summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Merge pull request #10736 from trusch/feature-use-secret-configOpenShift Merge Robot2021-06-25
|\ | | | | read secret config from config file if no user data.
| * make DriverOpts name consistent.Tino Rusch2021-06-25
| | | | | | | | Signed-off-by: Tino Rusch <tino.rusch@gmail.com>
| * read secret config from config file if no user data.Tino Rusch2021-06-24
| | | | | | | | | | | | | | | | | | | | | | | | feat: read secret config from config file if the user hasn't entered explicit config values feat: allow to specify `--driver-opts opt1=val1,opt2=val2` in the secret create command to allow overriding the default values fix: show driver options in `podman secret inspect` Signed-off-by: Tino Rusch <tino.rusch@gmail.com>
* | Merge pull request #10774 from vrothberg/registriesOpenShift Merge Robot2021-06-25
|\ \ | | | | | | remove `pkg/registries`
| * | remove `pkg/registries`Valentin Rothberg2021-06-25
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Pull the trigger on the `pkg/registries` package which acted as a proxy for `c/image/pkg/sysregistriesv2`. Callers should be using the packages from c/image directly, if needed at all. Also make use of libimage's SystemContext() method which returns a copy of a system context, further reducing the risk of unintentionally altering global data. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / pkg/systemd: don't require LISTEN_FDNAMES for socket activationTycho Andersen2021-06-24
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | LISTEN_FDNAMES is optional, the docs for sd_listen_fds() says: This information is read from the $LISTEN_FDNAMES variable, which **may** contain a colon-separated list of names. emphasis mine (indeed, the cited coreos code also suggests it is optional). This actually results in bug, since the default /contrib/systemd/system/podman.socket file doesn't set a FileDescriptorName=. podman when run with this systemd configuration *always* starts in unix socket mode since SocketActivated() will return false because the name is missing. The bug is a race with a very small window: between when podman does the unlink() and when it re-binds the socket later in the code, requests made during this time will fail since nothing is listening. There's another small race when the service stops and systemd realizes it and starts listening again. However, small this window we managed to hit it :). Let's fix this by ignoring LISTEN_FDNAMES. Since the code in cmd/podman/system/service_abi.go:restService() ignores this value anyway when setting up the socket activated stuff, there's no real loss here. Signed-off-by: Tycho Andersen <tycho@tycho.pizza>
* Merge pull request #10583 from rhatdan/logOpenShift Merge Robot2021-06-24
|\ | | | | Support log_tag defaults from containers.conf
| * Support log_tag defaults from containers.confDaniel J Walsh2021-06-23
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10204 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10756 from jmguzik/volume-prune-until-http-apiOpenShift Merge Robot2021-06-23
|\ \ | | | | | | Add support for volume prune until filter to http api
| * | Add support for volume prune until filter to http apiJakub Guzik2021-06-22
| |/ | | | | | | | | | | | | | | As stated in #10579 docker silently implements until filter for volume prune. This commit adds initial support to the HTTP API, both libpod and compat. It enables further work on that issue, such as adding cli support in the future. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #10716 from cdoern/podFlagsOpenShift Merge Robot2021-06-23
|\ \ | | | | | | Podman Pod Create --cpus and --cpuset-cpus flags
| * | Podman Pod Create --cpus and --cpuset-cpus flagscdoern2021-06-23
| |/ | | | | | | | | | | | | | | | | | | | | | | Added logic and handling for two new Podman pod create Flags. --cpus specifies the total number of cores on which the pod can execute, this is a combination of the period and quota for the CPU. --cpuset-cpus is a string value which determines of these available cores, how many we will truly execute on. Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | Merge pull request #10610 from cdoern/healthCheckOpenShift Merge Robot2021-06-23
|\ \ | | | | | | Edited compat handling code for containers/json status and added python tests
| * | Health Check is not handled in the compat LibpodToContainerJSONcdoern2021-06-23
| | | | | | | | | | | | | | | | | | | | | | | | Added parsing and handling for the healthCheck status within containers.go. Also modified tests fixes #10457 Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | create: support images with invalid platformValentin Rothberg2021-06-23
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Much to my regret, there is a number of images in the wild with invalid platforms breaking the platform checks in libimage that want to make sure that a local image is matching the expected platform. Imagine a `podman run --arch=arm64 fedora` with a local amd64 fedora image. We really shouldn't use the local one in this case and pull down the arm64 one. The strict platform checks in libimage in combination with invalid platforms in images surfaced in Podman being able to pull an image but failing to look it up in subsequent presence checks. A `podman run` would hence pull such an image but fail to create the container. Support images with invalid platforms by vendoring the latest HEAD from containers/common. Also remove the partially implemented pull-policy logic from Podman and let libimage handle that entirely. However, whenever --arch, --os or --platform are specified, the pull policy will be forced to "newer". This way, we pessimistically assume that the local image has an invalid platform and we reach out to the registry. If there's a newer image (i.e., one with a different digest), we'll pull it down. Please note that most of the logic has either already been implemented in libimage or been moved down which allows for removing some clutter from Podman. [NO TESTS NEEDED] since c/common has new tests. Podman can rely on the existing tests. Fixes: #10648 Fixes: #10682 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Fix documentation of the --format option of podman pushMiloslav Trmač2021-06-17
