summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Only add 127.0.0.1 entry to /etc/hosts with --net=nonePaul Holzinger2021-09-16
| | | | | | | | | | | The check for net=none was wrong. It just assumed when we do not create the netns but have one set that we use the none mode. This however also applies to a container which joins the pod netns. To correctly check for the none mode use `config.NetMode.IsNone()`. Fixes #11596 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11322 from Luap99/network-libpodOpenShift Merge Robot2021-09-15
|\ | | | | Wire network interface into libpod
| * Add Drivers method to the Network InterfacePaul Holzinger2021-09-15
| | | | | | | | | | | | | | Drivers should return the list of supported network drivers by this plugin. This is useful for podman info. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * Drop OCICNI dependencyPaul Holzinger2021-09-15
| | | | | | | | | | | | | | | | | | | | | | We do not use the ocicni code anymore so let's get rid of it. Only the port struct is used but we can copy this into libpod network types so we can debloat the binary. The next step is to remove the OCICNI port mapping form the container config and use the better PortMapping struct everywhere. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * Wire network interface into libpodPaul Holzinger2021-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make use of the new network interface in libpod. This commit contains several breaking changes: - podman network create only outputs the new network name and not file path. - podman network ls shows the network driver instead of the cni version and plugins. - podman network inspect outputs the new network struct and not the cni conflist. - The bindings and libpod api endpoints have been changed to use the new network structure. The container network status is stored in a new field in the state. The status should be received with the new `c.getNetworkStatus`. This will migrate the old status to the new format. Therefore old containers should contine to work correctly in all cases even when network connect/ disconnect is used. New features: - podman network reload keeps the ip and mac for more than one network. - podman container restore keeps the ip and mac for more than one network. - The network create compat endpoint can now use more than one ipam config. The man pages and the swagger doc are updated to reflect the latest changes. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * cni network configs set ipv6 enables correctlyPaul Holzinger2021-09-15
| | | | | | | | | | | | | | When configs are loaded from disk we need to check if they contain a ipv6 subnet and set ipv6 enables to true in this case. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * default network: do not validate the used subnetsPaul Holzinger2021-09-15
| | | | | | | | | | | | | | | | | | | | | | The default network should not be validated against used subnets, we have to ensure that this network can always be created even when a subnet is already used on the host. This could happen if you run a container on this net, then the cni interface will be created on the host and "block" this subnet from being used again. Therefore the next podman command tries to create the default net again and it would fail because it thinks the network is used on the host. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * network create: validate the input subnetPaul Holzinger2021-09-15
| | | | | | | | | | | | | | Check that the given subnet does not conflict with existing ones (other configs or host interfaces). Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11577 from rhatdan/tmpdirOpenShift Merge Robot2021-09-15
|\ \ | |/ |/| Set default storage from containers.conf for temporary images
| * Set default storage from containers.conf for temporary imagesDaniel J Walsh2021-09-15
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11107 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #11567 from giuseppe/cgroups-split-with-podsOpenShift Merge Robot2021-09-15
|\ \ | |/ |/| libpod: honor --cgroups=split also with pods
| * libpod: honor --cgroups=split also with podsGiuseppe Scrivano2021-09-14
| | | | | | | | | | | | Honor --cgroups=split also when the container is running in a pod. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #11409 from cdoern/podVolumesOpenShift Merge Robot2021-09-15
|\ \ | | | | | | Pod Volumes Support
| * | Pod Volumes Supportcdoern2021-09-14
| |/ | | | | | | | | | | | | | | | | added support for the --volume flag in pods using the new infra container design. users can specify all volume options they can with regular containers resolves #10379 Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #11556 from afbjorklund/distribution-infoOpenShift Merge Robot2021-09-15
|\ \ | | | | | | Show variant and codename of the distribution
| * | Show variant and codename of the distributionAnders F Björklund2021-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Along with the name (id) and the version(_id) But only show the information if is available Examples: Fedora CoreOS, Ubuntu Focal [NO TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | Merge pull request #11170 from flouthoc/support-rootfs-overlayOpenShift Merge Robot2021-09-14
|\ \ \ | |/ / |/| | rootfs: Add support for rootfs-overlay.
