aboutsummaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Document containers.conf settings for remote connectionsDaniel J Walsh2020-11-19
| | | | | | | | | | Currently we don't document which end of the podman-remote client server operations uses the containers.conf. This PR begins documenting this and then testing to make sure the defaults follow the rules. Fixes: https://github.com/containers/podman/issues/7657 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8391 from baude/networkconnectdisconnectOpenShift Merge Robot2020-11-19
|\ | | | | add network connect|disconnect compat endpoints
| * add network connect|disconnect compat endpointsbaude2020-11-19
| | | | | | | | | | | | | | | | | | | | | | this enables the ability to connect and disconnect a container from a given network. it is only for the compatibility layer. some code had to be refactored to avoid circular imports. additionally, tests are being deferred temporarily due to some incompatibility/bug in either docker-py or our stack. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #8379 from rhatdan/remote2OpenShift Merge Robot2020-11-18
|\ \ | | | | | | Remove build \!remote flags from test phase 2
| * | Remove build \!remote flags from test phase 2Daniel J Walsh2020-11-18
| | | | | | | | | | | | | | | | | | | | | | | | Add some more tests, document cases where remote will not work Add FIXMEs for tests that should work on podman-remote but currently do not. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | podman-remote network rm --force is brokenDaniel J Walsh2020-11-18
| | | | | | | | | | | | | | | | | | | | | The --force parameter was not being handled correctly. This is leading to some race conditions in testing failures. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Align the podman pod ps --filter behavior with podman psPaul Holzinger2020-11-18
|/ / | | | | | | | | | | | | | | | | Filters with the same key work inclusive with the only exception being `label` which is exclusive. Filters with different keys always work exclusive. Also update the documentation with the new behavior. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8376 from Luap99/podman-filtersOpenShift Merge Robot2020-11-18
|\ \ | |/ |/| Align the podman ps --filter behavior with docker
| * Align the podman ps --filter behavior with dockerPaul Holzinger2020-11-18
| | | | | | | | | | | | | | | | | | | | All of our filters worked exclusive resulting in `--filter status=created --filter status=exited` to return nothing. In docker filters with the same key work inclusive with the only exception being `label` which is exclusive. Filters with different keys always work exclusive. This PR aims to match the docker behavior with podman. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8355 from baude/compatnetworkconnectdisconnectOpenShift Merge Robot2020-11-17
|\ \ | | | | | | add network connect|disconnect compat endpoints
| * | add network connect|disconnect compat endpointsbaude2020-11-17
| |/ | | | | | | | | | | | | | | | | | | | | this enables the ability to connect and disconnect a container from a given network. it is only for the compatibility layer. some code had to be refactored to avoid circular imports. additionally, tests are being deferred temporarily due to some incompatibility/bug in either docker-py or our stack. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #8363 from AlbanBedel/play-kube-create-onlyOpenShift Merge Robot2020-11-17
|\ \ | | | | | | Add an option to control if play kube should start the pod
| * | Add an option to control if play kube should start the podAlban Bedel2020-11-17
| |/ | | | | | | | | | | | | | | | | | | Having play kube start the pod is not always appropriate, one might for example like to have the pod running as a set of systemd services. Add a `start` option to the command line and API to control if the pod should be started or not; it defaults to true for backward compatibility. Signed-off-by: Alban Bedel <albeu@free.fr>
* / Client call to /play/kube incorrectly set tlsVerifyAlban Bedel2020-11-17
|/ | | | | | | The API parameter `tlsVerify` should be the invert of the internal option `SkipTLSVerify`, fix this conversion. Signed-off-by: Alban Bedel <albeu@free.fr>
* Wrap missing container errors with container IDDaniel J Walsh2020-11-15
