| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
This allows tools like Cockpit to know that the pod in question
has also been updated, so they can refresh the list of containers
in the pod.
Fixes #15408
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
Add labels to secrets
|
| |
| |
| |
| |
| |
| |
| | |
Add --label/-l label flag to secret create, and show labels when
inspecting secrets. Also allow labeling secrets via libpod/compat API.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Followup to #15616, which is not usable as it is (way, way, way
too much noise) but actually found a few real nits that should
be fixed.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Docker compatibility: cap the memory limit reported by the cgroup to
the maximum available memory.
Closes: https://github.com/containers/podman/issues/15765
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| | |
and make sure it is not set for cgroup v2
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The field was already exposed already in the `system df` output
so this just required a bit of plumbing and testing.
As part of this, fix `podman systemd df` volume in-use logic.
Previously, volumes were only considered to be in use if the
container using them was running. This does not match Docker's
behavior, where a volume is considered in use as long as a
container exists that uses the volume, even if said container is
not running.
Fixes #15720
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
|
|
| |
While backporting a test from main, @edsantiago asked that
the test be adjusted as noted here:
https://github.com/containers/podman/pull/15555#issuecomment-1232791752.
This PR brings those same changes to main for posterity sake.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
podman update allows users to change the cgroup configuration of an existing container using the already defined resource limits flags
from podman create/run. The supported flags in crun are:
this command is also now supported in the libpod api via the /libpod/containers/<CID>/update endpoint where
the resource limits are passed inthe request body and follow the OCI resource spec format
–memory
–cpus
–cpuset-cpus
–cpuset-mems
–memory-swap
–memory-reservation
–cpu-shares
–cpu-quota
–cpu-period
–blkio-weight
–cpu-rt-period
–cpu-rt-runtime
-device-read-bps
-device-write-bps
-device-read-iops
-device-write-iops
-memory-swappiness
-blkio-weight-device
resolves #15067
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
|\ |
|
| |\
| | |
| | | |
APIv2 test cleanup, part 2 of 2
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This finishes the removal of curls and exits.
Please please please, everyone, if you see a 'curl' or 'exit'
in any new PR, reject the PR and tell me immediately so I can
help the developer do it the proper way.
Also, removed some very-very-wrong USER/UID code. Both are
reserved variables in bash. You cannot override them.
Also, added a cleanup to a system-connection test. I wasted
a lot of time because my podman-remote stopped working, all
because I had run this test as part of something unrelated.
Also, found and fixed dangerously-broken timeout code.
Implemented a new mechanism for requiring a timeout.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Change only the compat API, so we don't force a breaking change
on Libpod API users.
Partial fix for #15485
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Whole slew of bugs that got introduced while I wasn't paying
attention. Most of them are of the form "let's use hand-crafted
curl commands and do our own error checking and exit uncleanly
on error and leave the system in an unstable state". To be
fair, those were done because there was no existing mechanism
for uploading JSON files or somesuch. So, add one.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Fixes: https://github.com/containers/podman/issues/15430
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
The apiv2 test hardcoded the tag of the alpine image.
Remove it to unblock CI.
Fixes: #15388
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|/
|
|
| |
Signed-off-by: Jason Ertel <jason.ertel@securityonionsolutions.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
implement a new command `podman generate spec` which can formulate a json specgen to be consumed by both the pod
and container creation API.
supported flags are
--verbose (default true) print output to the terminal
--compact print the json output in a single line format to be piped to the API
--filename put the output in a file
--clone rename the pod/ctr in the spec so it won't conflict w/ an existing entity
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Option defaults in API must be the same as in CLI.
```
% podman image push --help
% podman image pull --help
% podman manifest push --help
% podman image search --help
```
All of these CLI commands them have --tls-verify=true by default:
```
--tls-verify require HTTPS and verify certificates when accessing the registry (default true)
```
As for `podman image build`, it doesn't have any means to control
`tlsVerify` parameter but it must be true by default.