| | | | | | | | | | | | | | | | It affects all transports; and without --format, we try several manifest formats. [NO TESTS NEEDED] Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | Merge pull request #10683 from Luap99/exec-resizeOpenShift Merge Robot2021-06-16
|\ \ | | | | | | Fix resize race with podman exec -it
| * | Fix resize race with podman exec -itPaul Holzinger2021-06-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When starting a process with `podman exec -it` the terminal is resized after the process is started. To fix this allow exec start to accept the terminal height and width as parameter and let it resize right before the process is started. Fixes #10560 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #10588 from cdoern/imgDocsOpenShift Merge Robot2021-06-16
|\ \ \ | | | | | | | | [CI:DOCS] converted query parameter for credentials to header parameter.
| * | | Docs Switch from Query Param to Headercdoern2021-06-15
| | | | | | | | | | | | | | | | | | | | | | | | credentials switched from query param to header x-reg due to podman parsing the header for credentials not the query itself. Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | | Merge pull request #10595 from boaz0/closes_10539OpenShift Merge Robot2021-06-15
|\ \ \ \ | | | | | | | | | | Add podman-restart systemd unit file
| * | | | Restart all containers with restart-policy=always on bootBoaz Shuster2021-06-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add podman-restart systemd unit file and add it to podman RPM package * Fix podman start to filter all containers + unit test Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | | | Merge pull request #10622 from cdoern/imgImportFeatureOpenShift Merge Robot2021-06-15
|\ \ \ \ \ | | | | | | | | | | | | compat import imageFromSrc support for platform query parameter
| * | | | | Image import fromSrc now supports OS/Archcdoern2021-06-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | added handling in entities and compat to support passing a specified OS/Arch while importing from SRC. fixes #10566 Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | | | | Merge pull request #10668 from zhangguanzhang/panic-cgroupOpenShift Merge Robot2021-06-15
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | [NO TESTS NEEDED] Fixes panic condition in cgroups.getAvailableControllers
| * | | | | Fix panic condition in cgroups.getAvailableControllerszhangguanzhang2021-06-15
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | | | Merge pull request #10651 from rhatdan/buildOpenShift Merge Robot2021-06-14
|\ \ \ \ \ \ | | | | | | | | | | | | | | Add support for podman remote build -f - .
| * | | | | | Add support for podman remote build -f - .Daniel J Walsh2021-06-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10621 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | Fix handling of podman-remote build --deviceDaniel J Walsh2021-06-13
| |/ / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10614 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #10661 from mwhahaha/issue-10660OpenShift Merge Robot2021-06-12
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fall back to string for dockerfile parameter
| * | | | | | Fall back to string for dockerfile parameterAlex Schultz2021-06-11
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a9cb824981db3fee6b8445b29e513c89e9b9b00b changed the expectations of the dockerfile parameter to be json data however it's a string. In order to support both, let's attempt json and fall back to a string if the json parsing fails. Closes #10660 Signed-off-by: Alex Schultz <aschultz@redhat.com>
* | | | | | Merge pull request #10405 from mheon/always_cleanup_execOpenShift Merge Robot2021-06-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | Always spawn a cleanup process with exec
| * | | | | | Always spawn a cleanup process with execMatthew Heon2021-06-10
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We were previously only doing this for detached exec. I don't know why we did that, but I don't see any reason not to extend it to all exec sessions - it guarantees that we will always clean up exec sessions, even if the original `podman exec` process died. [NO TESTS NEEDED] because I don't really know how to test this one. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | | Merge pull request #10638 from Luap99/volumeOpenShift Merge Robot2021-06-11
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Fix volumes with uid and gid options
| * | | | | Fix volumes with uid and gid optionsPaul Holzinger2021-06-11
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman uses the volume option map to check if it has to mount the volume or not when the container is started. Commit 28138dafcc39 added to uid and gid options to this map, however when only uid/gid is set we cannot mount this volume because there is no filesystem or device specified. Make sure we do not try to mount the volume when only the uid/gid option is set since this is a simple chown operation. Also when a uid/gid is explicity set, do not chown the volume based on the container user when the volume is used for the first time. Fixes #10620 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #10634 from Luap99/machine-buildOpenShift Merge Robot2021-06-10
|\ \ \ \ \ | | | | | | | | | | | | Fix build tags for pkg/machine...
