summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* enable remote image treeBrent Baude2020-05-13
| | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* cgroup: skip unified if we are using v1Peter Hunt2020-05-12
| | | | | | | | There exists a chance for a node to be booted in v1, but have reminents of v2. An example is this CRI-O ci run: https://deck-ci.apps.ci.l2s4.p1.openshiftapps.com/view/gcs/origin-federated-results/pr-logs/pull/cri-o_cri-o/3565/test_pull_request_crio_critest_fedora/11243/ We fail because we are incorrectly writing to the unified path, because we are v1. We should not write to the unified path if we are v1 Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Merge pull request #6182 from baude/v2remotedfOpenShift Merge Robot2020-05-12
|\ | | | | add podman remote system df
| * add podman remote system dfBrent Baude2020-05-12
| | | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6154 from baude/v2signOpenShift Merge Robot2020-05-12
|\ \ | | | | | | v2podman image sign
| * | v2podman image signBrent Baude2020-05-11
| | | | | | | | | | | | | | | | | | this is a straight port to add the podman image sign command. no improvements or refactoring done Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6181 from baude/v2remoteportOpenShift Merge Robot2020-05-12
|\ \ \ | |_|/ |/| | add port to podman remote command
| * | add port to podman remote commandBrent Baude2020-05-11
| |/ | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6101 from sujil02/systemreset-v2OpenShift Merge Robot2020-05-12
|\ \ | | | | | | Adds tunnel routes for system reset.
| * | Adds tunnel routes for system reset.Sujil022020-05-11
| | | | | | | | | | | | | | | | | | | | | | | | Adds tunnel routes for system reset. Makes forces flag local as options are not propogated down the stack. Adds relevant test cases and swagger docs. Signed-off-by: Sujil02 <sushah@redhat.com>
* | | auto-update: support authfilesValentin Rothberg2020-05-12
| |/ |/| | | | | | | | | | | | | | | | | Support using custom authfiles for auto updates by adding a new `--authfile` flag and passing it down into the backend. Also do some minor fixes in the help text and the man page. Fixes: #6159 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | spec: fix order for setting rlimitsGiuseppe Scrivano2020-05-11
| | | | | | | | | | | | | | also make sure that the limits we set for rootless are not higher than what we'd set for root containers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #6151 from lsm5/tests-apiv2-inspect-removeOpenShift Merge Robot2020-05-10
|\ \ | |/ |/| bindings tests for container remove and inspect
| * bindings tests for container remove and inspectLokesh Mandvekar2020-05-08
| | | | | | | | Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | Merge pull request #6148 from jwhonce/wip/versionOpenShift Merge Robot2020-05-09
|\ \ | | | | | | V2 Implement tunnelled podman version
| * | V2 Impliment tunnelled podman versionJhon Honce2020-05-08
| | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #6147 from mheon/fix_inspect_annotationsDaniel J Walsh2020-05-09
|\ \ \ | |/ / |/| | Add remaining annotations for `podman inspect`
| * | Add remaining annotations for `podman inspect`Matthew Heon2020-05-08
| |/ | | | | | | | | | | This should finish support for `podman inspect` in APIv2. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* / v2 podman unshare commandBrent Baude2020-05-08
|/ | | | | | | | | | add unshare command add cp and init to container sub-command allow mount to run as rootless Signed-off-by: Brent Baude <bbaude@redhat.com>
* Fix `podman pod create --infra=false`Matthew Heon2020-05-08
| | | | | | | | We were accidentally setting incorrect defaults for the network namespace for rootless `pod create` when infra containers were not being created. This should resolve that issue. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6118 from baude/v2bindingsenforceOpenShift Merge Robot2020-05-08
|\ | | | | set binding tests to required
| * set binding tests to requiredBrent Baude2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | some small fix ups for binding tests and then make them required. update containers-common V2 bindings tests were failing because of changes introduced in commit a2ad5bb. Fix some typos. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org> in the case where the specgen attribute for Env and Labels are nil, we should should then make the map IF we have labels and envs that need to be added. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6141 from giuseppe/rootless-fixOpenShift Merge Robot2020-05-08
|\ \ | | | | | | abi: do not attempt to setup rootless if euid==0
| * | abi: do not attempt to setup rootless if euid==0Giuseppe Scrivano2020-05-08
| | | | | | | | | | | | | | | | | | if the process has already euid==0 do not attempt to setup rootless. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #6124 from mheon/fix_rootless_podcreateOpenShift Merge Robot2020-05-08
|\ \ \ | | | | | | | | Fix parsing of --network for `podman pod create`
| * | | Fix parsing of --network for `podman pod create`Matthew Heon2020-05-07
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | Interpreting CNI networks was a bit broken, and it was causing rootless `podman pod create` to fail. Also, we were missing the `--net` alias for `--network`, so add that. Fixes #6119 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6121 from vrothberg/v2-auto-updateOpenShift Merge Robot2020-05-08
|\ \ \ | |_|/ |/| | auto-update
| * | auto-updateValentin Rothberg2020-05-08
| |/ | | | | | | | | | | | | Add the `podman auto-update` command. There have been no tests in v1, so there are no in v2 either ... for now :) Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6117 from vrothberg/v2-runlabelOpenShift Merge Robot2020-05-08
|\ \ | |/ |/| container runlabel
| * container runlabelValentin Rothberg2020-05-07
| | | | | | | | | | | | Implement container runlabel for v2. Local client only. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | podman: split env variables in env and overridesGiuseppe Scrivano2020-05-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | There are three different priorities for applying env variables: 1) environment/config file environment variables 2) image's config 3) user overrides (--env) The third kind are known to the client, while the default config and image's config is handled by the backend. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #5961 from QiWang19/manifest-remove-pushOpenShift Merge Robot2020-05-07
