Commit Graph

12259 Commits

Author SHA1 Message Date
Boaz Shuster 302b3084eb Restart all containers with restart-policy=always on boot
* Add podman-restart systemd unit file and add it to podman RPM package
* Fix podman start to filter all containers + unit test

Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
2021-06-13 15:04:34 +03:00
Daniel J Walsh e8006c7978
Fix handling of podman-remote build --device
Fixes: https://github.com/containers/podman/issues/10614

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-06-13 06:17:49 -04:00
OpenShift Merge Robot e549ca5078
Merge pull request #10525 from rhatdan/docs1
[CI:DOCS] Add documentation on ignore_chown_errors
2021-06-12 16:14:43 -04:00
OpenShift Merge Robot 14ae580dc6
Merge pull request #10601 from Procyhon/07062021_manpage
[CI:DOCS] UPDATE manpages with MANPAGE_SYNTAX
2021-06-12 16:11:42 -04:00
OpenShift Merge Robot 328174df27
Merge pull request #10635 from adrianreber/2021-06-04-privileged
Fix restoring of privileged containers
2021-06-12 14:56:42 -04:00
OpenShift Merge Robot c955c95b54
Merge pull request #10661 from mwhahaha/issue-10660
Fall back to string for dockerfile parameter
2021-06-12 14:36:42 -04:00
Alexander Richter 4bca1984a5 UPDATE manpages with MANPAGE_SYNTAX
The following manpages have been adapted to the MANPAGE_SYNTAX:
- podman-completion
- podman-container-checkpoint
- podman-container-cleanup
- podman-container-exists

The following manpages have had little changes:
- podman-attach
- podman-commit
- MANPAGE_SYNTAX
- Makefile

Signed-off-by: Alexander Richter <67486332+Procyhon@users.noreply.github.com>
2021-06-12 18:50:20 +02:00
OpenShift Merge Robot d1cb5d14e9
Merge pull request #10654 from Luap99/net-connect
Fix network connect race with docker-compose
2021-06-12 05:02:43 -04:00
Дилян Палаузов 8d860cfcde podman-run.1.md:detach-keys: spell the default value just once
Insisting on “DCO” imposes formalities, that serve self-purpose.  One cannot
assume that the submitter has time or will to read texts about symbolism in
software contributions.  If the system wants to see the text

      nrEAUIEUAIe eanuitdnuae EAIUEAUIAIE »ℓ§444.3.72b)°»°ℓ§euaieauuae

in each commit, people will write this, or any other text, that the system wants to
see.  All such text, which presence is mandated by the system, has the same value.

Signed-off-by: Дилян Палаузов <git-dpa@aegee.org>
2021-06-12 10:20:35 +03:00
OpenShift Merge Robot 45dc3d699d
Merge pull request #10405 from mheon/always_cleanup_exec
Always spawn a cleanup process with exec
2021-06-11 16:32:43 -04:00
OpenShift Merge Robot af9d690690
Merge pull request #10638 from Luap99/volume
Fix volumes with uid and gid options
2021-06-11 16:31:45 -04:00
Alex Schultz ded2f004f0 Fall back to string for dockerfile parameter
a9cb824981 changed the expectations of the
dockerfile parameter to be json data however it's a string. In order to
support both, let's attempt json and fall back to a string if the json
parsing fails.

Closes #10660

Signed-off-by: Alex Schultz <aschultz@redhat.com>
2021-06-11 13:50:29 -06:00
Paul Holzinger 44d9c453d3 Fix network connect race with docker-compose
Network connect/disconnect has to call the cni plugins when the network
namespace is already configured. This is the case for `ContainerStateRunning`
and `ContainerStateCreated`. This is important otherwise the network is
not attached to this network namespace and libpod will throw errors like
`network inspection mismatch...` This problem happened when using
`docker-compose up` in attached mode.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2021-06-11 16:00:12 +02:00
Paul Holzinger ad3b56c62f Fix volumes with uid and gid options
Podman uses the volume option map to check if it has to mount the volume
or not when the container is started. Commit 28138dafcc added to uid
and gid options to this map, however when only uid/gid is set we cannot
mount this volume because there is no filesystem or device specified.
Make sure we do not try to mount the volume when only the uid/gid option
is set since this is a simple chown operation.

