| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The existing logic (Range > 0) always triggered, because range is
guaranteed to be at least 1 (a single port has a range of 1, a
two port range (e.g. 80-81) has a range of 2, and so on). As such
this could cause ports that had a host port assigned to them by
the user to randomly assign one instead.
Fixes #8650
Fixes #8651
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\
| |
| | |
Implement pod-network-reload
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a new command, 'podman network reload', to reload the
networks of existing containers, forcing recreation of firewall
rules after e.g. `firewall-cmd --reload` wipes them out.
Under the hood, this works by calling CNI to tear down the
existing network, then recreate it using identical settings. We
request that CNI preserve the old IP and MAC address in most
cases (where the container only had 1 IP/MAC), but there will be
some downtime inherent to the teardown/bring-up approach. The
architecture of CNI doesn't really make doing this without
downtime easy (or maybe even possible...).
At present, this only works for root Podman, and only locally.
I don't think there is much of a point to adding remote support
(this is very much a local debugging command), but I think adding
rootless support (to kill/recreate slirp4netns) could be
valuable.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| | |
| | | |
generate kube on multiple containers
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
add the ability to add multiple containers into a single k8s pod
instead of just one.
also fixed some bugs in the resulting yaml where an empty service
description was being added on error causing the k8s validation to fail.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \
| | | |
| | | | |
image sign using per user registries.d
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Support per user ~/.config/containers/registries.d to allow rootless image sign configurations.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
Do not mount sysfs as rootless in more cases
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We can't mount sysfs as rootless unless we manage the network
namespace. Problem: slirp4netns is now creating and managing a
network namespace separate from the OCI runtime, so we can't
mount sysfs in many circumstances. The `crun` OCI runtime will
automatically handle this by falling back to a bind mount, but
`runc` will not, so we didn't notice until RHEL gating tests ran
on the new branch.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
Docker compat API - containers create ignores the name
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
/containers/create compat endpoint does not set the name correctly (#7857)
Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When creating a container, do not clear the input-image name before
looking up image names. Also add a regression test.
Fixes: #8558
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Update tests to reflect system endpoints
* First implementation of compat /system/df, only fields that are
populated by libpod are set
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* Add tests to verify required fields in responses
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Jira RUN-1106 Network handlers updates
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Add network API tests
* Update network create endpoint to return ID not Name
Audit:
- GET /networks ListNetworks
- GET /networks/{id} InspectNetwork
- DELETE /networks/{id} RemoveNetwork
- POST /networks/create CreateNetwork
- POST /networks/prune 405 not implemented
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Close image rawSource when each loop ends
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Previously close rawSouce in the middle makes future use of rawSource invalid.
Move the rawSource.Close() to the end of each loop.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
More docker compat API fixes
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes wrong VirtualSize, ParentId, Architecture, Author, Os and OsVersion value
Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Use PasswordCallback instead of Password for ssh
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Currently asking for login password, even if not supported by
the ssh server. So wait with prompt until actually requested.
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| |\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
rewrite container copy
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Add a new `pkg/copy` to centralize all container-copy related code.
* The new code is based on Buildah's `copier` package.
* The compat `/archive` endpoints use the new `copy` package.
* Update docs and an several new tests.
* Includes many fixes, most notably, the look-up of volumes and mounts.
Breaking changes:
* Podman is now expecting that container-destination paths exist.
Before, Podman created the paths if needed. Docker does not do
that and I believe Podman should not either as it's a recipe for
masking errors. These errors may be user induced (e.g., a path
typo), or internal typos (e.g., when the destination may be a
mistakenly unmounted volume). Let's keep the magic low for such
a security sensitive feature.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
Jira RUN-1106 Container handlers updates
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Mostly audit and minor changes to nil from ""
Audit:
- GET /containers/json ListContainers
- POST /containers/create CreateContainer
- GET /containers/{id}/json GetContainer
- GET /containers/{id}/top TopContainer
- GET /containers/{id}/logs LogsFromContainer
- GET /containers/{id}/changes Changes
- GET /containers/{id}/export ExportContainer
- GET /containers/{id}/stats StatsContainer
- POST /containers/{id}/resize ResizeTTY
- POST /containers/{id}/start StartContainer
- POST /containers/{id}/stop StopContainer
- POST /containers/{id}/restart RestartContainer
- POST /containers/{id}/kill KillContainer
- POST /containers/{id}/update 404 not supported
- POST /containers/{id}/rename 404 not supported
- POST /containers/{id}/pause PauseContainer
- POST /containers/{id}/unpause UnpauseContainer
- POST /containers/{id}/attach AttachContainer
- GET /containers/{id}/attach/ws 404 not supported
- POST /containers/{id}/wait WaitContainer
- DELETE /containers/{id} RemoveContainer
- HEAD /containers/{id}/archive Archive
- GET /containers/{id}/archive Archive
- PUT /containers/{id}/archive Archive
- POST /containers/prune PruneContainers
Images etc PR's will follow.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Support Unix timestamps for `podman logs --since`
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
To match what podman-logs(1) describes --since
Signed-off-by: Chih-Hsuan Yen <yan12125@gmail.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Audit and add tests for required fields.
