summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Merge pull request #10939 from Luap99/rootless-cniOpenShift Merge Robot2021-07-15
|\ | | | | Fix race conditions in rootless cni setup
| * Fix race conditions in rootless cni setupPaul Holzinger2021-07-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There was an race condition when calling `GetRootlessCNINetNs()`. It created the rootless cni directory before it got locked. Therefore another process could have called cleanup and removed this directory before it was used resulting in errors. The lockfile got moved into the XDG_RUNTIME_DIR directory to prevent a panic when the parent dir was removed by cleanup. Fixes #10930 Fixes #10922 To make this even more robust `GetRootlessCNINetNs()` will now return locked. This guarantees that we can run `Do()` after `GetRootlessCNINetNs()` before another process could have called `Cleanup()` in between. [NO TESTS NEEDED] CI is flaking, hopefully this will fix it. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #10937 from vrothberg/auto-updateOpenShift Merge Robot2021-07-15
|\ \ | | | | | | auto-update: add --dry-run
| * | auto-update: add --dry-runValentin Rothberg2021-07-15
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a --dry-run flag to `podman auto-update` which will look for new images but won't perform any pull or restart any service or container. The "UPDATED" column will now indicate the availability of a newer image via "pending". ``` $ podman auto-update --dry-run UNIT CONTAINER IMAGE POLICY UPDATED container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false ``` Fixes: #9949 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #10913 from rhatdan/buildOpenShift Merge Robot2021-07-15
|\ \ | |/ |/| podman-remote build use .containerignore over .dockerignore
| * podman-remote build use .containerignore over .dockerignoreDaniel J Walsh2021-07-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | $ mkdir zzz;cd zzz $ printf "FROM quay.io/libpod/testimage:20210610\nCOPY ./ ./\nCOPY subdir ./\n" >Dockerfile $ printf "*\nsubdir\n\!*/sub1*\n" >.dockerignore $ mkdir subdir; touch subdir/sub1.txt $ ../bin/podman-remote build . Should fail, but succeeds because we are not sending over the .dockerignore file to the server side. This PR will send the .dockerignore so the server side and use it. Fixes: #10907 Also if both .containerignore and .dockerignore in the context directory, podman-remote should prefer .containerignore and not use .dockerignore. Fixes: #10908 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10919 from vikas-goel/macvlanOpenShift Merge Robot2021-07-15
|\ \ | |/ |/| Return macvlan object in /network REST API response
| * Return macvlan object in /network REST API responseVikas Goel2021-07-14
| | | | | | | | | | | | Fixes: #10266 Signed-off-by: Vikas Goel <vikas.goel@gmail.com>
* | Merge pull request #10880 from vrothberg/auto-updateOpenShift Merge Robot2021-07-14
|\ \ | | | | | | auto-update: make output more user friendly
| * | auto-update: make output more user friendlyValentin Rothberg2021-07-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The rather raw and scarce output of `podman auto-update` has been a thorn in my eyes for a longer while. So far, Podman would only print updated systemd units, one per line, without further formatting. Motivated by issue #9949 which is asking for some more useful information in combination with a dry-run feature, I sat down and reflected which information may come in handy. Running `podman auto-update` will now look as follows: ``` $ podman auto-update Trying to pull [...] UNIT CONTAINER IMAGE POLICY UPDATED container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false ``` Also refactor the spaghetti code in the backend a bit to make it easier to digest and maintain. For easier testing and for the sake of consistency with other commands listing output, add a `--format` flag. The man page will get an overhaul in a follow up commit. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | auto update: minor style nitsValentin Rothberg2021-07-13
| | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | auto update: pass through a contextValentin Rothberg2021-07-13
| | | | | | | | | | | | | | | | | | | | | | | | Pass a single context.Context through the call stack. If auto-updates will ever be made available for REST calls, the context will help supporting disconnected clients. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | auto-update: use libimage for image checksValentin Rothberg2021-07-13
| | | | | | | | | | | | | | | | | | | | | Use the `HasDifferentDigest()` method of the image to replace the previous checks if an image needs to be updated. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | auto update: fix authfile detectionValentin Rothberg2021-07-13
| |/ | | | | | | | | | | | | Fix a bug were an authfile label in a container would mistakenly override the authfile path for all subsequent checks. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #10916 from mheon/fix_7360OpenShift Merge Robot2021-07-14
|\ \ | |/ |/| Perform a one-sided close of HTTP attach conn on EOF
| * Perform a one-sided close of HTTP attach conn on EOFMatthew Heon2021-07-13
| | | | | | | | | | | | | | | | | | | | | | On EOF of STDIN, we need to perform a one-sided close of the attach connection on the client side, to ensure that STDIN finishing will also cause the exec session to terminate, instead of hang. Fixes #7360 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Don't exclude Dockerfile, Containerfiles from tar contentDaniel J Walsh2021-07-10
| | | | | | | | | | | | | | | | | | | | | | | | | | If the user specifies "*" in a .dockerignore or a .containerignore then podman-remote build should not exclude the Dockerfile or Containerfile or any content pointed to by `-f` in the context directory. We still need these files on the server side to complete the build. Fixes: https://github.com/containers/podman/issues/9867 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10868 from cdoern/untilLogOpenShift Merge Robot2021-07-10
