| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
| |
Require the network to be online in all (generated) systemd units to
make sure that containers and Podman run only after the network has been
fully configured.
Fixes: #10655
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
--infra-name command line argument
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Adds the new --infra-name command line argument allowing users to define
the name of the infra container
Issue #10794
Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The multi-image load test was failing on non-x86_64 arch,
because the images used by the test (:00000000, :20200902)
did not have manifests for the given arch.
Solution: all we need are two nonlocal images. Use the
predefined NONLOCAL_IMAGE for one, and a new :multiimage
tag (manually created, currently == :20210610) for the other.
Document, so if/when RHEL adds new supported arches, the
test will fail but a maintainer will have a clue what to do.
Also, as long as I'm in here: add 'image prune -f' to teardown
in build.bats, to avoid seeing lots of red "stray image"
warnings in test logs.
Also: skip a broken/flaky python test
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\
| |
| | |
auto-update: add --dry-run
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a --dry-run flag to `podman auto-update` which will look for new
images but won't perform any pull or restart any service or container.
The "UPDATED" column will now indicate the availability of a newer image
via "pending".
```
$ podman auto-update --dry-run
UNIT CONTAINER IMAGE POLICY UPDATED
container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false
```
Fixes: #9949
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
$ mkdir zzz;cd zzz
$ printf "FROM quay.io/libpod/testimage:20210610\nCOPY ./ ./\nCOPY subdir ./\n" >Dockerfile
$ printf "*\nsubdir\n\!*/sub1*\n" >.dockerignore
$ mkdir subdir; touch subdir/sub1.txt
$ ../bin/podman-remote build .
Should fail, but succeeds because we are not sending over the
.dockerignore file to the server side. This PR will send the
.dockerignore so the server side and use it.
Fixes: #10907
Also if both .containerignore and .dockerignore in the context
directory, podman-remote should prefer .containerignore and not use
.dockerignore.
Fixes: #10908
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
auto-update: make output more user friendly
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The rather raw and scarce output of `podman auto-update` has been a
thorn in my eyes for a longer while. So far, Podman would only print
updated systemd units, one per line, without further formatting.
Motivated by issue #9949 which is asking for some more useful
information in combination with a dry-run feature, I sat down and
reflected which information may come in handy.
Running `podman auto-update` will now look as follows:
```
$ podman auto-update
Trying to pull [...]
UNIT CONTAINER IMAGE POLICY UPDATED
container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false
```
Also refactor the spaghetti code in the backend a bit to make it easier
to digest and maintain.
For easier testing and for the sake of consistency with other commands
listing output, add a `--format` flag.
The man page will get an overhaul in a follow up commit.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The output of auto-update leaves quite some space for improvements. One
thing is to make it more obvious which systemd units were restarted.
With this change, the output looks as follows:
```
$ podman auto-update
Trying to pull...
Restarted the following systemd units:
$unit-1
$unit-2
$unit-3
```
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| |/
|/| |
Perform a one-sided close of HTTP attach conn on EOF
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On EOF of STDIN, we need to perform a one-sided close of the
attach connection on the client side, to ensure that STDIN
finishing will also cause the exec session to terminate, instead
of hang.
Fixes #7360
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
If the user specifies "*" in a .dockerignore or a .containerignore
then podman-remote build should not exclude the Dockerfile or
Containerfile or any content pointed to by `-f` in the context
directory.
We still need these files on the server side to complete the build.
Fixes: https://github.com/containers/podman/issues/9867
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
| |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Since Podman create/run can support this, so should play.
Fixes: https://github.com/containers/podman/issues/10807
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.32.3 to 1.32.5.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.32.3...v1.32.5)
---
updated-dependencies:
- dependency-name: github.com/containers/storage
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
| |
Fix a bug in `podman-cp` to forbid copying directories to files.