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
|
|\
| |
| | |
API: libpod/create use correct default umask
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make sure containers created via API have the correct umask from
containers.conf set.
Fixes #15036
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|/
|
|
|
|
|
|
|
|
| |
Docker uses "bridge" as default network name so some tools expect this
to work with network list or inspect. To fix this we change "bridge" to
the podman default ("podman") name.
Fixes #14983
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
| |
This is a follow up to fix some of the apiv2
tests related to "podman kube play" while also
removing reduntant system tests.
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The "podman kube play" command is designed to be a replacement for the
"podman play kube" command.
It performs the same function as "play kube" while also still working with the same flags and options.
The "podman play kube" command is still functional as an alias of "kube play".
Closes #12475
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|\
| |
| | |
Bump Compat API maximum version to v1.41
|
| |
| |
| |
| |
| |
| |
| |
| | |
Docker bumped their API, so we should do the same.
Fixes #14204
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \
| | |
| | | |
Fix streaming for libpod/pods/stats endpoint
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jakub Guzik <jguzik@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Fix network inspect compat API discrepancy
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- containerInspect compat API expects field value PrefixLen
instead of PrefixLength for type Address for SecondaryIPAddresses
- Add tests for network part of containerInspect compat api
Closes: containers#14674
Signed-off-by: 🤓 Mostafa Emami <mustafaemami@gmail.com>
|
|\ \ \
| | | |
| | | | |
podman image scp remote support & podman image scp tagging
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add support for podman-remote image scp as well as direct access via the API. This entailed
a full rework of the layering of image scp functions as well as the usual API plugging and type creation
also, implemented podman image scp tagging. which makes the syntax much more readable and allows users t tag the new image
they are loading to the local/remote machine:
allow users to pass a "new name" for the image they are transferring
`podman tag` as implemented creates a new image im `image list` when tagging, so this does the same
meaning that when transferring images with tags, podman on the remote machine/user will load two images
ex: `podman image scp computer1::alpine computer2::foobar` creates alpine:latest and localhost/foobar on the remote host
implementing tags means removal of the flexible syntax. In the currently released podman image scp, the user can either specify
`podman image scp source::img dest::` or `podman image scp dest:: source::img`. However, with tags this task becomes really hard to check
which is the image (src) and which is the new tag (dst). Removal of that streamlines the arg parsing process
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Docker compat returning unknown "initialized" for `status.status`
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Some background for this PR is in discussion #14641. In short, ever so often a container inspect will return a `status.status` of `initialized` from the Docker compat socket.
From the discussion I found these lines which tries to fix a "configured" status to "created".
https://github.com/containers/podman/blob/c936d1e61154b6826e9d8df46e9660aba6c86cfe/pkg/api/handlers/compat/containers.go#L291-L294
However, commit 141de8686289 (Revamp Libpod state strings for Docker compat) removed the "configured" return value from the `String()` method called on line 291 above. Thus, making the `if` check redundant as it will never hit. But the same commit also introduces a return for "initialized" which this `if` should probably have been adapted for.
Signed-off-by: Pieter Engelbrecht <pieter@shuttle.rs>
|
|\ \ \ \
| |/ / /
|/| | | |
Show Health Status events
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, health status events were not being generated at all. Both
the API and `podman events` will generate health_status events.