| * | | | | Fix build tags for pkg/machine...Paul Holzinger2021-06-10
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman machine is only intended for amd64 and arm64 architectures, set the correct buildtags so that the `pkg/machine`, `pkg/machine/qemu` and `pkg/machine/libvirt` packages compile correctly. [NO TESTS NEEDED] Fixes #10625 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / / / / rootless: fix fast join userns pathGiuseppe Scrivano2021-06-09
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit ab886328357184cd0a8375a5dedf816ba91789f9 changed the path for the pause.pid file but didn't update the same path in the C code. This prevented Podman to take the fast path when the userns is already created and to join it without re-execing itself. Fix the path in the C code as well so we can join the rootless user+mount namespace without having to re-exec Podman. [NO TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #10550 from rhatdan/DockerfileOpenShift Merge Robot2021-06-09
|\ \ \ \ | |_|_|/ |/| | | podman-remote build should handle -f option properly
| * | | podman-remote build should handle -f option properlyDaniel J Walsh2021-06-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman-remote build has to handle multiple different locations for the Containerfile. Currently this works in local mode but not when using podman-remote. Fixes: https://github.com/containers/podman/issues/9871 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | [CI:DOCS] Update swagger for inspect networkJhon Honce2021-06-08
| |/ / |/| | | | | | | | | | | | | | | | | | | | struct for swagger was pointing to wrong internal type Fixes #10559 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #10603 from cdoern/networksQueryCharlie Doern2021-06-08
|\ \ \ | |/ / |/| | implemented verbose and scope as possible
| * | fixed docs and schemascdoern2021-06-08
| | | | | | | | | | | | Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | Merge pull request #10597 from Luap99/pruneOpenShift Merge Robot2021-06-08
|\ \ \ | | | | | | | | Fix network prune api docs
| * | | Fix network prune api docsPaul Holzinger2021-06-08
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The api doc used wrong response examples for both the compat and libpod network prune endpoints. Change the doc so that it matches the actual return values. Also fix the endpoints to return an empty array instead of null when no networks are removed. [NO TESTS NEEDED] Fixes: #10564 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #10548 from cdoern/imgFeatureOpenShift Merge Robot2021-06-08
|\ \ \ | | | | | | | | API images/create added missing parameters platform, message, repo
| * | | made requested changes, fixed api testscdoern2021-06-04
| | | | | | | | | | | | | | | | Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | | remote pull: cancel pull when connection is closedPaul Holzinger2021-06-08
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a client closes the http connection during image pull, the service should cancel the pull operation. [NO TESTS NEEDED] I have no idea how we could test this reliable. Fixes: #7558 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #10381 from adrianreber/2021-05-18-publishOpenShift Merge Robot2021-06-07
|\ \ \ | | | | | | | | Add --publish to container restore
| * | | Allow changing of port forward rules on restoreAdrian Reber2021-06-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Restored containers, until now, had the same port mappings as the original started container. This commit adds the parameter '--publish' to 'podman container restore' with the same semantic as during create/run. With this change it is possible to create a copy from a container with a '--publish' rule and replace the original '--publish' setting with a new one. # podman run -p 2345:8080 container # podman container checkpoint -l --export=dump.tar # podman container restore -p 5432:8080 --import=dump.tar The restored container will now listen on localhost:5432 instead of localhost:2345 as the original created container. Signed-off-by: Adrian Reber <areber@redhat.com>