| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
| |
Do not apply reserved annotations from the image to the container.
Reserved annotations are applied during container creation to retrieve
certain information (e.g., custom seccomp profile or autoremoval)
once a container has been created.
Context: #12671
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
Error out early if system does not support pre-copy checkpointing
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
CRIU's pre-copy migration support relies on the soft dirty page tracking
in the Linux kernel:
https://www.kernel.org/doc/Documentation/vm/soft-dirty.txt
This functionality is not implemented for all architectures and it can
also be turned off in the kernel.
CRIU can check if the combination of architecture/kernel/CRIU supports
the soft dirty page tracking and exports this feature checking
functionality in go-criu.
This commit adds an early check if the user selects pre-copy
checkpointing to error out if the system does not support it.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |\ \
| |/
|/| |
Warn on use of --kernel-memory
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
It has been deprecated and is no longer supported. Fully remove it and
only print a warning if a user uses it.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2011695
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
|
| |\ \
| |/
|/| |
Use hosts public ip address in rootless containers
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Add first non localhost ipv4 of all host interfaces as destination
for host.contaners.internal for rootless containers.
Fixes: https://github.com/containers/podman/issues/12000
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
support hosts without /etc/hosts
|
| | | |
| | |
| | |
| | |
| | | |
Fixes: #12667
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Podman run --passwd
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
added support for a new flag --passwd which, when false prohibits podman from creating entries in
/etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint
resolves #11805
Signed-off-by: cdoern <cdoern@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
compat: image normalization: handle sha256 prefix
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When normalizing image names on the compat API, make sure to take the
`sha256:` prefix into account when matching against the image ID.
Otherwise, the name will mistakingly be subject to docker.io
normalization.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
specgen: honor userns=auto from containers.conf
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when using the default userns value, make sure its value is parsed so
that userns=auto is parsed and the options for the storage are filled.
Closes: https://github.com/containers/podman/issues/12615
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |/
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
apiv2 tests: use quay.io/libpod/testimage:20210610 for platform tests
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The quay.io/libpod/testimage:20210610 is known not to change and to
remain stable over time. While the same should apply for alpine image
on quay.io/libpod, we've seen it flake and return the wrong image.
The reasons for that observation are unknown.
Fixes: #12631
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
fix(generate): fix up podman generate kube missing env field bug
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
the logic is: if the process env vars key exists in podman default or in image defined, and the value is equal, skip the env var key.
the typo make it compare to itself -_-
so, here comes the simple fixup.
Signed-off-by: 荒野無燈 <ttys3.rust@gmail.com>
|
| |\ \ \
| |/ /
|/| | |
image rm: allow for force-remove infra images
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Force removal of images will also remove associated containers.
Historically, infra containers have been excluded resulting in
rather annoying errors, for instance, when running `rmi -af`.
Since there is not reasons to exclude infra containers, allow for
removing the entire pod when an infra image is force removed.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
Add more checkpoint/restore information to 'inspect'
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
This extends one of the checkpoint/restore tests to see if the
newly introduced checkpoint specific fields in 'inspect' work as
intended.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |\ \
| | |
| | | |
build: relay `exitcode` from imagebuildah to registry
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Old build tests were expecting genric error code `125` however another
commit in this PR ensures that we relay exact exit code from build to
registry.
Hence adjusting tests
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Podman does not relay exit code from buildah instead returns a generic
error code `125`. Following PR allows `podman` to relay exit code from
`imagebuildah` to `registry` as it is.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when a container with healthchecks exits due to stopping or failure, we
need the cleanup process to remove both the timer file and the service
file.
Bz#:2024229
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
oci: configure the devices cgroup with default devices
|
| | |/
| |
| |
| |
| |
| |
| | |
always set the default devices to the devices cgroup when not running
in a user namespace.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/
|
|
|
|
|
| |
Make sure that `kill -a` is printing the IDs of killed containers.
Previously, it was only printing empty lines.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The search endpoint on registry.redhat.io is broken.
Skip one test and update another to avoid hitting it.
Also leave some breadcrumbs to revert once it's back
in a working state.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
APIv2 tests: fail on syntax/logic errors
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(i.e. not test failures, but actual programming bugs).
We've had a number of syntax errors creep into this test, usually
caused by a missing backslash on a test command. I've long wanted
to 'set -e' but that causes other problems. This PR introduces
error handling via 'trap', with useful diagnostics on failure.
This PR also catches and fixes two previously-unknown bugs that
were causing tests to not actually run.
And, since /events takes eons on my high-uptime laptop, add /since
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| | |
| | | |
Show --external containers even without --all option
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We currently do not show --external containers when the user specifies
it, unless they also specify the --all flag. This has led to confusion.
I see no reason not to list them without the --all flag if the user
specifies the option.
Fixes: https://github.com/containers/podman/issues/12353
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
network db rewrite
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Allow the same --network options for play kube as for podman run/create.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Rework the --network parse logic to support multiple networks with
specific network configuration settings.
--network can now be set multiple times. For bridge network mode the
following options have been added:
- **alias=name**: Add network-scoped alias for the container.
- **ip=IPv4**: Specify a static ipv4 address for this container.
- **ip=IPv6**: Specify a static ipv6 address for this container.
- **mac=MAC**: Specify a static mac address address for this container.
- **interface_name**: Specify a name for the created network interface inside the container.
So now you can set --network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99
for the default bridge network as well as for network names.
This is better than using --ip because we can set the ip per network
without any confusion which network the ip address should be assigned
to.
The --ip, --mac-address and --network-alias options are still supported
but --ip or --mac-address can only be set when only one network is set.
This limitation already existed previously.
The ability to specify a custom network interface name is new
Fixes #11534
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Network connect now supports setting a static ipv4, ipv6 and mac address
for the container network. The options are added to the cli and api.
Fixes #9883
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some months ago, apiv2 tests got added that needed new
functionality: passing a tarball to the remote server.
There was no mechanism to do so in the 't' helper, so
these tests used complicated (and actually not-really-
working) curl commands.
This PR introduces and documents a new usage of 't', in
which passing an argument ending in '.tar' adds the
right magic syntax (--data-binary @PATH) to the existing
curl. This lets us use all standard 't' checks, making
for simpler tests and in the process fixing some bugs.
Also: drive-by fix of a typo bug in the networks test.
Also: set CONTAINERS_REGISTRIES_CONF when starting server
and when running direct podman, to avoid docker.io throttling.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| | |
| | | |
Add secret list --filter to cli
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This PR is a follow-up of #11431. It adds possibility of filtering
secret list based on id and name.
Signed-off-by: Jakub Guzik <jguzik@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Fixes #12063 Add docker compatible output after image build.
|
| | | |/
| |/|
| | |
| | | |
Signed-off-by: Ananth Bhaskararaman <antsub@gmail.com>
|
| |\ \ \
| |/ /
|/| | |
network ls: show networks in deterministic order
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
The new network backend stores the networks in a map so the returned
order is not deterministic. Lets sort the network names alphabetically
to ensure a deterministic order.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
This is the third and hopefully the last attempt to address the flakes
in the pprof tests. We first bumped the timeouts to 2 seconds, then to
5, and since I am running out of ideas let's bump it now to 20 seconds.
Since the timeouts poll, the tests will terminate much earlier but 20
seconds should now really be enough even under highly loaded CI VMs.
Fixes: #12167
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
| |
Fixes: #12566
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
