summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* add --ip to podman play kubePaul Holzinger2021-04-16
| | | | | | | | | | Add a new --ip flag to podman play kube. This is used to specify a static IP address which should be used for the pod. This option can be specified several times because play kube can create more than one pod. Fixes #8442 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #10032 from nalind/trace-levelOpenShift Merge Robot2021-04-15
|\ | | | | Recognize "trace" logging, and use it for lone errors at exit
| * pkg/errorhandling.JoinErrors: don't throw away context for lone errorsNalin Dahyabhai2021-04-14
| | | | | | | | | | | | | | | | When our multierror contains just one error, don't extract its text only to rewrap it, because doing so discards any stack trace information that might have been added closer to where the error actually originated. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | Fix flake on failed podman-remote build : try 2Daniel J Walsh2021-04-14
| | | | | | | | | | | | | | | | | | | | | | This time we are checking if the function actually succeeded, otherwise we will report an error. Also if we did not get the id, report unexpected failure. [NO TESTS NEEDED] Still no good way to test this, but manually. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Fix flake on failed podman-remote buildDaniel J Walsh2021-04-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We have a race condition where podman build can fail but still return an exit code of 0. This PR ensures that as soon as the build fails, the failed flag is set eliminating the race. Fixes: https://github.com/containers/podman/issues/10029 [NO TESTS NEEDED] Tests of failed builds are already in place, and the elimination of the race should be enough. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9945 from rhatdan/runlabelOpenShift Merge Robot2021-04-14
|\ \ | |/ |/| Fix handling of $NAME and $IMAGE in runlabel
| * Fix handling of $NAME and $IMAGE in runlabelDaniel J Walsh2021-04-12
| | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9405 Add system runlabel tests. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Remove in-memory state implementationMatthew Heon2021-04-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We originally added this in the *very early* days of Podman, before a proper persistent state was written, so we had something to test with. It was retained after the original SQLite state (and current BoltDB state) were written so it could be used for testing Libpod in unit tests with no requirement for on-disk storage. Well, such unit tests never materialized, and if we were to write some now the requirement to have a temporary directory for storing data on disk is not that bad. I can basically guarantee there are no users of this in the wild because, even if you managed to figure out how to configure it when we don't document it, it's completely unusable with Podman since all your containers and pods will disappear every time Podman exits. Given all this, and since it's an ongoing maintenance burden I no longer wish to deal with, let's just remove it. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Reflect current state of prune implementation in docsJakub Guzik2021-04-13
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | [CI:DOCS] Correct status code for /pods/createJhon Honce2021-04-12
| | | | | | | | | | | | | | | | | | | | Swagger documentation reported that the API endpoint /pods/create returned 200 while the as-built code returned 201. 201 is more correct so documentation updated. Tests already checked for 201 so no updated needed. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #9969 from jwhonce/wip/manifestsOpenShift Merge Robot2021-04-12
|\ \ | | | | | | Update manifest API endpoints
| * | Update manifest API endpointsJhon Honce2021-04-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add validation for manifest name * Always return an array for manifests even if empty * Add missing return in df handler when returning error. Caused an additional null to be written to client crashing python decoder. When c/image is refactored to include manifests, manifest endpoints should be revisited. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #9988 from jmguzik/prune-filters-bindings-netOpenShift Merge Robot2021-04-12
|\ \ \ | |_|/ |/| | Add network prune filters support to bindings
| * | Add network prune filters support to bindingsJakub Guzik2021-04-10
| |/ | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #9935 from EduardoVega/5788-kube-volumeOpenShift Merge Robot2021-04-12
|\ \ | | | | | | Add support for play/generate kube PersistentVolumeClaims and Podman volumes
| * | Add support for play/generate kube volumesEduardo Vega2021-04-09
| | | | | | | | | | | | Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
* | | Merge pull request #9950 from Luap99/unshare-rootless-cniOpenShift Merge Robot2021-04-12
|\ \ \ | |_|/ |/| | podman unshare: add --rootless-cni to join the ns
