| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
Add an error return to it and affected callers.
Should not affect behavior, the function can't currently fail.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The previous code fails on a MAC when opening /dev/stdout
Fixes: https://github.com/containers/podman/issues/12402
[NO NEW TESTS NEEDED] No easy way to test this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add a note to the generated kube yaml if we detect a
volume is being mounted. The note lets the user know
what needs to be done to avoid permission denied error
when trying to access the volume for an unprivileged
container.
Add the same note to the man pages.
NO NEW TESTS NEEDED
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Make sure that the value is only set if specified on the CLI. c/image
already defaults to true but if set in the system context, we'd skip
settings in the registries.conf.
Backport of commit ff31f2264da.
Fixes: #11933
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
| |
Fixes #12363
Signed-off-by: Jakub Dzon <jdzon@redhat.com>
|
| |
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
| |
|
|
|
|
|
| |
This PR fixes the case when the API return HTTP 409 response. Where the
API return the body format different then for other HTTP error codes.
Signed-off-by: Ondra Machacek <omachace@redhat.com>
|
| |
|
|
|
|
| |
[NO TESTS NEEDED]
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Following commit makes sure when buildah tag is invoked on a manifest
list, it tags the same manifest list instead of resolving to an image and
tagging it.
Backporting https://github.com/containers/podman/pull/12057
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Podman stats is not supported for rootless cgroupv1 setups. The check
for this must be on the server side and not the client.
[NO NEW TESTS NEEDED] we cannot test this because remote and server are
always on the same machine in CI
Fixes #11909
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When using play kube and generate kube, we need to support if bind
mounts have selinux options. As kubernetes does not support selinux in
this way, we tuck the selinux values into a pod annotation for
generation of the kube yaml. Then on play, we check annotations to see
if a value for the mount exists and apply it.
Fixes BZ #1984081
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Following commit ensures we silently return container id on `stop` if
container was never created in OCI runtime.
Following behaviour ensures that we are in parity with docker.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
If the command came from the underlying image, then we should
not include it in the generate yaml file.
Fixes: https://github.com/containers/podman/issues/11672
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
| |
When performing an image build with play kube, we need to set the
context directory so things like file copies have the correct input
path.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enforce the removal of signatures in `podman save` to restore behavior
prior to the migration to libimage. We may consider improving on that
in the future. For details, please refer to the excellent summary by
@mtrmac [1].
[NO TESTS NEEDED] - manually verified but exisiting tests need some
further investigation (see [1]).
[1] https://github.com/containers/podman/pull/11669#issuecomment-925250264
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's a potential race around extremely short-running
containers and events with journald. Events may not be written
for some time (small, but appreciable) after they are received,
and as such we can fail to retrieve it if there is a sufficiently
short time between us writing the event and trying to read it.
Work around this by just retrying, with a 0.25 second delay
between retries, up to 4 times.
[NO TESTS NEEDED] because I have no idea how to reproduce this
race in CI.
Fixes #11633
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
|
|
|
|
|
|
| |
At this point and even though we are always improving the play and
generate kube functions, I would say it no longers needs to be denoted
as under development.
[NO TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Fix a bug when remotely untagging an image via tag@digest.
The digest has been lost in the remote client and hence led
to a wrong behaviour on the server.
Fixes: #11557
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When no name is given for podman container runlabel it will default to
the image base name. However this can contain a tag. Since podman does
not accept container names with a colon the run command will fail if it
contains something like `podman run --name NAME ...`.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2004263
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 72534a74b3c2ff35ae1711a890406a6bce5fa44f)
|
| |
|
|
|
|
|
|
| |
when running on a systemd with systemd, always try to move the pause
process to its own scope.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 9c1e27fdd536f6026efe3da4360755a3e9135ca8)
|
| |
|
|
|
|
|
|
| |
we already know the path to the pause PID file, no need to calculate
it again.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit fa9728c5509f1ef3bb1c80055e89b910d9740efd)
|
| |
|
|
| |
Signed-off-by: Jason Greene <jason.greene@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit 21f396de6f5024abbf6edd2ca63edcb1525eefcc.
Changing the log endpoint is a breaking change we should not do in 3.4.
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Kubernetes has a concept of init containers that run and exit before
the regular containers in a pod are started. We added init containers
to podman pods as well. This patch adds support for generating init
containers in the kube yaml when a pod we are converting had init
containers. When playing a kube yaml, it detects an init container
and creates such a container in podman accordingly.
Note, only init containers created with the init type set to "always"
will be generated as the "once" option deletes the init container after
it has run and exited. Play kube will always creates init containers
with the "always" init container type.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\
| |
| | |
fix play kube can't use infra_image in config file
|
| | |
| |
| |
| | |
Signed-off-by: Chen Zhiwei <zhiweik@gmail.com>
|
| |\ \
| | |
| | | |
container inspect: improve error handling
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Improve the error handling of `container inspect` to properly handle
when the container has been removed _between_ the lookup and the
inspect. That will yield the correct "no such object" error message in
`inspect`.
[NO TESTS NEEDED] since I do not know have a reliable and cheap
reproducer. It's fixing a CI flake, so there's already an indicator.
