summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Merge pull request #7576 from openSUSE/manifest-add-extend-flagsOpenShift Merge Robot2020-09-10
|\ | | | | Extend the flags of the `manifest add` command
| * manifest push: handle cert-dir flagFlavio Castelli2020-09-09
| | | | | | | | | | | | | | | | | | | | | | Prior to this commit the value of the `--cert-dir` flag specified for `podman manifest push` was not handled by the internal code. That resulted in `podman manifest push` not reading the certificates stored inside of the directory specified by the user. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
| * Extend flags of `manifest add`Flavio Castelli2020-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Extend the flags of `podman manifest add` to include also: * cert-dir * auth-file * creds * tls-verify These options are useful when adding to a manifest an image that is not part of the local image store. The image resides on a remote registry that falls into one of these cases: it's not using tls termination, it requires authentication or it's secured with an unknown tls certificate. Consider the following scenario: a multi architecture manifest is created as part of a multi-step CI pipeline running in a containerized way. All the images referenced by the manifest live inside of a registry secured with a self-signed tls certificate. Without this patch the manifest creation step would have to pull all the multi-architecture images locally via `podman pull`. With this patch the usage of `podman pull` would not be needed because the images' digests can be requested straight to the registry. That means the execution of manifest creation step would be faster and result in less disk space and network bandwidth being used. Finally, this is a propagation of a similar fix done inside of buildah via https://github.com/containers/buildah/pull/2593 Signed-off-by: Flavio Castelli <fcastelli@suse.com>
* | Merge pull request #7536 from Luap99/api-network-filterOpenShift Merge Robot2020-09-10
|\ \ | | | | | | APIv2 Add network list filtering
| * | Fix typo in the remove network api docPaul Holzinger2020-09-07
| | | | | | | | | | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * | APIv2 Add network list filteringPaul Holzinger2020-09-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the filter option to the libpod endpoint. Add support for the name filter on the docker endpoint. Add apiv2 tests for the network list endpoints. Enable podman network integration tests for remote. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #7575 from rhatdan/runlabelOpenShift Merge Robot2020-09-09
|\ \ \ | | | | | | | | Fix podman container runlabel --display
| * | | Fix podman container runlabel --displayDaniel J Walsh2020-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Current podman container runlabel --display is being ignored. This is just supposed to display the command that would be run, and then exit, but instead is actually running the command. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1877186 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7573 from rhatdan/oomOpenShift Merge Robot2020-09-09
|\ \ \ \ | | | | | | | | | | Make oom-score-adj actually work
| * | | | Make oom-score-adj actually workDaniel J Walsh2020-09-09
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During the redesign of podman 2.0, we dropped the support for --oom-score-adj. Test for this flag was bogus and thus passing when it was broken. Basically just need to set the value in the spec. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1877187 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7572 from vrothberg/fix-7135OpenShift Merge Robot2020-09-09
|\ \ \ \ | | | | | | | | | | remote kill: don't wait for the container to stop
| * | | | compat kill: only wait for 0 signal and sigkillValentin Rothberg2020-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker does not wait unconditionally. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | remote kill: don't wait for the container to stopValentin Rothberg2020-09-09
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Invert the branch logic to match the comment. Docker seems to wait for the container while Podman does not. Enable the remote-disabled system test as well. Fixes: #7135 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #7290 from rhatdan/externalOpenShift Merge Robot2020-09-09
|\ \ \ \ | | | | | | | | | | Show c/storage (Buildah/CRI-O) containers in ps
| * | | | Show c/storage (Buildah/CRI-O) containers in psDaniel J Walsh2020-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `podman ps --all` command will now show containers that are under the control of other c/storage container systems and the new `ps --storage` option will show only containers that are in c/storage but are not controlled by libpod. In the below examples, the '*working-container' entries were created by Buildah. ``` podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9257ef8c786c docker.io/library/busybox:latest ls /etc 8 hours ago Exited (0) 8 hours ago gifted_jang d302c81856da docker.io/library/busybox:latest buildah 30 hours ago storage busybox-working-container 7a5a7b099d33 localhost/tom:latest ls -alF 30 hours ago Exited (0) 30 hours ago hopeful_hellman 01d601fca090 localhost/tom:latest ls -alf 30 hours ago Exited (1) 30 hours ago determined_panini ee58f429ff26 localhost/tom:latest buildah 33 hours ago storage alpine-working-container podman ps --external CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d302c81856da docker.io/library/busybox:latest buildah 30 hours ago external busybox-working-container ee58f429ff26 localhost/tom:latest buildah 33 hours ago external alpine-working-container ``` Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7571 from vrothberg/fix-7157OpenShift Merge Robot2020-09-09
