aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* hack/bats: deal with new bin helpersEd Santiago2021-11-16
| | | | | | | | | | | | | | | | | | | | | Some time in the last month, podman started to depend on a bunch of external helper binaries: rootlessport, pause, catatonit. System tests fail without these. Update the hack/bats script to pass $CONTAINERS_HELPER_BINARIES_DIR (set to ./bin); podman will then use locally-built helpers. (This requires https://github.com/containers/common/pull/823 , which as of this PR is not yet vendored into podman. There is no harm in merging this while we wait.) Also: if bats helper is invoked as root, run only once; i.e., skip the "rootless" step. Also (piggybacked): the name of the podman pause image has changed, from pause to podman-pause. Adjust that in our teardown so we don't leave droppings. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #12218 from vrothberg/pause-catatonitOpenShift Merge Robot2021-11-16
|\ | | | | infra container: replace pause with catatonit
| * cirrus: force-install catatonitValentin Rothberg2021-11-15
| | | | | | | | | | | | A temporary workaround until the CI images are updated. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * infra container: replace pause with catatonitValentin Rothberg2021-11-15
| | | | | | | | | | | | | | | | Podman has been using catatonit for a number of years already. Thanks to @giuseppe, catatonit is now able to run as a pause process which allows us to replace the pause binary entirely. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * Revert "add kubernetes pause"Valentin Rothberg2021-11-15
| | | | | | | | | | | | | | | | This reverts commit 9d2b8d2791c23b83b6155b046099a83483860c56 since catatonit's new pause functionality can replace the `pause` binary entirely. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #12100 from rhatdan/envOpenShift Merge Robot2021-11-16
|\ \ | | | | | | Add option --unsetenv to remove default environment variables
| * | Add --unsetenv & --unsetenv-all to remove def environment variablesDaniel J Walsh2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman adds a few environment variables by default, and currently there is no way to get rid of them from your container. This option will allow you to specify which defaults you don't want. --unsetenv-all will remove all default environment variables. Default environment variables can come from podman builtin, containers.conf or from the container image. Fixes: https://github.com/containers/podman/issues/11836 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12283 from Luap99/machine-portsOpenShift Merge Robot2021-11-16
|\ \ \ | | | | | | | | podman machine improve port forwarding
| * | | podman machine improve port forwardingPaul Holzinger2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commits adds port forwarding logic directly into podman. The podman-machine cni plugin is no longer needed. The following new features are supported: - works with cni, netavark and slirp4netns - ports can use the hostIP to bind instead of hard coding 0.0.0.0 - gvproxy no longer listens on 0.0.0.0:7777 (requires a new gvproxy version) - support the udp protocol With this we no longer need podman-machine-cni and should remove it from the packaging. There is also a change to make sure we are backwards compatible with old config which include this plugin. Fixes #11528 Fixes #11728 [NO NEW TESTS NEEDED] We have no podman machine test at the moment. Please test this manually on your system. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #12294 from flouthoc/secret-mount-targetOpenShift Merge Robot2021-11-16
|\ \ \ \ | | | | | | | | | | secret: honor custom `target=` for secrets with `type=mount` for ctr.
