| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
added support for pod devices. The device gets added to the infra container and
recreated in all containers that join the pod.
This required a new container config item to keep track of the original device passed in by the user before
the path was parsed into the container device.
Signed-off-by: cdoern <cdoern@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let the gvproxy dns server handle the host.containers.internal entry.
Support for this is already added to gvproxy. [1]
To make sure the container uses the dns response from gvproxy we should
not add host.containers.internal to /etc/hosts in this case.
[NO TESTS NEEDED] podman machine has no tests :/
Fixes #11642
[1] https://github.com/containers/gvisor-tap-vsock/commit/1108ea45162281046d239047a6db9bc187e64b08
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\
| |
| | |
Remove unused code from libpod
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The libpod package should only compile on linux. The remote client
should never try to import this package.
Since these files do not add any value we should remove them, this
prevents people from accidentally importing this package because it would
fail to compile on windows/macos.
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| |/
|/| |
CNI: add ipvlan driver support and macvlan modes
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add support for the ipvlan cni plugin. This allows us to create,
inspect and list ipvlan networks correctly.
Fixes #10478
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Support setting the macvlan mode with `podman network create -d macvlan
--opt mode=bridge`. This will correctly set the specified macvlan mode
in the cni conflist file.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| | |
| | | |
Add no-trunc support to podman-events
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Standardize on no-trunc through the code.
Alias notruncate where necessary.
Standardize on the man page display of no-trunc.
Fixes: https://github.com/containers/podman/issues/8941
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
runtime: move pause process to scope
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
make sure the pause process is moved to its own scope as well as what
we do when we join an existing user+mount namespace.
Closes: https://github.com/containers/podman/issues/11560
[NO TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
| |
The check for net=none was wrong. It just assumed when we do not create
the netns but have one set that we use the none mode. This however also
applies to a container which joins the pod netns.
To correctly check for the none mode use `config.NetMode.IsNone()`.
Fixes #11596
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\
| |
| | |
Wire network interface into libpod
|
| |
| |
| |
| |
| |
| |
| | |
Drivers should return the list of supported network drivers by this
plugin. This is useful for podman info.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We do not use the ocicni code anymore so let's get rid of it. Only the
port struct is used but we can copy this into libpod network types so
we can debloat the binary.
The next step is to remove the OCICNI port mapping form the container
config and use the better PortMapping struct everywhere.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make use of the new network interface in libpod.
This commit contains several breaking changes:
- podman network create only outputs the new network name and not file
path.
- podman network ls shows the network driver instead of the cni version
and plugins.
- podman network inspect outputs the new network struct and not the cni
conflist.
- The bindings and libpod api endpoints have been changed to use the new
network structure.
The container network status is stored in a new field in the state. The
status should be received with the new `c.getNetworkStatus`. This will
migrate the old status to the new format. Therefore old containers should
contine to work correctly in all cases even when network connect/
disconnect is used.
New features:
- podman network reload keeps the ip and mac for more than one network.
- podman container restore keeps the ip and mac for more than one
network.
- The network create compat endpoint can now use more than one ipam
config.
The man pages and the swagger doc are updated to reflect the latest
changes.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
When configs are loaded from disk we need to check if they contain a
ipv6 subnet and set ipv6 enables to true in this case.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The default network should not be validated against used subnets, we have to ensure
that this network can always be created even when a subnet is already used on the host.
This could happen if you run a container on this net, then the cni interface will be
created on the host and "block" this subnet from being used again.
Therefore the next podman command tries to create the default net again and it would
fail because it thinks the network is used on the host.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
Check that the given subnet does not conflict with existing ones (other
configs or host interfaces).
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| |/
|/| |
Set default storage from containers.conf for temporary images
|
| |
| |
| |
| |
| |
| | |
Fixes: https://github.com/containers/podman/issues/11107
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
libpod: honor --cgroups=split also with pods
|
| |
| |
| |
| |
| |
| | |
Honor --cgroups=split also when the container is running in a pod.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Pod Volumes Support
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
added support for the --volume flag in pods using the new infra container design.
users can specify all volume options they can with regular containers
resolves #10379
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \
| | |
| | | |
Show variant and codename of the distribution
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Along with the name (id) and the version(_id)
But only show the information if is available
Examples: Fedora CoreOS, Ubuntu Focal
[NO TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
|\ \ \
| |/ /
|/| | |
rootfs: Add support for rootfs-overlay.
