| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
in cases where the log file exceeds the available memory of a system, we had a bug that triggered an oom because the entire logfile was being read when the tail parameter was given. this reads in chunks and is more or less memory safe.
fixes: #5131
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
| |
We removed the Gitvalidation epoch in the Makefile. As such, we
don't need to adjust it anymore when we tag releases.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
|
|
| |
Also make it executable and `set -eo pipefail`.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of only performing a presence check of the binary, also do a
version check and force installing the specified one if needed. This
will prevent users and the CI from using a wrong version in the future.
Move the logic into a dedicated shell script as I find built-in bash in
Makefiles hard to maintain.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Finding systemd devel packages using libsystemd does not work as
in RHEL based distro the package name is systemd-devel and for
deb/ubunutu it is libsystemd. It is also giving false result when
podman rpm is built with systemd but hack/systemd_tag.sh does not
return anything.
Install systemd-devel package in build_rpm.sh script
Moving to systemd/sd-daemon.h header files which comes from devel
packages fixes the issue.
Signed-off-by: Chandan Kumar (raukadah) <raukadah@gmail.com>
|
|
|
|
|
|
|
|
| |
- Adopt bash strict mode
- Avoid cd errors as seen on CI vendor jobs:
hack/get_release_info.sh: line 9: cd: /go/src/github.com/containers/libpod: No such file or directory
Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
|
|
|
|
| |
Signed-off-by: Dmitry Smirnov <onlyjob@member.fsf.org>
|
|
|
|
|
|
|
|
|
| |
* Refactored code and Makefile to support new docs layout
* Removed some old code packaging code
* Add Readme.md to document what we're doing
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
| |
Restructuring the docs dir to make integration with sphinx easier. man
pages now exist in docs/source/man and the sphinx make files exists in
docs.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
| |
it is going to be removed from containers/image as well, so no longer
depend on it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Build catatonit
|
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of unconditionally pulling the x86 binary, clone the repository
and build the binary to make it independent of the architecture.
Fixes: #2699
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|/
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
| |
Make the errors more readable, with clearer instructions on
what to look for, and which filename, and what we expect to
see, and perhaps even how to approach a fix.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|
|
|
| |
Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
|
|
|
|
| |
Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
|
|
|
|
| |
Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
|
|
|
|
|
|
|
|
| |
The initial implementation was far more complicated than necessary.
Strip out the complexities in favor of a simpler and more direct
approach.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* progress bar: use spinners for unknown blob sizes
* use 'containers_image_ostree' as build tag
* ostree: default is no OStree support
* Add "Env" to ImageInspectInfo
* config.go: improve debug message
* config.go: log where credentials come from
* Fix typo in docs/containers-registries.conf.5.md
* docker: delete: support all MIME types
* Try harder in storageImageDestination.TryReusingBlob
* docker: allow deleting OCI images
* ostree: improve error message
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove disused `build_cache_images` task, and
update relevant dockerfiles for F30.
Fix problem of cloud-init failing to expand root-device on boot
(/var/lib/cloud/instance left in improper state).
Fix problem of cloud-init racing with google-network-daemon.service on
boot (looking for cloudconfig metadata too early). Causing
root-device to _sometimes_ fail to expand.
Fix problem of hack/get_ci_vm.sh argument passing.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
| |
Useful for accessing it from other terminals.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
| |
Also remove disused distros (RHEL/CentOS/FAH) and fix get_ci_vm script
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the systemd development files are not present on the system which
builds podman, then `podman events` will error on runtime creation.
Beside this, a warning will be printed when compiling podman.
This commit mainly exists because projects which depend on libpod
would not need the podman event support and therefore do not need to
rely on the systemd headers.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The output of this CI script leaves much to be desired: it is
output from 'diff' with little clarity on what exactly is wrong.
The proper fix is to make the output clear and readable:
podman containers --help lists a 'foo' subcommand that
is not present in docs/podman-containers.1.md
Doing this in bash would take many hours and be fragile
gibberish code. This does not seem worth the effort: the
likely case is that breakages reported by this script
will be due to a newly added subcommand, and the PR
author will find it obvious what to do. Ergo, plan B:
if the test fails, display a blurb at the end describing
how to interpret results. Three minutes' effort, plus
five for writing this commit message.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\
| |
| | |
[ci skip] get_ci_vm.sh: Fix conflicting homedir files
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, the script would bind mount the user's home directory into
the container in order to execute gcloud commands. This was done
to preserve the `.config/gcloud` directory and new ssh keys in `.ssh`.
However, it's possible the user has modified `.bash*` or `.ssh/config`
files which do not play nicely with gcloud and/or the container.
Fix this by mounting the existing temporary directory on the host, as
the user's home directory. Then bind mount in a dedicated `gcloud/ssh`
sub-directory, and the libpod repo directory on top. Pre-create the
necessary mount-points as the user, so later removal does not require
root on the host.
The gcloud tool takes minutes to setup/manage its ssh-keys, so preserving
that work between runs is a necessary optimization. Similarly, saving the
`.gcloud` directory prevents repeatedly going through the lengthy
client-auth process.
Overall, these changes make the container environment much more selective
with the host-side data it has access to use/modify. Preventing unrelated
details from getting in the way, and preserving only the bare-minimum of
details on the host, between runs.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
podman-generate and -play had the wrong NAMEs.
podman-restart and -volume-prune the wrong SYNOPSIS.