| * | | | secret: honor custom target for secrets with runAditya Rajan2021-11-15
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Honor custom `target` if specified while running or creating containers with secret `type=mount`. Example: `podman run -it --secret token,type=mount,target=TOKEN ubi8/ubi:latest bash` Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | | Merge pull request #12285 from nalind/journal-follow-not-earlyOpenShift Merge Robot2021-11-15
|\ \ \ \ | |_|_|/ |/| | | journald logs: keep reading until the journal's end
| * | | journald logs: keep reading until the journal's endNalin Dahyabhai2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When reading logs from the journal, keep going after the container exits, in case it gets restarted. Events logged to the journal via the normal paths don't include CONTAINER_ID_FULL, so don't bother adding it to the "history" event we use to force at least one entry for the container to show up in the log. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | | Merge pull request #12130 from rhatdan/journalOpenShift Merge Robot2021-11-15
|\ \ \ \ | |/ / / |/| | | Error logs --follow if events-backend != journald, event-logger=journald
| * | | Error logs --follow if events-backend != journald, event-logger=journaldDaniel J Walsh2021-11-13
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11255 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #12300 from WanzenBug/fix-bindings-contextOpenShift Merge Robot2021-11-15
|\ \ \ \ | | | | | | | | | | bindings: reuse context for API requests
| * | | | bindings: reuse context for API requestsMoritz "WanzenBug" Wanzenböck2021-11-15
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | One of the main uses of context.Context is to provide cancellation for go-routines, including API requests. While all user-facing bindings already used a context parameter, it was only used to pass the client information around. This commit changes the internal DoRequest wrapper to take an additional context argument, and pass that to the http request. Previously, the context was derived from context.Background(), which made it impossible to cancel once started. All the convenience wrappers already supported the context parameter, so the only user facing change is that cancelling those context now works as one would expect. Signed-off-by: Moritz "WanzenBug" Wanzenböck <moritz@wanzenbug.xyz>
* | | | Merge pull request #12297 from edsantiago/no_remote_unshareOpenShift Merge Robot2021-11-15
|\ \ \ \ | | | | | | | | | | Network test: fix podman-remote-rootless corner case
| * | | | Network test: fix podman-remote-rootless corner caseEd Santiago2021-11-15
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to #12229, in which I added a podman unshare for flake debugging. Turns out that doesn't work in podman-remote. It was not caught because CI doesn't run podman-remote rootless. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #11076 from boaz0/closes_10275OpenShift Merge Robot2021-11-15
|\ \ \ \ | | | | | | | | | | Support template unit files in podman generate systemd
| * | | | export adding id-specifier code to setContainerNameForTemplateBoaz Shuster2021-11-11
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
| * | | | change from run to create in 250-systemd.batsBoaz Shuster2021-11-09
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
| * | | | add unit test to containers_testBoaz Shuster2021-11-01
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
| * | | | Use systemctl in local system testBoaz Shuster2021-10-29
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
| * | | | Support template unit files in podman generate systemdBoaz Shuster2021-10-22
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | | | Merge pull request #12257 from adrianreber/2021-11-10-print-statsOpenShift Merge Robot2021-11-15
|\ \ \ \ \ | |_|/ / / |/| | | | Add optional checkpoint/restore statistics
| * | | | Added test for checkpoint/restore --print-statsAdrian Reber2021-11-15
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Adrian Reber <areber@redhat.com>
| * | | | Update man pages for checkpoint/restore --print-statsAdrian Reber2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit updates the man pages for checkpoint and restore to describe the '--print-stats' parameter. Signed-off-by: Adrian Reber <areber@redhat.com>
| * | | | Added optional container restore statisticsAdrian Reber2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the parameter '--print-stats' to 'podman container restore'. With '--print-stats' Podman will measure how long Podman itself, the OCI runtime and CRIU requires to restore a checkpoint and print out these information. CRIU already creates process restore statistics which are just read in addition to the added measurements. In contrast to just printing out the ID of the restored container, Podman will now print out JSON: # podman container restore --latest --print-stats { "podman_restore_duration": 305871, "container_statistics": [ { "Id": "47b02e1d474b5d5fe917825e91ac653efa757c91e5a81a368d771a78f6b5ed20", "runtime_restore_duration": 140614, "criu_statistics": { "forking_time": 5, "restore_time": 67672, "pages_restored": 14 } } ] } The output contains 'podman_restore_duration' which contains the number of microseconds Podman required to restore the checkpoint. The output also includes 'runtime_restore_duration' which is the time the runtime needed to restore that specific container. Each container also includes 'criu_statistics' which displays the timing information collected by CRIU. Signed-off-by: Adrian Reber <areber@redhat.com>
| * | | | Added optional container checkpointing statisticsAdrian Reber2021-11-15
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the parameter '--print-stats' to 'podman container checkpoint'. With '--print-stats' Podman will measure how long Podman itself, the OCI runtime and CRIU requires to create a checkpoint and print out these information. CRIU already creates checkpointing statistics which are just read in addition to the added measurements. In contrast to just printing out the ID of the checkpointed container, Podman will now print out JSON: # podman container checkpoint --latest --print-stats { "podman_checkpoint_duration": 360749, "container_statistics": [ { "Id": "25244244bf2efbef30fb6857ddea8cb2e5489f07eb6659e20dda117f0c466808", "runtime_checkpoint_duration": 177222, "criu_statistics": { "freezing_time": 100657, "frozen_time": 60700, "memdump_time": 8162, "memwrite_time": 4224, "pages_scanned": 20561, "pages_written": 2129 } } ] } The output contains 'podman_checkpoint_duration' which contains the number of microseconds Podman required to create the checkpoint. The output also includes 'runtime_checkpoint_duration' which is the time the runtime needed to checkpoint that specific container. Each container also includes 'criu_statistics' which displays the timing information collected by CRIU. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | Merge pull request #12272 from hshiina/memory-swappinessOpenShift Merge Robot2021-11-13
|\ \ \ \ | |_|/ / |/| | | Enable 'podman run --memory-swappiness=0'
| * | | Enable 'podman run --memory-swappiness=0'Hironori Shiina2021-11-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | '--memory-swappiness=0' used to work. This patch fixes the regression issue, which was caused by the change of infra container creation process. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
* | | | Merge pull request #12270 from rhatdan/authOpenShift Merge Robot2021-11-13
|\ \ \ \ | | | | | | | | | | --authfile command line argument for image sign command.