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Allows users to specify a readonly rootfs with :O, in exchange podman will create a writable overlay.
bump builah to v1.22.1-0.20210823173221-da2b428c56ce
[NO TESTS NEEDED]
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
|
|\ \
| | |
| | | |
fix restart always with rootlessport
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For rootful users ports are forwarded via iptables. To make sure no
other process tries to use them, libpod will bind the ports and pass the
fds to conmon. There seems to be race when a container is restarted
because libpod tries to bind the port before the conmon process exited.
The problem only hapens with the podman service because it keeps the
connection open. Once we have the fd and passed it to conmon the
podman service should close the connection.
To verify run `sudo ss -tulpn` and check that only the conmon process
keeps the port open. Previously you would also see the podman server
process listed.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| |
| | |
When a container is automatically restarted due its restart policy and
the container uses rootless cni networking with ports forwarded we have
to start a new rootlessport process since it exits with conmon.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|/
|
|
|
|
|
|
| |
and fix it for running with runc.
Closes: https://github.com/containers/podman/issues/11165
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Add init containers to generate and play kube
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Kubernetes has a concept of init containers that run and exit before
the regular containers in a pod are started. We added init containers
to podman pods as well. This patch adds support for generating init
containers in the kube yaml when a pod we are converting had init
containers. When playing a kube yaml, it detects an init container
and creates such a container in podman accordingly.
Note, only init containers created with the init type set to "always"
will be generated as the "once" option deletes the init container after
it has run and exited. Play kube will always creates init containers
with the "always" init container type.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
|\ \
| | |
| | |
| | |
| | | |
containers/dependabot/go_modules/github.com/containers/psgo-1.6.0
Bump github.com/containers/psgo from 1.5.2 to 1.6.0
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/containers/psgo](https://github.com/containers/psgo) from 1.5.2 to 1.6.0.
- [Release notes](https://github.com/containers/psgo/releases)
- [Commits](https://github.com/containers/psgo/compare/v1.5.2...v1.6.0)
---
updated-dependencies:
- dependency-name: github.com/containers/psgo
dependency-type: direct:production
update-type: version-update:semver-minor
...
[NO TESTS NEEDED] since it's migrating to a new version.
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| |_|/
|/| | |
stats: detect container restart and allow paused containers
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
if the current cpu usage time is lower than what previously recorded,
then it means the container was restarted and now it runs in a new
cgroup. When this happens, reset the prevStats.
Closes: https://github.com/containers/podman/issues/11469
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
paused containers still a cgroup we can use to grab the stats.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The rootless integration tests show the XDG_RUNTIME_DIR warning without
any reasons. Podman runs without problems in these and yet the warning
is shown. I think the problem is that we check the permission before we
create the runroot directory.
[NO TESTS NEEDED]
Fixes #11521
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The conmon buffer size is 8192, however the attach socket needs two extra
bytes. The first byte of each message will be the STREAM type. The last
byte is a null byte. So when we want to read 8192 message bytes we need
to read 8193 bytes since the first one is special.
check https://github.com/containers/conmon/blob/1ef246896b4f6566964ed861b98cd32d0e7bf7a2/src/ctr_stdio.c#L101-L107
This problem can be seen in podman-remote run/exec when it prints output
with 8192 or more bytes. The output will miss the 8192 byte.
Fixes #11496
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
runtime: Warn if `XDG_RUNTIME_DIR` is set but is not writable.
|
| |
| |
| |
| |
| |
| | |
[NO TESTS NEEDED]
Signed-off-by: Aditya Rajan <flouthoc.git@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
When inspecting a container, we now report whether the container
was stopped by a `podman checkpoint` operation via a new bool in
the State portion of inspected, `Checkpointed`.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a dead lock in the file log driver where one goroutine would wait on
the tail to hit EOF but reading is blocked for the function to return.
Fixes: 11461
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Parham Alvani <1995parham@tuta.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We only use the `ip` util to remove a network interface. We can do
this directly via the netlink lib, no need to call a external binary.
[NO TESTS NEEDED]
Fixes #11403
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| | |
| | | |
rootlessport: allow socket paths with more than 108 chars
|