| * | rootfs: Add support for rootfs-overlay and bump to buildah v1.22.1-0.202108flouthoc2021-09-14
| |/ | | | | | | | | | | | | | | | | | | Allows users to specify a readonly rootfs with :O, in exchange podman will create a writable overlay. bump builah to v1.22.1-0.20210823173221-da2b428c56ce [NO TESTS NEEDED] Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | Merge pull request #11551 from Luap99/rootlessport-restartOpenShift Merge Robot2021-09-14
|\ \ | | | | | | fix restart always with rootlessport
| * | libpod: rootful close binded portsPaul Holzinger2021-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For rootful users ports are forwarded via iptables. To make sure no other process tries to use them, libpod will bind the ports and pass the fds to conmon. There seems to be race when a container is restarted because libpod tries to bind the port before the conmon process exited. The problem only hapens with the podman service because it keeps the connection open. Once we have the fd and passed it to conmon the podman service should close the connection. To verify run `sudo ss -tulpn` and check that only the conmon process keeps the port open. Previously you would also see the podman server process listed. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | fix restart always with rootlessportPaul Holzinger2021-09-13
| |/ | | | | | | | | | | | | | | When a container is automatically restarted due its restart policy and the container uses rootless cni networking with ports forwarded we have to start a new rootlessport process since it exits with conmon. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / test: enable --cgroup-parent testGiuseppe Scrivano2021-09-14
|/ | | | | | | | and fix it for running with runc. Closes: https://github.com/containers/podman/issues/11165 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #11323 from umohnani8/initOpenShift Merge Robot2021-09-10
|\ | | | | Add init containers to generate and play kube
| * Add init containers to generate and play kubeUrvashi Mohnani2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kubernetes has a concept of init containers that run and exit before the regular containers in a pod are started. We added init containers to podman pods as well. This patch adds support for generating init containers in the kube yaml when a pod we are converting had init containers. When playing a kube yaml, it detects an init container and creates such a container in podman accordingly. Note, only init containers created with the init type set to "always" will be generated as the "once" option deletes the init container after it has run and exited. Play kube will always creates init containers with the "always" init container type. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Merge pull request #11509 from ↵OpenShift Merge Robot2021-09-10
|\ \ | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/psgo-1.6.0 Bump github.com/containers/psgo from 1.5.2 to 1.6.0
| * | Bump github.com/containers/psgo from 1.5.2 to 1.6.0dependabot[bot]2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/psgo](https://github.com/containers/psgo) from 1.5.2 to 1.6.0. - [Release notes](https://github.com/containers/psgo/releases) - [Commits](https://github.com/containers/psgo/compare/v1.5.2...v1.6.0) --- updated-dependencies: - dependency-name: github.com/containers/psgo dependency-type: direct:production update-type: version-update:semver-minor ... [NO TESTS NEEDED] since it's migrating to a new version. Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #11506 from giuseppe/fix-stats-restart-containerOpenShift Merge Robot2021-09-10
|\ \ \ | |_|/ |/| | stats: detect container restart and allow paused containers
| * | stats: detect containers restartGiuseppe Scrivano2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | if the current cpu usage time is lower than what previously recorded, then it means the container was restarted and now it runs in a new cgroup. When this happens, reset the prevStats. Closes: https://github.com/containers/podman/issues/11469 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | stats: allow to read stats for paused containersGiuseppe Scrivano2021-09-10
| | | | | | | | | | | | | | | | | | paused containers still a cgroup we can use to grab the stats. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | try to create the runroot before we warn that it is not writablePaul Holzinger2021-09-10
|/ / | | | | | | | | | | | | | | | | | | | | | | | | The rootless integration tests show the XDG_RUNTIME_DIR warning without any reasons. Podman runs without problems in these and yet the warning is shown. I think the problem is that we check the permission before we create the runroot directory. [NO TESTS NEEDED] Fixes #11521 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / Fix conmon attach socket buffer sizePaul Holzinger2021-09-09
|/ | | | | | | | | | | | | | | The conmon buffer size is 8192, however the attach socket needs two extra bytes. The first byte of each message will be the STREAM type. The last byte is a null byte. So when we want to read 8192 message bytes we need to read 8193 bytes since the first one is special. check https://github.com/containers/conmon/blob/1ef246896b4f6566964ed861b98cd32d0e7bf7a2/src/ctr_stdio.c#L101-L107 This problem can be seen in podman-remote run/exec when it prints output with 8192 or more bytes. The output will miss the 8192 byte. Fixes #11496 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Add logDriver to podman infoDaniel J Walsh2021-09-08
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11327 from flouthoc/warn-non-writeable-xdg-runtimeOpenShift Merge Robot2021-09-08
|\ | | | | runtime: Warn if `XDG_RUNTIME_DIR` is set but is not writable.
