| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
remote run: consult events for exit code
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
After attaching to a container, we wait for the container to finish and
return its exit code. Waiting for the container may not always succeed,
for instance, when the container has been force removed by another
process. In such case, we have to look at the *last* container-exit
event.
Also refactor the `ContainerRun` method a bit to return early on errors
and de-spaghetti the code.
Enable the remote-disabled system test.
Fixes: #7117
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| | |
| | | |
Extend the flags of the `manifest add` command
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Prior to this commit the value of the `--cert-dir` flag
specified for `podman manifest push` was not handled by the internal
code.
That resulted in `podman manifest push` not reading the certificates
stored inside of the directory specified by the user.
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Extend the flags of `podman manifest add` to include also:
* cert-dir
* auth-file
* creds
* tls-verify
These options are useful when adding to a manifest an image that is not
part of the local image store. The image resides on a remote registry
that falls into one of these cases: it's not using tls termination, it requires
authentication or it's secured with an unknown tls certificate.
Consider the following scenario: a multi architecture manifest is created as
part of a multi-step CI pipeline running in a containerized way.
All the images referenced by the manifest live inside of a registry
secured with a self-signed tls certificate.
Without this patch the manifest creation step would have to pull all the
multi-architecture images locally via `podman pull`.
With this patch the usage of `podman pull` would not be needed because the
images' digests can be requested straight to the registry. That means the
execution of manifest creation step would be faster and result in less disk
space and network bandwidth being used.
Finally, this is a propagation of a similar fix done inside of buildah
via https://github.com/containers/buildah/pull/2593
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
|
| |\ \ \
| | | |
| | | | |
APIv2 Add network list filtering
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add the filter option to the libpod endpoint.
Add support for the name filter on the docker endpoint.
Add apiv2 tests for the network list endpoints.
Enable podman network integration tests for remote.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \ \
| | | | |
| | | | | |
Fix podman container runlabel --display
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Current podman container runlabel --display is being ignored.
This is just supposed to display the command that would be run, and
then exit, but instead is actually running the command.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1877186
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently the --latest flag is ignored by podman ps command.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1877182
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
podman load/save: support multi-image docker archive
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Support loading and saving tarballs with more than one image.
Add a new `/libpod/images/export` endpoint to the rest API to
allow for exporting/saving multiple images into an archive.
Note that a non-release version of containers/image is vendored.
A release version must be vendored before cutting a new Podman
release. We force the containers/image version via a replace in
the go.mod file; this way go won't try to match the versions.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Do not perform a container clean up for containers configured for
auto-removal (e.g., via `podman run --rm`). There is a small race
window with the other process performing the removal where a clean up
during podman-stop may fail since the container has already been removed
and cleaned up. As the removing process will clean up the container,
we don't have to do it during podman-stop.
Fixes: #7384
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| | |
| | | |
Fix system df inconsistent
|
| | |/
| |
| |
| |
| |
| | |
Use RWSzir as system df verbose containers size to remain consistent with the summery. Volume is reclaimable only if not used by container.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for generating systemd units
via the api and podman-remote.
Change the GenerateSystemdReport type to return the
units as map[string]string with the unit name as key.
Add `--format` flag to `podman generate systemd`
to allow the output to be formatted as json.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |
|
|
| |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
| |\
| |
| | |
play kube: handle Socket HostPath type
|
| | |
| |
| |
| |
| |
| | |
as well as add test cases for it and the other HostPath types we currently support
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
| |
without it the systemd detection fails.
Closes: https://github.com/containers/podman/issues/7441
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
create a scope everytime we don't own the current cgroup and we are
running on systemd.
Closes: https://github.com/containers/podman/issues/6734
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
podman containers using IPv6 were missing the default route, breaking
deployments trying to use them.
The problem is that the default route was hardcoded to IPv4, this
takes into consideration the podman subnet IP family to generate
the corresponding default route.
Signed-off-by: Antonio Ojea <aojea@redhat.com>
|
| |
|
|
|
|
|
|
| |
the deepcopy in the remote history code path was throwing an uncaught error on a type mismatch. we now manually do the conversion and fix the type mismatch on the fly.
Fixes: #7122
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
| |
Included old error + wrapped
Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
|
| |\
| |
| | |
Unconditionally retrieve pod names via API
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The ListContainers API previously had a Pod parameter, which
determined if pod name was returned (but, notably, not Pod ID,
which was returned unconditionally). This was fairly confusing,
so we decided to deprecate/remove the parameter and return it
unconditionally.
