summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Add RequiresMountsFor= to systemd generateRobb Manes2021-03-26
| | | | | | | | | | | | | | | It is rare but possible that storage locations for the graphroot and the runroot are not mounted at boot time, and therefore might race when doing container operations. An example we've seen in the wild is that a slow tmpfs mount for the runroot would suddenly mount over /run, causing the container to lose all currently-running data, requiring a system refresh to get it back. This patch adds RequiresMountsFor= to the systemd.unit header to ensure the paths for both the graphroot and runroot are mounted prior to starting any generated unit files. Signed-off-by: Robb Manes <rmanes@redhat.com>
* Merge pull request #9711 from jmguzik/volume-prune-fix-http-compatOpenShift Merge Robot2021-03-16
|\ | | | | Fix for volumes prune in http compat api when using filters
| * Fix for volumes prune in http compat apiJakub Guzik2021-03-15
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #9695 from jmguzik/array-inspect-network-fixOpenShift Merge Robot2021-03-16
|\ \ | | | | | | Fix array instead of one elem network http api
| * | Fix array instead of one elem network http apiJakub Guzik2021-03-12
| | | | | | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | Merge pull request #9589 from troyready/add_compat_auth_endpointOpenShift Merge Robot2021-03-16
|\ \ \ | |_|/ |/| | add /auth for docker compatibility
| * | fix use with localhost (testing)troyready2021-03-12
| | | | | | | | | | | | Signed-off-by: troyready <troy@troyready.com>
| * | add /auth for docker compatibilitytroyready2021-03-12
| | | | | | | | | | | | | | | | | | | | | | | | This endpoint just validates credentials: https://github.com/moby/moby/blob/v20.10.4/api/swagger.yaml#L7936-L7977 Fixes: #9564 Signed-off-by: troyready <troy@troyready.com>
* | | Do not leak libpod package into the remote clientPaul Holzinger2021-03-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some packages used by the remote client imported the libpod package. This is not wanted because it adds unnecessary bloat to the client and also causes problems with platform specific code(linux only), see #9710. The solution is to move the used functions/variables into extra packages which do not import libpod. This change shrinks the remote client size more than 6MB compared to the current master. [NO TESTS NEEDED] I have no idea how to test this properly but with #9710 the cross compile should fail. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Split libpod/network packagePaul Holzinger2021-03-15
|/ / | | | | | | | | | | | | | | | | | | | | | | The `libpod/network` package should only be used on the backend and not the client. The client used this package only for two functions so move them into a new `pkg/network` package. This is needed so we can put linux only code into `libpod/network`, see #9710. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #9703 from jmguzik/endpoint-networksOpenShift Merge Robot2021-03-12
|\ \ | | | | | | [NO TESTS NEEDED] create endpoint for querying libpod networks
| * | create endpoint for querying libpod networksJakub Guzik2021-03-12
| |/ | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #9524 from riyad/apiv3-print-tags-when-buildingOpenShift Merge Robot2021-03-11
|\ \ | |/ |/| [Compat API] Also print successfully tagging images in /build endpoint
| * [Compat API] Also print successfully tagging images in /build endpointRiyad Preukschas2021-02-25
| | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Riyad Preukschas <riyad@informatik.uni-bremen.de>
* | Merge pull request #9668 from rhatdan/manOpenShift Merge Robot2021-03-10
|\ \ | | | | | | Document CONTAINERS_CONF/CONTAINERS_STORAGE_CONF Env variables
| * | Document CONTAINERS_CONF/CONTAINERS_STORAGE_CONF Env variablesDaniel J Walsh2021-03-10
| | | | | | | | | | | | | | | | | | | | | Also Switch to using CONTAINERS_REGISTRIES_CONF for registries.conf overrides. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Removing a non existing container API should return 404Daniel J Walsh2021-03-10
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we were overwrapping error returned from removal of a non existing container. $ podman rm bogus -f Error: failed to evict container: "": failed to find container "bogus" in state: no container with name or ID bogus found: no such container Removal of wraps gets us to. ./bin/podman rm bogus -f Error: no container with name or ID "bogus" found: no such container Finally also added quotes around container name to help make it standout when you get an error, currently it gets lost in the error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | rm pkg/api/handlers/libpod/copy.goValentin Rothberg2021-03-09
| | | | | | | | | | | | | | | | | | | | | | Remove the file since it only contains dead code. The archive endpoints are shared between the libpod and the compat API and both use the compat package. [NO TESTS NEEDED] since we're removing dead code. Fixes: #9670 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | allow the removal of storage imagesDaniel J Walsh2021-03-08
| | | | | | | | | | | | | | | | Sometimes if the system crashes while an image is being pulled containers/storage can get into a bad state. This PR allows the user to call into container storage to remove the image. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9592 from rhatdan/timestampOpenShift Merge Robot2021-03-08
|\ \ | | | | | | Numerous buildah fixes found by Ed's testing of buildah tests against podman.