```
{"status":"health_status","id":"ae498ac3aa6c63db8b69a37583a6eae1a9cefbdbdbeeadcf8e1d66d745f0df63","from":"localhost/healthcheck-demo:latest","Type":"container","Action":"health_status","Actor":{"ID":"ae498ac3aa6c63db8b69a37583a6eae1a9cefbdbdbeeadcf8e1d66d745f0df63","Attributes":{"containerExitCode":"0","image":"localhost/healthcheck-demo:latest","io.buildah.version":"1.26.1","maintainer":"NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e","name":"healthcheck-demo"}},"scope":"local","time":1656082205,"timeNano":1656082205882271276,"HealthStatus":"healthy"}
```
```
2022-06-24 11:06:04.886238493 -0400 EDT container health_status ae498ac3aa6c63db8b69a37583a6eae1a9cefbdbdbeeadcf8e1d66d745f0df63 (image=localhost/healthcheck-demo:latest, name=healthcheck-demo, health_status=healthy, io.buildah.version=1.26.1, maintainer=NGINX Docker Maintainers <docker-maint@nginx.com>)
```
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
allow filter networks by dangling status
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add the ability to filter networks by their dangling status via:
`network ls --filter dangling=true/false`
Fixes: #14595
Signed-off-by: Carlo Lobrano <c.lobrano@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
API: containers/json always set application/json content type
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When we return no containers we just return `[]` but we still have to keep
the content type header `application/json` so external tools can correctly
parse the output.
Fixes #14647
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
use the memory limit specified for the container instead of reading it
from the cgroup. It is not reliable to read it from the cgroup since
the container could have been moved to a different cgroup and in
general the OCI runtime might create a sub-cgroup (like crun does).
Closes: https://github.com/containers/podman/issues/14676
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This would've caught a regression that #14549 had to fix.
Let's try to prevent the next regression.
This requires some hackery to get namespaces initialized
before the service is started; otherwise the service itself
initializes namespaces, which basically ends up with a
server process that runs forever.
Also: in stop_service(), reset service_pid, because that's
the correct thing to do.
Also: add some debug statements to try to figure out a
CI failure. (And leave them in place, because they might
be useful for future problems).
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
APIv2 tests are flaky after this morning's merge of #14543.
Symptom:
test-apiv2: Timed out (10s) waiting for service (/dev/tcp/localhost/5564)
journal shows:
registry[7421]: panic: unable to configure authorization (htpasswd):
no access controller registered with name: none
Possible cause:
Mix of REGISTRY_AUTH=none with REGISTRY_AUTH_HTPASSWD_* vars.
https://github.com/distribution/distribution/issues/1168
Solution:
only set _HTPASSWD_* vars when AUTH=htpasswd
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For some reason commit 5b79cf15a022 moved the container create options
parsing from cmd/podman/common to pkg/api/handlers. However it did not
remove the old code. Unfortunately it moved the code from an outdated
version and did not update it before this commit was merged.
Therefore a couple of regressions were introduced. I manually compared
both versions and found three missing bugfixes.
I fixed the network test again that was changed in bce97a3b5dd1. We
want bridge as default even as rootless. Sine the test is not run as
rootless in CI the regression was not caught.
Also the no hosts test never worked since it was missing the import
check if the hosts file exists.
I don't think we can check for the volume parsing change since this only
works on windows/wsl.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Mostly fix a bad design decision I made early on, re: registry.
old: registry starts once, runs to the end
new: registry is brought up on demand, then stopped
Reason: there are times when we need a password-controlled
registry, and times when we need it open.
As long as I'm in here, I've also cleaned up some confusing code
and fixed things so tests can run rootless again.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also:
- It fixes a regression in parsing "images" parameter in
ManifestAddV3 handler.
- Refactors 12-imagesMore.at to use start_registry helper.
- Removes some unsafe "exit 1" statements which skip clean up.
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
|
|\ \
| | |
| | | |
compat, build: suppress `step` errors when `quiet=1` is set
|
| |/
| |
| |
| |
| |
| |
| |
| | |
Match with docker API and suppress step errors when field quiet is set.
Closes: https://github.com/containers/podman/issues/14315
Signed-off-by: Aditya R <arajan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
| |
Fix a bug in the resolution of images in the Docker compat API.
When looking up an image by a short name, the name may match
an image that does not live on Docker Hub. The resolved name
should be used for normalization instead of the input name to
make sure that `busybox` can resolve to `registry.com/busybox`
if present in the local storage.
Fixes: #14291
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|