Fixes: #11392
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
fix play kube --network options
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commit 092902b45555 introduced advanced network options for podman play
kube. However this never worked because it unconditionally set the
network mode to bridge after it parsed the network option.
Added a test to ensure the correct mode is set.
Truly fixes #10807
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Add filtering functionality to http api secrets list
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
Filtering is missing in both compat API and libpod API, while docker
has filtering functinality. This commit enables filtering option using
name and id in both libpod and http API.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |\ \ \
| |_|/
|/| | |
kube: Add support for `podman pod logs`.
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Following PR adds support for `kubectl` like `pod logs` to podman.
Usage `podman pod logs <podIDorName` gives a stream of logs for all
the containers within the pod with **containername** as a field.
Just like **`kubectl`** also supports `podman pod logs -c ctrIDorName podIDorName`
to limit the log stream to any of the specificied container which belongs to pod.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |/
|
|
|
|
|
|
|
| |
Handle custom restart policies of containers when generating the unit
files; those should be set on the unit level and removed from ExecStart
flags.
Fixes: #11438
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Following PR makes sure that `podman manifest rm <list>` only removes
the named manifest list and not referenced images.
Bumping and squashing c/common to v0.43.3-0.20210902095222-a7acc160fb25
in same commit in order to make sure build commit test passes.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a container is configured for auto removal podman stop should still
do cleanup, there is no guarantee the the cleanup process spawned by
conmon will be successful. Also a user expects after podman stop that
the network/mounts are cleaned up. Therefore podman stop should not return
early and instead do the cleanup and ignore errors if the container was
already removed.
[NO TESTS NEEDED] I don't know how to test this.
Fixes #11384
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
InfraContainer should go through the same creation process as regular containers. This change was from the cmd level
down, involving new container CLI opts and specgen creating functions. What now happens is that both container and pod
cli options are populated in cmd and used to create a podSpecgen and a containerSpecgen. The process then goes as follows
FillOutSpecGen (infra) -> MapSpec (podOpts -> infraOpts) -> PodCreate -> MakePod -> createPodOptions -> NewPod -> CompleteSpec (infra) -> MakeContainer -> NewContainer -> newContainer -> AddInfra (to pod state)
Signed-off-by: cdoern <cdoern@redhat.com>
|
| |\
| |
| | |
teardown play kube
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
add the ability for play kube to tear down based on the yaml used to
play it. it is indicated by --down in the play kube command. volumes
are NOT deleted during the teardown. pods and their containers are
stopped and removed.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
Fix file descriptor leaks in bindings and add test
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add response.Body.Close() where needed to release HTTP
connections to API server.
* Add tests to ensure no general leaks occur. 100% coverage would be
required to ensure no leaks on any call.
* Update code comments to be godoc correct
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \
| |/
|/| |
libpod/Container.readFromJournal(): don't skip the first entry
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In libpod/logs.LogLine.Write(), don't write a newline to stdout/stderr
when the log message is only part of a line.
In libpod.ConmonOCIRuntime.HTTPAttach(), don't send a newline over the
HTTP connection when the log message is only part of a line.
In pkg/api/handlers/compat.LogsFromContainer(), don't send a newline
over the HTTP connection when the log message is only part of a line,
and don't make doing so conditional on whether or not the client used
the docker or podman endpoint.
In pkg/domain/infra/tunnel.ContainerEngine.ContainerLogs(), don't add
our own newline to log messages, since they already come through from
the server when they need to.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement a new network interface to abstract CNI from libpod. The
interface is implemented for the CNI backend but in the future we can
add more backends.
The code is structured in three new packages:
- `libpod/network/types`: contains the interface definition
and the necessary types for it.
- `libpod/network/cni` contains the interface implementation for the CNI
backend.
- `libpod/network/util` a set of utility functions related to
networking.
The CNI package uses ginkgo style unit tests. To test Setup/Teardown the
test must be run as root. Each test will run in their own namespace to
make the test independent from the host environment.
New features with the CNI backend:
- The default network will be created in memory if it does not exists on
disk.
- It can set more than one static IP per container network.
- Networks are loaded once from disk and only if this interface is
used, e.g. for commands such as `podman info` networks are not loaded.
This reduces unnecessary disk IO.
This commit only adds the interface it is not wired into libpod. This
requires a lot of breaking changes which will be done in a followup
commit.
Once this is integrated into libpod the current network code under
`libpod/network` should be removed. Also the dependency on OCICNI
should be dropped.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\
| |
| | |
volumes: Add support for `volume export` which allows exporting content to external path.
|
| | |
| |
| |
| |
| |
| |
| | |
Adds support for transferring data between systems and backing up systems.
Use cases: recover from disasters or move data between machines.
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
|
| |/
|
|
|
|
|
|
|
| |
Add a new flag `--memory-profile=$path` which creates a memory profile.
The generated profile can later be analyzed via `go tool pprof`.
[NO TESTS NEEDED] since it's a hidden flag, devs-only.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
| |
When playing a kube YAML file, it can be desirable to be able to build
an image on the fly. This is good for development of an image and YAML
files and somewhat mocks what compose does.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
