| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
tunnel: allow `remote` and `API` to accept `--secrets`
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Prevents temp secrets leaking into image by moving it away from context
directory to parent builder directory. Builder directory automatically
gets cleaned up when we are done with the build.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Podman remote must treat build secrets as part of context directory. If
secret path is absolute path on host copy it to tar file and pass it to
remote server.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
Replace `multi-user.target` with `default.target` across the code base.
It seems like the multi-user one is not available for (rootless) users
on F35 anymore is causing issues in all kinds of ways, for instance,
enabling the podman.service or generated systemd units.
Fixes: #12438
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
| |
...and fix problems found therewith.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
improve the heuristic to detect the scope that was created for the container.
This is necessary with systemd running as PID 1, since it moves itself
to a different sub-cgroup, thus stats would not account for other
processes in the same container.
Closes: https://github.com/containers/podman/issues/12400
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
That previous commit made me wonder if there are any other
instances of Expect() with no assertions.
grep Expect test/e2e/*_test.go |egrep -v '\.(To|NotTo|Should)'
...finds a couple of handfuls, most of which are OK (continued
on the next line) but a few of which are bugs. Fix those.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
| |
These were NOPs, and were testing the wrong thing (pod ID,
not container ID). Fixed manually.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
| |
via: sed -i -e 's/Expect(StringInSlice(\(.*\), \(.*\))).To(BeTrue())/Expect(\2)\.To(ContainElement(\1))/' test/e2e/*_test.go
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
| |
Continue eliminating GrepString() and BeTrue(), in tiny
incremental steps. Here I take the liberty of refactoring
some hard-to-read code by adding a helper.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\
| |
| | |
Support env variables based on ConfigMaps sent in payload
|
| | |
| |
| |
| |
| |
| | |
Fixes #12363
Signed-off-by: Jakub Dzon <jdzon@redhat.com>
|
| |\ \
| | |
| | | |
podman-remote does not support signature-policy
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Fixes: https://github.com/containers/podman/issues/12357
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
image lookup: do not match *any* tags
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For reasons buried in the history of Podman, looking up an untagged
image would match any tag of matching image. For instance, looking up
centos would match a local image centos:foobar. Change that behavior
to only match the latest tag.
Fix: #11964
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
generate systemd: add --start-timeout flag
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a new flag to set the start timeout for a generated systemd unit.
To make naming consistent, add a new --stop-timeout flag as well and let
the previous --time map to it.
Fixes: #11618
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commit 2 of 2: there were (still are?) a bunch of string
checks that didn't have a corresponding Expect(). IIUC
that means they were NOPs. Try to identify and fix those.
The first few were caught by Go linting, "ok is defined
but not used". When I realized the problem, I looked for
more using:
$ ack -A2 LineInOutputStartsWith
...and tediously eyeballing the results, looking for
matches in which the next line was not Expect(). If
test was wrong (e.g. "server" should've been "nameserver"),
fix that.
Also: remove the remove-betrue script. We don't need it
in the repo, I just wanted to preserve it for posterity.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Many ginkgo tests have been written to use this evil form:
GrepString("foo")
Expect(that to BeTrue())
...which yields horrible useless messages on failure:
false is not true
Identify those (automatically, via script) and convert to:
Expect(output to ContainSubstring("foo"))
...which yields:
"this output" does not contain substring "foo"
There are still many BeTrue()s left. This is just a start.
This is commit 1 of 2. It includes the script I used, and
all changes to *.go are those computed by the script.
Commit 2 will apply some manual fixes.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| | |
| | | |
Rename pod on generate of container
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When generating kube of a container, the podname and container name in
the yaml are identical. This offends rules in podman where pods and
containers cannot have the same name. We now append _pod to the
podname to avoid that collision.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Semiperiodic cleanup of obsolete Skip()s
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Found by my find-obsolete-skips script. Let's see which, if any,
of these skipped tests can be reenabled.
Some Skips are "this will never work", not "this is expected to
work one day". Update the message on those to reflect that.
Some were real bugs in the test framework. Fix those.
And, joy of joys, some work today. Remove those skips.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | | |
adrianreber/2021-11-18-restore-runtime-verification
Restore runtime verification
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
On container restore ensures that the same container runtime is used as
during checkpointing and it also ensures that the user does not select
a different runtime.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Colin Bendell <colin@bendell.ca>
|
| |
|
|
|
|
|
|
| |
Use a substring matching the end of the error message.
Closes: #12366
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
|
| |\
| |
| | |
filters: add basic pattern matching for label keys i.e `--filter label=<pattern>`
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Following PR adds basic pattern matching to filter by labels for `keys`.
Adds support for use-cases like `--filter label=some.prefix.com/key/*`
where end-users want to match a pattern for keys as compared to exact
value.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Support `checkpoint --pre-checkpoint`
* Support `checkpoint --with-previous`
* Disable `restore --import-previous` for the remote client since we had
to send two files which in turn would require to tar them up and hence
be a breaking change. Podman 4.0 would be the chance and I hope we'll
find time before that to remote-restore prettier.
Note that I did not run over swagger yet to check whether all parameters
are actually documented due to time constraints.
Fixes: #12334
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Our fedora-minimal image on Quay bases on fedora-minimal:latest which
starting with F35 removed a number of binaries that our CI depends on.
Fix that by pulling `fedora-minimal:34` from the Fedora registry
directly.
Once the build bot on Quay has been disabled, we move the image over
there to make sure that it will not change over time.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| | |
| | | |
fix remote checkpoint/restore
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Nothing was working before, and it's too much to summarize. To make
sure we're not regressing in the future again, enable the remote e2e
tests.
Fixes: #12007
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
infra container: replace pause with catatonit
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Podman has been using catatonit for a number of years already.
Thanks to @giuseppe, catatonit is now able to run as a pause
process which allows us to replace the pause binary entirely.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| | |
| | | |
secret: honor custom `target=` for secrets with `type=mount` for ctr.
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Honor custom `target` if specified while running or creating containers
with secret `type=mount`.
Example:
`podman run -it --secret token,type=mount,target=TOKEN ubi8/ubi:latest
bash`
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |\
| |
| | |
Enable 'podman run --memory-swappiness=0'
|
| | |
| |
| |
| |
| |
| |
| |
| | |
'--memory-swappiness=0' used to work. This patch fixes the regression
issue, which was caused by the change of infra container creation
process.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
|
| |\ \
| |/
|/| |
Fix network mode in play kube
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We need to use the config network mode when no network mode was set. To
do so we have to keep the nsmode empty, MakeContainer() will use the
correct network mode from the config when needed.
Fixes #12248
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \
| |/
|/| |
Podman Image SCP transfer patch
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixed syntax so that podman image scp transfer works with no user specified.
This command can only be executed as root so to obtain the default user, I searched for
the SUDO_USER environmental variable. If that is not found, we error out and inform the user
to set this variable and make sure they are running as root
Signed-off-by: cdoern <cdoern@redhat.com>
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
|
| |\ \
| | |
| | | |
Print headers for system connection ls
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Print out the headers even if the system connection list
is empty to match the behavior of other list commands.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
When run as rootless the podman network reload command tries to reload
the rootlessport ports because the childIP could have changed.
However if the containers has no ports we should skip this instead of
printing a warning.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Health checks may be defined in the container config or the config of an
image. So far, Podman only looked at the container config.
The plumbing happened in libimage but add a regression test to Podman as
well to make sure the glue code will not regress.
Note that I am pinning github.com/onsi/gomega to v1.16.0 since v1.17.0
requires go 1.16 which in turn is breaking CI.
Fixes: #12226
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