Also when a uid/gid is explicity set, do not chown the volume based on
the container user when the volume is used for the first time.

Fixes #10620

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2021-06-11 13:27:08 +02:00
Daniel J Walsh 3a65ba2fab
Add support for podman remote build -f - .
Fixes: https://github.com/containers/podman/issues/10621

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-06-11 06:28:28 -04:00
OpenShift Merge Robot a634b2cd59
Merge pull request #10542 from alvistack/master-linux-amd64
Update nix pin with `make nixpkgs`
2021-06-11 05:20:43 -04:00
OpenShift Merge Robot 08e39fe6de
Merge pull request #10646 from edsantiago/arm64
System tests: the continuing multiarch saga
2021-06-11 04:47:43 -04:00
OpenShift Merge Robot ed983c9030
Merge pull request #10628 from containers/dependabot/go_modules/github.com/containers/storage-1.32.2
Bump github.com/containers/storage from 1.32.1 to 1.32.2
2021-06-10 20:08:43 -04:00
Daniel J Walsh 991647c775
Add documentation on ignore_chown_errors
fixes: https://github.com/containers/podman/issues/10145

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-06-10 17:02:35 -04:00
OpenShift Merge Robot 0c38ac44ef
Merge pull request #10609 from giuseppe/ignore-named-hierarchies
container: ignore named hierarchies
2021-06-10 17:01:41 -04:00
OpenShift Merge Robot 6feaae699d
Merge pull request #10639 from adrianreber/2021-06-10-pre-dump-fix
Fix pre-checkpointing
2021-06-10 16:58:41 -04:00
Ed Santiago 40d70334e0 System tests: the continuing multiarch saga
TL;DR podman needs "arm64" as arch, not "arm64v8".

Unexpurgated version: docker.io publishes ${ARCH}/alpine for
several values of ARCH. Unfortunately, the arm64 one is
called "arm64v8", which is sensible, but podman needs the
--arch value of the manifest to be exactly "arm64". So we
need to special-case this value in our loop. Do so, and
build/publish a new 20210610 testimage. Use that in tests
moving forward.

And, since we need to jump through the same hoops to build
the nonlocal image, include it in the build loop instead
of as a tacked-on comment. Try to be helpful by determining
the next-available numeric tag.

And: don't push anything by default. Instead, just tell
the user what buildah-push commands to run.

And: refactor $PODMAN_NONLOCAL_IMAGE_TAG, to make it easier
for the RHEL-arch-testing folx to override using envariables
instead of inplace-sed. (Not that they should ever need to
override again, because this is the final multiarch commit
that should be forevermore perfect and need no further commits
ever again).

And, finally, bump up to latest alpine/busybox images.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2021-06-10 13:33:20 -06:00
Matthew Heon 62f4b0a195 Add ExecDied event and use it to retrieve exit codes
When making Exec Cleanup processes mandatory, I introduced a race
wherein attached exec sessions could be cleaned up and removed by
the cleanup process before the frontend had a chance to get their
exit code. Fortunately, we've dealt with this issue before in
containers, and the same solution can be applied here. I added an
event for an exec session's process exiting, `exec_died` (Docker
has an identical event, so this actually improves our
compatibility there) that includes the exit code of the exec
session. If the race happens and the exec session no longer
exists when we go to remove it, pick up exit code from the event
and exit cleanly.

Signed-off-by: Matthew Heon <mheon@redhat.com>
2021-06-10 14:17:41 -04:00
Matthew Heon 341e6a1628 Always spawn a cleanup process with exec
We were previously only doing this for detached exec. I don't
know why we did that, but I don't see any reason not to extend it
to all exec sessions - it guarantees that we will always clean up
exec sessions, even if the original `podman exec` process died.

