| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
Two PRs have been merged causing a failure in one unit test.
Fix the unit test to turn CI green again.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\
| |
| | |
generate systemd: fix pod dependencies
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Change the dependencies from a pod unit to its associated container
units from `Requires` to `Wants` to prevent the entire pod from
transitioning to a failed state. Restart policies for individual
containers can be configured separately.
Also make sure that the pod's RunRoot is always set.
Fixes: #14546
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When creating a new pod without the `--name` flag, e.g.:
`podman pod create foobar`
it will get the name `foobar` implicitly and this will be recorded as the in the
`podCreateArgs`. Unfortunately, the implicit name only works if it appears as
the **last** argument of the startup command.
With 6e2e3a78ed1d05ee5f23f65b814e8135021961dd we started appending the pod
security policy to the startCommand, resulting in the following `ExecStartPre=`
line:
```
/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-foobar.pid --pod-id-file %t/pod-foobar.pod-id foobar --exit-policy=stop
```
This fails to launch, as the `pod create` command expects only a single
non-flag parameter, but it assumes that `exit-policy=stop` is a second and
terminates immediately instead.
This fixes https://github.com/containers/podman/issues/15592
Signed-off-by: Dan Čermák <dcermak@suse.com>
|
| |\ \
| | |
| | | |
Fix go template parsing with "\n" in it
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output, we can add a new test for the
newline bug when the common PR is vendored in.
Also fix a bug where a invlaid template would not cause a exit code > 0,
see the added test case.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \
| | |
| | | |
Ensure that the DF endpoint updated volume refcount
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The field was already exposed already in the `system df` output
so this just required a bit of plumbing and testing.
As part of this, fix `podman systemd df` volume in-use logic.
Previously, volumes were only considered to be in use if the
container using them was running. This does not match Docker's
behavior, where a volume is considered in use as long as a
container exists that uses the volume, even if said container is
not running.
Fixes #15720
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Emit a warning to the user when generating a unit with --new on a
container that was created with a custom --restart policy. As shown
in #15284, a custom --restart policy in that case can lead to issues
on system shutdown where systemd attempts to nuke the unit but Podman
keeps on restarting the container.
Fixes: #15284
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Refactored secrets API in common for stability purposes. Move podman to
said API.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \
| | |
| | | |
Fix stutters
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
`os.ReadDir` was added in Go 1.16 as part of the deprecation of `ioutil`
package. It is a more efficient implementation than `ioutil.ReadDir`.
Reference: https://pkg.go.dev/io/ioutil#ReadDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
|
| |/
|
|
|
|
|
|
|
|
| |
This logic has been broken by commit 9c6c981928c3e020ff6eef9454c7ee86aa8c83d1
(kube: fix conversion from milliCPU to period/quota).
[NO NEW TESTS NEEDED]
Fixes: #15726
Signed-off-by: Mikhail Khachayants <tyler92@inbox.ru>
|
| |\
| |
| | |
health check: add on-failure actions
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For systems that have extreme robustness requirements (edge devices,
particularly those in difficult to access environments), it is important
that applications continue running in all circumstances. When the
application fails, Podman must restart it automatically to provide this
robustness. Otherwise, these devices may require customer IT to
physically gain access to restart, which can be prohibitively difficult.
Add a new `--on-failure` flag that supports four actions:
- **none**: Take no action.
- **kill**: Kill the container.
- **restart**: Restart the container. Do not combine the `restart`
action with the `--restart` flag. When running inside of
a systemd unit, consider using the `kill` or `stop`
action instead to make use of systemd's restart policy.
- **stop**: Stop the container.
To remain backwards compatible, **none** is the default action.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\ \
| | |
| | | |
kube: plug HostUsers in the pod spec
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
map HostUsers=false to userns=auto.
One difference with the current implementation in the Kubelet is that
the podman default size is 1024 while the Kubelet uses 65536.
This is done on purpose, because 65536 is a problem for rootless as
the entire IDs space would be allocated to a single pod.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
Fix swagger documentation
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
* ContainerKillLibpod "signal" query default is SIGKILL.
