summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Merge pull request #8505 from Luap99/network-labelsOpenShift Merge Robot2020-12-01
|\ | | | | podman network label support
| * podman network label supportPaul Holzinger2020-11-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add label support for podman network create. Use the `args` field in the cni config file to store the podman labels. Use `podman_labels` as key name and store the labels as map[string]string. For reference: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md#args-in-network-config https://github.com/containernetworking/cni/blob/spec-v0.4.0/SPEC.md#network-configuration Example snippet: ``` ... "args": { "podman_labels": { "key1":"value1", "key2":"value2" } } ... ``` Make podman network list support several filters. Supported filters are name, plugin, driver and label. Filters with different keys work exclusive. Several label filters work exclusive and the other filter keys are working inclusive. Also adjust the compat api to support labels in network create and list. Breaking changes: - podman network ls -f shortform is used for --filter instead --format This matches docker and other podman commands (container ps, volume ps) - libpod network list endpoint filter parameter is removed. Instead the filters paramter should be used as json encoded map[string][]string. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8426 from mheon/fix_infra_cmd_from_configOpenShift Merge Robot2020-12-01
|\ \ | | | | | | Do not ignore infra command from config files
| * | Do not ignore infra command from config filesMatthew Heon2020-11-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It looks like this was previously removed because the default hard-coded `/pause` so we would never take into account the image config. I've removed the default in c/common and re-added support to check config files. While we're at it, fix ENTRYPOINT support - we should not be setting this if we got ENTRYPOINT from the image. Fixed https://bugzilla.redhat.com/show_bug.cgi?id=1853455 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #8515 from baude/netconnectstateOpenShift Merge Robot2020-12-01
|\ \ \ | | | | | | | | network connect disconnect on non-running containers
| * | | network connect disconnect on non-running containersbaude2020-11-30
| |/ / | | | | | | | | | | | | | | | | | | a container can connect and disconnet to networks even when not in a running state. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8400 from rhatdan/varlinkOpenShift Merge Robot2020-12-01
|\ \ \ | | | | | | | | Remove varlink support from podman
| * | | Remove varlink support from PodmanDaniel J Walsh2020-11-26
| | |/ | |/| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8475 from rhatdan/subscriptionsOpenShift Merge Robot2020-12-01
|\ \ \ | |_|/ |/| | Switch from pkg/secrets to pkg/subscriptions
| * | Switch from pkg/secrets to pkg/subscriptionsDaniel J Walsh2020-11-26
| |/ | | | | | | | | | | | | | | The buildah/pkg/secrts package was move to containers/common/pkg/subscriptions. Switch to using this by default. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8493 from Luap99/net-rm-macvlanOpenShift Merge Robot2020-11-28
|\ \ | | | | | | Fix problems with network remove
| * | Fix problems with network removePaul Holzinger2020-11-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | First, make sure we are only trying to remove the network interface if we are root. Second, if we cannot get the interface name (e.g macvlan config) then we should not fail. Just remove the config file. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | runtime: set XDG_* env variables if missingGiuseppe Scrivano2020-11-27
| |/ |/| | | | | | | | | | | | | regression introduced when moving to Podman 2.0. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1877228 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Not use local image create/add manifestQi Wang2020-11-24
|/ | | | | | | | Avoid using the image from load storage for `manifest create` and `manifest add` since the local image does not include other entries of the list from the registry. `--all` flag of `manifest create` and `manifest add` can not add all of the lists as expected. Signed-off-by: Qi Wang <qiwan@redhat.com>
* Merge pull request #8467 from Luap99/fix-mac-custom-netOpenShift Merge Robot2020-11-24
|\ | | | | Fix custom mac address with a custom cni network
| * Fix custom mac address with a custom cni networkPaul Holzinger2020-11-24
| | | | | | | | | | | | | | | | | | | | | | The cni plugin `tuning` is required to set a custom mac address. This plugin is configured in the default cni config file which is packaged with podman but was not included the generated config form `podman network create`. Fixes #8385 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | update container status with new resultsbaude2020-11-23
| | | | | | | | | | | | | | | | | | a bug was being caused by the fact that the container network results were not being updated properly. given that jhon is on PTO, this PR will replace #8362 Signed-off-by: baude <bbaude@redhat.com>
* | Refactor compat container create endpointJhon Honce2020-11-23
|/ | | | | | | | | | | | * Make endpoint compatibile with docker-py network expectations * Update specgen helper when called from compat endpoint * Update godoc on types * Add test for network/container create using docker-py method * Add syslog logging when DEBUG=1 for tests Fixes #8361 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #8438 from MarcoPolo/marco/set-path-for-systemd-healthcheckOpenShift Merge Robot2020-11-23
|\ | | | | Set PATH env in systemd timer.
