthew Heon2021-08-30
|\ \ | | | | | | clean up socket and pid files from podman machine
| * | clean up socket and pid files from podman machineBrent Baude2021-08-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to avoid segvs, we should clean up as much of the socket and regular files from podman machine as possible on stop. also, on start, we should add logic to remove these files before starting in case the start process is stopped prematurely (due to an error for example). [NO TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #11360 from Luap99/rootless-resolvOpenShift Merge Robot2021-08-30
|\ \ \ | |_|/ |/| | rootless cni: resolve absolute symlinks correctly
| * | rootless cni: resolve absolute symlinks correctlyPaul Holzinger2021-08-30
|/ / | | | | | | | | | | | | | | | | | | | | When /etc/resolv.conf is a symlink to an absolute path use it and not join it the the previous path. [NO TESTS NEEDED] This depends on the host layout. Fixes #11358 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11334 from jwhonce/issues/10831OpenShift Merge Robot2021-08-27
|\ \ | | | | | | Add support for mount options to API
| * | Add support for mount options to APIJhon Honce2021-08-27
| |/ | | | | | | | | | | | | | | When creating containers the specialized mount options where not populated via the API. Fixes: #10831 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #11333 from rhatdan/http-proxyOpenShift Merge Robot2021-08-27
|\ \ | | | | | | Globally replace http:// with https://
| * | Globally replace http:// with https://Daniel J Walsh2021-08-27
| | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Hopefully existing tests will find issues. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #11339 from rhatdan/subidOpenShift Merge Robot2021-08-27
|\ \ \ | |_|/ |/| | Add support for libsubid
| * | Add support for libsubidDaniel J Walsh2021-08-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | This will enable remote access to /etc/subuid and /etc/subgid information from ldap services, if shadow-utils ships with a libsubid. [NO TESTS NEEDED] Since we have no way to test this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #11102 from cdoern/infraEnhanceOpenShift Merge Robot2021-08-27
|\ \ \ | | | | | | | | InfraContainer Rework
| * | | InfraContainer Reworkcdoern2021-08-26
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | InfraContainer should go through the same creation process as regular containers. This change was from the cmd level down, involving new container CLI opts and specgen creating functions. What now happens is that both container and pod cli options are populated in cmd and used to create a podSpecgen and a containerSpecgen. The process then goes as follows FillOutSpecGen (infra) -> MapSpec (podOpts -> infraOpts) -> PodCreate -> MakePod -> createPodOptions -> NewPod -> CompleteSpec (infra) -> MakeContainer -> NewContainer -> newContainer -> AddInfra (to pod state) Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #11330 from ↵OpenShift Merge Robot2021-08-27
|\ \ \ | |_|/ |/| | | | | | | | containers/dependabot/go_modules/github.com/containers/image/v5-5.16.0 Bump github.com/containers/image/v5 from 5.15.2 to 5.16.0
| * | Bump github.com/containers/image/v5 from 5.15.2 to 5.16.0dependabot[bot]2021-08-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.15.2 to 5.16.0. - [Release notes](https://github.com/containers/image/releases) - [Commits](https://github.com/containers/image/compare/v5.15.2...v5.16.0) --- updated-dependencies: - dependency-name: github.com/containers/image/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #11337 from Luap99/anon-templateOpenShift Merge Robot2021-08-27
|\ \ \ | |_|/ |/| | Shell completion for --format with anonymous fields
| * | Shell completion for --format with anonymous fieldsPaul Holzinger2021-08-27
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In commit d81021ed265e I introduced shell completion for the `--format` flag. This is a very nice way to complete go template field names. However it did not work correct for anonymous fields. In this case the child fields can be accessed directly from the parent. For example: ``` type Anonymous struct { Field1 string Field2 string ... } type MyType struct { Anonymous } var s = MyType{} ``` Now if you want to access a field from the Anonymous struct you can just do `s.Field1`. The same is allowed for go templates, using `{{.Field1}}` should work. This commit adds this functionality, if the field is anonymous read the child field names recursively and add them to the suggestions. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11298 from baude/kubeupdownOpenShift Merge Robot2021-08-26
|\ \ | | | | | | teardown play kube
| * | Fix swagger issueJhon Honce2021-08-25
| | | | | | | | | | | | | | | | | | Add special case for op PlayKubeDownLibpod Heuristic for guessing swagger operation id too limited for PlayKubeDownLibpod Signed-off-by: Jhon Honce <jhonce@redhat.com>
| * | teardown play kubeBrent Baude2021-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | add the ability for play kube to tear down based on the yaml used to play it. it is indicated by --down in the play kube command. volumes are NOT deleted during the teardown. pods and their containers are stopped and removed. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #11318 from jmguzik/volume-ls-prune-docsOpenShift Merge Robot2021-08-26
