summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* When superceding mounts, check for opposite typesMatthew Heon2019-05-21
| | | | | | | | | | | | | | | | | | | When we supercede low-priority mounts and volumes (image volumes, and volumes sourced from --volumes-from) with higher-priority ones (the --volume and --mount flags), we always replaced lower-priority mounts of the same type (e.g. a user mount to /tmp/test1 would supercede a volumes-from mount to the same destination). However, we did not supercede the opposite type - a named volume from image volumes at /tmp/test1 would be allowed to remain and create a conflict, preventing container creation. Solve this by destroying opposite types before merging (we can't do it in the same loop, as then named volumes, which go second, might trample changes made by mounts). Fixes #3174 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* rootless: force resources to be nil on cgroup v1Giuseppe Scrivano2019-05-20
| | | | | | | | | force the resources block to be empty instead of having default values. Regression introduced by 8e88461511e81d2327e4c1a1315bb58fda1827ca Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #3139 from jwhonce/wip/remote_infoOpenShift Merge Robot2019-05-20
|\ | | | | Add connection information to podman-remote info
| * Add connection information to podman-remote infoJhon Honce2019-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refactor client code to break out building connection string from making the connection. Example: client: Connection: unix:/run/podman/io.podman Connection Type: DirectConnection . : Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Don't set apparmor if --priviligedDaniel J Walsh2019-05-20
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2844 from haircommander/cri-o-updateOpenShift Merge Robot2019-05-17
|\ \ | | | | | | move to cri-o/cri-o and build with containers/conmon
| * | s|kubernetes-sigs/cri-o|cri-o/cri-o|gPeter Hunt2019-05-17
| | | | | | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * | Revert "Add VarlinkCall.RequiresUpgrade() type and method"Matthew Heon2019-05-16
| | | | | | | | | | | | | | | | | | | | | | | | This reverts commit bd3154fcf6a48b37cfde5d9b1226900cd863c0d9. Commit in question may be breaking upstream CI. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | Add VarlinkCall.RequiresUpgrade() type and methodJhon Honce2019-05-14
| |/ | | | | | | | | | | | | | | | | | | Type varlinkapi.VarlinkCall currently only used as receiver for RequiresUpgrade() future helpers could be added to this type. RequiresUpgrade() verifies caller has given correct options to the call for the given operation. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / rootless, spec: allow resources with cgroup v2Giuseppe Scrivano2019-05-13
|/ | | | | | | We were always raising an error when the rootless user attempted to setup resources, but this is not the case anymore with cgroup v2. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #3087 from jwhonce/wip/versionOpenShift Merge Robot2019-05-09
|\ | | | | Add information when running `podman version` on client
| * Add information when running podman version on clientJhon Honce2019-05-08
| | | | | | | | | | | | * Include service version information and headers Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #3072 from mheon/no_rm_volumeOpenShift Merge Robot2019-05-08
|\ \ | | | | | | Do not remove volumes when --rm removes a container
| * | Do not remove volumes when --rm removes a containerMatthew Heon2019-05-06
| | | | | | | | | | | | | | | | | | | | | | | | This duplicates Docker behavior for the `--rm` flag. Fixes #3071 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | add varlink bridgebaude2019-05-08
| |/ |/| | | | | | | | | | | | | allow the user to define a remote host and remote username for their remote podman sessions. this is then feed to the varlink "bridge" as the ssh credentials and endpoint. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2977 from baude/makeitrainOpenShift Merge Robot2019-05-07
|\ \ | | | | | | enable integration tests for remote-client
| * | enable integration tests for remote-clientbaude2019-05-07
| | | | | | | | | | | | | | | | | | | | | first pass at enabling a swath of integration tests for the remote-client. Signed-off-by: baude <bbaude@redhat.com>
* | | fix podman-remote ps --nsbaude2019-05-07
|/ / | | | | | | | | | | | | | | | | the namespace for the remote client was being incorrectly derived from the "remote" client. fixes: #2938 Signed-off-by: baude <bbaude@redhat.com>
* / add unit tests for generate systemdbaude2019-05-06
|/ | | | | | it looks like i forgot to add the unit tests for generate systemd Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2826 from mheon/restart_policyOpenShift Merge Robot2019-05-03
|\ | | | | Add restart policy for containers
| * Add support for retry count with --restart flagMatthew Heon2019-05-03
| | | | | | | | | | | | | | | | | | The on-failure restart option supports restarting only a given number of times. To do this, we need one additional field in the DB to track restart count (which conveniently fills a field in Inspect we weren't populating), plus some plumbing logic. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Add container restart policy to Libpod & PodmanMatthew Heon2019-05-03
| | | | | | | | | | | | | | This initial version does not support restart count, but it works as advertised otherwise. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #3064 from rhatdan/sysregistriesv2OpenShift Merge Robot2019-05-03
|\ \ | |/ |/| change from sysregistries to sysregistriesv2
| * change from sysregistries to sysregistriesv2Daniel J Walsh2019-05-03
| | | | | | | | | | | | | | | | We want to start supporting the registries.conf format. Also start showing blocked registries in podman info Fix sorting so all registries are listed together in podman info. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #3034 from vrothberg/top-fallbackOpenShift Merge Robot2019-05-03
|\ \ | | | | | | top: fallback to execing ps(1)
| * | top: fallback to execing ps(1)Valentin Rothberg2019-05-03
| |/ | | | | | | | | | | | | | | | | | | Fallback to executing ps(1) in case we hit an unknown psgo descriptor. This ensures backwards compatibility with docker-top, which was purely ps(1) driven. Also support comma-separated descriptors as input. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #2905 from QiWang19/globalvarOpenShift Merge Robot2019-05-03
|\ \ | |/ |/| Add variable for global flags to runlabel