| * Set PATH env in systemd timer.Marco Munizaga2020-11-23
| | | | | | | | | | | | | | | | | | | | | | This fixes an issue where binaries that are in the path of the original podman process are not found in the transient systemd timer for healthchecks. This showed up for me on a NixOS machine since binaries are not installed in the usual places. Signed-off-by: Marco Munizaga <git@marcopolo.io>
* | Merge pull request #8451 from Luap99/fix-subnet-rangeOpenShift Merge Robot2020-11-23
|\ \ | | | | | | Fix ip-range for classless subnet masks
| * | Fix ip-range for classless subnet masksPaul Holzinger2020-11-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `LastIPInSubnet` function worked only for classful subnet masks (e.g. /8, /16, /24). For non standard subnet masks this returned the wrong ip address. This works now for all subnet mask. A unit test is added to ensure this. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8263 from rhatdan/restartOpenShift Merge Robot2020-11-23
|\ \ \ | |/ / |/| | Allow containers to --restart on-failure with --rm
| * | Allow containers to --restart on-failure with --rmDaniel J Walsh2020-11-20
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Make c.networks() list include the default networkMatthew Heon2020-11-20
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | This makes things a lot more clear - if we are actually joining a CNI network, we are guaranteed to get a non-zero length list of networks. We do, however, need to know if the network we are joining is the default network for inspecting containers as it determines how we populate the response struct. To handle this, add a bool to indicate that the network listed was the default network, and only the default network. Signed-off-by: Matthew Heon <mheon@redhat.com>
* / fix container cgroup lookupValentin Rothberg2020-11-20
|/ | | | | | | | | | | | | When running on cgroups v1, `/proc/{PID}/cgroup` has multiple entries, each pointing potentially to a different cgroup. Some may be empty, some may point to parents. The one we really need is the libpod-specific one, which always is the longest path. So instead of looking at the first entry, look at all and select the longest one. Fixes: #8397 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #8391 from baude/networkconnectdisconnectOpenShift Merge Robot2020-11-19
|\ | | | | add network connect|disconnect compat endpoints
| * add network connect|disconnect compat endpointsbaude2020-11-19
| | | | | | | | | | | | | | | | | | | | | | this enables the ability to connect and disconnect a container from a given network. it is only for the compatibility layer. some code had to be refactored to avoid circular imports. additionally, tests are being deferred temporarily due to some incompatibility/bug in either docker-py or our stack. Signed-off-by: baude <bbaude@redhat.com>
* | Align the podman pod ps --filter behavior with podman psPaul Holzinger2020-11-18
| | | | | | | | | | | | | | | | | | Filters with the same key work inclusive with the only exception being `label` which is exclusive. Filters with different keys always work exclusive. Also update the documentation with the new behavior. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8376 from Luap99/podman-filtersOpenShift Merge Robot2020-11-18
|\ \ | |/ |/| Align the podman ps --filter behavior with docker
| * Align the podman ps --filter behavior with dockerPaul Holzinger2020-11-18
| | | | | | | | | | | | | | | | | | | | All of our filters worked exclusive resulting in `--filter status=created --filter status=exited` to return nothing. In docker filters with the same key work inclusive with the only exception being `label` which is exclusive. Filters with different keys always work exclusive. This PR aims to match the docker behavior with podman. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Fix podman pod inspect show wrong MAC stringzhangguanzhang2020-11-18
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | add network connect|disconnect compat endpointsbaude2020-11-17
| | | | | | | | | | | | | | | | | | | | | | this enables the ability to connect and disconnect a container from a given network. it is only for the compatibility layer. some code had to be refactored to avoid circular imports. additionally, tests are being deferred temporarily due to some incompatibility/bug in either docker-py or our stack. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #8290 from vrothberg/fix-8265OpenShift Merge Robot2020-11-17
|\ \ | | | | | | use container cgroups path
| * | use container cgroups pathValentin Rothberg2020-11-17
| |/ | | | | | | | | | | | | | | | | When looking up a container's cgroup path, parse /proc/[PID]/cgroup. This will work across all cgroup managers and configurations and is supported on cgroups v1 and v2. Fixes: #8265 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #8347 from rhatdan/hostnameOpenShift Merge Robot2020-11-17
|\ \ | | | | | | Make sure /etc/hosts populated correctly with networks
| * | Make sure /etc/hosts populated correctly with networksDaniel J Walsh2020-11-16
| |/ | | | | | | | | | | | | | | | | | | | | The --hostname and containername should always be added to containers. Added some tests to make sure you can always ping the hostname and container name from within the container. Fixes: https://github.com/containers/podman/issues/8095 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / Improve the shell completion apiPaul Holzinger2020-11-16