| * | | | --authfile command line argument for image sign command.José Guilherme Vanz2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds the --authfile command line argument to allow users to use alternative authfile paths when signing images. Replaces: https://github.com/containers/podman/pull/10975 Fixes: https://github.com/containers/podman/issues/10866 Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #12271 from Luap99/play-kube-netOpenShift Merge Robot2021-11-12
|\ \ \ \ \ | |_|/ / / |/| | | | Fix network mode in play kube
| * | | | Fix network mode in play kubePaul Holzinger2021-11-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to use the config network mode when no network mode was set. To do so we have to keep the nsmode empty, MakeContainer() will use the correct network mode from the config when needed. Fixes #12248 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #12224 from cdoern/scpOpenShift Merge Robot2021-11-12
|\ \ \ \ \ | | | | | | | | | | | | Podman Image SCP transfer patch
| * | | | | Podman Image SCP transfer patchcdoern2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixed syntax so that podman image scp transfer works with no user specified. This command can only be executed as root so to obtain the default user, I searched for the SUDO_USER environmental variable. If that is not found, we error out and inform the user to set this variable and make sure they are running as root Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | | | | Merge pull request #12279 from mscherer/fix_11842OpenShift Merge Robot2021-11-12
|\ \ \ \ \ \ | | | | | | | | | | | | | | Always create working directory when using compat API
| * | | | | | Always create working directory when using compat APIMichael Scherer2021-11-12
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker/Moby always create the working directory, and some tools rely on that behavior (example, woodpecker/drone). Fixes #11842 Signed-off-by: Michael Scherer <misc@redhat.com>
* | | | | | Merge pull request #12280 from vrothberg/fix-12254OpenShift Merge Robot2021-11-12
|\ \ \ \ \ \ | |/ / / / / |/| | | | | play kube: don't force-pull infra image
| * | | | | play kube: don't force-pull infra imageValentin Rothberg2021-11-12
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not force-pull the infra image in `play kube` but let the backend take care of that when creating the pod(s) which may build a local `podman-pause` image instead of using the default infra image. Fixes: #12254 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #12256 from cevich/update_to_U2110OpenShift Merge Robot2021-11-11
|\ \ \ \ \ | | | | | | | | | | | | Cirrus: Update to Ubuntu 21.10 + Disable F33
| * | | | | Cirrus: Temp. disable prior-fedora testingChris Evich2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With F35 released, F33 is officially dead. Move it out of the way temporarily until F35 VM images are ready. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | Cirrus: Update to Ubuntu 21.10Chris Evich2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #12197 from gliptak/readme1OpenShift Merge Robot2021-11-11
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | [ci:docs] Add Static Build download instructions to README
| * | | | | Add Static Build download instructions to READMEGábor Lipták2021-11-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TEST NEEDED] Signed-off-by: Gábor Lipták <gliptak@gmail.com>
* | | | | | Merge pull request #12267 from giuseppe/safely-create-etc-mtabOpenShift Merge Robot2021-11-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | libpod: create /etc/mtab safely
| * | | | | | libpod: create /etc/mtab safelyGiuseppe Scrivano2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | make sure the /etc/mtab symlink is created inside the rootfs when /etc is a symlink. Closes: https://github.com/containers/podman/issues/12189 [NO NEW TESTS NEEDED] there is already a test case Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | Merge pull request #12214 from giuseppe/fix-rootless-error-messageOpenShift Merge Robot2021-11-11
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | rootless: adjust error message