Commit Graph

17725 Commits

Author SHA1 Message Date
Ygal Blum a02a10f3f3 E2E Tests: Use inspect instead of actual data to avoid UDP flake
Do not test using an unreliable UDP connection

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2023-01-13 07:37:06 +02:00
OpenShift Merge Robot 93118464d4
Merge pull request #16816 from cevich/nvav_update_ondemand
[CI:DOCS] Cirrus: Support using updated/latest NV/AV in PRs
2023-01-12 21:21:58 -05:00
OpenShift Merge Robot 3e229b0bd5
Merge pull request #17077 from mheon/set_stopping_early
Set StoppedByUser earlier in the process of stopping
2023-01-12 18:37:19 -05:00
Daniel J Walsh c2b36beb40
Use containers/storage/pkg/regexp in place of regexp
This is a cleaner solution and guarantees the variables
will be used before they are initialized.

[NO NEW TESTS NEEDED]

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-01-12 18:33:38 -05:00
Daniel J Walsh c433982d18
Vendor in latest containers/storage
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-01-12 18:21:29 -05:00
Chris Evich 11835d5d0c
Cirrus: Support using updated/latest NV/AV in PRs
On occasion, developers need to run the latest or bleeding-edge
netavark/aardvark-dns in the podman CI environment.  Enable this through
use of magic strings in the PR title, but only if the PR is marked as a
draft.  The intent being, when the PR is ready for review, the current
CI VM package versions will be used.  Hopefully also reminding the PR
author to remove the magic strings from the title, remove draft status,
and push the final set of changes to be merged.

Also, add documentation about this new magic PR title string and CI's
behaviors.

Signed-off-by: Chris Evich <cevich@redhat.com>
2023-01-12 17:30:24 -05:00
Dan Čermák d9bf3f1290
Limit replica count to 1 when deploying from kubernetes YAML
This fixes: https://github.com/containers/podman/issues/16765

Signed-off-by: Dan Čermák <dcermak@suse.com>
2023-01-12 23:25:35 +01:00
OpenShift Merge Robot f15b1f5211
Merge pull request #17095 from ashley-cui/44rc1
Bump to v4.4.0-RC1
2023-01-12 15:59:32 -05:00
Matthew Heon 1ab833fb73 Set StoppedByUser earlier in the process of stopping
The StoppedByUser variable indicates that the container was
requested to stop by a user. It's used to prevent restart policy
from firing (so that a restart=always container won't restart if
the user does a `podman stop`. The problem is we were setting it
*very* late in the stop() function. Originally, this was fine,
but after the changes to add the new Stopping state, the logic
that triggered restart policy was firing before StoppedByUser was
even set - so the container would still restart.

Setting it earlier shouldn't hurt anything and guarantees that
checks will see that the container was stopped manually.

Fixes #17069

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2023-01-12 14:45:34 -05:00
Ed Santiago 6ab8834480 podman-play system test: refactor
The kube-play test file was a rat's nest of long complicated
yaml strings all differing only slightly. Clean it up, by
adding a helper function with optional parameters. The
helper is ugly, but the actual test code (the important
stuff) is cleaner.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2023-01-12 12:28:48 -07:00
Ashley Cui 470b680770 Bump to v4.4.0-dev
Signed-off-by: Ashley Cui <acui@redhat.com>
2023-01-12 13:38:05 -05:00
Ashley Cui d8774a93c3
Bump to v4.4.0-RC1
Signed-off-by: Ashley Cui <acui@redhat.com>
2023-01-12 13:37:18 -05:00
OpenShift Merge Robot b107d7720a
Merge pull request #16732 from flouthoc/network-update
network: add support for `podman network update` and `--network-dns-server`
2023-01-12 12:18:14 -05:00
OpenShift Merge Robot 5cb4fe3e41
Merge pull request #17058 from vrothberg/fix-17024
service container: less verbose error logs
2023-01-12 11:30:30 -05:00
Aditya R 882cd17f83
network: add support for podman network update and --network-dns-server
* Add support for `podman network update <>`

```console
network update

Description:
  update networks for containers and pods

Usage:
  podman network update [options] NAME

Examples:
  podman network update podman1

Options:
      --dns-add stringArray      add network level nameservers
      --dns-drop stringArray   remove network level nameservers
```

* Add support for `--network-dns-server` to `podman network create`

Extends podman to support recently added features in `netavark` and
`aardvark-dns`

* https://github.com/containers/netavark/pull/497
* https://github.com/containers/aardvark-dns/pull/252
* https://github.com/containers/netavark/pull/503

[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]

Signed-off-by: Aditya R <arajan@redhat.com>
2023-01-12 20:19:14 +05:30
Valentin Rothberg d2fb6cf05d service container: less verbose error logs
While manually playing with --service-container, I encountered a number
of too verbose logs.  For instance, there's no need to error-log when
the service-container has already been stopped.