Previously, the directory was copied to the parent directory of the file
which is wrong.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
create: support images with invalid platform
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Much to my regret, there is a number of images in the wild with invalid
platforms breaking the platform checks in libimage that want to make
sure that a local image is matching the expected platform.
Imagine a `podman run --arch=arm64 fedora` with a local amd64 fedora
image. We really shouldn't use the local one in this case and pull down
the arm64 one.
The strict platform checks in libimage in combination with invalid
platforms in images surfaced in Podman being able to pull an image but
failing to look it up in subsequent presence checks. A `podman run`
would hence pull such an image but fail to create the container.
Support images with invalid platforms by vendoring the latest HEAD from
containers/common. Also remove the partially implemented pull-policy
logic from Podman and let libimage handle that entirely. However,
whenever --arch, --os or --platform are specified, the pull policy will
be forced to "newer". This way, we pessimistically assume that the
local image has an invalid platform and we reach out to the registry.
If there's a newer image (i.e., one with a different digest), we'll pull
it down.
Please note that most of the logic has either already been implemented
in libimage or been moved down which allows for removing some clutter
from Podman.
[NO TESTS NEEDED] since c/common has new tests. Podman can rely on the
existing tests.
Fixes: #10648
Fixes: #10682
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
| |
As discussed in #10710, the additional checks for podman-exec added by
commit 666f555aa52b are extremely flaky and appear in nearly every PR
I have see this week.
Let's temporarily disable the checks and reenable them on #10710 is
fixed.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactor podman commands that have drifted from using
c/common report pkg. Report pkg is needed to implement
go template functions.
Removed obsolete code from podman which exists in c/common.
Latest template library added default newlines and method to
remove them. Incorporated needed changes in c/common PR below.
Depends on https://github.com/containers/common/pull/624
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1855983
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\
| |
| | |
Fix resize race with podman exec -it
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When starting a process with `podman exec -it` the terminal is resized
after the process is started. To fix this allow exec start to accept the
terminal height and width as parameter and let it resize right before
the process is started.
Fixes #10560
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \
| | |
| | | |
add correct slirp ip to /etc/hosts
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
The container name should have the slirp interface ip set in /etc/hosts
and not the gateway ip. Commit c8dfcce6db0a introduced this regression.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1972073
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \
| |/
|/| |
Add podman-restart systemd unit file
|
| | |
| |
| |
| |
| |
| |
| | |
* Add podman-restart systemd unit file and add it to podman RPM package
* Fix podman start to filter all containers + unit test
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
Fixes: https://github.com/containers/podman/issues/10621
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
TL;DR podman needs "arm64" as arch, not "arm64v8".
Unexpurgated version: docker.io publishes ${ARCH}/alpine for
several values of ARCH. Unfortunately, the arm64 one is
called "arm64v8", which is sensible, but podman needs the
--arch value of the manifest to be exactly "arm64". So we
need to special-case this value in our loop. Do so, and
build/publish a new 20210610 testimage. Use that in tests
moving forward.
And, since we need to jump through the same hoops to build
the nonlocal image, include it in the build loop instead
of as a tacked-on comment. Try to be helpful by determining
the next-available numeric tag.
And: don't push anything by default. Instead, just tell
the user what buildah-push commands to run.
And: refactor $PODMAN_NONLOCAL_IMAGE_TAG, to make it easier
for the RHEL-arch-testing folx to override using envariables
instead of inplace-sed. (Not that they should ever need to
override again, because this is the final multiarch commit
that should be forevermore perfect and need no further commits
ever again).
And, finally, bump up to latest alpine/busybox images.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
crun 0.20.1 changed an error message that we relied on. Deal
with it by accepting the old and new message.
Also (unrelated): sneak in some doc fixes to get rid of
nasty go-md2man warnings that have crept into man pages.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
podman-remote build has to handle multiple different locations
for the Containerfile. Currently this works in local mode but not
when using podman-remote.
