aboutsummaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* podman: split env variables in env and overridesGiuseppe Scrivano2020-05-07
| | | | | | | | | | | | | | There are three different priorities for applying env variables: 1) environment/config file environment variables 2) image's config 3) user overrides (--env) The third kind are known to the client, while the default config and image's config is handled by the backend. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #5961 from QiWang19/manifest-remove-pushOpenShift Merge Robot2020-05-07
|\ | | | | Manifest remove, push
| * Manifest remove, pushQi Wang2020-05-06
| | | | | | | | | | | | Implements podman manifest remove and podman manifest push. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | v2trust set and showbaude2020-05-07
| | | | | | | | | | | | | | | | add podman image trust set and show Signed-off-by: baude <bbaude@redhat.com> Signed-off-by: bbaude <bbaude@DESKTOP-SH5EG3J.localdomain> Signed-off-by: Brent Baude <bbaude@redhat.com>
* | add {generate,play} kubeValentin Rothberg2020-05-06
|/ | | | | | | | | | | | | | | | | | | Add the `podman generate kube` and `podman play kube` command. The code has largely been copied from Podman v1 but restructured to not leak the K8s core API into the (remote) client. Both commands are added in the same commit to allow for enabling the tests at the same time. Move some exports from `cmd/podman/common` to the appropriate places in the backend to avoid circular dependencies. Move definitions of label annotations to `libpod/define` and set the security-opt labels in the frontend to make kube tests pass. Implement rest endpoints, bindings and the tunnel interface. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6096 from mheon/fix_small_issuesOpenShift Merge Robot2020-05-06
|\ | | | | Add small fixes for 'podman run' from diffing inspect
| * Add small fixes for 'podman run' from diffing inspectMatthew Heon2020-05-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To try and identify differences between Podman v1.9 and master, I ran a series of `podman run` commands with various flags through each, then inspecting the resulting containers and diffed the inspect JSON between each. This identified a number of issues which are fixed in this PR. In order of discovery: - Podman v2 gave short names for images, where Podman v1 gave the fully-qualified name. Simple enough fix (get image tags and use the first one if they're available) - The --restart flag was not being parsed correctly when a number of retries was specified. Parsing has been corrected. - The -m flag was not setting the swap limit (simple fix to set swap in that case if it's not explicitly set by the user) - The --cpus flag was completely nonfunctional (wired in its logic) Tests have been added for all of these to catch future regressions. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6063 from QiWang19/manifest-annotateOpenShift Merge Robot2020-05-06
|\ \ | | | | | | manifest annotate
| * | manifest annotateQi Wang2020-05-05
| |/ | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #6081 from baude/v2systemOpenShift Merge Robot2020-05-05
|\ \ | |/ |/| v2 system subcommand
| * v2 system subcommandbaude2020-05-05
| | | | | | | | | | | | | | | | | | | | add system df, info, load, renumber, and migrate Refactor for specialized libpod engines add the ability to prune images, volumes, containers, and pods Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #6080 from baude/v2statsOpenShift Merge Robot2020-05-05
|\ \ | | | | | | v2 podman stats
| * | v2 podman statsbaude2020-05-05
| | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #6076 from vrothberg/rmi-v2.2OpenShift Merge Robot2020-05-05
|\ \ \ | |_|/ |/| | image removal: refactor part 2
| * | image removal: refactor part 2Valentin Rothberg2020-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Continue the refactoring of image removal. I didn't manage to break all the following changes into smaller and easier to digest commits due to time constraints: * Return an error slice instead of a single error. Use multierror only in the client/frontend. Reflect that in the types. * Use the batch image removal in the client while preserving the more rest-idiomatic single-image removal endpoint. * Add a new handler for the single-image removal endpoint to make it share the same code as the batch endpoint. * Expose bindings for the single and batch endpoints, so we can properly test them. * Add several convenience functions for error handling to pkg/errorhandling. * Set the correct error type in libpod to set the exit code to 2 when one or more containers are using an image. * Massage the bindings tests a bit and tackle compilation errors. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Rework port parsing to support --expose and -PMatthew Heon2020-05-04
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As part of this, make a major change to the type we use to represent port mappings in SpecGen (from using existing OCICNI structs to using our own custom one). This struct has the advantage of supporting ranges, massively reducing traffic over the wire for Podman commands using them (for example, the `podman run -p 5000-6000` command will now send only one struct instead of 1000). This struct also allows us to easily validate which ports are in use, and which are not, which is necessary for --expose. Once we have parsed the ports from the new struct, we can produce an accurate map including all currently requested ports, and use that to determine what ports need to be exposed (some requested exposed ports may already be included in a mapping from --publish and will be ignored) and what open ports on the host we can map them to. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6051 from rhatdan/containers.confOpenShift Merge Robot2020-05-04
|\ \ | | | | | | Fixes for test/e2e/containers_conf_test.go
| * | Fix errors found in coverity scanDaniel J Walsh2020-05-01
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | cgroupsns was not following containers.confDaniel J Walsh2020-05-01
| | | | | | | | | | | | | | | | | | Implement ParseCgroupsNamespace to handle defaults. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | Properly handle default capabilities listed in containers.confDaniel J Walsh2020-05-01
| | | | | | | | | | | | | | | | | | | | | If user/admin specifies a different list of default capabilties we need to honor these. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | Properly handle containers.conf devicesDaniel J Walsh2020-05-01
| | | | | | | | | | | | | | | | | | We need to add the default devices listed in containers.conf Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6058 from rhatdan/coverityOpenShift Merge Robot2020-05-01
|\ \ \ | | | | | | | | Fix errors found in coverity scan
| * | | Fix errors found in coverity scanDaniel J Walsh2020-05-01
| |/ / | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6060 from sujil02/systemprune-v2OpenShift Merge Robot2020-05-01
|\ \ \ | | | | | | | | And system prune feature for v2.
