aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* | | Merge pull request #12534 from Luap99/network-dbOpenShift Merge Robot2021-12-15
|\ \ \ | |_|/ |/| | network db rewrite
| * | specgen: check that networks are only set with bridgePaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because we cannot reqad the networking mode in the frontent because we should always use the server default we have to parse the mac and ip address to the server via a default network. Now when the server reads the default nsmode it has to reject the provided networks when the mode is not set to bridge. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | container restore/import: store networks from dbPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | It is important that we store the current networks from the db in the config. Also make sure to properly handle aliases and ignore static ip/mac addresses. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | play kube add support for multiple networksPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | Allow the same --network options for play kube as for podman run/create. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | support advanced network configuration via cliPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rework the --network parse logic to support multiple networks with specific network configuration settings. --network can now be set multiple times. For bridge network mode the following options have been added: - **alias=name**: Add network-scoped alias for the container. - **ip=IPv4**: Specify a static ipv4 address for this container. - **ip=IPv6**: Specify a static ipv6 address for this container. - **mac=MAC**: Specify a static mac address address for this container. - **interface_name**: Specify a name for the created network interface inside the container. So now you can set --network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99 for the default bridge network as well as for network names. This is better than using --ip because we can set the ip per network without any confusion which network the ip address should be assigned to. The --ip, --mac-address and --network-alias options are still supported but --ip or --mac-address can only be set when only one network is set. This limitation already existed previously. The ability to specify a custom network interface name is new Fixes #11534 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | Add new networks format to spegecenPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | Add the new networks format to specgen. For api users cni_networks is still supported to make migration easier however the static ip and mac fields are removed. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | fix incorrect swagger doc for network dis/connectPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | The swagger api docs used the extra Body struct as part of the request which is wrong. We just want the plain type. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | network connect allow ip, ipv6 and mac addressPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | Network connect now supports setting a static ipv4, ipv6 and mac address for the container network. The options are added to the cli and api. Fixes #9883 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | network db: add new strucutre to container createPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure we create new containers in the db with the correct structure. Also remove some unneeded code for alias handling. We no longer need this functions. The specgen format has not been changed for now. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | remove unneeded return value from c.Networks()Paul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | We do not need to return a extra bool. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | network db rewrite: migrate existing settingsPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new network db structure stores everything in the networks bucket. Previously some network settings were not written the the network bucket and only stored in the container config. Instead of the old format which used the container ID as value in the networks buckets we now use the PerNetworkoptions struct there. To migrate existing users we use the state.GetNetworks() function. If it fails to read the new format it will automatically migrate the old config format to the new one. This is allows a flawless migration path. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #12596 from edsantiago/apiv2_test_refactorOpenShift Merge Robot2021-12-14
|\ \ \ | |_|/ |/| | apiv2 tests: refactor complicated curls
| * | apiv2 tests: refactor complicated curlsEd Santiago2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some months ago, apiv2 tests got added that needed new functionality: passing a tarball to the remote server. There was no mechanism to do so in the 't' helper, so these tests used complicated (and actually not-really- working) curl commands. This PR introduces and documents a new usage of 't', in which passing an argument ending in '.tar' adds the right magic syntax (--data-binary @PATH) to the existing curl. This lets us use all standard 't' checks, making for simpler tests and in the process fixing some bugs. Also: drive-by fix of a typo bug in the networks test. Also: set CONTAINERS_REGISTRIES_CONF when starting server and when running direct podman, to avoid docker.io throttling. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #12595 from Luap99/network-idOpenShift Merge Robot2021-12-14
|\ \ \ | |/ / |/| | fix network id handling
| * | fix network id handlingPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | We have to get the network ID from the network backend. With the netavark backend we no longer use the sha from the name as ID. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #12586 from jmguzik/secret-cmdOpenShift Merge Robot2021-12-14
|\ \ \ | | | | | | | | Add secret list --filter to cli
| * | | Add secret list --filter to cliJakub Guzik2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR is a follow-up of #11431. It adds possibility of filtering secret list based on id and name. Signed-off-by: Jakub Guzik <jguzik@redhat.com>
* | | | Merge pull request #12594 from TomSweeneyRedHat/dev/tsweeney/windoc2Daniel J Walsh2021-12-14
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Update Windows Install Doc
| * | | | Update Windows Install DocTomSweeneyRedHat2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Updates the Windows install doc to make it more clear. Fixes: #11382 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | Merge pull request #12091 from ananthb/docker-api-compatOpenShift Merge Robot2021-12-14
|\ \ \ \ \ | | | | | | | | | | | | Fixes #12063 Add docker compatible output after image build.
