| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
When using play kube and generate kube, we need to support if bind
mounts have selinux options. As kubernetes does not support selinux in
this way, we tuck the selinux values into a pod annotation for
generation of the kube yaml. Then on play, we check annotations to see
if a value for the mount exists and apply it.
Fixes BZ #1984081
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Jason Greene <jason.greene@redhat.com>
Co-authored-by: Dusty Mabe <dusty@dustymabe.com>
|
| |
|
|
|
|
|
| |
Remind user to check their remote linux connection or use podman
machine. Move the warning from bindings to cmd/podman.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Following commit ensures we silently return container id on `stop` if
container was never created in OCI runtime.
Following behaviour ensures that we are in parity with docker.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |
|
|
|
|
|
| |
Use EvalSymlinks() to find the context directory, in case there's
shenanigans.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The go logic already prevents podman from joining the userns for machine
commands but the c shortcut code did not.
[NO TESTS NEEDED]
Fixes #11731
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
| |
Signed-off-by: Sankalp Rangare <sankalprangare786@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
If the command came from the underlying image, then we should
not include it in the generate yaml file.
Fixes: https://github.com/containers/podman/issues/11672
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
[NO TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| |
|
|
|
|
| |
[NO TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| |
|
|
|
|
|
|
| |
When performing an image build with play kube, we need to set the
context directory so things like file copies have the correct input
path.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enforce the removal of signatures in `podman save` to restore behavior
prior to the migration to libimage. We may consider improving on that
in the future. For details, please refer to the excellent summary by
@mtrmac [1].
[NO TESTS NEEDED] - manually verified but exisiting tests need some
further investigation (see [1]).
[1] https://github.com/containers/podman/pull/11669#issuecomment-925250264
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
Release 3.4.0-rc2 (inc. backports)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently we add the default PATH, TERM and container from Podman
to every kubernetes.yaml file. These values should not be recorded
in the yaml files.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There's a potential race around extremely short-running
containers and events with journald. Events may not be written
for some time (small, but appreciable) after they are received,
and as such we can fail to retrieve it if there is a sufficiently
short time between us writing the event and trying to read it.
Work around this by just retrying, with a 0.25 second delay
between retries, up to 4 times.
[NO TESTS NEEDED] because I have no idea how to reproduce this
race in CI.
Fixes #11633
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
At this point and even though we are always improving the play and
generate kube functions, I would say it no longers needs to be denoted
as under development.
[NO TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Docker adds the `sha256:` prefix to the image ID, so our compat endpoint
has to do this as well.
Fixes #11623
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a bug when remotely untagging an image via tag@digest.
The digest has been lost in the remote client and hence led
to a wrong behaviour on the server.
Fixes: #11557
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When no name is given for podman container runlabel it will default to
the image base name. However this can contain a tag. Since podman does
not accept container names with a colon the run command will fail if it
contains something like `podman run --name NAME ...`.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2004263
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
[NO TESTS NEEDED]
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |/
|
|
|
|
|
| |
Make sure setting machine image to `testing` pulls down the testing
stream, and not the next stream
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\
| |
| | |
[3.4] runtime: move pause process to scope
|
| | |
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 72534a74b3c2ff35ae1711a890406a6bce5fa44f)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
when running on a systemd with systemd, always try to move the pause
process to its own scope.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 9c1e27fdd536f6026efe3da4360755a3e9135ca8)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
we already know the path to the pause PID file, no need to calculate
it again.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit fa9728c5509f1ef3bb1c80055e89b910d9740efd)
|
| |/
|
|
|
|
|
|
|
|
|
| |
Finalizes the linked BZ to fix passing down custom authfiles during auto
updates. Also fixes the if-newer pull policy.
[NO TESTS NEEDED] for now validated manually. A new system test will be
added to the main branch shortly.
BZ: bugzilla.redhat.com/show_bug.cgi?id=2000943
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The builder can take a list of platforms in the Platforms field of its
BuildOptions argument, and we should definitely take advantage of that.