|\ \ | | | | | | Manifest remove, push
| * | Manifest remove, pushQi Wang2020-05-06
| | | | | | | | | | | | | | | | | | Implements podman manifest remove and podman manifest push. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | v2trust set and showbaude2020-05-07
| |/ |/| | | | | | | | | | | | | add podman image trust set and show Signed-off-by: baude <bbaude@redhat.com> Signed-off-by: bbaude <bbaude@DESKTOP-SH5EG3J.localdomain> Signed-off-by: Brent Baude <bbaude@redhat.com>
* | add {generate,play} kubeValentin Rothberg2020-05-06
|/ | | | | | | | | | | | | | | | | | | Add the `podman generate kube` and `podman play kube` command. The code has largely been copied from Podman v1 but restructured to not leak the K8s core API into the (remote) client. Both commands are added in the same commit to allow for enabling the tests at the same time. Move some exports from `cmd/podman/common` to the appropriate places in the backend to avoid circular dependencies. Move definitions of label annotations to `libpod/define` and set the security-opt labels in the frontend to make kube tests pass. Implement rest endpoints, bindings and the tunnel interface. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6096 from mheon/fix_small_issuesOpenShift Merge Robot2020-05-06
|\ | | | | Add small fixes for 'podman run' from diffing inspect
| * Add small fixes for 'podman run' from diffing inspectMatthew Heon2020-05-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To try and identify differences between Podman v1.9 and master, I ran a series of `podman run` commands with various flags through each, then inspecting the resulting containers and diffed the inspect JSON between each. This identified a number of issues which are fixed in this PR. In order of discovery: - Podman v2 gave short names for images, where Podman v1 gave the fully-qualified name. Simple enough fix (get image tags and use the first one if they're available) - The --restart flag was not being parsed correctly when a number of retries was specified. Parsing has been corrected. - The -m flag was not setting the swap limit (simple fix to set swap in that case if it's not explicitly set by the user) - The --cpus flag was completely nonfunctional (wired in its logic) Tests have been added for all of these to catch future regressions. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6063 from QiWang19/manifest-annotateOpenShift Merge Robot2020-05-06
|\ \ | | | | | | manifest annotate
| * | manifest annotateQi Wang2020-05-05
| |/ | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #6081 from baude/v2systemOpenShift Merge Robot2020-05-05
|\ \ | |/ |/| v2 system subcommand
| * v2 system subcommandbaude2020-05-05
| | | | | | | | | | | | | | | | | | | | add system df, info, load, renumber, and migrate Refactor for specialized libpod engines add the ability to prune images, volumes, containers, and pods Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #6080 from baude/v2statsOpenShift Merge Robot2020-05-05
|\ \ | | | | | | v2 podman stats
| * | v2 podman statsbaude2020-05-05
| | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #6076 from vrothberg/rmi-v2.2OpenShift Merge Robot2020-05-05
|\ \ \ | |_|/ |/| | image removal: refactor part 2
| * | image removal: refactor part 2Valentin Rothberg2020-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Continue the refactoring of image removal. I didn't manage to break all the following changes into smaller and easier to digest commits due to time constraints: * Return an error slice instead of a single error. Use multierror only in the client/frontend. Reflect that in the types. * Use the batch image removal in the client while preserving the more rest-idiomatic single-image removal endpoint. * Add a new handler for the single-image removal endpoint to make it share the same code as the batch endpoint. * Expose bindings for the single and batch endpoints, so we can properly test them. * Add several convenience functions for error handling to pkg/errorhandling. * Set the correct error type in libpod to set the exit code to 2 when one or more containers are using an image. * Massage the bindings tests a bit and tackle compilation errors. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Rework port parsing to support --expose and -PMatthew Heon2020-05-04
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As part of this, make a major change to the type we use to represent port mappings in SpecGen (from using existing OCICNI structs to using our own custom one). This struct has the advantage of supporting ranges, massively reducing traffic over the wire for Podman commands using them (for example, the `podman run -p 5000-6000` command will now send only one struct instead of 1000). This struct also allows us to easily validate which ports are in use, and which are not, which is necessary for --expose. Once we have parsed the ports from the new struct, we can produce an accurate map including all currently requested ports, and use that to determine what ports need to be exposed (some requested exposed ports may already be included in a mapping from --publish and will be ignored) and what open ports on the host we can map them to. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6051 from rhatdan/containers.confOpenShift Merge Robot2020-05-04
|\ \ | | | | | | Fixes for test/e2e/containers_conf_test.go
| * | Fix errors found in coverity scanDaniel J Walsh2020-05-01
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | cgroupsns was not following containers.confDaniel J Walsh2020-05-01
| | | | | | | | | | | | | | | | | | Implement ParseCgroupsNamespace to handle defaults. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | Properly handle default capabilities listed in containers.confDaniel J Walsh2020-05-01
| | | | | | | | | | | | | | | | | | | | | If user/admin specifies a different list of default capabilties we need to honor these. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>