summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Merge pull request #15061 from cfergeau/always-trueOpenShift Merge Robot2022-07-26
|\ | | | | machine: Fix check which is always true
| * machine: Fix check which is always trueChristophe Fergeau2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before making / mutable/immutable, podman-machine checks if the mount is being done in /home or /mnt. However the current check is always going to be true: ``` !strings.HasPrefix(mount.Target, "/home") || !strings.HasPrefix(mount.Target, "/mnt") ``` is false when mount.Target starts with "/home" and mount.Target starts with "/mnt", which cannot happen at the same time. The correct check is: ``` !strings.HasPrefix(mount.Target, "/home") && !strings.HasPrefix(mount.Target, "/mnt") ``` which can also be written as: ``` !(strings.HasPrefix(mount.Target, "/home") || strings.HasPrefix(mount.Target, "/mnt")) ``` The impact is not too bad, it results in extra 'chattr -i' calls which should be unneeded. [NO NEW TESTS NEEDED] Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
* | Merge pull request #15057 from marshall-lee/tls-verify-default-trueOpenShift Merge Robot2022-07-26
|\ \ | |/ |/| Set TLSVerify=true by default for API endpoints
| * Set TLSVerify=true by default for API endpointsVladimir Kochnev2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Option defaults in API must be the same as in CLI. ``` % podman image push --help % podman image pull --help % podman manifest push --help % podman image search --help ``` All of these CLI commands them have --tls-verify=true by default: ``` --tls-verify require HTTPS and verify certificates when accessing the registry (default true) ``` As for `podman image build`, it doesn't have any means to control `tlsVerify` parameter but it must be true by default. Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
* | Semiperiodoc cleanup of obsolete FIXMEsEd Santiago2022-07-25
|/ | | | | | | | | | | | | | | | Some refer to issues that are closed. Remove them. Some are runc bugs that will never be fixed. Say so, and remove the FIXME. One (bps/iops) should probably be fixed. File an issue for it, and update comment to include the issue# so my find-obsolete-skips script can track it. And one (rootless mount with a "kernel bug?" comment) is still not fixed. Leave the skip, but add a comment documenting the symptom. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #15035 from cdoern/cgroupOpenShift Merge Robot2022-07-23
|\ | | | | fix container create/run throttle devices
| * fix container create/run throttle devicesCharlie Doern2022-07-22
| | | | | | | | | | | | pod resource limits introduced a regression where `FinishThrottleDevices` was not called for create/run Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | Merge pull request #14967 from sstosh/pause-optionOpenShift Merge Robot2022-07-22
|\ \ | | | | | | Add pause/unpause --latest, --cidfile, --filter
| * | Add pause/unpause --latest, --cidfile, --filterToshiki Sonoda2022-07-20
| | | | | | | | | | | | | | | | | | | | | | | | --latest : pause/unpause the latest container. --filter : pause/unpause the filtered container. --cidfile : Read container ID from the specified file and pause/unpause the container. Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | Merge pull request #15040 from Luap99/api-umaskOpenShift Merge Robot2022-07-22
|\ \ \ | | | | | | | | API: libpod/create use correct default umask
| * | | API: libpod/create use correct default umaskPaul Holzinger2022-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure containers created via API have the correct umask from containers.conf set. Fixes #15036 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #14567 from cdoern/secretsOpenShift Merge Robot2022-07-22
|\ \ \ \ | |_|_|/ |/| | | Implement kubernetes secret handling for podman play kube
| * | | kube secret handling for podman play kubecdoern2022-07-20
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | add support for both creating a secret using yaml and mounting a secret as a volume given a yaml file. Kubernetes secrets have a different structure than podman and therefore have to be handeled differently. In this PR, I have introduced the basic usecases of kube secrets with more implementations like env secrets to come! resolves #12396 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | Merge pull request #15016 from Luap99/compat-netnameOpenShift Merge Robot2022-07-22
|\ \ \ | |_|/ |/| | compat api: allow default bridge name for networks
| * | compat api: always turn on network isolation for networksPaul Holzinger2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fix some network option parsing logic to use constants. Always use the isolate option since this is what docker does. Remove the icc option, this is different from isolate and it is not implemented. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | compat api: allow default bridge name for networksPaul Holzinger2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker uses "bridge" as default network name so some tools expect this to work with network list or inspect. To fix this we change "bridge" to the podman default ("podman") name. Fixes #14983 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #14968 from jmguzik/compatOpenShift Merge Robot2022-07-22
