aboutsummaryrefslogtreecommitdiff
path: root/hack
Commit message (Collapse)AuthorAge
* auto updatesValentin Rothberg2020-03-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support to auto-update containers running in systemd units as generated with `podman generate systemd --new`. `podman auto-update` looks up containers with a specified "io.containers.autoupdate" label (i.e., the auto-update policy). If the label is present and set to "image", Podman reaches out to the corresponding registry to check if the image has been updated. We consider an image to be updated if the digest in the local storage is different than the one of the remote image. If an image must be updated, Podman pulls it down and restarts the container. Note that the restarting sequence relies on systemd. At container-creation time, Podman looks up the "PODMAN_SYSTEMD_UNIT" environment variables and stores it verbatim in the container's label. This variable is now set by all systemd units generated by `podman-generate-systemd` and is set to `%n` (i.e., the name of systemd unit starting the container). This data is then being used in the auto-update sequence to instruct systemd (via DBUS) to restart the unit and hence to restart the container. Note that this implementation of auto-updates relies on systemd and requires a fully-qualified image reference to be used to create the container. This enforcement is necessary to know which image to actually check and pull. If we used an image ID, we would not know which image to check/pull anymore. Fixes: #3575 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Cirrus: Fix gate image & false-positive exitsChris Evich2020-03-02
| | | | | | | | | | | | | | | | | | | A number of scripts relating to tooling used and the gate container image were not exiting upon errors as intended. Coupled with external service unavailability (i.e. downloading golangci-lint) was observed to cause difficult to debug failures. This change corrects the scripts inside/out of the gate container as well as fixes many golang related path consistency problems vs other CI jobs. After this change, all jobs use consistent path names reducing the number of special-case overrides needed. Lastly, I also made a documentation-pass, updating/correcting as needed, including documenting a likely local validation-failure mode, related to `$EPOCH_TEST_COMMIT`. This is dependent on the developers git environment, so documentation is the only possible "fix". Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Fix not growing Fedora rootChris Evich2020-02-28
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* implement reverse reader for log readsBrent Baude2020-02-20
| | | | | | | | in cases where the log file exceeds the available memory of a system, we had a bug that triggered an oom because the entire logfile was being read when the tail parameter was given. this reads in chunks and is more or less memory safe. fixes: #5131 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Fix a syntax error in hack/release.shMatthew Heon2020-01-31
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Update release script to not manage epochMatthew Heon2020-01-22
| | | | | | | We removed the Gitvalidation epoch in the Makefile. As such, we don't need to adjust it anymore when we tag releases. Signed-off-by: Matthew Heon <mheon@redhat.com>
* hack/install_golangci.sh: check env varsValentin Rothberg2020-01-16
| | | | | | Also make it executable and `set -eo pipefail`. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* make .install.golangci-lint: force specific versionValentin Rothberg2020-01-15
| | | | | | | | | | | Instead of only performing a presence check of the binary, also do a version check and force installing the specified one if needed. This will prevent users and the CI from using a wrong version in the future. Move the logic into a dedicated shell script as I find built-in bash in Makefiles hard to maintain. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Use systemd/sd-daemon.h headers for systemd presenceChandan Kumar (raukadah)2019-12-16
| | | | | | | | | | | | | | | Finding systemd devel packages using libsystemd does not work as in RHEL based distro the package name is systemd-devel and for deb/ubunutu it is libsystemd. It is also giving false result when podman rpm is built with systemd but hack/systemd_tag.sh does not return anything. Install systemd-devel package in build_rpm.sh script Moving to systemd/sd-daemon.h header files which comes from devel packages fixes the issue. Signed-off-by: Chandan Kumar (raukadah) <raukadah@gmail.com>
* Improve hack/get_release_info.shSorin Sbarnea2019-12-04
| | | | | | | | - Adopt bash strict mode - Avoid cd errors as seen on CI vendor jobs: hack/get_release_info.sh: line 9: cd: /go/src/github.com/containers/libpod: No such file or directory Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
* codespell: spelling correctionsDmitry Smirnov2019-11-13
| | | | Signed-off-by: Dmitry Smirnov <onlyjob@member.fsf.org>