|\ \ | | | | | | Implemented Until Query Parameter for Containers/logs
| * | Implemented Until Query Parameter for Containers/logscdoern2021-07-09
| | | | | | | | | | | | | | | | | | | | | | | | compat containers/logs was missing actual usage of until query param. fixes #10859 Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #10881 from mheon/remove_getstoreOpenShift Merge Robot2021-07-09
|\ \ \ | | | | | | | | Remove GetStore function from Libpod
| * | | Remove GetStore function from LibpodMatthew Heon2021-07-08
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should not be exposing the store outside of Libpod. We want to encapsulate it as an internal implementation detail - there's no reason functions outside of Libpod should directly be manipulating container storage. Convert the last use to invoke a method on Libpod instead, and remove the function. [NO TESTS NEEDED] as this is just a refactor. Signed-off-by: Matthew Heon <mheon@redhat.com>
* / | Add container config to compat image inspectBrent Baude2021-07-09
|/ / | | | | | | | | | | | | | | | | | | | | With docker-compose, there is a use case where you can `docker-compose up -d`, then change a file like docker-compose.yml and run up again. This requires a ContainerConfig with at least Volumes be populated in the inspect data. This PR adds just that. Fixes: #10795 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #10867 from baude/issue9334OpenShift Merge Robot2021-07-08
|\ \ | |/ |/| Replace old RESTful tutorial with updated README
| * Replace old RESTful tutorial with updated READMEBrent Baude2021-07-07
| | | | | | | | | | | | | | | | | | | | | | Remove outdated information on go bindings. Moved the tips for debugging into the REAME and tidied up relevant links. Fixes: #9334 [CI_DOCS] [NO TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | manifest push --rm: use libimage for removalValentin Rothberg2021-07-07
|/ | | | | | | | | Use libimage for removing the manifest instead of going directly through the store. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #10836 from Luap99/diffOpenShift Merge Robot2021-07-03
|\ | | | | podman diff accept two images or containers
| * podman diff accept two images or containersPaul Holzinger2021-07-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First, make podman diff accept optionally a second argument. This allows the user to specify a second image/container to compare the first with. If it is not set the parent layer will be used as before. Second, podman container diff should only use containers and podman image diff should only use images. Previously, podman container diff would use the image when both an image and container with this name exists. To make this work two new parameters have been added to the api. If they are not used the previous behaviour is used. The same applies to the bindings. Fixes #10649 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #10851 from Luap99/service-reaperOpenShift Merge Robot2021-07-02
|\ \ | | | | | | podman service reaper
| * | podman service reaperPaul Holzinger2021-07-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new service reaper package. Podman currently does not reap all child processes. The slirp4netns and rootlesskit processes are not reaped. The is not a problem for local podman since the podman process dies before the other processes and then init will reap them for us. However with podman system service it is possible that the podman process is still alive after slirp died. In this case podman has to reap it or the slirp process will be a zombie until the service is stopped. The service reaper will listen in an extra goroutine on SIGCHLD. Once it receives this signal it will try to reap all pids that were added with `AddPID()`. While I would like to just reap all children this is not possible because many parts of the code use `os/exec` with `cmd.Wait()`. If we reap before `cmd.Wait()` things can break, so reaping everything is not an option. [NO TESTS NEEDED] Fixes #9777 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Create podman temp dir on machine startbaude2021-07-02
|/ / | | | | | | | | | | | | | | | | | | | | If the tempdir for the OS does not have a podman/, machine start will fail. An example would be after a reboot. We now create the podman dir if it does not exist. Fixes #10824 [NO TESTS NEEDED] Signed-off-by: baude <baude@baudes-Mac-mini.localdomain> Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #10804 from matejvasek/fix-cp-sub-cmdOpenShift Merge Robot2021-07-01
|\ \ | | | | | | Implement --archive flag for podman cp
| * | Implement --archive flag for podman cpMatej Vasek2021-07-01
| |/ | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* / podman: ignore ESRCH from killGiuseppe Scrivano2021-07-01
|/ | | | | | | | Closes: https://github.com/containers/podman/issues/10826 [NO TESTS NEEDED] Fixes a race condition Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Handle advanced --network options in podman play kubeDaniel J Walsh2021-06-30
| | | | | | | | Since Podman create/run can support this, so should play. Fixes: https://github.com/containers/podman/issues/10807 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #10789 from flouthoc/system-reset-prune-externalOpenShift Merge Robot2021-06-30
|\ | | | | reset: remove external containers on podman system reset
| * reset: remove external containers on podman system resetflouthoc2021-06-30
| | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | Bump github.com/containers/storage from 1.32.3 to 1.32.5Daniel J Walsh2021-06-29
|/ | | | | | | | | | | | | | | | | Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.32.3 to 1.32.5. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.32.3...v1.32.5) --- updated-dependencies: - dependency-name: github.com/containers/storage dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #10736 from trusch/feature-use-secret-configOpenShift Merge Robot2021-06-25
|\ | | | | read secret config from config file if no user data.