|\ \ \ | | | | | | | | [CI:DOCS] Add filter params description to volume list/prune docs
| * | | Add filter params description to volume list/prune docsJakub Guzik2021-08-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Description adjusted to the standard seen in other man pages. [CI:DOCS] Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | | Merge pull request #11208 from ashley-cui/streamsOpenShift Merge Robot2021-08-26
|\ \ \ \ | | | | | | | | | | [NO TESTS NEEDED] Allow setting of machine stream and image path from containers.conf
| * | | | Allow setting of machine stream and image path from containers.confAshley Cui2021-08-24
| |/ / / | | | | | | | | | | | | | | | | | | | | Default is "testing" Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | Merge pull request #11218 from cdoern/untilBugOpenShift Merge Robot2021-08-26
|\ \ \ \ | | | | | | | | | | logFile until flag issue, negative duration replaced with positive
| * | | | logFile until flag issuecdoern2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we were adding a negative duration in podman events, causing inputs like -5s to be correct and 5s to be incorrect. fixes #11158 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | Merge pull request #11307 from flouthoc/volume-import-externalOpenShift Merge Robot2021-08-26
|\ \ \ \ \ | |_|_|_|/ |/| | | | volumes: Add support for `volume import` which allows importing contents of external tarballs into podman volumes.
| * | | | volumes: Add volume import to allow importing contents on tar into volumeflouthoc2021-08-26
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | Following feature makes sure that users can load contents of external tarball into the podman volumes. Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | | | Merge pull request #11321 from ↵OpenShift Merge Robot2021-08-26
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/fsnotify/fsnotify-1.5.1 Bump github.com/fsnotify/fsnotify from 1.4.9 to 1.5.1
| * | | | Bump github.com/fsnotify/fsnotify from 1.4.9 to 1.5.1dependabot[bot]2021-08-25
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) from 1.4.9 to 1.5.1. - [Release notes](https://github.com/fsnotify/fsnotify/releases) - [Changelog](https://github.com/fsnotify/fsnotify/blob/master/CHANGELOG.md) - [Commits](https://github.com/fsnotify/fsnotify/compare/v1.4.9...v1.5.1) --- updated-dependencies: - dependency-name: github.com/fsnotify/fsnotify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | Merge pull request #11103 from jwhonce/wip/bindingsOpenShift Merge Robot2021-08-25
|\ \ \ \ | | | | | | | | | | Fix file descriptor leaks in bindings and add test
| * | | | Fix file descriptor leaks and add testJhon Honce2021-08-24
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add response.Body.Close() where needed to release HTTP connections to API server. * Add tests to ensure no general leaks occur. 100% coverage would be required to ensure no leaks on any call. * Update code comments to be godoc correct Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #11314 from Luap99/expose-portsOpenShift Merge Robot2021-08-25
|\ \ \ \ | |_|/ / |/| | | podman inspect show exposed ports
| * | | podman inspect show exposed portsPaul Holzinger2021-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman inspect has to show exposed ports to match docker. This requires storing the exposed ports in the container config. A exposed port is shown as `"80/tcp": null` while a forwarded port is shown as `"80/tcp": [{"HostIp": "", "HostPort": "8080" }]`. Also make sure to add the exposed ports to the new image when the container is commited. Fixes #10777 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #11263 from nalind/journal-readOpenShift Merge Robot2021-08-24
|\ \ \ \ | | | | | | | | | | libpod/Container.readFromJournal(): don't skip the first entry
| * | | | 130-kill.bats: increase timeouts from 10s to 60sNalin Dahyabhai2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Increase the amount of time we're willing to wait for a log message that a container should be printing to show up in the output of `logs -f`, since on at least one CI configuration we're seeing a turnaround as high as 46s, but it's not something we can directly control, so that's not a hard maximum. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * | | | logs: adjust handling around partial log messagesNalin Dahyabhai2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In libpod/logs.LogLine.Write(), don't write a newline to stdout/stderr when the log message is only part of a line. In libpod.ConmonOCIRuntime.HTTPAttach(), don't send a newline over the HTTP connection when the log message is only part of a line. In pkg/api/handlers/compat.LogsFromContainer(), don't send a newline over the HTTP connection when the log message is only part of a line, and don't make doing so conditional on whether or not the client used the docker or podman endpoint. In pkg/domain/infra/tunnel.ContainerEngine.ContainerLogs(), don't add our own newline to log messages, since they already come through from the server when they need to. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * | | | 330-corrupt-images: don't try to tag with a canonical nameNalin Dahyabhai2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In these tests, don't try to tag an image using a canonical ("with digest") image name. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * | | | bump github.com/containers/commonNalin Dahyabhai2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update github.com/containers/common from 0.43.0 to 0.43.2. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * | | | libpod/Container.readFromJournal(): don't skip the first entryNalin Dahyabhai2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When reading log entries from the journal, don't skip past the first matching entry after we've positioned the cursor at it. Make the first blank-line entry that we logged so that the container would always have at least one log entry for us to find (until it gets vacuumed out, at least) a fake history entry, so that `logs` doesn't pass it on for display. CI already has tests that exercise journal-based logging, so [NO TESTS NEEDED] Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * | | | Switch eventlogger to journald by defaultDaniel J Walsh2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Since we are just testing the default. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #11315 from vrothberg/fix-11304OpenShift Merge Robot2021-08-24
|\ \ \ \ \ | |_|_|/ / |/| | | | generate systemd: use --cidfile again
| * | | | generate systemd: use --cidfile againValentin Rothberg2021-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 9ac5267 changed the type of the generated systemd units from `forking` to `notify`. It further stopped using `--cidfile` and instead intended systemd to take care of stopping the container, which turned out to be a bad idea. Systemd will send the stop/kill signals to conmon which in turn may exit non-zero, depending on the signal, and ultimately breaking container cleanup. Hence, we need to use --cidfile again and let podman stop and remove the container to make sure that everything's in order. Fixes: #11304 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | Revert "generate systemd: custom stop signal"Valentin Rothberg2021-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 70801b3d714b067d64744697433c5841926dad4d. It turns out that letting systemd handle stopping the container is not working as I thought it will. Conmon is receiving the stop/kill signals and may exit non-zero, which in turn lets the systemd service transition into the `failed` state. We need to get back to letting Podman stop the containers and do a partial revert of commit 9ac5267 which removed using --cidfile. Happening in a following commit. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #11232 from Luap99/networkOpenShift Merge Robot2021-08-24
|\ \ \ \ \ | |/ / / / |/| | | | Network interface
| * | | | Network interfacePaul Holzinger2021-08-24
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement a new network interface to abstract CNI from libpod. The interface is implemented for the CNI backend but in the future we can add more backends. The code is structured in three new packages: - `libpod/network/types`: contains the interface definition and the necessary types for it. - `libpod/network/cni` contains the interface implementation for the CNI backend. - `libpod/network/util` a set of utility functions related to networking. The CNI package uses ginkgo style unit tests. To test Setup/Teardown the test must be run as root. Each test will run in their own namespace to make the test independent from the host environment. New features with the CNI backend: - The default network will be created in memory if it does not exists on disk. - It can set more than one static IP per container network. - Networks are loaded once from disk and only if this interface is used, e.g. for commands such as `podman info` networks are not loaded. This reduces unnecessary disk IO. This commit only adds the interface it is not wired into libpod. This requires a lot of breaking changes which will be done in a followup commit. Once this is integrated into libpod the current network code under `libpod/network` should be removed. Also the dependency on OCICNI should be dropped. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #11312 from vrothberg/fix-11304OpenShift Merge Robot2021-08-24
|\ \ \ \ | | | | | | | | | | generate systemd: custom stop signal
| * | | | generate systemd: custom stop signalValentin Rothberg2021-08-24
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 9ac5267598c3 changed the type of the generated systemd units from forking to notify. Parts of these changes was also removing the need to pass any information via the file system (e.g., PIDFILE, container ID). That in turn implies that systemd takes care of stopping the container. By default, systemd first sends a SIGTERM and after a certain timeout, it'll send a SIGKILL. That's pretty much what Podman is doing, unless the container was created with a custom stop signal which is the case when the --stop-signal flag was used or systemd is mounted. Account for that by using systemd's KillSignal option which allows for changing SIGTERM to another signal. Also make sure that we're using the correct timeout for units generated with --new. Fixes: #11304 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>