For testing, add a new kube test with a multi-pod YAML which will
implicitly show that #17024 is now working.

Fixes: #17024
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2023-01-12 14:09:23 +01:00
OpenShift Merge Robot 4bbe2ee012
Merge pull request #17068 from ygalblum/quadlet-kube-publish-ports
Quadlet Kube - add support for PublishPort key
2023-01-12 07:12:05 -05:00
Ygal Blum b10a906b5c Quadlet Kube - add support for PublishPort key
Move the handling of Publish key to a method
use --publish instead of -p
Use the new method for both .container and .kube files
Adjust .container tests
Add .kube tests
Update the man page

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2023-01-12 10:19:14 +02:00
OpenShift Merge Robot 67305cec97
Merge pull request #17060 from sabre1041/volumesource-error-msg
Updated error message for supported VolumeSource types
2023-01-11 21:02:01 -05:00
OpenShift Merge Robot a7ba63dede
Merge pull request #17055 from mupuf/mount-non-vt-tty
Only prevent VTs to be mounted inside privileged systemd containers
2023-01-11 20:59:26 -05:00
Toshiki Sonoda ad12d61c66 e2e: fix systemd_activate_test
- When SELinux is enabled, a storage root directory
should be labeled with a specific value.

- `stop podman.service` test changes a storage root directory,
therefore we need to cleanup a container with --root option.

Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
2023-01-12 09:53:15 +09:00
OpenShift Merge Robot 39ffcb8c31
Merge pull request #17064 from Romain-Geissler-1A/docker-compat-networkmode
[docker compat] Don't overwrite the NetworkMode from "default" to "bridge" if containers.conf specifies a non-default configuration.
2023-01-11 18:44:15 -05:00
OpenShift Merge Robot b0be367a34
Merge pull request #17073 from rhatdan/regexp
Compile regex on demand not in init
2023-01-11 18:15:10 -05:00
Daniel J Walsh 758f20e20a
Compile regex on demand not in init
Every podman command is paying the price for this compile even when they
don't use the Regex, this will speed up start of podman by a little.

[NO NEW TESTS NEEDED] Existing tests should catch issues.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-01-11 14:38:51 -05:00
OpenShift Merge Robot 1e451031ff
Merge pull request #17067 from sstosh/e2e-play-kube
e2e: fix play_kube_test
2023-01-11 14:31:40 -05:00
OpenShift Merge Robot 8a0d25f673
Merge pull request #17083 from ygalblum/kube-port-test-set-deadline
E2E Test: Play Kube set deadline to connection to avoid hangs
2023-01-11 13:50:51 -05:00
OpenShift Merge Robot f70233aa08
Merge pull request #16951 from ygalblum/system-test-quadlet-network
System tests: quadlet network test
2023-01-11 13:19:01 -05:00
Romain Geissler 3e2b9a28da [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns.
Fixes #16915 (only the part about docker client).

Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
2023-01-11 17:44:09 +00:00
Ygal Blum 5b1bdf9490 E2E Test: Play Kube set deadline to connection to avoid hangs
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2023-01-11 18:56:45 +02:00
OpenShift Merge Robot 26e0a8f7d1
Merge pull request #17062 from n1hility/retry-choco
Introduce pkg retry logic in win installer verify task
2023-01-11 10:04:57 -05:00
Martin Roukala (né Peres) f4c81b0aa5 Only prevent VTs to be mounted inside privileged systemd containers
While mounting virtual console devices in a systemd container is a
recipe for disaster (I experienced it first hand), mounting serial
console devices, modems, and others should still be done by default
for privileged systemd-based containers.

v2, addressing the review from @fho:
 - use backticks in the regular expression to remove backslashes
 - pre-compile the regex at the package level
 - drop IsVirtualTerminalDevice (not needed for a one-liner)

v3, addressing the review from @fho and @rhatdan:
 - re-introduce a private function for matching the device names
 - use path.Match rather than a regex not to slow down startup time

Closes #16925.

Fixes: 5a2405ae1b ("Don't mount /dev/tty* inside privileged...")
Signed-off-by: Martin Roukala (né Peres) <martin.roukala@mupuf.org>
2023-01-11 16:57:58 +02:00
Toshiki Sonoda a5ce3b3cd7 e2e: fix play_kube_test
When SELinux is enabled, e2e test could be failed
due to run a ls command in a running container.

Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
2023-01-11 14:28:24 +09:00
OpenShift Merge Robot 382c55eeaa
Merge pull request #17038 from ygalblum/quadlet-kube-configmap
Quadlet: Add support for ConfigMap key in Kube section
2023-01-10 22:20:55 -05:00
OpenShift Merge Robot 31dcb48411
Merge pull request #17029 from arixmkii/qemu_windows_settings
Updated options for QEMU on Windows hosts
2023-01-10 21:40:23 -05:00
Andrew Block 81a3f7cb80
Updated error message for supported VolumeSource types
Signed-off-by: Andrew Block <andy.block@gmail.com>
2023-01-10 20:18:59 -06:00
Jason T. Greene 2bf94b764a Introduce pkg retry logic in win installer task
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
2023-01-10 16:57:52 -06:00
Daniel J Walsh 7c95a5df92
Merge pull request #17053 from edsantiago/ditch_wwwpodmanio
Network tests: ping redhat.com, not podman.io
2023-01-10 15:07:28 -05:00
OpenShift Merge Robot 9f9666ea1d
Merge pull request #17056 from edsantiago/logformatter_base_sha
logformatter: include base SHA, with history link
2023-01-10 13:03:57 -05:00
Daniel J Walsh 619933a530
Merge pull request #17041 from vrothberg/post-run
cobra: move engine shutdown to Execute
2023-01-10 12:59:17 -05:00
OpenShift Merge Robot 5399d5360f
Merge pull request #17046 from n1hility/update-gvproxy-minstaller
Update Mac installer to use gvproxy v0.5.0
2023-01-10 11:58:45 -05:00
OpenShift Merge Robot 6ba308f075
Merge pull request #16880 from ygalblum/kube-publish-ports
Kube Play - allow setting and overriding published host ports
2023-01-10 11:49:36 -05:00
Ed Santiago db03236391 logformatter: include base SHA, with history link
This is to help me in my flake analysis.

Scenario: I'm looking at recent flakes, and see Flake X. I know
that Flake X was "fixed" two weeks ago. Did the fix not work?
Or is this just one of those PRs that was created three weeks
ago (or three months ago) and never rebased to pick up the fix?
This adds a one-click way for me to tell.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2023-01-10 06:41:27 -07:00
Ed Santiago 37ade6be12 Network tests: ping redhat.com, not podman.io
Much as we'd love to eat our dogfood, podman.io is not hosted
on reliable infrastructure; redhat.com is. Let's see if this
gets rid of CI flakes.

Closes: #17044

Signed-off-by: Ed Santiago <santiago@redhat.com>
2023-01-10 05:38:43 -07:00
Valentin Rothberg 2d8225cd44 cobra: move engine shutdown to Execute
If the run errors, cobra does not execute post runs.  It is a somehow
known issue (https://github.com/spf13/cobra/issues/914) but problematic
for Podmand as the runtime is shutdown during post run.

Since some commands overwrite the post run and a general lack in cobra
of post runs on errors, move the shutting down the engines directly into
Execute.  Fixing the issue may fix a number of flakes.

Note that the shutdowns are NOPs for the remote client.

Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2023-01-10 13:30:41 +01:00
OpenShift Merge Robot 5b9e068950
Merge pull request #17040 from giuseppe/podman-rm-f-no-processes
podman: podman rm -f doesn't leave processes
2023-01-10 05:11:00 -05:00
Arthur Sengileyev 35d2f61ec1 Updated options for QEMU on Windows hosts
Using "w" suffixed versions of QEMU binaries for correct background process
handling and not bind it to lifecycle of command prompt window. Stub for
arm64 version added to fix compilation issues of this target, when QEMU
machine will be finally enabled.

Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
2023-01-09 23:58:47 +02:00
OpenShift Merge Robot f451f4fb56
Merge pull request #17034 from giuseppe/bind-mount-sys-fs-cgroup-ro
linux: add /sys/fs/cgroup if /sys is a bind mount
2023-01-09 16:31:03 -05:00
Jason T. Greene 28f13a74bc Update Mac installer to use gvproxy v0.5.0
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
2023-01-09 15:07:59 -06:00
Giuseppe Scrivano 4cf06fe7e0
podman: podman rm -f doesn't leave processes
follow-up to 6886e80b45

when "podman -rm -f" is used on a container in "stopping" state, also
make sure it is terminated before removing it from the local storage.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2023-01-09 21:01:32 +01:00
Giuseppe Scrivano 494db3e166
oci: check for valid PID before kill(pid, 0)
check that the container has a valid pid before attempting to use
kill($PID, 0) on it.  If the PID==0, it means the container is already
stopped.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2023-01-09 21:01:31 +01:00