summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Drop OCICNI dependencyPaul Holzinger2021-09-15
| | | | | | | | | | | We do not use the ocicni code anymore so let's get rid of it. Only the port struct is used but we can copy this into libpod network types so we can debloat the binary. The next step is to remove the OCICNI port mapping form the container config and use the better PortMapping struct everywhere. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Wire network interface into libpodPaul Holzinger2021-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make use of the new network interface in libpod. This commit contains several breaking changes: - podman network create only outputs the new network name and not file path. - podman network ls shows the network driver instead of the cni version and plugins. - podman network inspect outputs the new network struct and not the cni conflist. - The bindings and libpod api endpoints have been changed to use the new network structure. The container network status is stored in a new field in the state. The status should be received with the new `c.getNetworkStatus`. This will migrate the old status to the new format. Therefore old containers should contine to work correctly in all cases even when network connect/ disconnect is used. New features: - podman network reload keeps the ip and mac for more than one network. - podman container restore keeps the ip and mac for more than one network. - The network create compat endpoint can now use more than one ipam config. The man pages and the swagger doc are updated to reflect the latest changes. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11409 from cdoern/podVolumesOpenShift Merge Robot2021-09-15
|\ | | | | Pod Volumes Support
| * Pod Volumes Supportcdoern2021-09-14
| | | | | | | | | | | | | | | | | | added support for the --volume flag in pods using the new infra container design. users can specify all volume options they can with regular containers resolves #10379 Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #11578 from jelly/handle_nil_pointer_derefOpenShift Merge Robot2021-09-15
|\ \ | | | | | | api: handle nil pointer dereference in api endpoints
| * | api: handle nil pointer dereference in rest endpointsJelle van der Waa2021-09-15
| | | | | | | | | | | | | | | | | | | | | | | | When `?all=garbage` is passed to an API endpoint schema validation fails and err is nil. Wrapf uses err to create an error message causing a nil pointer dereference. Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
* | | Merge pull request #11574 from nalind/buildah-platformsOpenShift Merge Robot2021-09-15
|\ \ \ | |/ / |/| | build: take advantage of --platform lists
| * | build: take advantage of --platform listsNalin Dahyabhai2021-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The builder can take a list of platforms in the Platforms field of its BuildOptions argument, and we should definitely take advantage of that. The `bud-multiple-platform-values` test from buildah exercises support for this, so [NO TESTS NEEDED] Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | Merge pull request #11575 from jelly/doc_all_optionOpenShift Merge Robot2021-09-14
|\ \ \ | |/ / |/| | [CI:DOCS] Document `all` query parameter for /libpod/images/prune
| * | Document `all` query parameter for /libpod/images/pruneJelle van der Waa2021-09-14
| | | | | | | | | | | | Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
* | | Merge pull request #11170 from flouthoc/support-rootfs-overlayOpenShift Merge Robot2021-09-14
|\ \ \ | | | | | | | | rootfs: Add support for rootfs-overlay.
| * | | rootfs: Add support for rootfs-overlay and bump to buildah v1.22.1-0.202108flouthoc2021-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allows users to specify a readonly rootfs with :O, in exchange podman will create a writable overlay. bump builah to v1.22.1-0.20210823173221-da2b428c56ce [NO TESTS NEEDED] Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | | | Merge pull request #11569 from baude/macaarch64pullfcosOpenShift Merge Robot2021-09-14
|\ \ \ \ | | | | | | | | | | Use new aarch64 fcos repos
| * | | | Use new aarch64 fcos reposbaude2021-09-14
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | Now that aarch64 fcos is an official thing, we no longer need to use the side repo (for lack of a better word). We can now use the same image lookup technique as x86_64. I removed the special lookup, moved the x86_64 lookup to generic arch, and removed the arch specific files that we no longer needed. [NO TESTS NEEDED] Signed-off-by: baude <baude@redhat.com>
* | | | Merge pull request #11559 from jwhonce/wip/generatorOpenShift Merge Robot2021-09-14
|\ \ \ \ | |_|_|/ |/| | | Enhance bindings for IDE hints
| * | | Enhance bindings for IDE hintsJhon Honce2021-09-14
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | * Follow https://pkg.go.dev/cmd/go#hdr-Generate_Go_files_by_processing_source for leading comment * Add godoc strings for all exposed methods for IDE support * Copy field godoc strings into generated code as function godoc string * Remove unused/unnecessary fields from generator.go structures * Cleanup code regarding template usage Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #11551 from Luap99/rootlessport-restartOpenShift Merge Robot2021-09-14