[NO TESTS NEEDED] because I don't really know how to test this
one.

Signed-off-by: Matthew Heon <mheon@redhat.com>
2021-06-10 14:16:22 -04:00
OpenShift Merge Robot 2aedcae026
Merge pull request #10642 from cevich/fix_links
[CI:DOCS] Fix docs links due to branch rename
2021-06-10 13:10:15 -04:00
Chris Evich 4a4fe48ccd
Fix docs links due to branch rename
Ref: https://github.com/containers/common/issues/549

Signed-off-by: Chris Evich <cevich@redhat.com>
2021-06-10 11:30:41 -04:00
Adrian Reber 240bbc3bfa
Fix pre-checkpointing
Unfortunately --pre-checkpointing never worked as intended and recent
changes to runc have shown that it is broken.

To create a pre-checkpoint CRIU expects the paths between the
pre-checkpoints to be a relative path. If having a previous checkpoint
it needs the be referenced like this: --prev-images-dir ../parent

Unfortunately Podman was giving runc (and CRIU) an absolute path.

Unfortunately, again, until March 2021 CRIU silently ignored if
the path was not relative and switch back to normal checkpointing.

This has been now fixed in CRIU and runc and running pre-checkpoint
with the latest runc fails, because runc already sees that the path is
absolute and returns an error.

This commit fixes this by giving runc a relative path.

This commit also fixes a second pre-checkpointing error which was just
recently introduced.

So summarizing: pre-checkpointing never worked correctly because CRIU
ignored wrong parameters and recent changes broke it even more.

Now both errors should be fixed.

[NO TESTS NEEDED]

Signed-off-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Adrian Reber <adrian@lisas.de>
2021-06-10 15:29:24 +02:00
OpenShift Merge Robot dffbf16b24
Merge pull request #10634 from Luap99/machine-build
Fix build tags for pkg/machine...
2021-06-10 09:28:15 -04:00
Giuseppe Scrivano 3b6cb8fabb
container: ignore named hierarchies
when looking up the container cgroup, ignore named hierarchies since
containers running systemd as payload will create a sub-cgroup and
move themselves there.

Closes: https://github.com/containers/podman/issues/10602

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2021-06-10 14:49:58 +02:00
Adrian Reber d9a1c34e43
Fix restoring of privileged containers
Checkpointed containers started with --privileged fail during restore
with:

 Error: error creating container storage: ProcessLabel and Mountlabel must either not be specified or both specified

This commit fixes it by not setting the labels when restoring a
privileged container.

[NO TESTS NEEDED]

Signed-off-by: Adrian Reber <areber@redhat.com>
2021-06-10 12:18:03 +02:00
Paul Holzinger c3a14103fb Fix build tags for pkg/machine...
Podman machine is only intended for amd64 and arm64 architectures, set
the correct buildtags so that the `pkg/machine`, `pkg/machine/qemu` and
`pkg/machine/libvirt` packages compile correctly.

[NO TESTS NEEDED]

Fixes #10625

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2021-06-10 10:25:16 +02:00
OpenShift Merge Robot d116bebdd5
Merge pull request #10611 from giuseppe/fix-fast-rootless-join-path
rootless: fix fast join userns path
2021-06-10 03:13:11 -04:00
dependabot[bot] b5890fc86b
Bump github.com/containers/storage from 1.32.1 to 1.32.2
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.32.1 to 1.32.2.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.32.1...v1.32.2)

---
updated-dependencies:
- dependency-name: github.com/containers/storage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-10 06:28:23 +00:00
Wong Hoi Sing Edison e7e09bf2f0
Update nix pin with `make nixpkgs`
- Bugfix `make nixpkgs` which pin with branch `nixos-21.05`
  - Code lint with `nixpkgs-fmt`
  - Code sync between x86\_64 and aarch64

Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
2021-06-10 10:36:38 +08:00
OpenShift Merge Robot ea39735845
Merge pull request #10618 from edsantiago/bats
System tests: deal with crun 0.20.1
2021-06-09 15:41:45 -04:00
Ed Santiago d5527c3304 System tests: deal with crun 0.20.1
crun 0.20.1 changed an error message that we relied on. Deal
with it by accepting the old and new message.

