| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
Because we cannot reqad the networking mode in the frontent because we
should always use the server default we have to parse the mac and ip
address to the server via a default network. Now when the server reads
the default nsmode it has to reject the provided networks when the mode
is not set to bridge.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
|
|
|
|
| |
It is important that we store the current networks from the db in the
config. Also make sure to properly handle aliases and ignore static ip/mac
addresses.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
|
|
| |
Allow the same --network options for play kube as for podman run/create.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rework the --network parse logic to support multiple networks with
specific network configuration settings.
--network can now be set multiple times. For bridge network mode the
following options have been added:
- **alias=name**: Add network-scoped alias for the container.
- **ip=IPv4**: Specify a static ipv4 address for this container.
- **ip=IPv6**: Specify a static ipv6 address for this container.
- **mac=MAC**: Specify a static mac address address for this container.
- **interface_name**: Specify a name for the created network interface inside the container.
So now you can set --network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99
for the default bridge network as well as for network names.
This is better than using --ip because we can set the ip per network
without any confusion which network the ip address should be assigned
to.
The --ip, --mac-address and --network-alias options are still supported
but --ip or --mac-address can only be set when only one network is set.
This limitation already existed previously.
The ability to specify a custom network interface name is new
Fixes #11534
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
|
|
|
|
| |
Add the new networks format to specgen. For api users cni_networks is
still supported to make migration easier however the static ip and mac
fields are removed.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
|
|
|
| |
The swagger api docs used the extra Body struct as part of the request
which is wrong. We just want the plain type.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Network connect now supports setting a static ipv4, ipv6 and mac address
for the container network. The options are added to the cli and api.
Fixes #9883
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Make sure we create new containers in the db with the correct structure.
Also remove some unneeded code for alias handling. We no longer need this
functions.
The specgen format has not been changed for now.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
|
|
| |
We do not need to return a extra bool.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new network db structure stores everything in the networks bucket.
Previously some network settings were not written the the network bucket
and only stored in the container config.
Instead of the old format which used the container ID as value in the
networks buckets we now use the PerNetworkoptions struct there.
To migrate existing users we use the state.GetNetworks() function. If it
fails to read the new format it will automatically migrate the old
config format to the new one. This is allows a flawless migration path.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\
| |
| | |
pprof flakes: bump timeout to 20 seconds
|
|/
|
|
|
|
|
|
|
|
|
|
| |
This is the third and hopefully the last attempt to address the flakes
in the pprof tests. We first bumped the timeouts to 2 seconds, then to
5, and since I am running out of ideas let's bump it now to 20 seconds.
Since the timeouts poll, the tests will terminate much earlier but 20
seconds should now really be enough even under highly loaded CI VMs.
Fixes: #12167
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
compat build: adhere to q/quiet
|
| |
| |
| |
| |
| | |
Fixes: #12566
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| |/
|/| |
[CI:DOCS] Cirrus: Temp. ignore gitlab task failures
|
|/
|
|
|
|
|
|
|
| |
Appears related to https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28732
Log: https://cirrus-ci.com/task/5708221852680192?logs=setup#L433
Marking test to be ignored until I can figure out where/how to fix it.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\
| |
| | |
fix e2e test missing network cleanup
|
| |
| |
| |
| |
| |
| |
| |
| | |
I noticed that this test will fail its flake rerun because the network
was not removed and it tried to create a network with the same name.
Also network disconnect works rootless now.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| | |
| | | |
pprof CI flakes: enforce 5 seconds grace period
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
This gives the service 5 seconds to digest the signal and 5 more seconds
to shutdown. Create a new variable to make bumping the timeout easier
in case we see re-flake in the future.
Fixes: #12167
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| |/
|/| |
rootless: declare TEMP_FAILURE_RETRY before usage (Fixes: #12563)
|
|/
|
|
|
|
| |
(Fixes: #12563)
Signed-off-by: Nguyen Marc <nguyen_marc@live.fr>
|
|\
| |
| | |
--hostname should be set with podman create --pod new:PODNAME
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2030599
When you create pod, it shares the UTS namespace with Containers.