Fixes: https://github.com/containers/podman/issues/9871
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Followup to #9740. Nice work, but the _confirm_update() helper
was dangerously broken and I just wasn't able to communicate
that. Given the time zone difference, and my weekly time cost
in reviewing, it's easier for me to fix it myself. (The problem
is that the function was a complete NOP, which would lead to
flakes).
Also: got rid of some clutter, restructured a few minor places
for maintainability.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\
| |
| | |
System test: Add tests for podman auto-update
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Add some cases for podman auto-update:
1. Test with different value for label io.containers.autoupdate
2. Run podman auto-update as systemd timer
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
|
| |\ \
| | |
| | | |
remote events: support labels
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Certain event meta data was lost when converting the remote events to
libpod events and vice versa. Enable the skipped system tests for
remote.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| | | |
| | | | |
remote: always send resize before the container starts
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There is race condition in the remote client attach logic. Because the
resize api call was handled in an extra goroutine the container was
started before the resize call happend. To fix this we have to call
resize in the same goroutine as attach. When the first resize is done
start a goroutine to listen on SIGWINCH in the background and resize
again if the signal is received.
Fixes #9859
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
remote events: fix --stream=false
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a bug in remote events where only one event would be sent if when
streaming is turned off. The source of the bug was that the handler
attempted to implement the streaming logic and did it wrong. The fix is
rather simple by removing this logic from the handler and let the events
backend handle streaming.
Fixes: #10529
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The containers /etc/resolv.conf allways preserved the ipv6 nameserves
from the host even when the container did not supported ipv6. Check
if the cni result contains an ipv6 address or slirp4netns has ipv6
support enabled and only add the ipv6 nameservers when this is the case.
The test needs to have an ipv6 nameserver in the hosts /etc/hosts but we
should never mess with this file on the host. Therefore the test is
skipped when no ipv6 is detected.
Fixes #10158
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\
| |
| | |
events: support disjunctive filters
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
While different filters are applied in conjunction, the same filter (but
with different values) should be applied in disjunction. This allows,
for instance, to query the events of two containers.
Fixes: #10507
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| | |
| | | |
System tests: add :Z to volume mounts
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
selinux-policy-34.9-1.fc34 breaks a behavior we've relied on
since (at least) January 2020:
- Revert "Add permission open to files_read_inherited_tmp_files()
interface"
That's probably the correct thing to do, but it breaks our
existing tests. Solution: add ':Z' where needed.
Tested on Ed's laptop, which has the offending selinux-policy
as of 2021-05-31. Tests pass root and rootless. (I mention
this because tests will obviously pass in CI, which has a
much older selinux-policy).
Also: add a 'podman rmi' for cleanup in one test, to avoid
noise in test logs.
Fixes: #10522
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |/
|
|
|
|
|
|
|
| |
Vendor in the latest HEAd of containers/common to implicitly support the
tag@digest notation for images. To remain compatible with Docker, the
tag will be stripped off the image reference and is entirely ignored.
Fixes: #6721
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Currently if a user runs an image with a user specified or
exposed ports with podman play kube, the fields are ignored.
Fixed: https://github.com/containers/podman/issues/9609
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a race in journald driver. Following the logs implies streaming
until the container is dead. Streaming happened in one goroutine,
waiting for the container to exit/die and signaling that event happened
in another goroutine.
The nature of having two goroutines running simultaneously is pretty
much the core of the race condition. When the streaming goroutines
received the signal that the container has exitted, the routine may not
have read and written all of the container's logs.
Fix this race by reading both, the logs and the events, of the container
and stop streaming when the died/exited event has been read. The died
event is guaranteed to be after all logs in the journal which guarantees
not only consistencty but also a deterministic behavior.
Note that the journald log driver now requires the journald event
backend to be set.
Fixes: #10323
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
Fix race on podman start --all
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Make sure all containers exit after start
There is a race condition in that container could still be running when
we attempt to remove them.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