|\ \ \ | | | | | | | | Compat API: unify pull/push and add missing progress info
| * | | Compat API: unify pull/push and add missing progress infoJakub Guzik2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Progress bar in JSONMessage is missing compared to docker output both in pull and push. Additionaly, pull was not using JSONMessage while push was using the type. [NO NEW TESTS NEEDED] Signed-off-by: Jakub Guzik <jguzik@redhat.com>
* | | | Merge pull request #15010 from Luap99/machine-e2eOpenShift Merge Robot2022-07-22
|\ \ \ \ | | | | | | | | | | enable linter for pkg/machine/e2e
| * | | | fix broken machine testPaul Holzinger2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The memory both local and in the CI test is converted to 3822. I don't know why this changed but I want to have this working again. For the future we should look at a more robust solution. Fixes #15012 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | pkg/machine/e2e: do not import from cmd/podmanPaul Holzinger2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The same problem again as 4374038cc67405e3f5555b1870d5bb7f6570fa5d. Also fix the incorrect --format autocompletion struct. It should be avoided to import cmd/podman/... packages from outside of cmd/podman. This can lead in weird hard to debug import paths but also can have negative consequences when imported in unit tests. In this case it will set XDG_CONFIG_HOME and thus the machine tests this dir over the tmp HOME env variable which is set at a later point. This caused machine files to be leaked into the actual users home dir. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | fix some pkg/machine/e2e test to read stderrPaul Holzinger2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also fix the machine ssh code order to provide a better error message. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | enable linter for pkg/machine/e2ePaul Holzinger2022-07-21
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rename all files to _test.go and rename the package to e2e_test. This makes the linter less strict about things like dot imports. Add some unused nolint directives to silence some warnings, these can be used to find untested options so someone could add tests for them. Fixes #14996 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #15022 from vrothberg/fix-14971OpenShift Merge Robot2022-07-22
|\ \ \ \ | | | | | | | | | | remote push: show copy progress
| * | | | remote push: show copy progressValentin Rothberg2022-07-21
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `podman-remote push` has shown absolutely no progress at all. Fix that by doing essentially the same as the remote-pull code does. The get-free-out-of-jail-card for backwards compatibility is to let the `quiet` parameter default to true. Since the --quioet flag wasn't working before either, older Podman clients do not set it. Also add regression tests to make sure we won't regress again. Fixes: #11554 Fixes: #14971 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* / / / resource limits for podsCharlie Doern2022-07-21
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | added the following flags and handling for podman pod create --memory-swap --cpuset-mems --device-read-bps --device-write-bps --blkio-weight --blkio-weight-device --cpu-shares given the new backend for systemd in c/common, all of these can now be exposed to pod create. most of the heavy lifting (nearly all) is done within c/common. However, some rewiring needed to be done here as well! Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | Merge pull request #14980 from n1hility/fix-leakOpenShift Merge Robot2022-07-21
|\ \ \ | |/ / |/| | Fix potential body leak on mid-stream read error when fetching artifact version
| * | Fix potential leak on mid-stream read errorJason T. Greene2022-07-19
| | | | | | | | | | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | | Merge pull request #14907 from flouthoc/remove-hooksOpenShift Merge Robot2022-07-21
|\ \ \ | | | | | | | | pkg,libpod: remove `pkg/hooks` and use `hooks` from `c/common`
| * | | pkg,libpod: remove pkg/hooks and use hooks from c/commonAditya R2022-07-20
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | PR https://github.com/containers/common/pull/1071 moved `pkg/hooks` to `c/common` hence remove that from podman and use `pkg/hooks` from `c/common` [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
* | | Merge pull request #14995 from ashley-cui/machtestOpenShift Merge Robot2022-07-20
|\ \ \ | | | | | | | | Fix machine test
| * | | Fix machine testAshley Cui2022-07-20
| |/ / | | | | | | | | | | | | | | | DownloadVMImage takes an extra argument. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #14977 from umohnani8/initOpenShift Merge Robot2022-07-20
|\ \ \ | |/ / |/| | Update init ctr default for play kube
| * | Update init ctr default for play kubeUrvashi Mohnani2022-07-20