| * | podman unshare: add --rootless-cni to join the nsPaul Holzinger2021-04-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new --rootless-cni option to podman unshare to also join the rootless-cni network namespace. This is useful if you want to connect to a rootless container via IP address. This is only possible from the rootless-cni namespace and not from the host namespace. This option also helps to debug problems in the rootless-cni namespace. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | cgroups: force 64 bits to ParseUintGiuseppe Scrivano2021-04-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] force bitsSize==64 so that the string is always parsed to a uint64 instead of using the native int size, that could be not big enough on 32 bits arches. Closes: https://github.com/containers/podman/issues/9979 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #9971 from jwhonce/wip/dfOpenShift Merge Robot2021-04-08
|\ \ \ | | | | | | | | Add missing return
| * | | Add missing returnJhon Honce2021-04-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | libpod df handler missing a return after writing error to client. This caused a null to be appended to JSON and crashed python decoder. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #9121 from tmds/swagger_remove_name_wildcardsOpenShift Merge Robot2021-04-08
|\ \ \ \ | | | | | | | | | | [NO TESTS NEEDED] swagger: remove name wildcards
| * | | | swagger: remove name wildcardsTom Deseyn2021-04-07
| | |/ / | |/| | | | | | | | | | Signed-off-by: Tom Deseyn <tom.deseyn@gmail.com>
* | | | Merge pull request #9968 from pablofsf/fix-libpod-container-wait-docsOpenShift Merge Robot2021-04-08
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Adjust libpod API Container Wait documentation to the code
| * | | | Adjust libpod API Container Wait documentation to the codePablo Correa Gómez2021-04-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes #9960 Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
* | | | | Merge pull request #9958 from jmguzik/limit-prune-filters-for-volumesOpenShift Merge Robot2021-04-07
|\ \ \ \ \ | |_|_|/ / |/| | | | Volumes prune endpoint should use only prune filters
| * | | | Volumes prune endpoint should use only prune filtersJakub Guzik2021-04-07
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Volumes endpoints for HTTP compat and libpod APIs allowed usage of list HTTP endpoint filter funcs. Documentation in case of compat API does not allow that. This commit aligns code with the documentation and also ligns libpod with compat API. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | | Merge pull request #9966 from jwhonce/wip/operation_idOpenShift Merge Robot2021-04-07
|\ \ \ \ | |_|/ / |/| | | [CI:DOCS] Update swagger definition of inspect manifest
| * | | [CI:DOCS] Update swagger definition of inspect manifestJhon Honce2021-04-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Changed reference in swagger to correct struture that was being returned. * Added summary to ManifestAddLibpod to clean up generated web site * Added serve target to Makefile, to aid in debugging generated web site Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Handle podman-remote --arch, --platform, --osDaniel J Walsh2021-04-07
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | Podman remote should be able to handle remote specification of arches. Requires: https://github.com/containers/buildah/pull/3116 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #9754 from mheon/add_depOpenShift Merge Robot2021-04-06
|\ \ \ | | | | | | | | Add --requires flag to podman run/create
| * | | Add --requires flag to podman run/createMatthew Heon2021-04-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman has, for a long time, had an internal concept of dependency management, used mainly to ensure that pod infra containers are started before any other container in the pod. We also have the ability to recursively start these dependencies, which we use to ensure that `podman start` on a container in a pod will not fail because the infra container is stopped. We have not, however, exposed these via the command line until now. Add a `--requires` flag to `podman run` and `podman create` to allow users to manually specify dependency containers. These containers must be running before the container will start. Also, make recursive starting with `podman start` default so we can start these containers and their dependencies easily. Fixes #9250 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #9953 from jwhonce/wip/operation_idOpenShift Merge Robot2021-04-06
|\ \ \ \ | | |/ / | |/| | [CI:DOCS] Polish swagger OperationIDs
| * | | [CI:DOCS] Polish swagger OpertionIDsJhon Honce2021-04-06
| | |/ | |/| | | | | | | | | | | | | | | | | | | Renamed 4 IDs to be consistent with other endpoints. Fixes #9951 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #9942 from mheon/fix_9919OpenShift Merge Robot2021-04-06
|\ \ \ | |/ / |/| | Ensure that `--userns=keep-id` sets user in config