| * | Handle podman build --dns-searchDaniel J Walsh2021-03-07
| | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9574 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | turn hidden --trace into a NOPValentin Rothberg2021-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The --trace has helped in early stages analyze Podman code. However, it's contributing to dependency and binary bloat. The standard go tooling can also help in profiling, so let's turn `--trace` into a NOP. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | pkg/terminal: use c/storage/pkg/homedirValentin Rothberg2021-03-08
| | | | | | | | | | | | | | | | | | This also prunes the dependency on `k8s.io/client-go`. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #9647 from mlegenovic/masterOpenShift Merge Robot2021-03-07
|\ \ \ | | | | | | | | Compat API: Fix the response of 'push image' endpoint
| * | | Correct compat images/{name}/push responseMilivoje Legenovic2021-03-07
| | | | | | | | | | | | | | | | Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* | | | replace local mount consts with libpod/defineJakub Guzik2021-03-07
| |/ / |/| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | podman-remote stop -time 0 does not workDaniel J Walsh2021-03-05
| | | | | | | | | | | | | | | | | | | | | | | | This patch will allow users to pass in the time 0. Currently the timeout will take 10 seconds if user passes in the 0 flag. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #9622 from jmguzik/network-rm-fixOpenShift Merge Robot2021-03-05
|\ \ \ | | | | | | | | Fix podman network rm (-f) workflow
| * | | Fix for podman network rm (-f) workflowJakub Guzik2021-03-05
| | | | | | | | | | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | | Merge pull request #9593 from vrothberg/cp-tmpOpenShift Merge Robot2021-03-05
|\ \ \ \ | |_|/ / |/| | | podman cp: support copying on tmpfs mounts
| * | | podman cp: support copying on tmpfs mountsValentin Rothberg2021-03-04
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Traditionally, the path resolution for containers has been resolved on the *host*; relative to the container's mount point or relative to specified bind mounts or volumes. While this works nicely for non-running containers, it poses a problem for running ones. In that case, certain kinds of mounts (e.g., tmpfs) will not resolve correctly. A tmpfs is held in memory and hence cannot be resolved relatively to the container's mount point. A copy operation will succeed but the data will not show up inside the container. To support these kinds of mounts, we need to join the *running* container's mount namespace (and PID namespace) when copying. Note that this change implies moving the copy and stat logic into `libpod` since we need to keep the container locked to avoid race conditions. The immediate benefit is that all logic is now inside `libpod`; the code isn't scattered anymore. Further note that Docker does not support copying to tmpfs mounts. Tests have been extended to cover *both* path resolutions for running and created containers. New tests have been added to exercise the tmpfs-mount case. For the record: Some tests could be improved by using `start -a` instead of a start-exec sequence. Unfortunately, `start -a` is flaky in the CI which forced me to use the more expensive start-exec option. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #9550 from baude/issue9517OpenShift Merge Robot2021-03-04
|\ \ \ | | | | | | | | Support label type dict on compat build
| * | | Support label type dict on compat buildbaude2021-03-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The compatibility endpoint for build labels should be of type dict (not list). For backwards compatibility, we support both. Fixes: #9517 Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #9617 from vrothberg/fix-9588OpenShift Merge Robot2021-03-04
|\ \ \ \ | | | | | | | | | | image removal: ignore unknown-layer errors