|\ \ \ \ \ | | | | | | | | | | | | generate systemd: catch `--name=foo`
| * | | | | generate systemd: catch `--name=foo`Valentin Rothberg2020-09-09
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The systemd generator looks for certain flags in the containers' create commands to determine which flags need to be added. In case of named containers, the generator adds the `--replace` flag to prevent name conflicts at container creation. Fix the generator to not only cover the `--name foo` syntax but also the `--name=foo` one. Fixes: #7157 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #7568 from rhatdan/latestOpenShift Merge Robot2020-09-09
|\ \ \ \ \ | | | | | | | | | | | | Fix podman ps -l
| * | | | | Fix podman ps -lDaniel J Walsh2020-09-09
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently the --latest flag is ignored by podman ps command. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1877182 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7569 from zhangguanzhang/fix-apiv2-top-response-two-valueOpenShift Merge Robot2020-09-09
|\ \ \ \ \ | |/ / / / |/| | | | fix APIv2 pods top of non-exist pod gets two response value
| * | | | fix APIv2 pods top of non-exist pod gets two response valuezhangguanzhang2020-09-09
| | | | | | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | | Merge pull request #6811 from vrothberg/multi-image-archivesOpenShift Merge Robot2020-09-09
|\ \ \ \ \ | |_|/ / / |/| | | | podman load/save: support multi-image docker archive
| * | | | support multi-image (docker) archivesValentin Rothberg2020-09-08
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support loading and saving tarballs with more than one image. Add a new `/libpod/images/export` endpoint to the rest API to allow for exporting/saving multiple images into an archive. Note that a non-release version of containers/image is vendored. A release version must be vendored before cutting a new Podman release. We force the containers/image version via a replace in the go.mod file; this way go won't try to match the versions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / | | podman stop: do not cleanup for auto-removalValentin Rothberg2020-09-08
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not perform a container clean up for containers configured for auto-removal (e.g., via `podman run --rm`). There is a small race window with the other process performing the removal where a clean up during podman-stop may fail since the container has already been removed and cleaned up. As the removing process will clean up the container, we don't have to do it during podman-stop. Fixes: #7384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #7540 from QiWang19/system-dfOpenShift Merge Robot2020-09-07
|\ \ \ | | | | | | | | Fix system df inconsistent
| * | | Fix system df inconsistentQi Wang2020-09-04
| | |/ | |/| | | | | | | | | | | | | Use RWSzir as system df verbose containers size to remain consistent with the summery. Volume is reclaimable only if not used by container. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Fix unconfined AppArmor profile usage for unsupported systemsSascha Grunert2020-09-07
| | | | | | | | | | | | | | | | | | | | | | | | If we select "unconfined" as AppArmor profile, then we should not error even if the host does not support it at all. This behavior has been fixed and a corresponding e2e test has been added as well. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | APIv2 add generate systemd endpointPaul Holzinger2020-09-02
|/ / | | | | | | | | | | | | | | | | | | | | | | | | Add support for generating systemd units via the api and podman-remote. Change the GenerateSystemdReport type to return the units as map[string]string with the unit name as key. Add `--format` flag to `podman generate systemd` to allow the output to be formatted as json. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Don't create ~/.config after removing storage.confjjzmajic2020-09-02
| | | | | | | | | | | | | | | | Fixes #7509. There is no need to create a ~/.config directory now that ~/.config/containers/storage.conf is not created automatically. Podman has no use for it if it does not exist already. Signed-off-by: jjzmajic <uros.m.perisic@gmail.com>
* | Merge pull request #7514 from edsantiago/reenable_flaky_bindings_testOpenShift Merge Robot2020-08-31
|\ \ | | | | | | bindings: reenable flaky(?) pause/unpause test
| * | bindings: reenable flaky(?) pause/unpause testEd Santiago2020-08-31