The `bud-multiple-platform-values` test from buildah exercises support
for this, so
[NO TESTS NEEDED]
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
|
|
|
|
|
|
| |
When `?all=garbage` is passed to an API endpoint schema validation fails
and err is nil. Wrapf uses err to create an error message causing a nil
pointer dereference.
Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
|
| |
|
|
| |
Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* Follow https://pkg.go.dev/cmd/go#hdr-Generate_Go_files_by_processing_source
for leading comment
* Add godoc strings for all exposed methods for IDE support
* Copy field godoc strings into generated code as function godoc string
* Remove unused/unnecessary fields from generator.go structures
* Cleanup code regarding template usage
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
When we restart a container via podman restart or restart policy the
rootlessport process fails with `address already in use` because the
socketfile still exists.
This is a regression and was introduced in commit abdedc31a25e.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
| |
Closes #11531
[NO TESTS NEEDED]
Signed-off-by: Hyeon Kim <simnalamburt@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jason Greene <jason.greene@redhat.com>
|
| |
|
|
|
|
|
| |
When using the defaut conection for podman machine ssh, use the default
username too.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |
|
|
|
|
|
|
| |
Now that aarch64 fcos is an official thing, we no longer need to use the side repo (for lack of a better word). We can now use the same image lookup technique as x86_64. I removed the special lookup, moved the x86_64 lookup to generic arch, and removed the arch specific files that we no longer needed.
[NO TESTS NEEDED]
Signed-off-by: baude <baude@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit 21f396de6f5024abbf6edd2ca63edcb1525eefcc.
Changing the log endpoint is a breaking change we should not do in 3.4.
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
| |
`setConsoleMode` should do nothing if the handle is not a terminal. The proposed change is [exactly what `golang.org/x/term/IsTerminal()` does on Windows](https://cs.opensource.google/go/x/term/+/6886f2df:term_windows.go).
[NO TESTS NEEDED]
Signed-off-by: Anton Tykhyy <atykhyy@gmail.com>
|
| |\
| |
| | |
Refactor API server emphasis on logging
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* To aid in debugging log API request and response bodies at trace
level. Events can be correlated using the X-Reference-Id.
* Server now echos X-Reference-Id from client if set, otherwise
generates an unique id.
* Move logic for X-Reference-Id into middleware
* Change uses of Header.Add() to Set() when setting Content-Type
* Log API operations in Apache format using gorilla middleware
* Port server code to use BaseContext and ConnContext
Fixes #10053
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \
| | |
| | | |
Stop outputting 'healthy' on healthcheck
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
We should only print unhealthy if the check fails. Currently this is
filling logs when users are running lots of healthchecks.
Improves: https://github.com/containers/podman/issues/11157
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| |/
|/| |
Add init containers to generate and play kube
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Kubernetes has a concept of init containers that run and exit before
the regular containers in a pod are started. We added init containers
to podman pods as well. This patch adds support for generating init
containers in the kube yaml when a pod we are converting had init
containers. When playing a kube yaml, it detects an init container
and creates such a container in podman accordingly.
Note, only init containers created with the init type set to "always"
will be generated as the "once" option deletes the init container after
it has run and exited. Play kube will always creates init containers
with the "always" init container type.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\ \
| | |
| | | |
[CI:DOCS] podman machine: enforce a single search registry
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
By popular request, turn decimals to octal. Most eyes are trained to
parse file permissions in octal.
[NO TESTS NEEDED] since machine isn't tested yet.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Enforce "docker.io" to be the only search registry. Short-name
resolution for remote clients is not fully supported since there is no
means to prompt. Enforcing a single registry works around the problem
since prompting only fires with more than one search registry.
Fixes: #11489
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| | |
| | | |
stats: detect container restart and allow paused containers
|
| | |/
| |
| |
| |
| |
| |
| | |
override the outer scope variable instead of creating a local one.
Otherwise the wrong variable would be used for the next iterations.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
| |
Include the response schema for a succesful request in the
/containers/stats API documentation
Additionally remove http 409 from /libpod/containers/stats docs, the
documentation was copied from the deprecated stats endpoint, when a
container is unavailabe the endpoint returns an empty list and no 409.
Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
|