| * runtime: Warn if XDG_RUNTIME_DIR is set but is not writable.flouthoc2021-08-30
| | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Aditya Rajan <flouthoc.git@gmail.com>
* | Add Checkpointed bool to InspectMatthew Heon2021-09-07
| | | | | | | | | | | | | | | | When inspecting a container, we now report whether the container was stopped by a `podman checkpoint` operation via a new bool in the State portion of inspected, `Checkpointed`. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | logs -f: file: fix dead lockValentin Rothberg2021-09-07
| | | | | | | | | | | | | | | | Fix a dead lock in the file log driver where one goroutine would wait on the tail to hit EOF but reading is blocked for the function to return. Fixes: 11461 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | feat: add localhost into hosts if the networking mode is not hostParham Alvani2021-09-04
| | | | | | | | Signed-off-by: Parham Alvani <1995parham@tuta.io>
* | Drop dependency on iproutePaul Holzinger2021-09-02
| | | | | | | | | | | | | | | | | | | | | | We only use the `ip` util to remove a network interface. We can do this directly via the netlink lib, no need to call a external binary. [NO TESTS NEEDED] Fixes #11403 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11391 from Luap99/rootlessport-socketOpenShift Merge Robot2021-09-01
|\ \ | | | | | | rootlessport: allow socket paths with more than 108 chars
| * | rootlessport: allow socket paths with more than 108 charsPaul Holzinger2021-09-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Creating the rootlessport socket can fail with `bind: invalid argument` when the socket path is longer than 108 chars. This is the case for users with a long runtime directory. Since the kernel does not allow to use socket paths with more then 108 chars use a workaround to open the socket path. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #11376 from ashley-cui/envsecOpenShift Merge Robot2021-09-01
|\ \ \ | |/ / |/| | Make secret env var available to exec session
| * | Make secret env var available to exec sessionAshley Cui2021-08-31
| | | | | | | | | | | | | | | | | | | | | Secret environment variables were only available to a podman run/start. This commit makes sure that exec sessions can see them as well. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | pass LISTEN_* environment into containerValentin Rothberg2021-08-31
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure that Podman passes the LISTEN_* environment into containers. Similar to runc, LISTEN_PID is set to 1. Also remove conditionally passing the LISTEN_FDS as extra files. The condition was wrong (inverted) and introduced to fix #3572 which related to running under varlink which has been dropped entirely with Podman 3.0. Note that the NOTIFY_SOCKET and LISTEN_* variables are cleared when running `system service`. Fixes: #10443 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #11353 from flouthoc/resolve-workdir-after-mountsOpenShift Merge Robot2021-08-30
|\ \ | | | | | | container: resolve workdir during initialization after all the mounts are completed.
| * | container: resolve workdir after all the mounts happen.flouthoc2021-08-30
| | | | | | | | | | | | | | | | | | | | | | | | There are use-cases where users would want to use overlay-mounts as workdir. For such cases workdir should be resolved after all the mounts are completed during the container init process. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | rootless cni: resolve absolute symlinks correctlyPaul Holzinger2021-08-30
|/ / | | | | | | | | | | | | | | | | | | | | When /etc/resolv.conf is a symlink to an absolute path use it and not join it the the previous path. [NO TESTS NEEDED] This depends on the host layout. Fixes #11358 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11333 from rhatdan/http-proxyOpenShift Merge Robot2021-08-27
|\ \ | | | | | | Globally replace http:// with https://
| * | Globally replace http:// with https://Daniel J Walsh2021-08-27
| | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Hopefully existing tests will find issues. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | InfraContainer Reworkcdoern2021-08-26
|/ / | | | | | | | | | | | | | | | | | | InfraContainer should go through the same creation process as regular containers. This change was from the cmd level down, involving new container CLI opts and specgen creating functions. What now happens is that both container and pod cli options are populated in cmd and used to create a podSpecgen and a containerSpecgen. The process then goes as follows FillOutSpecGen (infra) -> MapSpec (podOpts -> infraOpts) -> PodCreate -> MakePod -> createPodOptions -> NewPod -> CompleteSpec (infra) -> MakeContainer -> NewContainer -> newContainer -> AddInfra (to pod state) Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #11218 from cdoern/untilBugOpenShift Merge Robot2021-08-26
|\ \ | |/ |/| logFile until flag issue, negative duration replaced with positive