All the rest are varying degrees of minor:
- missing a space between the NAME and description
- multi-line SYNOPSIS that could be collapsed into one
- use of UPPER CASE in synopsis instead of *asterisks*
- improper use of **double asterisks** for options
- varlink and version were transposed in podman-1
- fixed inconsistencies between the description in
the man page and that in the parent manpage. These
are too numerous for me to fix all.
Added: script that could be used in CI to prevent future
such inconsistencies. It cannot be enabled yet because
there are still 35+ inconsistencies in need of cleaning.
This will be difficult to review on github. I suggest
pulling the PR and running 'git log -1 -p | cdif | less'
'cdif' is a handy tool for colorizing individual diffs between
lines:
http://kaz-utashiro.github.io/cdif/
There are other such tools; use your favorite. Comparing
without visual highlights may be painful.
I also encourage you to run hack/man-page-checker and suggest
more fixes for the problems it's finding.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Randomize the user's UID and GID
* Simplify `setup_environment.sh`
* Support new "-r" option for `hack/get_ci_vm.sh` setting up rootless
* Connect as $ROOTLESS_USER when using "-r" with `hack/get_ci_vm.sh`
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
| |
...caught by hack/podman-commands.sh script. Which had a little
buglet, which I fixed: add a special case for 'help', which
neither has nor needs a man page.
I believe the podman-commands.sh script is ready to be run in CI,
hint hint.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make more general-purpose: instead of hardcoding a list
of known subcommands, and duplicating sed pipelines for
each, rely on 'podman help' itself to tell us which
podman commands have subcommands; and examine each
in turn. Should there ever be new subcommands, this
will identify and test them.
A special case is needed for 'podman image trust', whose
documentation format doesn't match the others.
The change to `common.go` fixes an inconsistency: the
Usage message for commands with subcommands had an
unnecessary blank line, making it harder to parse
automatically. This simply produces consistent
Usage messages for all podman commands.
This script will not pass until #2480 is merged.
After that, the goal is to add this as a CI hook.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|
|
|
|
|
| |
Also add podman-commands.sh to compare man pages to commands.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
| |
Quote the status output in echo to preserve the new lines.
Having the output in one line complicated debugging issues
and is not friendly to use.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
More complicated than one would think. The first problem is that,
on certain (but not all) Fedora systems, podman cannot mount
volumes read-only (issue #2312). This is baffling, and since
it's not easily reproducible it's likely that the dev team
will not spend much effort on it. Workaround: instead of bind-
mounting /tmp read-only, bind-mount a *tempdir* (subdirectory)
read-write. This is actually cleaner in some ways but it
leads to complications with the paths we use and with cleanup.
Next, allow overriding the default image and allow asking
for no sudo:
export GCLOUD_IMAGE=quay.io/edsantiago/gcloud_centos:latest
export GCLOUD_SUDO=
(yes, that's an equal-sign and EOL. Just an empty string).
The third part, unfortunately, requires a custom image because
the as_dollar_user.sh script (the one that runs gcloud in a
container) is hardwired in a cevich image and needs tweaks
in order to detect rootless and avoid sudo.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
* Make sure that all vendored dependencies are in sync with the code and
the vendor.conf by running `make vendor` with a follow-up status check
of the git tree.
* Vendor ginkgo and gomega to include the test dependencies.
Signed-off-by: Chris Evic <cevich@redhat.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously it was not possible to specify keys from the ``env`` section
in the various GCE sections. Now that features is added, consolidate
all the cache image definitions into a single place, reducing
maintenance burden.
This also results in the names passing through into the VMs. This is
useful, e.g. for future tracking of image usage statistics.
Update get_ci_vm script hints for new image name definition format
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, using the ssh command directly required obtaining the
external IP of the VM and was then subject to the local configuration.
If the local configuration and/or ssh keys are incorrect, these commands
would fail, preventing automatic setup of the VM.
Fix this by using the gcloud ssh and scp wrappers. Unfortunately rsync
couldn't be made to work in this situation, so use a tarball to transfer
the local repository to the VM. Lastly, execute `setup_environment.sh`
script, then drop the caller into a bash shell sitting in the remote
`$GOSRC` directory.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for executing an init binary as PID 1 in a container to
forward signals and reap processes. When the `--init` flag is set for
podman-create or podman-run, the init binary is bind-mounted to
`/dev/init` in the container and "/dev/init --" is prepended to the
container's command.
The default base path of the container-init binary is `/usr/libexec/podman`
while the default binary is catatonit [1]. This default can be changed
permanently via the `init_path` field in the `libpod.conf` configuration
file (which is recommended for packaging) or temporarily via the
`--init-path` flag of podman-create and podman-run.
[1] https://github.com/openSUSE/catatonit
Fixes: #1670
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Frequently debugging of CI-related problems requires going hands-on
within the environment. However, reproducing the environment by hand is
very tedious and error prone. This script permits authorized users to
produce VM's based on any available cache-image, and automatically remove
them upon logout.
Also: Bump up VM disk sizes to 200GB due to performance reasons
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The docker-in-docker was script was needed to run AppArmor tests in
Travis, which is not required anymore since Travis isn't being used
for a while. Removing the script will also cure some hiccups on
some atomic testing nodes.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
|
|
|
|
|
|
|
|
| |
Check at runtime if AppArmor is enabled on the host.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1128
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1071
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make users of libpod more secure by adding the libpod/apparmor package
to load a pre-defined AppArmor profile. Large chunks of libpod/apparmor
come from github.com/moby/moby.
Also check if a specified AppArmor profile is actually loaded and throw
an error if necessary.
The default profile is loaded only on Linux builds with the `apparmor`
buildtag enabled.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1063
Approved by: rhatdan
|