| * | | | image removal: ignore unknown-layer errorsValentin Rothberg2021-03-04
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] as I have absolutely no idea how to force a reliable reproducer. Fixes: #9588 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / | | Use version package to track all versionsJhon Honce2021-03-03
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Server, bindings, and CLI all now pull version information from version package. * Current /libpod API version slaved to podman/libpod Version * Bindings validate against libpod API Minimal version * Remove pkg/bindings/bindings.go and updated tests Fixes: #9207 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #9536 from jmguzik/enable-cgroupsv2-sec-optsOpenShift Merge Robot2021-03-03
|\ \ \ | | | | | | | | Enable cgroupsv2 rw mount via security-opt unmask
| * | | Enable cgroupsv2 rw mount via security-opt unmaskJakub Guzik2021-02-28
| | | | | | | | | | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | | Merge pull request #9581 from baude/issue9529OpenShift Merge Robot2021-03-03
|\ \ \ \ | | | | | | | | | | Add network summary to compat ps
| * | | | Add network summary to compat psbaude2021-03-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The compatibility endpoint for listing containers should have the summarized network configuration with it. Fixes: #9529 Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #9583 from ashley-cui/secOpenShift Merge Robot2021-03-03
|\ \ \ \ \ | | | | | | | | | | | | Add version field to secret compat list/inspect api
| * | | | | Add version field to secret compat list/inspect apiAshley Cui2021-03-02
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker api expects secrets endpoint to have a version field. So, the version field is added into the compat endpoint only. The version field is always 1, since Docker uses the version to keep track of updates to the secret, and currently we cannot update a secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | | Merge pull request #9580 from rhatdan/timestampDaniel J Walsh2021-03-03
|\ \ \ \ \ | | | | | | | | | | | | Fix support for podman build --timestamp
| * | | | | Fix support for podman build --timestampDaniel J Walsh2021-03-02
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently podman is ignoreing the build --timestamp flag. This PR fixes this for local and remote clients. Fixes: https://github.com/containers/podman/issues/9569 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #9521 from adrianreber/2021-02-25-checkpointctlOpenShift Merge Robot2021-03-03
|\ \ \ \ \ | | | | | | | | | | | | Reorder checkpoint/restore code for CRI-O
| * | | | | Use functions and defines from checkpointctlAdrian Reber2021-03-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | No functional changes. [NO TESTS NEEDED] - only moving code around Signed-off-by: Adrian Reber <areber@redhat.com>
| * | | | | Move checkpoint/restore code to pkg/checkpoint/crutilsAdrian Reber2021-03-02
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To be able to reuse common checkpoint/restore functions this commit moves code to pkg/checkpoint/crutils. This commit has not functional changes. It only moves code around. [NO TESTS NEEDED] - only moving code around Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | | Merge pull request #9560 from TristanCacqueray/libpodPutArchiveOpenShift Merge Robot2021-03-02
|\ \ \ \ \ | |/ / / / |/| | | | [NO TESTS NEEDED] swagger: update the libpodPutArchive verb
| * | | | swagger: update the libpodPutArchive operation verbTristan Cacqueray2021-03-02
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | This change fixes the libpodPutArchive verb to PUT (POST results in 405). Signed-off-by: Tristan Cacqueray <tdecacqu@redhat.com>
* / | | Compat api containers/json Ports field is nullMilivoje Legenovic2021-03-02
|/ / / | | | | | | | | | | | | | | | Fixes #9553 Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>