| * | | | | Fixes #12063 Add docker compatible output after image build.Ananth Bhaskararaman2021-12-14
| | |_|_|/ | |/| | | | | | | | | | | | | Signed-off-by: Ananth Bhaskararaman <antsub@gmail.com>
* | | | | Merge pull request #12593 from vrothberg/fix-11682OpenShift Merge Robot2021-12-14
|\ \ \ \ \ | |_|/ / / |/| | | | pause scope: don't use the global math/rand RNG
| * | | | pause scope: don't use the global math/rand RNGValentin Rothberg2021-12-14
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise, we'll always get the same sequence of random numbers which may lead to conflicts. Also bump the number of maximum attempts to 10 instead of 3. [NO NEW TESTS NEEDED] as I cannot enforce random number collisions. Existing tests should continue be green and flake slightly less. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12589 from ↵OpenShift Merge Robot2021-12-14
|\ \ \ \ | |_|_|/ |/| | | | | | | | | | | containers/dependabot/go_modules/github.com/docker/docker-20.10.12incompatible Bump github.com/docker/docker from 20.10.11+incompatible to 20.10.12+incompatible
| * | | Bump github.com/docker/dockerdependabot[bot]2021-12-14
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.11+incompatible to 20.10.12+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md) - [Commits](https://github.com/docker/docker/compare/v20.10.11...v20.10.12) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #12585 from Luap99/network-ls-sortOpenShift Merge Robot2021-12-14
|\ \ \ | |_|/ |/| | network ls: show networks in deterministic order
| * | network ls: show networks in deterministic orderPaul Holzinger2021-12-14
| |/ | | | | | | | | | | | | | | The new network backend stores the networks in a map so the returned order is not deterministic. Lets sort the network names alphabetically to ensure a deterministic order. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #12588 from vrothberg/fix-12167OpenShift Merge Robot2021-12-14
|\ \ | |/ |/| pprof flakes: bump timeout to 20 seconds
| * pprof flakes: bump timeout to 20 secondsValentin Rothberg2021-12-14
|/ | | | | | | | | | | | This is the third and hopefully the last attempt to address the flakes in the pprof tests. We first bumped the timeouts to 2 seconds, then to 5, and since I am running out of ideas let's bump it now to 20 seconds. Since the timeouts poll, the tests will terminate much earlier but 20 seconds should now really be enough even under highly loaded CI VMs. Fixes: #12167 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12571 from vrothberg/fix-12566Daniel J Walsh2021-12-13
|\ | | | | compat build: adhere to q/quiet
| * compat build: adhere to q/quietValentin Rothberg2021-12-13
| | | | | | | | | | Fixes: #12566 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #12581 from cevich/disable_gitlabOpenShift Merge Robot2021-12-13
|\ \ | |/ |/| [CI:DOCS] Cirrus: Temp. ignore gitlab task failures
| * Cirrus: Temp. ignore gitlab task failuresChris Evich2021-12-13
|/ | | | | | | | | Appears related to https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28732 Log: https://cirrus-ci.com/task/5708221852680192?logs=setup#L433 Marking test to be ignored until I can figure out where/how to fix it. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #12573 from Luap99/fix-testOpenShift Merge Robot2021-12-10
|\ | | | | fix e2e test missing network cleanup
| * fix e2e test missing network cleanupPaul Holzinger2021-12-10
| | | | | | | | | | | | | | | | I noticed that this test will fail its flake rerun because the network was not removed and it tried to create a network with the same name. Also network disconnect works rootless now. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #12569 from vrothberg/fix-12167OpenShift Merge Robot2021-12-10