* Update document formatting and packaging codeJhon Honce2019-10-31
| | | | | | | | | * Refactored code and Makefile to support new docs layout * Removed some old code packaging code * Add Readme.md to document what we're doing Signed-off-by: Jhon Honce <jhonce@redhat.com> Signed-off-by: baude <bbaude@redhat.com>
* Restructure documentation dirbaude2019-10-31
| | | | | | | | Restructuring the docs dir to make integration with sphinx easier. man pages now exist in docs/source/man and the sphinx make files exists in docs. Signed-off-by: baude <bbaude@redhat.com>
* build: drop support for ostreeGiuseppe Scrivano2019-10-30
| | | | | | | it is going to be removed from containers/image as well, so no longer depend on it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #4090 from vrothberg/build-catatonitOpenShift Merge Robot2019-10-01
|\ | | | | Build catatonit
| * catatonit: clone and buildValentin Rothberg2019-09-25
| | | | | | | | | | | | | | | | Instead of unconditionally pulling the x86 binary, clone the repository and build the binary to make it independent of the architecture. Fixes: #2699 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * bump catatonit to v0.1.4Valentin Rothberg2019-09-25
| | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Cirrus: Upload windows MSI release fileChris Evich2019-09-24
|/ | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* hack/man_page_checker - improve diagnosticsEd Santiago2019-09-09
| | | | | | | | Make the errors more readable, with clearer instructions on what to look for, and which filename, and what we expect to see, and perhaps even how to approach a fix. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Exclude podman-remoteRyan Whalen2019-08-31
| | | | Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
* WIP - ignore man pages for commands besides podmanRyan Whalen2019-08-30
| | | | Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
* Fix formatting and enable hack/man-page-checkerRyan Whalen2019-08-30
| | | | Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
* Cirrus: Reimplement release archive + uploadChris Evich2019-08-28
| | | | | | | | The initial implementation was far more complicated than necessary. Strip out the complexities in favor of a simpler and more direct approach. Signed-off-by: Chris Evich <cevich@redhat.com>
* Adjust get_ci_vm.sh for substitutionChris Evich2019-08-12
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* vendor github.com/containers/image@v2.0.1Valentin Rothberg2019-07-22
| | | | | | | | | | | | | | | | * progress bar: use spinners for unknown blob sizes * use 'containers_image_ostree' as build tag * ostree: default is no OStree support * Add "Env" to ImageInspectInfo * config.go: improve debug message * config.go: log where credentials come from * Fix typo in docs/containers-registries.conf.5.md * docker: delete: support all MIME types * Try harder in storageImageDestination.TryReusingBlob * docker: allow deleting OCI images * ostree: improve error message Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Cirrus: Add support for testing F30Chris Evich2019-06-14
| | | | | | | | | | | | | | | | Remove disused `build_cache_images` task, and update relevant dockerfiles for F30. Fix problem of cloud-init failing to expand root-device on boot (/var/lib/cloud/instance left in improper state). Fix problem of cloud-init racing with google-network-daemon.service on boot (looking for cloudconfig metadata too early). Causing root-device to _sometimes_ fail to expand. Fix problem of hack/get_ci_vm.sh argument passing. Signed-off-by: Chris Evich <cevich@redhat.com>
* hack: support setting local region/zoneChris Evich2019-05-29
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* hack: ignore from all VCS files when tarballingChris Evich2019-05-22
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* hack: shrink xfer tarball sizeChris Evich2019-05-22
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* hack: Display IP address of VM from scriptChris Evich2019-05-22
| | | | | | Useful for accessing it from other terminals. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: fixups based on review feedbackChris Evich2019-05-21
| | | | | | Also remove disused distros (RHEL/CentOS/FAH) and fix get_ci_vm script Signed-off-by: Chris Evich <cevich@redhat.com>
* Add `systemd` build tagSascha Grunert2019-05-13
| | | | | | | | | | | | If the systemd development files are not present on the system which builds podman, then `podman events` will error on runtime creation. Beside this, a warning will be printed when compiling podman. This commit mainly exists because projects which depend on libpod would not need the podman event support and therefore do not need to rely on the systemd headers. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* Cirrus: Add check for make varlink_api_generateChris Evich2019-05-03
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* CI check for --help vs man pages: usability fixEd Santiago2019-04-08
