When a container does not use the default podman netns, for example
--network none or --network ns:/path a restore would fail because the
specgen check validates that c.config.StaticMAC is nil but the
unmarshaller sets it to an empty slice.
While we could make the check use len() > 0 I feel like it is more
common to check with != nil for ip and mac addresses.
Adding omitempty tag makes the json marshal/unmarshal work correctly.
This should not cause any issues.
Fixes#14389
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When the volume does not exist we should output an error stating so and
not some generic one.
Fixes#14411
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In docker, the format of no-new-privileges is
"no-new-privileges:true". However, for Podman
all that's required is "no-new-privileges", leading to issues
when attempting to use features desgined for docker in podman.
Adding support for the ":" format to be used along with the "="
format, depedning on which one is entered by the user.
fixes#14133
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
Buildah already supports using `--layers` with `--squash` after https://github.com/containers/buildah/pull/3674
if user wants to do so hence podman must honor similar configuration
in `--squash-all` behaviour if user wants to using cache.
PS: We cannot alter behaviour of `podman build --squash` for
docker-compat reasons hence this feature can be easily supported by
`--squash-all`.
Closes: https://github.com/containers/buildah/issues/4011
Signed-off-by: Aditya R <arajan@redhat.com>
Most of these are no longer relevant, just drop the comments.
Most notable change: allow `podman kill` on paused containers.
Works just fine when I test it.
Signed-off-by: Matthew Heon <mheon@redhat.com>
I am not 100% sure if this is actually causing the problem but I was
able to reproduce locally and this change fixed it there. Without the `-n`
option iptables tries to reverse lookup the ips to domain names. This is
extremely slow for unknown reasons. Given the large amount of iptables
entries due parallel test runs it will not succeed in the default 90 sec
timeout.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
`podman auto-update` is now properly exercised in the system tests, so
we can safely remove the outdated TODO.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
I am constantly attempting to add the podname to the last
argument to podman pod create. Allowing this makes it match
podman volume create and podman network create.
It does not match podman container create, since podman container create
arguments specify the arguments to run with the container.
Still need to support the --name option for backwards compatibility.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
- Look for and prevent lower-case arg descriptions:
podman cmd [arg]
- Look for and prevent optional-mandatory misordering:
podman cmd [ARG] ARG
- Tighter whitespace checks (and fix podman pod ps)
- simplify a no-longer-necessary mess! #8635 fixed the
horrible "CONTAINER | IMAGE" strings (with spaces),
so there's no longer a need to special-case those.
The one-extra-arg check is now much cleaner.
Minor refactoring.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Make sure that `podman image mount` prints a pretty table unless there
is only argument passed and without a custom format. Fixing a TODO item
brought me to the specific code location and revealed the fart in the
logic.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
I have seen some system tests flake waiting for a container to
transition into a specific running state. My theory is that
the waiting time was not sufficient on nodes under high load.
Hence, increase the waiting time. Also replace the break with
a return to spare some cycles to redundantly compare with the
already checked state.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Fix a bug in the resolution of images in the Docker compat API.
When looking up an image by a short name, the name may match
an image that does not live on Docker Hub. The resolved name
should be used for normalization instead of the input name to
make sure that `busybox` can resolve to `registry.com/busybox`
if present in the local storage.
Fixes: #14291
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Create an auto-update event for each invocation, independent if images
and containers are updated or not. Those events will be indicated in
the events already but users will now know why.
Fixes: #14283
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The init binary until now has been bind-mounted to /dev/init which
breaks when bind-mounting to /dev. Instead mount the init to
/run/podman-init. The reasoning for using /run is that it is already
used for other runtime data such as secrets.
Fixes: #14251
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
e2e tests tends to fail when running with multiple nodes because
the same device folder name is used accross all nodes
Signed-off-by: Cosmin Tupangiu <cosmin@redhat.com>
* Remove duplicate or unused types and constants
* Move all documetation-only models and responses into swagger package
* Remove all unecessary names, go-swagger will determine names from
struct declarations
* Use Libpod suffix to differentiate between compat and libpod models
and responses. Taken from swagger:operation declarations.
* Models and responses that start with lowercase are for swagger use
only while uppercase are used "as is" in the code and swagger comments
* Used gofumpt on new code
```release-note
```
Signed-off-by: Jhon Honce <jhonce@redhat.com>
- add test
- fix bug when a character device set in a volume as a block device
is seen as block device in _pkg/specgen/generate/kube/volume.go_.
At this stage the type does not matter much because the devices are
recreated at lower layer but the bug allowed a CharDevice volume to be
passed to lower layer as a BlockDevice.
Signed-off-by: Cosmin Tupangiu <cosmin@redhat.com>
Support running `podman play kube` in systemd by exploiting the
previously added "service containers". During `play kube`, a service
container is started before all the pods and containers, and is stopped
last. The service container communicates its conmon PID via sdnotify.
Add a new systemd template to dispatch such k8s workloads. The argument
of the template is the path to the k8s file. Note that the path must be
escaped for systemd not to bark:
Let's assume we have a `top.yaml` file in the home directory:
```
$ escaped=$(systemd-escape ~/top.yaml)
$ systemctl --user start podman-play-kube@$escaped.service
```
Closes: https://issues.redhat.com/browse/RUN-1287
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Use the host UID and host GID mapping when building the local pause
image for a Pod with a custom mapping. Otherwise, the mappings are off
and the build fails. Propagating the mapping to the build container is
not needed since the pause image ships merely a copied `catatonit` from
the host.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2083997
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Send the main PID only once. Previously, `(*Container).start()` and
the conmon handler sent them ~simultaneously and went into a race.
I noticed the issue while debugging a WIP PR.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add the notion of a "service container" to play kube. A service
container is started before the pods in play kube and is (reverse)
linked to them. The service container is stopped/removed *after*
all pods it is associated with are stopped/removed.
In other words, a service container tracks the entire life cycle
of a service started via `podman play kube`. This is required to
enable `play kube` in a systemd unit file.
The service container is only used when the `--service-container`
flag is set on the CLI. This flag has been marked as hidden as it
is not meant to be used outside the context of `play kube`. It is
further not supported on the remote client.
The wiring with systemd will be done in a later commit.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Paul Holzinger
OpenShift Merge Robot
Niall Crowe
Aditya R
Matthew Heon
Valentin Rothberg
Daniel J Walsh
Ed Santiago
Cosmin Tupangiu
Jhon Honce
Giuseppe Scrivano