summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Pod Device Supportcdoern2021-09-20
| | | | | | | | | | added support for pod devices. The device gets added to the infra container and recreated in all containers that join the pod. This required a new container config item to keep track of the original device passed in by the user before the path was parsed into the container device. Signed-off-by: cdoern <cdoern@redhat.com>
* podman machine: use gvproxy for host.containers.internalPaul Holzinger2021-09-20
| | | | | | | | | | | | | | | | Let the gvproxy dns server handle the host.containers.internal entry. Support for this is already added to gvproxy. [1] To make sure the container uses the dns response from gvproxy we should not add host.containers.internal to /etc/hosts in this case. [NO TESTS NEEDED] podman machine has no tests :/ Fixes #11642 [1] https://github.com/containers/gvisor-tap-vsock/commit/1108ea45162281046d239047a6db9bc187e64b08 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11628 from Luap99/remove-unsued-codeOpenShift Merge Robot2021-09-18
|\ | | | | Remove unused code from libpod
| * Remove unused code from libpodPaul Holzinger2021-09-17
| | | | | | | | | | | | | | | | | | | | | | | | | | The libpod package should only compile on linux. The remote client should never try to import this package. Since these files do not add any value we should remove them, this prevents people from accidentally importing this package because it would fail to compile on windows/macos. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11607 from Luap99/ipvlanOpenShift Merge Robot2021-09-17
|\ \ | |/ |/| CNI: add ipvlan driver support and macvlan modes
| * CNI: add ipvlan driverPaul Holzinger2021-09-16
| | | | | | | | | | | | | | | | | | Add support for the ipvlan cni plugin. This allows us to create, inspect and list ipvlan networks correctly. Fixes #10478 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * CNI: network create support macvlan modesPaul Holzinger2021-09-16
| | | | | | | | | | | | | | | | Support setting the macvlan mode with `podman network create -d macvlan --opt mode=bridge`. This will correctly set the specified macvlan mode in the cni conflist file. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11603 from rhatdan/truncateOpenShift Merge Robot2021-09-17
|\ \ | | | | | | Add no-trunc support to podman-events
| * | Add no-trunc support to podman-eventsDaniel J Walsh2021-09-16
| |/ | | | | | | | | | | | | | | | | | | | | Standardize on no-trunc through the code. Alias notruncate where necessary. Standardize on the man page display of no-trunc. Fixes: https://github.com/containers/podman/issues/8941 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #11606 from giuseppe/always-move-pause-process-to-scopeOpenShift Merge Robot2021-09-17
|\ \ | | | | | | runtime: move pause process to scope
| * | runtime: move pause process to scopeGiuseppe Scrivano2021-09-16
| |/ | | | | | | | | | | | | | | | | | | | | make sure the pause process is moved to its own scope as well as what we do when we join an existing user+mount namespace. Closes: https://github.com/containers/podman/issues/11560 [NO TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / Only add 127.0.0.1 entry to /etc/hosts with --net=nonePaul Holzinger2021-09-16
|/ | | | | | | | | | | The check for net=none was wrong. It just assumed when we do not create the netns but have one set that we use the none mode. This however also applies to a container which joins the pod netns. To correctly check for the none mode use `config.NetMode.IsNone()`. Fixes #11596 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11322 from Luap99/network-libpodOpenShift Merge Robot2021-09-15
|\ | | | | Wire network interface into libpod
| * Add Drivers method to the Network InterfacePaul Holzinger2021-09-15
| | | | | | | | | | | | | | Drivers should return the list of supported network drivers by this plugin. This is useful for podman info. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * Drop OCICNI dependencyPaul Holzinger2021-09-15
| | | | | | | | | | | | | | | | | | | | | | We do not use the ocicni code anymore so let's get rid of it. Only the port struct is used but we can copy this into libpod network types so we can debloat the binary. The next step is to remove the OCICNI port mapping form the container config and use the better PortMapping struct everywhere. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * Wire network interface into libpodPaul Holzinger2021-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make use of the new network interface in libpod. This commit contains several breaking changes: - podman network create only outputs the new network name and not file path. - podman network ls shows the network driver instead of the cni version and plugins. - podman network inspect outputs the new network struct and not the cni conflist. - The bindings and libpod api endpoints have been changed to use the new network structure. The container network status is stored in a new field in the state. The status should be received with the new `c.getNetworkStatus`. This will migrate the old status to the new format. Therefore old containers should contine to work correctly in all cases even when network connect/ disconnect is used. New features: - podman network reload keeps the ip and mac for more than one network. - podman container restore keeps the ip and mac for more than one network. - The network create compat endpoint can now use more than one ipam config. The man pages and the swagger doc are updated to reflect the latest changes. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * cni network configs set ipv6 enables correctlyPaul Holzinger2021-09-15