| * | Ensure that `--userns=keep-id` sets user in configMatthew Heon2021-04-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | One of the side-effects of the `--userns=keep-id` command is switching the default user of the container to the UID of the user running Podman (though this can still be overridden by the `--user` flag). However, it did this by setting the UID and GID in the OCI spec, and not by informing Libpod of its intention to switch users via the `WithUser()` option. Because of this, a lot of the code that should have triggered when the container ran with a non-root user was not triggering. In the case of the issue that this fixed, the code to remove capabilities from non-root users was not triggering. Adjust the keep-id code to properly inform Libpod of our intention to use a non-root user to fix this. Also, fix an annoying race around short-running exec sessions where Podman would always print a warning that the exec session had already stopped. Fixes #9919 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | [CI:DOCS] Set all operation id to be compatibileJhon Honce2021-04-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | Libpod operation id's changed to better match compatibile id Builds on https://github.com/containers/podman/pull/9123 and corrects a duplicated ID. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Move operationIds to swagger:operation lineTom Deseyn2021-04-05
| | | | | | | | | | | | Signed-off-by: Tom Deseyn <tom.deseyn@gmail.com>
* | | swagger: add operationIds that match with dockerTom Deseyn2021-04-05
| | | | | | | | | | | | Signed-off-by: Tom Deseyn <tom.deseyn@gmail.com>
* | | Merge pull request #9938 from jmguzik/network-bindings-initial-testsOpenShift Merge Robot2021-04-05
|\ \ \ | | | | | | | | Initial network bindings tests
| * | | Initial network bindings testsJakub Guzik2021-04-05
| | | | | | | | | | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | | Allow users to override default storage opts with --storage-optDaniel J Walsh2021-04-05
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We define in the man page that this overrides the default storage options, but the code was appending to the existing options. This PR also makes a change to allow users to specify --storage-opt="". This will turn off all storage options. https://github.com/containers/podman/issues/9852 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #9423 from Luap99/rootless-cni-no-infraOpenShift Merge Robot2021-04-05
|\ \ \ | | | | | | | | rootless cni without infra container
| * | | Fix pod infra container cni network setupPaul Holzinger2021-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For rootless users the infra container used the slirp4netns net mode even when bridge was requested. We can support bridge networking for rootless users so we have allow this. The default is not changed. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * | | Add rootless support for cni and --uidmapPaul Holzinger2021-04-01
| | | | | | | | | | | | | | | | | | | | | | | | This is supported with the new rootless cni logic. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * | | rootless cni without infra containerPaul Holzinger2021-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of creating an extra container create a network and mount namespace inside the podman user namespace. This ns is used to for rootless cni operations. This helps to align the rootless and rootful network code path. If we run as rootless we just have to set up a extra net ns and initialize slirp4netns in it. The ocicni lib will be called in that net ns. This design allows allows easier maintenance, no extra container with pause processes, support for rootless cni with --uidmap and possibly more. The biggest problem is backwards compatibility. I don't think live migration can be possible. If the user reboots or restart all cni containers everything should work as expected again. The user is left with the rootless-cni-infa container and image but this can safely be removed. To make the existing cni configs work we need execute the cni plugins in a extra mount namespace. This ensures that we can safely mount over /run and /var which have to be writeable for the cni plugins without removing access to these files by the main podman process. One caveat is that we need to keep the netns files at `XDG_RUNTIME_DIR/netns` accessible. `XDG_RUNTIME_DIR/rootless-cni/{run,var}` will be mounted to `/{run,var}`. To ensure that we keep the netns directory we bind mount this relative to the new root location, e.g. XDG_RUNTIME_DIR/rootless-cni/run/user/1000/netns before we mount the run directory. The run directory is mounted recursive, this makes the netns directory at the same path accessible as before. This also allows iptables-legacy to work because /run/xtables.lock is now writeable. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #9928 from pendulm/fix_rootless_socket_activationOpenShift Merge Robot2021-04-05
|\ \ \ \ | | | | | | | | | | Fix rootless socket activation
| * | | | Move socket activation check into init() and set global condition.pendulm2021-04-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | So rootless setup could use this condition in parent and child, child podman should adjust LISTEN_PID to its self PID. Add system test for systemd socket activation Signed-off-by: pendulm <lonependulm@gmail.com>
* | | | | Fix missing podman-remote build optionsDaniel J Walsh2021-04-02
| |_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix handling of SecurityOpts LabelOpts SeccompProfilePath ApparmorProfile Fix Ulimits Fixes: https://github.com/containers/podman/issues/9869 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #9912 from jmguzik/recreate-prune-until-tests-for-containersOpenShift Merge Robot2021-04-02
|\ \ \ \ | | | | | | | | | | Recreate until container prune tests for bindings