Also (unrelated): sneak in some doc fixes to get rid of
nasty go-md2man warnings that have crept into man pages.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2021-06-09 10:15:12 -06:00
Giuseppe Scrivano 11badab046
rootless: fix fast join userns path
commit ab88632835 changed the path for
the pause.pid file but didn't update the same path in the C code.
This prevented Podman to take the fast path when the userns is already
created and to join it without re-execing itself.

Fix the path in the C code as well so we can join the rootless
user+mount namespace without having to re-exec Podman.

[NO TESTS NEEDED]

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2021-06-09 15:30:41 +02:00
OpenShift Merge Robot 2970e3518c
Merge pull request #10550 from rhatdan/Dockerfile
podman-remote build should handle -f option properly
2021-06-09 09:28:52 -04:00
OpenShift Merge Robot c75d62c987
Merge pull request #10607 from jwhonce/issues/10559
[CI:DOCS] Update swagger for inspect network
2021-06-09 11:47:52 +02:00
OpenShift Merge Robot a2e1df80bc
Merge pull request #10390 from jmguzik/fix-cmd-prune-filter-images
Fix image prune --filter cmd behavior
2021-06-09 09:24:44 +02:00
Jhon Honce 8e89d70713 [CI:DOCS] Update swagger for inspect network
struct for swagger was pointing to wrong internal type

Fixes #10559

Signed-off-by: Jhon Honce <jhonce@redhat.com>
2021-06-08 15:23:46 -07:00
Daniel J Walsh a9cb824981
podman-remote build should handle -f option properly
podman-remote build has to handle multiple different locations
for the Containerfile.  Currently this works in local mode but not
when using podman-remote.

Fixes: https://github.com/containers/podman/issues/9871

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-06-08 15:51:03 -04:00
Charlie Doern da1bade294
Merge pull request #10603 from cdoern/networksQuery
implemented verbose and scope as possible
2021-06-08 15:47:44 -04:00
OpenShift Merge Robot 9938557a53
Merge pull request #10594 from containers/dependabot/go_modules/github.com/containers/buildah-1.21.1
Bump github.com/containers/buildah from 1.21.0 to 1.21.1
2021-06-08 21:18:26 +02:00
OpenShift Merge Robot b5e5730f0c
Merge pull request #10600 from vrothberg/fix-10596
logs: k8s-file: fix race
2021-06-08 21:17:26 +02:00
cdoern 5117deda04 fixed docs and schemas
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
2021-06-08 14:23:05 -04:00
OpenShift Merge Robot 9edd08c3f1
Merge pull request #10598 from Luap99/systemd-resolved
Improve systemd-resolved detection
2021-06-08 20:08:25 +02:00
Paul Holzinger 18fa124dfc Improve systemd-resolved detection
When 127.0.0.53 is the only nameserver in /etc/resolv.conf assume
systemd-resolved is used. This is better because /etc/resolv.conf does
not have to be symlinked to /run/systemd/resolve/stub-resolv.conf in
order to use systemd-resolved.

[NO TESTS NEEDED]

Fixes: #10570

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2021-06-08 18:14:00 +02:00
OpenShift Merge Robot 3d961acc22
Merge pull request #10597 from Luap99/prune
Fix network prune api docs
2021-06-08 17:48:01 +02:00
OpenShift Merge Robot 5d96b8e7d6
Merge pull request #10548 from cdoern/imgFeature
API images/create added missing parameters platform, message, repo
2021-06-08 17:44:02 +02:00