summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Do not use "true" after "syslog" in exit commandsMatthew Heon2020-12-07
| | | | | | | | | | | | | | | | | | | | | Instead of being interpreted as an argument to the boolean flag, the 'true' is being intepreted as the Podman command to be run - so we're trying to run `podman true`, which does not exist. This causes the cleanup command to fail when `--log-level=debug` is set, so containers are not cleaned up or removed. This problem is easily reproduced with any command combining the `--rm`, `-d`, and `--log-level=debug` flags - the command will execute and exit, but the container will not be removed. Separate, but worth looking into later: the errors we get on trying `podman true` with any flags are terrible - if you just type `podman true` you get a quite sane "Unrecognized command" error, but if you try `podman true --rm` you get an "unknown flag --rm" error - which makes very little sense given the command itself doesn't exist. Signed-off-by: Matthew Heon <mheon@redhat.com>
* target is not tagbaude2020-12-07
| | | | | | remove mistaken use of target being used for tag Signed-off-by: baude <bbaude@redhat.com>
* Use Libpod tmpdir for pause pathMatthew Heon2020-12-07
| | | | | | | | | | | | | | | | | | | | | Previously, we always computed pause path from the Rootless runtime directory. Problem: this does not match the behavior of Libpod when the directory changes. Libpod will continue to use the previous directory, cached in the database; Pause pidfiles will swap to the new path. This is problematic when the directory needs to exist to write the pidfile, and Libpod is what creates the directory. There are two potential solutions - allow the pause pidfile to move and just make the directory when we want to write it, or use the cached Libpod paths for a guaranteed location. This patch does the second, because it seems safer - we will never miss a previously-existing pidfile because the location is now consistent. Fixes #8539 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Change bindings to stop two API calls for pingJhon Honce2020-12-07
| | | | | | * existing code caused an unnecessary 301 redirect Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Support --network=default as if it was privateDaniel J Walsh2020-12-07
| | | | | | | | | | | | Docker defines an option of "default" which means to use the default network. We should support this with the same code path as --network="". This is important for compatibility with the Docker API. Fixes: https://github.com/containers/podman/issues/8544 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Use PasswordCallback instead of Password for sshAnders F Björklund2020-12-07
| | | | | | | Currently asking for login password, even if not supported by the ssh server. So wait with prompt until actually requested. Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* Close image rawSource when each loop endsQi Wang2020-12-07
| | | | | | | Previously close rawSouce in the middle makes future use of rawSource invalid. Move the rawSource.Close() to the end of each loop. Signed-off-by: Qi Wang <qiwan@redhat.com>
* container create: do not clear image nameValentin Rothberg2020-12-07
| | | | | | | | | | When creating a container, do not clear the input-image name before looking up image names. Also add a regression test. Fixes: #8558 Signed-off-by: Valentin Rothberg <rothberg@redhat.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* Docker compat API - containers create ignores the nameMilivoje Legenovic2020-12-07
| | | | | | /containers/create compat endpoint does not set the name correctly (#7857) Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* Do not mount sysfs as rootless in more casesMatthew Heon2020-12-07
| | | | | | | | | | | | We can't mount sysfs as rootless unless we manage the network namespace. Problem: slirp4netns is now creating and managing a network namespace separate from the OCI runtime, so we can't mount sysfs in many circumstances. The `crun` OCI runtime will automatically handle this by falling back to a bind mount, but `runc` will not, so we didn't notice until RHEL gating tests ran on the new branch. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #8465 from rhatdan/pullOpenShift Merge Robot2020-11-30
|\ | | | | Document docker transport is the only supported remote transport
| * Document docker transport is the only supported remote transportDaniel J Walsh2020-11-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The goal is to improve errors when users use the wrong transport in certain cases we stutter, in other cases we don't give enough information. Remove stutters when failing to pull remote images, because of lack of support. Fix errors returned by reference.Parse to wrap in image that was being checked. Fixes: https://github.com/containers/podman/issues/7116 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8514 from Luap99/revert-8410-fix-multiple-networksOpenShift Merge Robot2020-11-30
|\ \ | | | | | | Revert "Allow multiple --network flags for podman run/create"
| * | Revert "Allow multiple --network flags for podman run/create"Luap992020-11-30