| |/ | | | | | | | | | | | | | | | | Update the init container type default to once instead of always to match k8s behavior. Add a new annotation that can be used to change the init ctr type in the kube yaml. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Merge pull request #14945 from sstosh/pod-pause-cgroupv1OpenShift Merge Robot2022-07-20
|\ \ | |/ |/| "podman pod pause" return error if cgroups v1 rootless container
| * "pod pause/unpause/stop" append "report.Errs" to "reports"Toshiki Sonoda2022-07-19
| | | | | | | | | | | | | | | | | | | | There is a possibility that podman does not output expected error message. (e.g. When pause rootless cgroups v1 container on host) This problem is solved by appending `report.Errs` to `reports` before `continue`. [NO NEW TESTS NEEDED] Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | Print rootfs download as a specific version on WinJason T. Greene2022-07-18
|/ | | | | | | | | - Also save the file using this convention. - Change the general pull mechanism to print the local file as opposed to the remote to enable this - no change in observed behavior on mac Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Merge pull request #14900 from ashley-cui/machcacheopenshift-ci[bot]2022-07-16
|\ | | | | Clean up cached machine images
| * Clean up cached machine imagesAshley Cui2022-07-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When initing machines, we download a machine image, and uncompress and copy the image for the actual vm image. When a user constantly pulls new machines, there may be a buildup of old, unused machine images. This commit cleans ups the unused cached images. Changes: - If the machine is pulled from a URL or from the FCOS releases, we pull them into XDG_DATA_HOME/containers/podman/machine/vmType/cache - Cache cleanups only happen if there is a cache miss, and we need to pull a new image - For Fedora and FCOS, we actually use the cache, so we go through the cache dir and remove any images older than 2 weeks (FCOS's release cycle), on a cache miss. - For generic files pulled from a URL, we don't actually cache, so we delete the pulled file immediately after creating a machine image - For generic files from a local path, the original file will never be cleaned up Note that because we cache in a different dir, this will not clean up old images pulled before this commit. [NO NEW TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* | Machine init: create .ssh dir if not existAshley Cui2022-07-15
|/ | | | | | | When initing a machine, we generate ssh keys in `$HOME/.ssh`. If there is not .ssh dir, we should create it, so the init does not fail. Signed-off-by: Ashley Cui <acui@redhat.com>
* Podman stop --filter flagKarthik Elango2022-07-14
| | | | | | | Filter flag is added for podman stop and podman --remote stop. Filtering logic is implemented in getContainersAndInputByContext(). Start filtering can be manipulated to use this logic as well to limit redundancy. Signed-off-by: Karthik Elango <kelango@redhat.com>
* Merge pull request #14935 from saschagrunert/semver-v4openshift-ci[bot]2022-07-14
|\ | | | | Switch to `github.com/blang/semver/v4`
| * Switch to `github.com/blang/semver/v4`Sascha Grunert2022-07-14
| | | | | | | | | | | | | | | | Switch to the latest version of the now go module compatible release. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* | Merge pull request #14919 from gbraad/fedorawslopenshift-ci[bot]2022-07-14
|\ \ | |/ |/| Use prepared image for WSL machine init
| * Fixes #14698 Use prepared image for WSL2 machine initGerard Braad2022-07-13
| | | | | | | | | | | | | | | | | | | | | | | | This commit introduces a prepared image for setting up the WSL2 environment. This means that the deployment will take considerable less time to finish (as it does not need to run an update and package install), but also allows to rely on a cached image to re-init the environment without the need for an internet connection. [NO NEW TESTS NEEDED] Signed-off-by: Gerard Braad <me@gbraad.nl>
* | Merge pull request #14772 from nicrowe00/12475openshift-ci[bot]2022-07-13
|\ \ | | | | | | Add "podman kube play" cmd
| * | Add "podman kube play" cmdNiall Crowe2022-07-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The "podman kube play" command is designed to be a replacement for the "podman play kube" command. It performs the same function as "play kube" while also still working with the same flags and options. The "podman play kube" command is still functional as an alias of "kube play". Closes #12475 Signed-off-by: Niall Crowe <nicrowe@redhat.com> Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | Merge pull request #14895 from baude/machinewipopenshift-ci[bot]2022-07-13
|\ \ \ | |/ / |/| | Fix machine test for list
| * | Fix last machine testBrent Baude2022-07-12
| |/ | | | | | | | | | | | | | | The list --format json test case had a typo like error. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | abi: create new cgroup when running in a containerGiuseppe Scrivano2022-07-13
| | | | | | | | | | | | | | | | | | | | | | if podman is running in the root cgroup, it will create a new subcgroup and move itself there. [NO NEW TESTS NEEDED] it needs nested podman Closes: https://github.com/containers/podman/issues/14884 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>