| * Add variable for global flags to runlabelQi Wang2019-05-02
| | | | | | | | | | | | use $GLOBAL_OPTS to pass global flags to the runlabel command. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #2959 from mheon/merge_volume_flagsOpenShift Merge Robot2019-05-03
|\ \ | | | | | | Merge volume flags implementation
| * | Move handling of ReadOnlyTmpfs into new mounts codeMatthew Heon2019-05-01
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Ensure that named volumes have their options parsedMatthew Heon2019-05-01
| | | | | | | | | | | | | | | | | | | | | This involves moving some code out of pkg/spec/ into util/ so it can also be used by libpod. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Add options parsing for tmpfs mountsMatthew Heon2019-05-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | This ensures that all tmpfs mounts added by the user, even with the --mount flag, share a few common options (nosuid, noexec, nodev), and options for tmpfs mounts are properly validated to ensure they are correct. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Use EqualValues instead of reflect equalityMatthew Heon2019-05-01
| | | | | | | | | | | | | | | | | | | | | Same result, but notably better error messages when things go wrong. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Hit a number of to-do comments in unified volumes codeMatthew Heon2019-05-01
| | | | | | | | | | | | | | | | | | | | | | | | As part of this, move bind mount option validity parsing and modification (adding e.g. rbind on bind mounts that are missing it), which requires test changes (expected values have changed). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Fix options for non-bind and non-tmpfs volumesMatthew Heon2019-05-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | We were unconditionally resetting volume mount options for all mount points (and by the looks of things, completely dropping tmpfs mounts), which was causing runc to refuse to run containers and all the tests to consequently fail. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Migrate unit tests from cmd/podman into pkg/specMatthew Heon2019-05-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Several changes made in the interface of pkg/spec make interacting with it without a runtime difficult to impossible, so move the existing limited testing from cmd/podman (which mostly tested pkg/spec) into pkg/spec itself where we can call individual functions that don't break things. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Migrate to unified volume handling codeMatthew Heon2019-05-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unify handling for the --volume, --mount, --volumes-from, --tmpfs and --init flags into a single file and set of functions. This will greatly improve readability and maintainability. Further, properly handle superceding and conflicting mounts. Our current patchwork has serious issues when mounts conflict, or when a mount from --volumes-from or an image volume should be overwritten by a user volume or named volume. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Always pass pod into MakeContainerConfigMatthew Heon2019-05-01
| | | | | | | | | | | | | | | | | | | | | | | | Play kube was passing the pod, but CreateConfig was not. Unify it so they both do, so we can remove some unnecessary duplicate lookup code. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Remove non-config fields from CreateConfigMatthew Heon2019-05-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | The goal here is to keep only the configuration directly used to build the container in CreateConfig, and scrub temporary state and helpers that we need to generate. We'll keep those internally in MakeContainerConfig. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Add a new function for converting a CreateConfigMatthew Heon2019-05-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Right now, there are two major API calls necessary to turn a filled-in CreateConfig into the options and OCI spec necessary to make a libpod Container. I'm intending on refactoring both of these extensively to unify a few things, so make a common frontend to both that will prevent API changes from leaking out of the package. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Generate systemd unit files for containersbaude2019-05-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the podman generate systemd command will generate a systemd unit file based on the attributes of an existing container and user inputs. the command outputs the unit file to stdout for the user to copy or redirect. it is enabled for the remote client as well. users can set a restart policy as well as define a stop timeout override for the container. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #3039 from mheon/podman_initOpenShift Merge Robot2019-05-02
|\ \ \ | | | | | | | | Add podman init command
| * | | Add an InvalidState varlink error for InitMatthew Heon2019-05-02
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Add basic structure of podman init commandMatthew Heon2019-05-01
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As part of this, rework the number of workers used by various Podman tasks to match original behavior - need an explicit fallthrough in the switch statement for that block to work as expected. Also, trivial change to Podman cleanup to work on initialized containers - we need to reset to a different state after cleaning up the OCI runtime. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #3035 from baude/remoteportOpenShift Merge Robot2019-05-02
|\ \ \ | |/ / |/| | podman-remote port
| * | podman-remote portbaude2019-05-01
| |/ | | | | | | | | | | | | add the port command to the remote client. this allows users to displa port information about their host system from the remote client Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #3031 from baude/remotewindowsOpenShift Merge Robot2019-05-01
|\ \ | |/ |/| enable podman-remote on windows
| * enable podman-remote on windowsbaude2019-04-30
| | | | | | | | | | | | | | build a podman-remote binary for windows that allows users to use the remote client on windows and interact with podman on linux system. Signed-off-by: baude <bbaude@redhat.com>
* | auto pass http_proxy into containerJames Cassell2019-04-30
| | | | | | | | Signed-off-by: James Cassell <code@james.cassell.me>
* | Merge pull request #2995 from jwhonce/wip/cleanupOpenShift Merge Robot2019-04-30
|\ \ | | | | | | Refactor container cleanup to use latest functions