summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Add HairpinMode to our CNI configsMatthew Heon2020-05-11
| | | | | | | This may resolve some issues with routing traffic between containers using the host's IP. Signed-off-by: Matthew Heon <mheon@redhat.com>
* spec: fix order for setting rlimitsGiuseppe Scrivano2020-05-11
| | | | | | | also make sure that the limits we set for rootless are not higher than what we'd set for root containers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #6151 from lsm5/tests-apiv2-inspect-removeOpenShift Merge Robot2020-05-10
|\ | | | | bindings tests for container remove and inspect
| * bindings tests for container remove and inspectLokesh Mandvekar2020-05-08
| | | | | | | | Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | Merge pull request #6148 from jwhonce/wip/versionOpenShift Merge Robot2020-05-09
|\ \ | | | | | | V2 Implement tunnelled podman version
| * | V2 Impliment tunnelled podman versionJhon Honce2020-05-08
| | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #6147 from mheon/fix_inspect_annotationsDaniel J Walsh2020-05-09
|\ \ \ | |/ / |/| | Add remaining annotations for `podman inspect`
| * | Add remaining annotations for `podman inspect`Matthew Heon2020-05-08
| |/ | | | | | | | | | | This should finish support for `podman inspect` in APIv2. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* / v2 podman unshare commandBrent Baude2020-05-08
|/ | | | | | | | | | add unshare command add cp and init to container sub-command allow mount to run as rootless Signed-off-by: Brent Baude <bbaude@redhat.com>
* Fix `podman pod create --infra=false`Matthew Heon2020-05-08
| | | | | | | | We were accidentally setting incorrect defaults for the network namespace for rootless `pod create` when infra containers were not being created. This should resolve that issue. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6118 from baude/v2bindingsenforceOpenShift Merge Robot2020-05-08
|\ | | | | set binding tests to required
| * set binding tests to requiredBrent Baude2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | some small fix ups for binding tests and then make them required. update containers-common V2 bindings tests were failing because of changes introduced in commit a2ad5bb. Fix some typos. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org> in the case where the specgen attribute for Env and Labels are nil, we should should then make the map IF we have labels and envs that need to be added. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6141 from giuseppe/rootless-fixOpenShift Merge Robot2020-05-08
|\ \ | | | | | | abi: do not attempt to setup rootless if euid==0
| * | abi: do not attempt to setup rootless if euid==0Giuseppe Scrivano2020-05-08
| | | | | | | | | | | | | | | | | | if the process has already euid==0 do not attempt to setup rootless. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #6124 from mheon/fix_rootless_podcreateOpenShift Merge Robot2020-05-08
|\ \ \ | | | | | | | | Fix parsing of --network for `podman pod create`
| * | | Fix parsing of --network for `podman pod create`Matthew Heon2020-05-07
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | Interpreting CNI networks was a bit broken, and it was causing rootless `podman pod create` to fail. Also, we were missing the `--net` alias for `--network`, so add that. Fixes #6119 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6121 from vrothberg/v2-auto-updateOpenShift Merge Robot2020-05-08
|\ \ \ | |_|/ |/| | auto-update
| * | auto-updateValentin Rothberg2020-05-08
| |/ | | | | | | | | | | | | Add the `podman auto-update` command. There have been no tests in v1, so there are no in v2 either ... for now :) Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6117 from vrothberg/v2-runlabelOpenShift Merge Robot2020-05-08
|\ \ | |/ |/| container runlabel
| * container runlabelValentin Rothberg2020-05-07
| | | | | | | | | | | | Implement container runlabel for v2. Local client only. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | podman: split env variables in env and overridesGiuseppe Scrivano2020-05-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | There are three different priorities for applying env variables: 1) environment/config file environment variables 2) image's config 3) user overrides (--env) The third kind are known to the client, while the default config and image's config is handled by the backend. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #5961 from QiWang19/manifest-remove-pushOpenShift Merge Robot2020-05-07
|\ \ | | | | | | Manifest remove, push
| * | Manifest remove, pushQi Wang2020-05-06
| | | | | | | | | | | | | | | | | | Implements podman manifest remove and podman manifest push. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | v2trust set and showbaude2020-05-07
| |/ |/| | | | | | | | | | | | | add podman image trust set and show Signed-off-by: baude <bbaude@redhat.com> Signed-off-by: bbaude <bbaude@DESKTOP-SH5EG3J.localdomain> Signed-off-by: Brent Baude <bbaude@redhat.com>
* | add {generate,play} kubeValentin Rothberg2020-05-06
|/ | | | | | | | | | | | | | | | | | | Add the `podman generate kube` and `podman play kube` command. The code has largely been copied from Podman v1 but restructured to not leak the K8s core API into the (remote) client. Both commands are added in the same commit to allow for enabling the tests at the same time. Move some exports from `cmd/podman/common` to the appropriate places in the backend to avoid circular dependencies. Move definitions of label annotations to `libpod/define` and set the security-opt labels in the frontend to make kube tests pass. Implement rest endpoints, bindings and the tunnel interface. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6096 from mheon/fix_small_issuesOpenShift Merge Robot2020-05-06
|\ | | | | Add small fixes for 'podman run' from diffing inspect