| | | | | | | | | | | | | | | | | | | | | The output of this CI script leaves much to be desired: it is output from 'diff' with little clarity on what exactly is wrong. The proper fix is to make the output clear and readable: podman containers --help lists a 'foo' subcommand that is not present in docs/podman-containers.1.md Doing this in bash would take many hours and be fragile gibberish code. This does not seem worth the effort: the likely case is that breakages reported by this script will be due to a newly added subcommand, and the PR author will find it obvious what to do. Ergo, plan B: if the test fails, display a blurb at the end describing how to interpret results. Three minutes' effort, plus five for writing this commit message. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #2433 from cevich/hack_around_homeOpenShift Merge Robot2019-03-27
|\ | | | | [ci skip] get_ci_vm.sh: Fix conflicting homedir files
| * get_ci_vm.sh: Fix conflicting homedir filesChris Evich2019-03-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, the script would bind mount the user's home directory into the container in order to execute gcloud commands. This was done to preserve the `.config/gcloud` directory and new ssh keys in `.ssh`. However, it's possible the user has modified `.bash*` or `.ssh/config` files which do not play nicely with gcloud and/or the container. Fix this by mounting the existing temporary directory on the host, as the user's home directory. Then bind mount in a dedicated `gcloud/ssh` sub-directory, and the libpod repo directory on top. Pre-create the necessary mount-points as the user, so later removal does not require root on the host. The gcloud tool takes minutes to setup/manage its ssh-keys, so preserving that work between runs is a necessary optimization. Similarly, saving the `.gcloud` directory prevents repeatedly going through the lengthy client-auth process. Overall, these changes make the container environment much more selective with the host-side data it has access to use/modify. Preventing unrelated details from getting in the way, and preserving only the bare-minimum of details on the host, between runs. Signed-off-by: Chris Evich <cevich@redhat.com>
* | man pages - consistency fixesEd Santiago2019-03-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman-generate and -play had the wrong NAMEs. podman-restart and -volume-prune the wrong SYNOPSIS. All the rest are varying degrees of minor: - missing a space between the NAME and description - multi-line SYNOPSIS that could be collapsed into one - use of UPPER CASE in synopsis instead of *asterisks* - improper use of **double asterisks** for options - varlink and version were transposed in podman-1 - fixed inconsistencies between the description in the man page and that in the parent manpage. These are too numerous for me to fix all. Added: script that could be used in CI to prevent future such inconsistencies. It cannot be enabled yet because there are still 35+ inconsistencies in need of cleaning. This will be difficult to review on github. I suggest pulling the PR and running 'git log -1 -p | cdif | less' 'cdif' is a handy tool for colorizing individual diffs between lines: http://kaz-utashiro.github.io/cdif/ There are other such tools; use your favorite. Comparing without visual highlights may be painful. I also encourage you to run hack/man-page-checker and suggest more fixes for the problems it's finding. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Cirrus: Various fixes for rootless testingChris Evich2019-03-19
| | | | | | | | | | | | | | | | | | * Randomize the user's UID and GID * Simplify `setup_environment.sh` * Support new "-r" option for `hack/get_ci_vm.sh` setting up rootless * Connect as $ROOTLESS_USER when using "-r" with `hack/get_ci_vm.sh` Signed-off-by: Chris Evich <cevich@redhat.com>
* | Enable rootless integration testsbaude2019-03-19
| | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | add podman-healthcheck(1) to podman(1)Ed Santiago2019-03-07
|/ | | | | | | | | | | ...caught by hack/podman-commands.sh script. Which had a little buglet, which I fixed: add a special case for 'help', which neither has nor needs a man page. I believe the podman-commands.sh script is ready to be run in CI, hint hint. Signed-off-by: Ed Santiago <santiago@redhat.com>
* podman-commands script: refactorEd Santiago2019-02-28
| | | | | | | | | | | | | | | | | | | | | | | Make more general-purpose: instead of hardcoding a list of known subcommands, and duplicating sed pipelines for each, rely on 'podman help' itself to tell us which podman commands have subcommands; and examine each in turn. Should there ever be new subcommands, this will identify and test them. A special case is needed for 'podman image trust', whose documentation format doesn't match the others. The change to `common.go` fixes an inconsistency: the Usage message for commands with subcommands had an unnecessary blank line, making it harder to parse automatically. This simply produces consistent Usage messages for all podman commands. This script will not pass until #2480 is merged. After that, the goal is to add this as a CI hook. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Clean up man pages to match commandsDaniel J Walsh2019-02-27