| | | | | | | | | | | | | | When configs are loaded from disk we need to check if they contain a ipv6 subnet and set ipv6 enables to true in this case. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * default network: do not validate the used subnetsPaul Holzinger2021-09-15
| | | | | | | | | | | | | | | | | | | | | | The default network should not be validated against used subnets, we have to ensure that this network can always be created even when a subnet is already used on the host. This could happen if you run a container on this net, then the cni interface will be created on the host and "block" this subnet from being used again. Therefore the next podman command tries to create the default net again and it would fail because it thinks the network is used on the host. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * network create: validate the input subnetPaul Holzinger2021-09-15
| | | | | | | | | | | | | | Check that the given subnet does not conflict with existing ones (other configs or host interfaces). Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11577 from rhatdan/tmpdirOpenShift Merge Robot2021-09-15
|\ \ | |/ |/| Set default storage from containers.conf for temporary images
| * Set default storage from containers.conf for temporary imagesDaniel J Walsh2021-09-15
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11107 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #11567 from giuseppe/cgroups-split-with-podsOpenShift Merge Robot2021-09-15
|\ \ | |/ |/| libpod: honor --cgroups=split also with pods
| * libpod: honor --cgroups=split also with podsGiuseppe Scrivano2021-09-14
| | | | | | | | | | | | Honor --cgroups=split also when the container is running in a pod. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #11409 from cdoern/podVolumesOpenShift Merge Robot2021-09-15
|\ \ | | | | | | Pod Volumes Support
| * | Pod Volumes Supportcdoern2021-09-14
| |/ | | | | | | | | | | | | | | | | added support for the --volume flag in pods using the new infra container design. users can specify all volume options they can with regular containers resolves #10379 Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #11556 from afbjorklund/distribution-infoOpenShift Merge Robot2021-09-15
|\ \ | | | | | | Show variant and codename of the distribution
| * | Show variant and codename of the distributionAnders F Björklund2021-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Along with the name (id) and the version(_id) But only show the information if is available Examples: Fedora CoreOS, Ubuntu Focal [NO TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | Merge pull request #11170 from flouthoc/support-rootfs-overlayOpenShift Merge Robot2021-09-14
|\ \ \ | |/ / |/| | rootfs: Add support for rootfs-overlay.
| * | rootfs: Add support for rootfs-overlay and bump to buildah v1.22.1-0.202108flouthoc2021-09-14
| |/ | | | | | | | | | | | | | | | | | | Allows users to specify a readonly rootfs with :O, in exchange podman will create a writable overlay. bump builah to v1.22.1-0.20210823173221-da2b428c56ce [NO TESTS NEEDED] Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | Merge pull request #11551 from Luap99/rootlessport-restartOpenShift Merge Robot2021-09-14
|\ \ | | | | | | fix restart always with rootlessport
| * | libpod: rootful close binded portsPaul Holzinger2021-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For rootful users ports are forwarded via iptables. To make sure no other process tries to use them, libpod will bind the ports and pass the fds to conmon. There seems to be race when a container is restarted because libpod tries to bind the port before the conmon process exited. The problem only hapens with the podman service because it keeps the connection open. Once we have the fd and passed it to conmon the podman service should close the connection. To verify run `sudo ss -tulpn` and check that only the conmon process keeps the port open. Previously you would also see the podman server process listed. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | fix restart always with rootlessportPaul Holzinger2021-09-13
| |/ | | | | | | | | | | | | | | When a container is automatically restarted due its restart policy and the container uses rootless cni networking with ports forwarded we have to start a new rootlessport process since it exits with conmon. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / test: enable --cgroup-parent testGiuseppe Scrivano2021-09-14
|/ | | | | | | | and fix it for running with runc. Closes: https://github.com/containers/podman/issues/11165 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #11323 from umohnani8/initOpenShift Merge Robot2021-09-10