| |/ | | | | | | | | | | | | | | | | As described in issue #8507 this commit contains a breaking change which is not wanted in v2.2. We can discuss later if we want this in 3.0 or not. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8230 from mheon/port_net_host_conflictOpenShift Merge Robot2020-11-30
|\ \ | | | | | | Ensure that --net=host/pod/container conflicts with -p
| * | Ensure that --net=host/pod/container/none warn with -pMatthew Heon2020-11-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Setting port mappings only works when CNI is configuring our network (or slirp4netns, in the rootless case). This is not the case with `--net=host`, `--net=container:`, and joining the network namespace of the pod we are part of. Instead of allowing users to do these things and then be confused why they do nothing, let's match Docker and return a warning that your port mappings will do nothing. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge branch 'master' into patch-1jortkoopmans2020-11-30
|\ \ \ | | |/ | |/|
| * | Add support for persistent volume claims in kube filesAlban Bedel2020-11-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In k8s a persistent volume claim (PVC) allow pods to define a volume by referencing the name of a PVC. The PVC basically contains criterias that k8s then use to select which storage source it will use for the volume. Podman only provide one abtracted storage, the named volumes, and create them if they don't exists yet. So this patch simply use a volume with the name of the PVC. Signed-off-by: Alban Bedel <albeu@free.fr>
| * | Prepare support in kube play for other volume types than hostPathAlban Bedel2020-11-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace the simple map of names to paths with a map of names to a struct to allow passing more parameters. Also move the code to parse the volumes to its own file to avoid making the playKubePod() function overly complex. Finally rework the kube volumes test to also be ready to support more volume types. Signed-off-by: Alban Bedel <albeu@free.fr>
| * | Merge pull request #8487 from riyad/fix-ping-typoOpenShift Merge Robot2020-11-26
| |\ \ | | | | | | | | REST API v2 - ping - fix typo in header
| | * | REST API v2 - ping - fix typo in headerRiyad Preukschas2020-11-25
| | | | | | | | | | | | | | | | Signed-off-by: Riyad Preukschas <riyad@informatik.uni-bremen.de>
| * | | Merge pull request #8486 from riyad/improve-ping-api-compatOpenShift Merge Robot2020-11-26
| |\ \ \ | | | | | | | | | | REST API v2 - ping - remove newline from response to improve Docker compatibility
| | * | | REST API v2 - ping - remove newline from response to improve Docker ↵Riyad Preukschas2020-11-25
| | |/ / | | | | | | | | | | | | | | | | | | | | compatibility Signed-off-by: Riyad Preukschas <riyad@informatik.uni-bremen.de>
| * / / Do not validate the volume source path in specgenPaul Holzinger2020-11-26
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The volume src path should not be validated in specgen since the remote client also uses that part and the path must only exists on the server. This now fails later and only on the server and not the client. I don't think I can add a test for this because the CI runs server and client always on the same vm. Fixes #8473 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * | Refactor compat container create endpointJhon Honce2020-11-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Make endpoint compatibile with docker-py network expectations * Update specgen helper when called from compat endpoint * Update godoc on types * Add test for network/container create using docker-py method * Add syslog logging when DEBUG=1 for tests Fixes #8361 Signed-off-by: Jhon Honce <jhonce@redhat.com>
| * | Merge pull request #8409 from mlegenovic/masterOpenShift Merge Robot2020-11-23
| |\ \ | | | | | | | | Docker compat API fixes
| | * | [WIP] Docker compat API fixesMilivoje Legenovic2020-11-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These are the first fixes that are needed for development environments like Eclipse or IntelliJ that have Docker plug-ins and use the Docker API to speak with container engine (#7857) Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
| * | | Merge pull request #8263 from rhatdan/restartOpenShift Merge Robot2020-11-23
| |\ \ \ | | |/ / | |/| | Allow containers to --restart on-failure with --rm
| | * | Allow containers to --restart on-failure with --rmDaniel J Walsh2020-11-20
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | Merge pull request #8429 from psakar/fix-json-capabilitiesOpenShift Merge Robot2020-11-21
| |\ \ \ | | | | | | | | | | APIv2 - strip CAP_ prefix from capabilities in inspect container json
| | * | | APIv2 - strip CAP_ prefix from capabilities in jsonPetr Sakař2020-11-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | strip prefix "CAP_" from capabilities in json generated by container inspect operation Signed-off-by: Petr Sakař <petr.sakar@chare.eu>
| * | | | Merge pull request #8410 from Luap99/fix-multiple-networksOpenShift Merge Robot2020-11-21
| |\ \ \ \ | | | | | | | | | | | | Allow multiple --network flags for podman run/create
| | * | | | Allow multiple --network flags for podman run/createPaul Holzinger2020-11-20
| | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We allow a container to be connected to several cni networks but only if they are listed comma sperated. This is not intuitive for users especially since the flag parsing allows multiple string flags but only would take the last value. see: spf13/pflag#72 Also get rid of the extra parsing logic for pods. The invalid options are already handled by `pkg/specgen`. A test is added to prevent a future regression. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * | | | Merge pull request #8423 from psakar/fix-8418OpenShift Merge Robot2020-11-20
| |\ \ \ \ | | |_|/ / | |/| | | REST API v2 - list of images - mandatory Created attribute
| | * | | REST API v2 - list of images - mandatory Created attributePetr Sakař2020-11-20
| | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | fixes https://github.com/containers/podman/issues/8418 created attribute is missing for images with created datetime set to 0 Unix time (January 1, 1970 UTC) because 0 is considered as default value, and thus attribute was ommited because of 'omitempty' flag Signed-off-by: Petr Sakař <petr.sakar@chare.eu>
| * | | Merge pull request #8406 from jwhonce/issues/8390OpenShift Merge Robot2020-11-20
| |\ \ \ | | | | | | | | | | Make podman service log events
| | * | | Make podman service log eventsJhon Honce2020-11-19
| | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Log endpoint calls at level Info * Ensure API server started at level Info Fixes #8390 Signed-off-by: Jhon Honce <jhonce@redhat.com>
| * / / Document containers.conf settings for remote connectionsDaniel J Walsh2020-11-19
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we don't document which end of the podman-remote client server operations uses the containers.conf. This PR begins documenting this and then testing to make sure the defaults follow the rules. Fixes: https://github.com/containers/podman/issues/7657 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / / squashjortkoopmans2020-11-25
|/ / | | | | | | Signed-off-by: jortkoopmans <jort@jabo-solutions.eu>
* | Merge pull request #8391 from baude/networkconnectdisconnectOpenShift Merge Robot2020-11-19
|\ \ | | | | | | add network connect|disconnect compat endpoints
| * | add network connect|disconnect compat endpointsbaude2020-11-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this enables the ability to connect and disconnect a container from a given network. it is only for the compatibility layer. some code had to be refactored to avoid circular imports. additionally, tests are being deferred temporarily due to some incompatibility/bug in either docker-py or our stack. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8379 from rhatdan/remote2OpenShift Merge Robot2020-11-18
|\ \ \ | | | | | | | | Remove build \!remote flags from test phase 2
| * | | Remove build \!remote flags from test phase 2Daniel J Walsh2020-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add some more tests, document cases where remote will not work Add FIXMEs for tests that should work on podman-remote but currently do not. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | podman-remote network rm --force is brokenDaniel J Walsh2020-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The --force parameter was not being handled correctly. This is leading to some race conditions in testing failures. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Align the podman pod ps --filter behavior with podman psPaul Holzinger2020-11-18
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | Filters with the same key work inclusive with the only exception being `label` which is exclusive. Filters with different keys always work exclusive. Also update the documentation with the new behavior. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8376 from Luap99/podman-filtersOpenShift Merge Robot2020-11-18
|\ \ \ | |/ / |/| | Align the podman ps --filter behavior with docker
| * | Align the podman ps --filter behavior with dockerPaul Holzinger2020-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All of our filters worked exclusive resulting in `--filter status=created --filter status=exited` to return nothing. In docker filters with the same key work inclusive with the only exception being `label` which is exclusive. Filters with different keys always work exclusive. This PR aims to match the docker behavior with podman. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8355 from baude/compatnetworkconnectdisconnectOpenShift Merge Robot2020-11-17
|\ \ \ | | | | | | | | add network connect|disconnect compat endpoints
| * | | add network connect|disconnect compat endpointsbaude2020-11-17
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this enables the ability to connect and disconnect a container from a given network. it is only for the compatibility layer. some code had to be refactored to avoid circular imports. additionally, tests are being deferred temporarily due to some incompatibility/bug in either docker-py or our stack. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8363 from AlbanBedel/play-kube-create-onlyOpenShift Merge Robot2020-11-17
|\ \ \ | | | | | | | | Add an option to control if play kube should start the pod