Currently the --hostname is not passed to the pod created when
you create a container and pod in the same command.
Also fix error message on supported --share flags
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
[CI:DOCS] Cirrus: Use cached swagger binary
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
An error was observed in another PR while downloading the swagger
binary. The error was relating to the upstream egress quota. Obviously
our downloading it every time for each CI run isn't helping. Fix this
by moving the download into the image-build process, and simply re-use
the already present binary here.
Ref: https://github.com/containers/automation_images/pull/103
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \
| | |
| | | |
System tests: remove rm_pause_image()
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
...it's not needed: teardown() already does it. Or, it would,
if it had been updated to deal with the new pause image naming
convention, which I've just done.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| |/ /
|/| | |
inotify: make sure to remove files
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Issue #11825 suggests that *rootless* Podman can run into situations
where too many inotify fds are open. Indeed, rootless Podman has a
slightly higher usage of inotify watchers than the root counterpart
when using slirp4netns
Make sure to not only close all watchers but to also remove the files
from being watched. Otherwise, the fds only get closed
when the files are removed.
[NO NEW TESTS NEEDED] since we don't have a way to test it.
Fixes: #11825
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
generate systemd: support entrypoint JSON strings
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Make sure to preserve the quoting of entrypoint JSON strings.
Fixes: #12477
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| |_|/
|/| | |
specgen: honor empty args for entrypoint specified as `--entrypoint ""`
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Users should be able to override containers entrypoint using
`--entrypoint ""` following works fine for podman but not for podman
remote.
Specgen ignores empty argument for entrypoint so make specgen honor
empty arguments.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
|\ \
| | |
| | | |
remove runlabel test for global opts
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
GLOBAL_OPTS haven't been supported for at least two major versions of
Podman. The runlabel code is extremely fragile and I think it should
be rewritten before adding new features.
Fixes: #12436
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| |_|/
|/| |
| | |
| | | |
containers/dependabot/go_modules/github.com/uber/jaeger-client-go-2.30.0incompatible
Bump github.com/uber/jaeger-client-go from 2.29.1+incompatible to 2.30.0+incompatible
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github.com/uber/jaeger-client-go](https://github.com/uber/jaeger-client-go) from 2.29.1+incompatible to 2.30.0+incompatible.
- [Release notes](https://github.com/uber/jaeger-client-go/releases)
- [Changelog](https://github.com/jaegertracing/jaeger-client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber/jaeger-client-go/compare/v2.29.1...v2.30.0)
---
updated-dependencies:
- dependency-name: github.com/uber/jaeger-client-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \
| | |
| | | |
utils: reintroduce moveToCgroup
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit ee62711136339c5daf38e38859227d85b06fc32a introduced the
regression.
It was mistakenly removed as part of a cleanup, but this code is
needed by another code path, where we move conmon for the exec session
to the same cgroup used by conmon for the process.
Closes: https://github.com/containers/podman/issues/12535
[NO NEW TESTS NEEDED] it fixes a regression in the CI
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
vendor c/image/v5@main
|
| |/
| |
| |
| |
| |
| |
| |
| | |
Mainly to pull in fixes for #11636 which handles credential helpers
correctly.
Fixes: #11636
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
rootless netns: resolve all path components for resolv.conf
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We need to follow all symlinks in the /etc/resolv.conf path. Currently
we would only check the last file but it is possible that any directory
before that is also a link.
Unfortunately this code is very hard to maintain and not well tested. I
will try to come up with a unit test when I have more time. I think we
could utilize some for of chroot for this. For now we are stucked with
the default setup in the fedora/ubunutu test VMs.
[NO NEW TESTS NEEDED]
Fixes #12461
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \
| |_|/
|/| | |
autocopr: distro conditionals for containers-common
|
|/ /
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \
| | |
| | | |
Update vendor or containers/common moving pkg/cgroups there
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED] This is just moving pkg/cgroups out so
existing tests should be fine.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |/ /
|/| | |
volume: apply exact permission of target directory without adding extra `0111`
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
While trying to match permissions of target directory podman adds
extra `0111` which should not be needed if target path does not have
execute permission.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|