* Added issue for /images/load implementation
Audit:
- GET /images/json GetImages
- POST /build BuildImage
- POST /build/prune 404 not found
- POST /images/create CreateImageFromImage/CreateImageFromSrc
- GET /images/{name}/json GetImage
- GET /images/{name}/history HistoryImage
- POST /images/{name}/push PushImage
- POST /images/{name}/tag TagImage
- DELETE /images/{name} RemoveImage
- POST /images/prune PruneImages
- POST /commit CommitContainer
- GET /images/{name}/get ExportImage
- GET /images/get ExportImages
- POST /images/load LoadImages See https://github.com/containers/podman/issues/8586
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Drop default log-level from error to warn
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Our users are missing certain warning messages that would
make debugging issues with Podman easier.
For example if you do a podman build with a Containerfile
that contains the SHELL directive, the Derective is silently
ignored.
If you run with the log-level warn you get a warning message explainging
what happened.
$ podman build --no-cache -f /tmp/Containerfile1 /tmp/
STEP 1: FROM ubi8
STEP 2: SHELL ["/bin/bash", "-c"]
STEP 3: COMMIT
--> 7a207be102a
7a207be102aa8993eceb32802e6ceb9d2603ceed9dee0fee341df63e6300882e
$ podman --log-level=warn build --no-cache -f /tmp/Containerfile1 /tmp/
STEP 1: FROM ubi8
STEP 2: SHELL ["/bin/bash", "-c"]
STEP 3: COMMIT
WARN[0000] SHELL is not supported for OCI image format, [/bin/bash -c] will be ignored. Must use `docker` format
--> 7bd96fd25b9
7bd96fd25b9f755d8a045e31187e406cf889dcf3799357ec906e90767613e95f
These messages will no longer be lost, when we default to WARNing level.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
Support --network=default as if it was private
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Docker defines an option of "default" which means to
use the default network. We should support this with
the same code path as --network="".
This is important for compatibility with the Docker API.
Fixes: https://github.com/containers/podman/issues/8544
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Change bindings to stop two API calls for ping
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* existing code caused an unnecessary 301 redirect
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
Add mask and unmask option to --security-opt
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add the mask and unmask option to the --security-opt flag
to allow users to specify paths to mask and unmask in the
container. If unmask=ALL, this will unmask all the paths we
mask by default.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\ \ \ \ \
| |_|_|_|/
|/| | | | |
Use Libpod tmpdir for pause path
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, we always computed pause path from the Rootless
runtime directory. Problem: this does not match the behavior of
Libpod when the directory changes. Libpod will continue to use
the previous directory, cached in the database; Pause pidfiles
will swap to the new path. This is problematic when the directory
needs to exist to write the pidfile, and Libpod is what creates
the directory.
There are two potential solutions - allow the pause pidfile to
move and just make the directory when we want to write it, or use
the cached Libpod paths for a guaranteed location. This patch
does the second, because it seems safer - we will never miss a
previously-existing pidfile because the location is now
consistent.
Fixes #8539
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Drop name argument from Load API
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Not pass the name argument to Load API. Specify in the document the usage of the optional argument is tagging an additional image.
Close #7337
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\ \ \ \ \
| |_|_|_|/
|/| | | | |
target is not tag
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
remove mistaken use of target being used for tag
Signed-off-by: baude <bbaude@redhat.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The network ID is not stored. It is just the sha256 hash from
the network name. There is a risk of a potential hash collision.
However it's very unlikely and even if we hit this it will
complain that more than network with this ID exists.
The main benefit is that the compat api can have proper
network ID support. Also this adds the support for
`podman network ls --format "{{.ID}}"` and `--filter id=<ID>`.
It also ensures that we can do network rm <ID> and network
inspect <ID>.
Since we use a hash this commit is backwards compatible even for
already existing networks.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \
| | | |
| | | | |
Do not use "true" after "syslog" in exit commands
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instead of being interpreted as an argument to the boolean flag,
the 'true' is being intepreted as the Podman command to be run -
so we're trying to run `podman true`, which does not exist. This
causes the cleanup command to fail when `--log-level=debug` is
set, so containers are not cleaned up or removed.
This problem is easily reproduced with any command combining the
`--rm`, `-d`, and `--log-level=debug` flags - the command will
execute and exit, but the container will not be removed.
Separate, but worth looking into later: the errors we get on
trying `podman true` with any flags are terrible - if you just
type `podman true` you get a quite sane "Unrecognized command"
error, but if you try `podman true --rm` you get an "unknown flag
--rm" error - which makes very little sense given the command
itself doesn't exist.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| |\ \ \
| | | |
| | | | |
Fix potential race condition in testing
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The It("podman wait to pause|unpause condition"... test is
flaking every so often when a messages is sent in the second
function to a channel. It is my believe that in between the time
the first function sends a message to the channel and before it closes
the channel the second errChan=make() has happened. This would mean that
the fist function closes the second errChan, and then when the second
function sends a message to the second errChan, it fails and blows up with
the error you are seeing.
By creating a different variable for the second channel, we eliminate the race.
Fixes: https://github.com/containers/podman/issues/6518
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
podman network label support
|