|\ | | | | Add init containers to generate and play kube
| * Add init containers to generate and play kubeUrvashi Mohnani2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kubernetes has a concept of init containers that run and exit before the regular containers in a pod are started. We added init containers to podman pods as well. This patch adds support for generating init containers in the kube yaml when a pod we are converting had init containers. When playing a kube yaml, it detects an init container and creates such a container in podman accordingly. Note, only init containers created with the init type set to "always" will be generated as the "once" option deletes the init container after it has run and exited. Play kube will always creates init containers with the "always" init container type. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Merge pull request #11509 from ↵OpenShift Merge Robot2021-09-10
|\ \ | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/psgo-1.6.0 Bump github.com/containers/psgo from 1.5.2 to 1.6.0
| * | Bump github.com/containers/psgo from 1.5.2 to 1.6.0dependabot[bot]2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/psgo](https://github.com/containers/psgo) from 1.5.2 to 1.6.0. - [Release notes](https://github.com/containers/psgo/releases) - [Commits](https://github.com/containers/psgo/compare/v1.5.2...v1.6.0) --- updated-dependencies: - dependency-name: github.com/containers/psgo dependency-type: direct:production update-type: version-update:semver-minor ... [NO TESTS NEEDED] since it's migrating to a new version. Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #11506 from giuseppe/fix-stats-restart-containerOpenShift Merge Robot2021-09-10
|\ \ \ | |_|/ |/| | stats: detect container restart and allow paused containers
| * | stats: detect containers restartGiuseppe Scrivano2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | if the current cpu usage time is lower than what previously recorded, then it means the container was restarted and now it runs in a new cgroup. When this happens, reset the prevStats. Closes: https://github.com/containers/podman/issues/11469 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | stats: allow to read stats for paused containersGiuseppe Scrivano2021-09-10
| | | | | | | | | | | | | | | | | | paused containers still a cgroup we can use to grab the stats. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | try to create the runroot before we warn that it is not writablePaul Holzinger2021-09-10
|/ / | | | | | | | | | | | | | | | | | | | | | | | | The rootless integration tests show the XDG_RUNTIME_DIR warning without any reasons. Podman runs without problems in these and yet the warning is shown. I think the problem is that we check the permission before we create the runroot directory. [NO TESTS NEEDED] Fixes #11521 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / Fix conmon attach socket buffer sizePaul Holzinger2021-09-09
|/ | | | | | | | | | | | | | | The conmon buffer size is 8192, however the attach socket needs two extra bytes. The first byte of each message will be the STREAM type. The last byte is a null byte. So when we want to read 8192 message bytes we need to read 8193 bytes since the first one is special. check https://github.com/containers/conmon/blob/1ef246896b4f6566964ed861b98cd32d0e7bf7a2/src/ctr_stdio.c#L101-L107 This problem can be seen in podman-remote run/exec when it prints output with 8192 or more bytes. The output will miss the 8192 byte. Fixes #11496 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Add logDriver to podman infoDaniel J Walsh2021-09-08
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11327 from flouthoc/warn-non-writeable-xdg-runtimeOpenShift Merge Robot2021-09-08
|\ | | | | runtime: Warn if `XDG_RUNTIME_DIR` is set but is not writable.
| * runtime: Warn if XDG_RUNTIME_DIR is set but is not writable.flouthoc2021-08-30
| | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Aditya Rajan <flouthoc.git@gmail.com>
* | Add Checkpointed bool to InspectMatthew Heon2021-09-07
| | | | | | | | | | | | | | | | When inspecting a container, we now report whether the container was stopped by a `podman checkpoint` operation via a new bool in the State portion of inspected, `Checkpointed`. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | logs -f: file: fix dead lockValentin Rothberg2021-09-07
| | | | | | | | | | | | | | | | Fix a dead lock in the file log driver where one goroutine would wait on the tail to hit EOF but reading is blocked for the function to return. Fixes: 11461 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | feat: add localhost into hosts if the networking mode is not hostParham Alvani2021-09-04
| | | | | | | | Signed-off-by: Parham Alvani <1995parham@tuta.io>
* | Drop dependency on iproutePaul Holzinger2021-09-02
| | | | | | | | | | | | | | | | | | | | | | We only use the `ip` util to remove a network interface. We can do this directly via the netlink lib, no need to call a external binary. [NO TESTS NEEDED] Fixes #11403 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11391 from Luap99/rootlessport-socketOpenShift Merge Robot2021-09-01
|\ \ | | | | | | rootlessport: allow socket paths with more than 108 chars