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reference: #6518, a very-frequently-flaking CI test, disabled a month ago (#7143) because it was triggering so often in CI. Unfortunately, that seems to have simply swept the problem under the rug. AFAICT nobody has bothered to look at the root bug, so let's just reenable. If the problem persists, I'll let annoyed developers squeaky-wheel 6158 so there's some incentive to fix it. If the problem has miraculously gone away in the last month, that's a win too. (This test failure does not reproduce on my laptop, nor does it lend itself to devising a simple reproducer on a test VM.) Also: since #5325 appears to have been closed as fixed, remove a 'Skip' that references it. Unfortunately this also requires removing a lot of other cruft. This was an incidental oh-by-the-way addition that I thought would be trivial but ended up causing a much larger diff. Signed-off-by: Ed Santiago <santiago@redhat.com>
* / handle play kube with pod.spec.hostAliaseszhangguanzhang2020-08-31
|/ | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Merge pull request #7494 from haircommander/play-kube-socketOpenShift Merge Robot2020-08-31
|\ | | | | play kube: handle Socket HostPath type
| * play kube: handle Socket HostPath typePeter Hunt2020-08-28
| | | | | | | | | | | | as well as add test cases for it and the other HostPath types we currently support Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Merge pull request #7436 from rhatdan/variantOpenShift Merge Robot2020-08-28
|\ \ | |/ |/| Add support for image pull overrides
| * Add support for variant when pulling imagesDaniel J Walsh2020-08-28
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7355 from rhatdan/envOpenShift Merge Robot2020-08-28
|\ \ | | | | | | Use environment from containers.conf
| * | Use environment from containers.confDaniel J Walsh2020-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman needs to use the environment settings in containers.conf when setting up the containers. Also host environment variables should be relative to server side not the client. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7428 from mheon/apiv2_container_pod_errorsOpenShift Merge Robot2020-08-28
|\ \ \ | |_|/ |/| | Ensure pod REST API endpoints include ctr errors
| * | Ensure pod REST API endpoints include ctr errorsMatthew Heon2020-08-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The APIv2 pod endpoints that operate on multiple containers, such as Start, Kill, Pause, Unpause, do not report errors encountered by individual containers, because they incorrectly assume that any error is fatal. The documentation for the Libpod API calls notes, however, that ErrPodPartialFail will *always* be returned if any container failed; so we need to ignore that error and continue to collating and returning container errors. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #7416 from Luap99/fix-swagger-docOpenShift Merge Robot2020-08-28
|\ \ \ | | | | | | | | [CI:DOCS] fix swagger api docs
| * | | [CI:DOCS] fix swagger api docsPaul Holzinger2020-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Separate the volume endpoints into compat and libpod, as it is done for the other endpoints. Move the libpod image push endpoint to images. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #7427 from mheon/update_error_messagesOpenShift Merge Robot2020-08-28
|\ \ \ \ | |_|_|/ |/| | | Fix up some error messages
| * | | Fix up some error messagesMatthew Heon2020-08-27
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | We have a lot of 'cannot stat %s' errors in our codebase. These are terrible and confusing and utterly useless without context. Add some context to a few of them so we actually know what part of the code is failing. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #7455 from giuseppe/trim-init-commandOpenShift Merge Robot2020-08-28
|\ \ \ | | | | | | | | abi: trim init command
| * | | abi: trim init commandGiuseppe Scrivano2020-08-28
| |/ / | | | | | | | | | | | | | | | | | | | | | without it the systemd detection fails. Closes: https://github.com/containers/podman/issues/7441 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / / Switch to containers/common for seccompSascha Grunert2020-08-27
|/ / | | | | | | | | | | | | The seccomp/containers-golang library is not maintained any more and we should stick to containers/common. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #7451 from mheon/fix_7195Ed Santiago2020-08-27
|\ \ | | | | | | Send HTTP Hijack headers after successful attach
| * | Send HTTP Hijack headers after successful attachMatthew Heon2020-08-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Our previous flow was to perform a hijack before passing a connection into Libpod, and then Libpod would attach to the container's attach socket and begin forwarding traffic. A problem emerges: we write the attach header as soon as the attach complete. As soon as we write the header, the client assumes that all is ready, and sends a Start request. This Start may be processed *before* we successfully finish attaching, causing us to lose output. The solution is to handle hijacking inside Libpod. Unfortunately, this requires a downright extensive refactor of the Attach and HTTP Exec StartAndAttach code. I think the result is an improvement in some places (a lot more errors will be handled with a proper HTTP error code, before the hijack occurs) but other parts, like the relocation of printing container logs, are just *bad*. Still, we need this fixed now to get CI back into good shape... Fixes #7195 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #7409 from ↵OpenShift Merge Robot2020-08-26
|\ \ \ | | | | | | | | | | | | | | | | zhangguanzhang/apiv2-create-ctr-with-invalid-entrypoint fix apiv2 will create containers with incorrect commands