|\ \ \ | |_|/ |/| | fix restart always with rootlessport
| * | remove rootlessport socket to prevent EADDRINUSEPaul Holzinger2021-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | When we restart a container via podman restart or restart policy the rootlessport process fails with `address already in use` because the socketfile still exists. This is a regression and was introduced in commit abdedc31a25e. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Search gvproxy with config.FindHelperBinary()Hyeon Kim2021-09-14
| |/ |/| | | | | | | | | | | | | Closes #11531 [NO TESTS NEEDED] Signed-off-by: Hyeon Kim <simnalamburt@gmail.com>
* | Merge pull request #11529 from n1hility/fix-oldfieldsOpenShift Merge Robot2021-09-13
|\ \ | | | | | | Add deprecated event fields for 1.22+ clients that still expect them
| * | Add deprecated fields for 1.22+ clients that still expect themJason T. Greene2021-09-10
| | | | | | | | | | | | Signed-off-by: Jason Greene <jason.greene@redhat.com>
* | | Merge pull request #11440 from ashley-cui/sshOpenShift Merge Robot2021-09-13
|\ \ \ | | | | | | | | Use default username for podman machine ssh
| * | | Use default username for podman machine sshAshley Cui2021-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When using the defaut conection for podman machine ssh, use the default username too. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | Fix #11444: remote breaks with stdout redirectionAnton Tykhyy2021-09-13
| |_|/ |/| | | | | | | | | | | | | | | | | `setConsoleMode` should do nothing if the handle is not a terminal. The proposed change is [exactly what `golang.org/x/term/IsTerminal()` does on Windows](https://cs.opensource.google/go/x/term/+/6886f2df:term_windows.go). [NO TESTS NEEDED] Signed-off-by: Anton Tykhyy <atykhyy@gmail.com>
* | | Merge pull request #11517 from jwhonce/issues/10053OpenShift Merge Robot2021-09-12
|\ \ \ | | | | | | | | Refactor API server emphasis on logging
| * | | Refacter API server emphasis on loggingJhon Honce2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * To aid in debugging log API request and response bodies at trace level. Events can be correlated using the X-Reference-Id. * Server now echos X-Reference-Id from client if set, otherwise generates an unique id. * Move logic for X-Reference-Id into middleware * Change uses of Header.Add() to Set() when setting Content-Type * Log API operations in Apache format using gorilla middleware * Port server code to use BaseContext and ConnContext Fixes #10053 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #11525 from rhatdan/healthcheckOpenShift Merge Robot2021-09-11
|\ \ \ \ | | | | | | | | | | Stop outputting 'healthy' on healthcheck
| * | | | Stop outputting 'healthy' on healthcheckDaniel J Walsh2021-09-10
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should only print unhealthy if the check fails. Currently this is filling logs when users are running lots of healthchecks. Improves: https://github.com/containers/podman/issues/11157 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #11323 from umohnani8/initOpenShift Merge Robot2021-09-10
|\ \ \ \ | |/ / / |/| | | Add init containers to generate and play kube
| * | | Add init containers to generate and play kubeUrvashi Mohnani2021-09-10
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kubernetes has a concept of init containers that run and exit before the regular containers in a pod are started. We added init containers to podman pods as well. This patch adds support for generating init containers in the kube yaml when a pod we are converting had init containers. When playing a kube yaml, it detects an init container and creates such a container in podman accordingly. Note, only init containers created with the init type set to "always" will be generated as the "once" option deletes the init container after it has run and exited. Play kube will always creates init containers with the "always" init container type. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | Merge pull request #11498 from vrothberg/fix-11489OpenShift Merge Robot2021-09-10
|\ \ \ | | | | | | | | [CI:DOCS] podman machine: enforce a single search registry
| * | | machine: set filemodes in octalValentin Rothberg2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By popular request, turn decimals to octal. Most eyes are trained to parse file permissions in octal. [NO TESTS NEEDED] since machine isn't tested yet. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | podman machine: enforce a single search registryValentin Rothberg2021-09-10
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | Enforce "docker.io" to be the only search registry. Short-name resolution for remote clients is not fully supported since there is no means to prompt. Enforcing a single registry works around the problem since prompting only fires with more than one search registry. Fixes: #11489 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #11506 from giuseppe/fix-stats-restart-containerOpenShift Merge Robot2021-09-10
|\ \ \ | | | | | | | | stats: detect container restart and allow paused containers
| * | | api: correctly set the container statsGiuseppe Scrivano2021-09-10