| | | | | | Also add podman-commands.sh to compare man pages to commands. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* hack/tree_status.sh: preserve new linesValentin Rothberg2019-02-20
| | | | | | | | Quote the status output in echo to preserve the new lines. Having the output in one line complicated debugging issues and is not friendly to use. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* get_ci_vm : allow running without sudoEd Santiago2019-02-13
| | | | | | | | | | | | | | | | | | | | | | | | | | More complicated than one would think. The first problem is that, on certain (but not all) Fedora systems, podman cannot mount volumes read-only (issue #2312). This is baffling, and since it's not easily reproducible it's likely that the dev team will not spend much effort on it. Workaround: instead of bind- mounting /tmp read-only, bind-mount a *tempdir* (subdirectory) read-write. This is actually cleaner in some ways but it leads to complications with the paths we use and with cleanup. Next, allow overriding the default image and allow asking for no sudo: export GCLOUD_IMAGE=quay.io/edsantiago/gcloud_centos:latest export GCLOUD_SUDO= (yes, that's an equal-sign and EOL. Just an empty string). The third part, unfortunately, requires a custom image because the as_dollar_user.sh script (the one that runs gcloud in a container) is hardwired in a cevich image and needs tweaks in order to detect rootless and avoid sudo. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: add vendor_check_taskValentin Rothberg2019-02-06
| | | | | | | | | | | * Make sure that all vendored dependencies are in sync with the code and the vendor.conf by running `make vendor` with a follow-up status check of the git tree. * Vendor ginkgo and gomega to include the test dependencies. Signed-off-by: Chris Evic <cevich@redhat.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Cirrus: Consolidate VM image names in once placeChris Evich2019-01-17
| | | | | | | | | | | | | | Previously it was not possible to specify keys from the ``env`` section in the various GCE sections. Now that features is added, consolidate all the cache image definitions into a single place, reducing maintenance burden. This also results in the names passing through into the VMs. This is useful, e.g. for future tracking of image usage statistics. Update get_ci_vm script hints for new image name definition format Signed-off-by: Chris Evich <cevich@redhat.com>
* [skip ci] Hack: Fix get_ci_vm.sh w/ gcloud ssh/scpChris Evich2019-01-14
| | | | | | | | | | | | | | | Previously, using the ssh command directly required obtaining the external IP of the VM and was then subject to the local configuration. If the local configuration and/or ssh keys are incorrect, these commands would fail, preventing automatic setup of the VM. Fix this by using the gcloud ssh and scp wrappers. Unfortunately rsync couldn't be made to work in this situation, so use a tarball to transfer the local repository to the VM. Lastly, execute `setup_environment.sh` script, then drop the caller into a bash shell sitting in the remote `$GOSRC` directory. Signed-off-by: Chris Evich <cevich@redhat.com>
* add container-init supportValentin Rothberg2019-01-04
| | | | | | | | | | | | | | | | | | | Add support for executing an init binary as PID 1 in a container to forward signals and reap processes. When the `--init` flag is set for podman-create or podman-run, the init binary is bind-mounted to `/dev/init` in the container and "/dev/init --" is prepended to the container's command. The default base path of the container-init binary is `/usr/libexec/podman` while the default binary is catatonit [1]. This default can be changed permanently via the `init_path` field in the `libpod.conf` configuration file (which is recommended for packaging) or temporarily via the `--init-path` flag of podman-create and podman-run. [1] https://github.com/openSUSE/catatonit Fixes: #1670 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add script to create CI VMs for debuggingChris Evich2018-12-14
| | | | | | | | | | | | Frequently debugging of CI-related problems requires going hands-on within the environment. However, reproducing the environment by hand is very tedious and error prone. This script permits authorized users to produce VM's based on any available cache-image, and automatically remove them upon logout. Also: Bump up VM disk sizes to 200GB due to performance reasons Signed-off-by: Chris Evich <cevich@redhat.com>
* remove hack/dindValentin Rothberg2018-10-10
| | | | | | | | | The docker-in-docker was script was needed to run AppArmor tests in Travis, which is not required anymore since Travis isn't being used for a while. Removing the script will also cure some hiccups on some atomic testing nodes. Signed-off-by: Valentin Rothberg <vrothberg@suse.com>