| * make DriverOpts name consistent.Tino Rusch2021-06-25
| | | | | | | | Signed-off-by: Tino Rusch <tino.rusch@gmail.com>
| * read secret config from config file if no user data.Tino Rusch2021-06-24
| | | | | | | | | | | | | | | | | | | | | | | | feat: read secret config from config file if the user hasn't entered explicit config values feat: allow to specify `--driver-opts opt1=val1,opt2=val2` in the secret create command to allow overriding the default values fix: show driver options in `podman secret inspect` Signed-off-by: Tino Rusch <tino.rusch@gmail.com>
* | Merge pull request #10774 from vrothberg/registriesOpenShift Merge Robot2021-06-25
|\ \ | | | | | | remove `pkg/registries`
| * | remove `pkg/registries`Valentin Rothberg2021-06-25
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Pull the trigger on the `pkg/registries` package which acted as a proxy for `c/image/pkg/sysregistriesv2`. Callers should be using the packages from c/image directly, if needed at all. Also make use of libimage's SystemContext() method which returns a copy of a system context, further reducing the risk of unintentionally altering global data. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / pkg/systemd: don't require LISTEN_FDNAMES for socket activationTycho Andersen2021-06-24
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | LISTEN_FDNAMES is optional, the docs for sd_listen_fds() says: This information is read from the $LISTEN_FDNAMES variable, which **may** contain a colon-separated list of names. emphasis mine (indeed, the cited coreos code also suggests it is optional). This actually results in bug, since the default /contrib/systemd/system/podman.socket file doesn't set a FileDescriptorName=. podman when run with this systemd configuration *always* starts in unix socket mode since SocketActivated() will return false because the name is missing. The bug is a race with a very small window: between when podman does the unlink() and when it re-binds the socket later in the code, requests made during this time will fail since nothing is listening. There's another small race when the service stops and systemd realizes it and starts listening again. However, small this window we managed to hit it :). Let's fix this by ignoring LISTEN_FDNAMES. Since the code in cmd/podman/system/service_abi.go:restService() ignores this value anyway when setting up the socket activated stuff, there's no real loss here. Signed-off-by: Tycho Andersen <tycho@tycho.pizza>
* Merge pull request #10583 from rhatdan/logOpenShift Merge Robot2021-06-24
|\ | | | | Support log_tag defaults from containers.conf
| * Support log_tag defaults from containers.confDaniel J Walsh2021-06-23
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10204 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10756 from jmguzik/volume-prune-until-http-apiOpenShift Merge Robot2021-06-23
|\ \ | | | | | | Add support for volume prune until filter to http api
| * | Add support for volume prune until filter to http apiJakub Guzik2021-06-22
| |/ | | | | | | | | | | | | | | As stated in #10579 docker silently implements until filter for volume prune. This commit adds initial support to the HTTP API, both libpod and compat. It enables further work on that issue, such as adding cli support in the future. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #10716 from cdoern/podFlagsOpenShift Merge Robot2021-06-23
|\ \ | | | | | | Podman Pod Create --cpus and --cpuset-cpus flags
| * | Podman Pod Create --cpus and --cpuset-cpus flagscdoern2021-06-23
| |/ | | | | | | | | | | | | | | | | | | | | | | Added logic and handling for two new Podman pod create Flags. --cpus specifies the total number of cores on which the pod can execute, this is a combination of the period and quota for the CPU. --cpuset-cpus is a string value which determines of these available cores, how many we will truly execute on. Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | Merge pull request #10610 from cdoern/healthCheckOpenShift Merge Robot2021-06-23
|\ \ | | | | | | Edited compat handling code for containers/json status and added python tests