| |/ / | | | | | | | | | | | | | | | | | | override the outer scope variable instead of creating a local one. Otherwise the wrong variable would be used for the next iterations. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / / Add /containers/stats response to API docsJelle van der Waa2021-09-10
|/ / | | | | | | | | | | | | | | | | | | | | Include the response schema for a succesful request in the /containers/stats API documentation Additionally remove http 409 from /libpod/containers/stats docs, the documentation was copied from the deprecated stats endpoint, when a container is unavailabe the endpoint returns an empty list and no 409. Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
* | Merge pull request #11447 from chenzhiwei/respect-configOpenShift Merge Robot2021-09-09
|\ \ | | | | | | fix play kube can't use infra_image in config file
| * | fix play kube can't use infra_image in config fileChen Zhiwei2021-09-08
| | | | | | | | | | | | Signed-off-by: Chen Zhiwei <zhiweik@gmail.com>
* | | Merge pull request #11430 from saschagrunert/normalize-keyOpenShift Merge Robot2021-09-09
|\ \ \ | | | | | | | | Normalize auth key before calling `SetAuthentication`
| * | | Normalize auth key before calling `SetAuthentication`Sascha Grunert2021-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Recent changes in c/image caused the `SetAuthentication` API to be more restrictive in terms of validating the `key` (`server`) input. To ensure that manually modified or entries in `~/.docker/config.json` still work, we now strip the leading `http[s]://` prefix. Fixes https://github.com/containers/podman/issues/11235 Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* | | | Merge pull request #11476 from vrothberg/fix-11392OpenShift Merge Robot2021-09-08
|\ \ \ \ | | | | | | | | | | container inspect: improve error handling
| * | | | container inspect: improve error handlingValentin Rothberg2021-09-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Improve the error handling of `container inspect` to properly handle when the container has been removed _between_ the lookup and the inspect. That will yield the correct "no such object" error message in `inspect`. [NO TESTS NEEDED] since I do not know have a reliable and cheap reproducer. It's fixing a CI flake, so there's already an indicator. Fixes: #11392 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #11468 from Luap99/play-kube-slirpOpenShift Merge Robot2021-09-08
|\ \ \ \ \ | | | | | | | | | | | | fix play kube --network options
| * | | | | fix play kube --network optionsPaul Holzinger2021-09-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 092902b45555 introduced advanced network options for podman play kube. However this never worked because it unconditionally set the network mode to bridge after it parsed the network option. Added a test to ensure the correct mode is set. Truly fixes #10807 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #11453 from jonpspri/qemu-apple-silicon-bios-fdOpenShift Merge Robot2021-09-08
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | QEMU Apple Silicon: Find BIOS FD wherever
| * | | | | QEMU Apple Silicon: Find BIOS FD whereverJonathan Springer2021-09-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | QEmu normally install BIOS images under `/usr/local` prefix, but Homebrew installs them under `/opt/homebrew`. This change searches both locations and then puts back to an unpathed name if it doesn't find the BIOS. (I imitated other architectures' implemenations in that failback behavior.) [NO TESTS NEEDED] Signed-off-by: Jonathan Springer <jonpspri@gmail.com>
* | | | | | pkg/bindings/images.nTar(): set ownership of build context to 0:0Nalin Dahyabhai2021-09-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When attempting to run remote builds, users with UID/GID values that were high enough that they wouldn't be mapped into their default user namespace configurations would see their builds fail when the server attempted to extract the build contexts that they supplied, and failed to set ownership of the build context content to the UID/GID that were originally assigned to them. When archiving the build context at the client, set ownership of everything to 0:0, which we know is always mapped. Both ADD and COPY require that we set the ownership of newly-added content to 0:0 (unless the --chown flag is used), so throwing away the original ownership information doesn't hurt, anyway. As usual, tarballs that we extract as part of ADD aren't going to be affected. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | | | | Merge pull request #11431 from jmguzik/secrets-ls-filtersOpenShift Merge Robot2021-09-07
|\ \ \ \ \ \ | | | | | | | | | | | | | | Add filtering functionality to http api secrets list
| * | | | | | Add filtering functionality to http api secrets listJakub Guzik2021-09-03
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Filtering is missing in both compat API and libpod API, while docker has filtering functinality. This commit enables filtering option using name and id in both libpod and http API. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | | | | Merge pull request #11437 from MichaelAnckaert/fix-11418OpenShift Merge Robot2021-09-07
|\ \ \ \ \ \ | | | | | | | | | | | | | | [NO TESTS NEEDED] Fix #11418 - Default TMPDIR to /tmp on OS X