* ContainerStopLibpod "all" query doesn't exist.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\ \
| | |
| | | |
Add --config for Docker compatibility
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Fixes: https://github.com/containers/podman/issues/14767
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`--cpu-rt-period` and `--cpu-rt-runtime` options are only
supported on cgroups V1 rootful systems.
Therefore, podman prints an warning message and ignores these
options when we use cgroups V2 systems.
Related to: #15666
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\ \
| |/
|/| |
fix podman pod inspect to support multiple pods
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Just like the other inspect commands `podman pod inspect p1 p2` should
return the json for both.
To correctly implement this we follow the container inspect logic, this
allows use to reuse the global inspect command.
Note: To not break the existing single pod output format for podman pod
inspect I added a pod-legacy inspect type. This is only used to make
sure we will print the pod as single json and not an array like for the
other commands. We cannot use the pod type since podman inspect --type
pod did return an array and we should not break that as well.
Fixes #15674
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \
| | |
| | | |
specgen/generate: Factor out setting resource limits from CompleteSpec
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This avoids setting values in the spec which are not supported on
FreeBSD - including these values causes warning messages for the
unsupported features.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \
| | |
| | | |
fixes data race in system.Events and nil error logging
|
| | |/
| |
| |
| | |
Signed-off-by: Harald Albrecht <harald.albrecht@gmx.net>
|
| |\ \
| |/
|/| |
Introduce a new signed Windows installer with automated build process
|
| | |
| |
| |
| | |
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |\ \
| | |
| | | |
Fix intermittent issue with Compat API proxy startup on Windows
|
| | |/
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |\ \
| |/
|/| |
Support auto updates for Kubernetes workloads
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add auto-update support to `podman kube play`. Auto-update policies can
be configured for:
* the entire pod via the `io.containers.autoupdate` annotation
* a specific container via the `io.containers.autoupdate/$name` annotation
To make use of rollbacks, the `io.containers.sdnotify` policy should be
set to `container` such that the workload running _inside_ the container
can send the READY message via the NOTIFY_SOCKET once ready. For
further details on auto updates and rollbacks, please refer to the
specific article [1].
Since auto updates and rollbacks bases on Podman's systemd integration,
the k8s YAML must be executed in the `podman-kube@` systemd template.
For further details on how to run k8s YAML in systemd via Podman, please
refer to the specific article [2].
An examplary k8s YAML may look as follows:
```YAML
apiVersion: v1
kind: Pod
metadata:
annotations:
io.containers.autoupdate: "local"
io.containers.autoupdate/b: "registry"
labels:
app: test
name: test_pod
spec:
containers:
- command:
- top
image: alpine
name: a
- command:
- top
image: alpine
name: b
```
[1] https://www.redhat.com/sysadmin/podman-auto-updates-rollbacks
[2] https://www.redhat.com/sysadmin/kubernetes-workloads-podman-systemd
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Refactor the auto-update backend to allow for updating multiple
tasks/containers per unit. This commit is merely doing the plumbing.
The actual integration comes in a following commit.
[NO NEW TESTS NEEDED] as behavior should not change and existing
tests are expected to continue to pass.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\ \
| | |
| | | |
Add generate systemd -e/--env option
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
-e/--env option sets environment variables to the systemd unit files.
Fixes: #15523
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\ \ \
| | | |
| | | | |
(Windows) Drop stale config value resulting in asymmetric config
|
| | | |/
| |/|
| | |
| | |
| | |
| | | |
Fixes log follow operations since corresponding k8s-file backend was previously dropped
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |/ /
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \
| | |
| | | |
Add container GID to additional groups
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Mitigates a potential permissions issue. Mirrors Buildah PR #4200
and CRI-O PR #6159.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Add support for FreeBSD volume mounts in specgen
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \ \ \
| | | | |
| | | | | |
Fix swagger documentation
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* ContainerKillLibpod "signal" query default is SIGKILL.
* ContainerListLibpod "namespace" query is failed to show.
* SecretListLibpod parameters is duplicated.
* SecretList parameters is duplicated.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
Fix bind-mount-option annotation in gen/play kube
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The format used for setting the bind-mount-options annotations
in the kube yaml was incorrect and caused k8s to throw an error
when trying to play the generated kube yaml.
Fix the annotation format to match the rules of k8s.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
Improved Windows compatibility for machine command
|