| * | | And system prune feature for v2.Sujil022020-05-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds podman system prune for v2. Refactoring for code reuse from pods containers images and volume prune. Adds and enables testcases to support the added feature. Signed-off-by: Sujil02 <sushah@redhat.com>
* | | | Merge pull request #6062 from jwhonce/wip/docsOpenShift Merge Robot2020-05-01
|\ \ \ \ | |_|/ / |/| | | [CI:DOC] Bring README.md up to date
| * | | [CI:DOCS] Bring README.md up to dateJhon Honce2020-05-01
| |/ / | | | | | | | | | | | | | | | | | | * Add notes on helper functions * Update example Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #6057 from baude/v2networkingOpenShift Merge Robot2020-05-01
|\ \ \ | |_|/ |/| | v2networking enable commands
| * | v2networking enable commandsbaude2020-04-30
| |/ | | | | | | | | | | Enable the networking commands for v2. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #6004 from rhatdan/ulimitsOpenShift Merge Robot2020-05-01
|\ \ | | | | | | Set up ulimits for rootless containers.
| * | Set up ulimits for rootless containers.Daniel J Walsh2020-04-28
| | | | | | | | | | | | | | | | | | | | | Currently we are setting the maximum limits for rootful podman containers, no reason not to set them by default for rootless users as well Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6016 from giuseppe/fix-createOpenShift Merge Robot2020-05-01
|\ \ \ | |_|/ |/| | v2, podman: fix create and entrypoint tests
| * | podman, start: propagate back the raw inputGiuseppe Scrivano2020-04-30
| | | | | | | | | | | | | | | | | | | | | this is necessary as we expect "podman start $ID_NAME" to print the same arguments the user passed in instead of the full ID. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | cmd, podman: do not override entrypoint if unsetGiuseppe Scrivano2020-04-30
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | cmd, podman: handle --pod new:PODGiuseppe Scrivano2020-04-30
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | testv2: enable attach testQi Wang2020-04-29
|/ / | | | | | | | | | | testv2: enable attach test Signed-off-by: Qi Wang <qiwan@redhat.com>
* | V2 Restore images list testsJhon Honce2020-04-29
| | | | | | | | | | | | | | | | * Fix history --quiet formatting * Fix image inspect --format=json * Fix image list --sort Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | pull/search options: tls verify -> skipValentin Rothberg2020-04-29
| | | | | | | | | | | | | | | | | | Change the logic in the options from tls-verify to skipping verification. It require a constant brain yoga to translate from doing verification (CLI logic) to skipping it (c/image logic). As the code is using c/image, let's make it consistent. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6037 from vrothberg/enable-push-testsOpenShift Merge Robot2020-04-29
|\ \ | | | | | | Enable push tests
| * | login system test: enable "push ok"Valentin Rothberg2020-04-29
| | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | push: fix --tls-verifyValentin Rothberg2020-04-29
| | | | | | | | | | | | | | | | | | | | | | | | Fix --tls-verify parsing and make the associated options reflect the correct logic. Other commands are affected as well but will be fixed later. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6036 from giuseppe/fix-rootlessport-panicOpenShift Merge Robot2020-04-29
|\ \ \ | | | | | | | | rootlessport: use two different channels
| * | | rootlessport: use two different channelsGiuseppe Scrivano2020-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The same channel is written to by two different goroutines. Use a different channel for each of them so to avoid writing to a closed channel. Closes: https://github.com/containers/libpod/issues/6018 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | specgen: honor slirp4netnsGiuseppe Scrivano2020-04-29
| |/ / | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #6035 from giuseppe/move-rootless-open-before-forkOpenShift Merge Robot2020-04-29
|\ \ \ | |/ / |/| | rootless: move ns open before fork
| * | rootless: move ns open before forkGiuseppe Scrivano2020-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit 788fdc685b00dee5ccb594bef845204250c4c123 introduced a race where the target process dies before the child process opens the namespace files. Move the open before the fork so if it fails the parent process can attempt to join a different container instead of failing. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #6022 from vrothberg/enable-inspect-testsOpenShift Merge Robot2020-04-29
|\ \ \ | | | | | | | | enable inspect tests
| * | | enable inspect testsValentin Rothberg2020-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A surprisingly big change. A core problem was that `podman inspect` allows for passing containers AND images with the default `--type=all`. This only worked partially as the data was processed in isolation which caused various issues (e.g., two separate outputs instead of one) but it also caused issues regarding error handling. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #5998 from vrothberg/generate-systemdOpenShift Merge Robot2020-04-29
|\ \ \ \ | |_|/ / |/| | | generate systemd
| * | | generate systemdValentin Rothberg2020-04-29
| |/ / | | | | | | | | | | | | | | | | | | Implement `podman generate systemd` for Podman v2 and enable associated tests. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>