To do this without serious performance implications, we need to
avoid expensive JSON decodes of pod configuration in the DB. The
way our Bolt tables are structured, retrieving name given ID is
actually quite cheap, but we did not expose this via the Libpod
API. Add a new GetName API to do this.
Fixes #7214
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |/
|
|
|
|
|
|
|
| |
Fix a bug in the error handling which returned nil instead of an error
and ultimately lead to nil dereferences in the client. To prevent
future regressions, add a test and check for the error message.
Fixes: #7271
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
images: speed up lists
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Listing images has shown increasing performance penalties with an
increasing number of images. Unless `--all` is specified, Podman
will filter intermediate images. Determining intermediate images
has been done by finding (and comparing!) parent images which is
expensive. We had to query the storage many times which turned it
into a bottleneck.
Instead, create a layer tree and assign one or more images to nodes that
match the images' top layer. Determining the children of an image is
now exponentially faster as we already know the child images from the
layer graph and the images using the same top layer, which may also be
considered child images based on their history.
On my system with 510 images, a rootful image list drops from 6 secs
down to 0.3 secs.
Also use the tree to compute parent nodes, and to filter intermediate
images for pruning.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| | |
| | | |
podman-remote send name and tag
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
when loading an image with podman-remote load, we need to send a name and a tag to the endpoint
Fixes: #7124
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
Handle podman-remote run --rm
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
We need to remove the container after it has exited for
podman-remote run --rm commands. If we don't remove this
container at this step, we open ourselves up to race conditions.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
|
|
|
| |
- fix the bud podman not using specified --directory as signature storage.
- use manifest and image referce to set repo@digest.
close #6994
close #6993
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |
|
|
|
|
|
| |
`podman image search` returned wrong results for the image "Description" as
it was mapped to the wrong field ("ID") in the search results.
Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There are many use cases where you want to just mount an image
without creating a container on it. For example you might want
to just examine the content in an image after you pull it for
security analysys. Or you might want to just use the executables
on the image without running it in a container.
The image is mounted readonly since we do not want people changing
images.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
podman play kube didn't set host ip correctly from YAML
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |
|
|
| |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When an image has no name/tag system df will
error because it tries to parse an empty name.
This commit makes sure we only parse non
empty names and set the repository and tag
to "<none>" otherwise.
Closes #7015
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |
|
|
|
|
|
|
| |
the code got lost in the migration to podman 2.0, reintroduce it.
Closes: https://github.com/containers/podman/issues/6989
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Add a `context.Context` to the log APIs to allow for cancelling
streaming (e.g., via `podman logs -f`). This fixes issues for
the remote API where some go routines of the server will continue
writing and produce nothing but heat and waste CPU cycles.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the advent of Podman 2.0.0 we crossed the magical barrier of go
modules. While we were able to continue importing all packages inside
of the project, the project could not be vendored anymore from the
outside.
Move the go module to new major version and change all imports to
`github.com/containers/libpod/v2`. The renaming of the imports
was done via `gomove` [1].
[1] https://github.com/KSubedi/gomove
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
Print errors from individual containers in pods
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The infra/abi code for pods was written in a flawed way, assuming
that the map[string]error containing individual container errors
was only set when the global error for the pod function was nil;
that is not accurate, and we are actually *guaranteed* to set the
global error when any individual container errors. Thus, we'd
never actually include individual container errors, because the
infra code assumed that err being set meant everything failed and
no container operations were attempted.
We were originally setting the cause of the error to something
nonsensical ("container already exists"), so I made a new error
indicating that some containers in the pod failed. We can then
ignore that error when building the report on the pod operation
and actually return errors from individual containers.
Unfortunately, this exposed another weakness of the infra code,
which was discarding the container IDs. Errors from individual
containers are not guaranteed to identify which container they
came from, hence the use of map[string]error in the Pod API
functions. Rather than restructuring the structs we return from
pkg/infra, I just wrapped the returned errors with a message
including the ID of the container.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \
| |/
|/| |
Fix `system service` panic from early hangup in events
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We weren't actually halting the goroutine that sent events, so it
would continue sending even when the channel closed (the most
notable cause being early hangup - e.g. Control-c on a curl
session). Use a context to cancel the events goroutine and stop
sending events.
Fixes #6805
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |/
|
|
|
|
|
|
| |
In the API, we are currently returning the image time of creation
as a string, in time.Time format. The API is for a 64 bit integer
representing Unix time.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
container: move volume chown after spec generation
|