| | | | | | | | | | | | | | | While playing around with podman system df, I saw that my container database was in bad state. Basically podman new about containers that were no longer in container/storage. The podman system df was just erroring out early stating "container does not exist" with no indicator of which container. This Patch wraps the podman system df errors to indicate which container does not exist. It also logs errors on containers that get into this state, but continues on to work on all containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8333 from rhatdan/buildahOpenShift Merge Robot2020-11-14
|\ | | | | Podman-remote build is getting ID twice
| * Podman-remote build is getting ID twiceDaniel J Walsh2020-11-14
| | | | | | | | | | | | | | | | | | This PR eliminates the second sending of the image id to the podman-remote client. Fixes: https://github.com/containers/podman/issues/8332 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6442 from Luap99/podman-autocompleteOpenShift Merge Robot2020-11-13
|\ \ | | | | | | Shell completion
| * | Add shell completion with cobraPaul Holzinger2020-11-12
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow automatic generation for shell completion scripts with the internal cobra functions (requires v1.0.0+). This should replace the handwritten completion scripts and even adds support for fish. With this approach it is less likley that completions and code are out of sync. We can now create the scripts with - podman completion bash - podman completion zsh - podman completion fish To test the completion run: source <(podman completion bash) The same works for podman-remote and podman --remote and it will complete your remote containers/images with the correct endpoints values from --url/--connection. The completion logic is written in go and provided by the cobra library. The completion functions lives in `cmd/podman/completion/completion.go`. The unit test at cmd/podman/shell_completion_test.go checks if each command and flag has an autocompletion function set. This prevents that commands and flags have no shell completion set. This commit does not replace the current autocompletion scripts. Closes #6440 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* / Refactor to use DockerClient vs APIClientJhon Honce2020-11-12
|/ | | | | | | * Update tests and framework * remove tests for APIClient methods Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #8295 from baude/issue8294OpenShift Merge Robot2020-11-11
|\ | | | | Set default network driver for APIv2 networks
| * Set default network driver for APIv2 networksbaude2020-11-10
| | | | | | | | | | | | | | | | | | | | Recent changes in networking require that the cni network driver be set. If the user provides no driver, we set the driver to the defaultnetworkdriver which currently is "bridge". Fixes: #8294 Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #8252 from baude/playkubetospecgenOpenShift Merge Robot2020-11-10
|\ \ | |/ |/| migrate play kube to spec gen
| * migrate play kube to spec genbaude2020-11-10
| | | | | | | | | | | | | | | | we need to migrate play kube away from using the old container creation method. the new approach is specgen and this aligns play kube with container creation in the rest of podman. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #8251 from baude/networkaliasesOpenShift Merge Robot2020-11-10
|\ \ | | | | | | network aliases for container creation
| * | network aliases for container creationbaude2020-11-09
| | | | | | | | | | | | | | | | | | | | | | | | podman can now support adding network aliases when running containers (--network-alias). It requires an updated dnsname plugin as well as an updated ocicni to work properly. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8143 from aojea/dualOpenShift Merge Robot2020-11-10
|\ \ \ | |_|/ |/| | enable ipv6 networks
| * | enable ipv6 network configuration optionsAntonio Ojea2020-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | enable the ipv6 flag in podman network to be able to create dual-stack networks for containers. This is required to be compatible with docker, where --ipv6 really means dual stack. podman, unlike docker, support IPv6 only containers since 07e3f1bba9674c0cb93a0fa260930bfebbf75728. Signed-off-by: Antonio Ojea <aojea@redhat.com>
* | | Merge pull request #8270 from andylibrian/log-driver-option-for-play-kubeOpenShift Merge Robot2020-11-10
|\ \ \ | |/ / |/| | Add --log-driver to play kube
| * | Add --log-driver to play kubeAndy Librian2020-11-08
| | | | | | | | | | | | | | | | | | addresses #6604 Signed-off-by: Andy Librian <andylibrian@gmail.com>
* | | Merge pull request #8236 from jwhonce/jira/run-976OpenShift Merge Robot2020-11-09