|/ | | | | | | | | | | | | | | | | | | | One main advantage of the new shell completion logic is that we can easly parse flags and adjust based on the given flags the suggestions. For example some commands accept the `--latest` flag only if no arguments are given. This commit implements this logic in a simple maintainable way since it reuses the already existing `Args` function in the cmd struct. I also refactored the `getXXX` function to match based on the namei/id which could speed up the shell completion with many containers, images, etc... I also added the degraded status to the valid pod status filters which was implemented in #8081. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* short-name aliasingValentin Rothberg2020-11-13
| | | | | | Add support for short-name aliasing. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #8304 from rhatdan/errorOpenShift Merge Robot2020-11-12
|\ | | | | Cleanup error reporting
| * Cleanup error reportingDaniel J Walsh2020-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The error message reported is overlay complicated and the added test does not really help the user. Currently the error looks like: podman run -p 80:80 fedora echo hello Error: failed to expose ports via rootlessport: "cannot expose privileged port 80, you might need to add "net.ipv4.ip_unprivileged_port_start=0" (currently 1024) to /etc/sysctl.conf, or choose a larger port number (>= 1024): listen tcp 0.0.0.0:80: bind: permission denied\n" After this change ./bin/podman run -p 80:80 fedora echo hello Error: cannot expose privileged port 80, you might need to add "net.ipv4.ip_unprivileged_port_start=0" (currently 1024) to /etc/sysctl.conf, or choose a larger port number (>= 1024): listen tcp 0.0.0.0:80: bind: permission denied Control chars have been eliminated. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8298 from mheon/db_network_connectOpenShift Merge Robot2020-11-12
|\ \ | | | | | | Add support for network connect / disconnect to DB
| * | Add support for network connect / disconnect to DBMatthew Heon2020-11-11
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Convert the existing network aliases set/remove code to network connect and disconnect. We can no longer modify aliases for an existing network, but we can add and remove entire networks. As part of this, we need to add a new function to retrieve current aliases the container is connected to (we had a table for this as of the first aliases PR, but it was not externally exposed). At the same time, remove all deconflicting logic for aliases. Docker does absolutely no checks of this nature, and allows two containers to have the same aliases, aliases that conflict with container names, etc - it's just left to DNS to return all the IP addresses, and presumably we round-robin from there? Most tests for the existing code had to be removed because of this. Convert all uses of the old container config.Networks field, which previously included all networks in the container, to use the new DB table. This ensures we actually get an up-to-date list of in-use networks. Also, add network aliases to the output of `podman inspect`. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #8307 from mheon/fix_8221OpenShift Merge Robot2020-11-12
|\ \ | |/ |/| Ensure we do not double-lock the same volume in create
| * Ensure we do not double-lock the same volume in createMatthew Heon2020-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | When making containers, we want to lock all named volumes we are adding the container to, to ensure they aren't removed from under us while we are working. Unfortunately, this code did not account for a container having the same volume mounted in multiple places so it could deadlock. Add a map to ensure that we don't lock the same name more than once to resolve this. Fixes #8221 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #8251 from baude/networkaliasesOpenShift Merge Robot2020-11-10
|\ \ | | | | | | network aliases for container creation
| * | network aliases for container creationbaude2020-11-09
| | | | | | | | | | | | | | | | | | | | | | | | podman can now support adding network aliases when running containers (--network-alias). It requires an updated dnsname plugin as well as an updated ocicni to work properly. Signed-off-by: baude <bbaude@redhat.com>
* | | enable ipv6 network configuration optionsAntonio Ojea2020-11-10
|/ / | | | | | | | | | | | | | | | | | | | | | | | | enable the ipv6 flag in podman network to be able to create dual-stack networks for containers. This is required to be compatible with docker, where --ipv6 really means dual stack. podman, unlike docker, support IPv6 only containers since 07e3f1bba9674c0cb93a0fa260930bfebbf75728. Signed-off-by: Antonio Ojea <aojea@redhat.com>
* / Show error on bad name filter in podman psJoel Smith2020-11-06
|/ | | | Signed-off-by: Joel Smith <joelsmith@redhat.com>
* fix: allow volume creation when the _data directory already existsYan Minari2020-11-05
| | | | | | This restores pre f7e72bc86aff2ff986290f190309deceb7f22099 behavior Signed-off-by: Yan Minari <yangm97@gmail.com>