|\ \ | | | | | | pprof CI flakes: enforce 5 seconds grace period
| * | pprof CI flakes: enforce 5 seconds grace periodValentin Rothberg2021-12-10
| |/ | | | | | | | | | | | | | | | | This gives the service 5 seconds to digest the signal and 5 more seconds to shutdown. Create a new variable to make bumping the timeout easier in case we see re-flake in the future. Fixes: #12167 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #12564 from Darkness4/mainOpenShift Merge Robot2021-12-10
|\ \ | |/ |/| rootless: declare TEMP_FAILURE_RETRY before usage (Fixes: #12563)
| * [NO NEW TESTS NEEDED] rootless: declare TEMP_FAILURE_RETRY before usage ↵Marc Nguyen2021-12-10
|/ | | | | | (Fixes: #12563) Signed-off-by: Nguyen Marc <nguyen_marc@live.fr>
* Merge pull request #12555 from rhatdan/podDaniel J Walsh2021-12-09
|\ | | | | --hostname should be set with podman create --pod new:PODNAME
| * --hostname should be set when using --pod new:foobarDaniel J Walsh2021-12-09
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2030599 When you create pod, it shares the UTS namespace with Containers. Currently the --hostname is not passed to the pod created when you create a container and pod in the same command. Also fix error message on supported --share flags Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12547 from cevich/cached_swaggerOpenShift Merge Robot2021-12-09
|\ \ | |/ |/| [CI:DOCS] Cirrus: Use cached swagger binary
| * Cirrus: Use cached swagger binaryChris Evich2021-12-09
| | | | | | | | | | | | | | | | | | | | | | | | An error was observed in another PR while downloading the swagger binary. The error was relating to the upstream egress quota. Obviously our downloading it every time for each CI run isn't helping. Fix this by moving the download into the image-build process, and simply re-use the already present binary here. Ref: https://github.com/containers/automation_images/pull/103 Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #12556 from edsantiago/rm_rm_podman_pause_imageOpenShift Merge Robot2021-12-09
|\ \ | | | | | | System tests: remove rm_pause_image()
| * | System tests: remove rm_pause_image()Ed Santiago2021-12-09
| | | | | | | | | | | | | | | | | | | | | | | | ...it's not needed: teardown() already does it. Or, it would, if it had been updated to deal with the new pause image naming convention, which I've just done. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #12557 from vrothberg/fix-11825OpenShift Merge Robot2021-12-09
|\ \ \ | |/ / |/| | inotify: make sure to remove files
| * | inotify: make sure to remove filesValentin Rothberg2021-12-09
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue #11825 suggests that *rootless* Podman can run into situations where too many inotify fds are open. Indeed, rootless Podman has a slightly higher usage of inotify watchers than the root counterpart when using slirp4netns Make sure to not only close all watchers but to also remove the files from being watched. Otherwise, the fds only get closed when the files are removed. [NO NEW TESTS NEEDED] since we don't have a way to test it. Fixes: #11825 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #12545 from vrothberg/fix-12477OpenShift Merge Robot2021-12-09
|\ \ | | | | | | generate systemd: support entrypoint JSON strings
| * | generate systemd: support entrypoint JSON stringsValentin Rothberg2021-12-08
| | | | | | | | | | | | | | | | | | | | | Make sure to preserve the quoting of entrypoint JSON strings. Fixes: #12477 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #12541 from flouthoc/remote_blank_entrypointOpenShift Merge Robot2021-12-08
|\ \ \ | |_|/ |/| | specgen: honor empty args for entrypoint specified as `--entrypoint ""`