|\ \ \ | |_|/ |/| | Update CI tests to run python docker library against API
| * | Update CI tests to run python docker library against APIJhon Honce2020-11-09
| |/ | | | | | | | | | | | | | | | | | | | | * Update reference to docker-py to docker to reflect change in library name * Update tests to create storage sandbox * Enable all tests that endpoints support * Refactor containers/{id}/rename to return 404 not 500 * Refactor tests to use quay.io vs. docker.io Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #8282 from jwhonce/issues/7942OpenShift Merge Robot2020-11-09
|\ \ | | | | | | Stop binding layer from changing line endings
| * | Stop binding layer from changing line endingsJhon Honce2020-11-09
| |/ | | | | | | | | | | | | The binding layer attempted to help the CLI, which just made things worse. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #8245 from baude/rootlesscreatecompatOpenShift Merge Robot2020-11-09
|\ \ | |/ |/| rootless container creation settings
| * rootless container creation settingsbaude2020-11-05
| | | | | | | | | | | | | | | | when running container creation as rootless on the compatibility layer, we need to make sure settings are not being done for memory and memory swappiness. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #8241 from rhatdan/tmpfileOpenShift Merge Robot2020-11-06
|\ \ | |/ |/| Use /tmp/podman-run-* for backup XDG_RUNTIME_DIR
| * Use /tmp/podman-run-* for backup XDG_RUNTIME_DIRDaniel J Walsh2020-11-04
| | | | | | | | | | | | | | We need to block systemd from cleaning up this directory by dropping a /usr/lib/tmpfiles.d/podman.conf file in place. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add support for mounting external containersDaniel J Walsh2020-11-04
|/ | | | | | | | | Continue progress on use of external containers. This PR adds the ability to mount, umount and list the storage containers whether they are in libpod or not. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8209 from mwhahaha/issue-8208OpenShift Merge Robot2020-11-03
|\ | | | | Change http ConnState actions between new and active
| * Change http ConnState actions between new and activeAlex Schultz2020-10-31
| | | | | | | | | | | | | | | | | | | | | | | | Currently it double counts connections because it's incrementing the total for both the new and active states. Based on the comments, we should only count new connections for the total count and perform the timer stop actions when the connection has transitioned to an active state. Closes #8208 Signed-off-by: Alex Schultz <aschultz@redhat.com>
* | Merge pull request #8217 from giuseppe/caps-ambientOpenShift Merge Robot2020-11-03
|\ \ | | | | | | specgen: add support for ambient capabilities
| * | specgen: keep capabilities with --userns=keep-idGiuseppe Scrivano2020-11-02
| | | | | | | | | | | | | | | | | | | | | | | | if --userns=keep-id is specified and not --user is specified, take the unprivileged capabilities code path so that ambient capabilities are honored in the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | specgen: fix check for root userGiuseppe Scrivano2020-11-02
| | | | | | | | | | | | | | | | | | | | | if the username is specified in the USER:GROUP form, make sure we only check for USER. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | specgen: add support for ambient capabilitiesGiuseppe Scrivano2020-11-02
| |/ | | | | | | | | | | | | | | | | | | if the kernel supports ambient capabilities (Linux 4.3+), also set them when running with euid != 0. This is different that what Moby does, as ambient capabilities are never set. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #8166 from rhatdan/unbindableOpenShift Merge Robot2020-11-02
|\ \ | | | | | | Allow users to mount with unbindable flag
| * | Add better support for unbindable volume mountsDaniel J Walsh2020-11-02
| |/ | | | | | | | | | | | | | | Allow users to specify unbindable on volume command line Switch internal mounts to rprivate to help prevent leaks. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / Centralize cores and period/quota conversion codeJordan Christiansen2020-10-31
|/ | | | Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* Merge pull request #8197 from giuseppe/check-cgroupv2-swap-enabledOpenShift Merge Robot2020-10-31
|\ | | | | specgen, cgroup2: check whether memory swap is enabled
| * specgen, cgroup2: check whether memory swap is enabledGiuseppe Scrivano2020-10-30
| | | | | | | | | | | | add a similar check to what we do on cgroup v1. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>