| * Add small fixes for 'podman run' from diffing inspectMatthew Heon2020-05-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To try and identify differences between Podman v1.9 and master, I ran a series of `podman run` commands with various flags through each, then inspecting the resulting containers and diffed the inspect JSON between each. This identified a number of issues which are fixed in this PR. In order of discovery: - Podman v2 gave short names for images, where Podman v1 gave the fully-qualified name. Simple enough fix (get image tags and use the first one if they're available) - The --restart flag was not being parsed correctly when a number of retries was specified. Parsing has been corrected. - The -m flag was not setting the swap limit (simple fix to set swap in that case if it's not explicitly set by the user) - The --cpus flag was completely nonfunctional (wired in its logic) Tests have been added for all of these to catch future regressions. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6063 from QiWang19/manifest-annotateOpenShift Merge Robot2020-05-06
|\ \ | | | | | | manifest annotate
| * | manifest annotateQi Wang2020-05-05
| |/ | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #6081 from baude/v2systemOpenShift Merge Robot2020-05-05
|\ \ | |/ |/| v2 system subcommand
| * v2 system subcommandbaude2020-05-05
| | | | | | | | | | | | | | | | | | | | add system df, info, load, renumber, and migrate Refactor for specialized libpod engines add the ability to prune images, volumes, containers, and pods Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #6080 from baude/v2statsOpenShift Merge Robot2020-05-05
|\ \ | | | | | | v2 podman stats
| * | v2 podman statsbaude2020-05-05
| | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #6076 from vrothberg/rmi-v2.2OpenShift Merge Robot2020-05-05
|\ \ \ | |_|/ |/| | image removal: refactor part 2
| * | image removal: refactor part 2Valentin Rothberg2020-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Continue the refactoring of image removal. I didn't manage to break all the following changes into smaller and easier to digest commits due to time constraints: * Return an error slice instead of a single error. Use multierror only in the client/frontend. Reflect that in the types. * Use the batch image removal in the client while preserving the more rest-idiomatic single-image removal endpoint. * Add a new handler for the single-image removal endpoint to make it share the same code as the batch endpoint. * Expose bindings for the single and batch endpoints, so we can properly test them. * Add several convenience functions for error handling to pkg/errorhandling. * Set the correct error type in libpod to set the exit code to 2 when one or more containers are using an image. * Massage the bindings tests a bit and tackle compilation errors. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Rework port parsing to support --expose and -PMatthew Heon2020-05-04
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As part of this, make a major change to the type we use to represent port mappings in SpecGen (from using existing OCICNI structs to using our own custom one). This struct has the advantage of supporting ranges, massively reducing traffic over the wire for Podman commands using them (for example, the `podman run -p 5000-6000` command will now send only one struct instead of 1000). This struct also allows us to easily validate which ports are in use, and which are not, which is necessary for --expose. Once we have parsed the ports from the new struct, we can produce an accurate map including all currently requested ports, and use that to determine what ports need to be exposed (some requested exposed ports may already be included in a mapping from --publish and will be ignored) and what open ports on the host we can map them to. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6051 from rhatdan/containers.confOpenShift Merge Robot2020-05-04
|\ \ | | | | | | Fixes for test/e2e/containers_conf_test.go
| * | Fix errors found in coverity scanDaniel J Walsh2020-05-01
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | cgroupsns was not following containers.confDaniel J Walsh2020-05-01
| | | | | | | | | | | | | | | | | | Implement ParseCgroupsNamespace to handle defaults. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | Properly handle default capabilities listed in containers.confDaniel J Walsh2020-05-01
| | | | | | | | | | | | | | | | | | | | | If user/admin specifies a different list of default capabilties we need to honor these. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | Properly handle containers.conf devicesDaniel J Walsh2020-05-01
| | | | | | | | | | | | | | | | | | We need to add the default devices listed in containers.conf Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6058 from rhatdan/coverityOpenShift Merge Robot2020-05-01
|\ \ \ | | | | | | | | Fix errors found in coverity scan
| * | | Fix errors found in coverity scanDaniel J Walsh2020-05-01
| |/ / | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6060 from sujil02/systemprune-v2OpenShift Merge Robot2020-05-01
|\ \ \ | | | | | | | | And system prune feature for v2.
| * | | And system prune feature for v2.Sujil022020-05-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds podman system prune for v2. Refactoring for code reuse from pods containers images and volume prune. Adds and enables testcases to support the added feature. Signed-off-by: Sujil02 <sushah@redhat.com>
* | | | Merge pull request #6062 from jwhonce/wip/docsOpenShift Merge Robot2020-05-01
|\ \ \ \ | |_|/ / |/| | | [CI:DOC] Bring README.md up to date
| * | | [CI:DOCS] Bring README.md up to dateJhon Honce2020-05-01
| |/ / | | | | | | | | | | | | | | | | | | * Add notes on helper functions * Update example Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #6057 from baude/v2networkingOpenShift Merge Robot2020-05-01
|\ \ \ | |_|/ |/| | v2networking enable commands
| * | v2networking enable commandsbaude2020-04-30
| |/ | | | | | | | | | | Enable the networking commands for v2. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #6004 from rhatdan/ulimitsOpenShift Merge Robot2020-05-01
|\ \ | | | | | | Set up ulimits for rootless containers.