Commit Graph

17725 Commits

Author SHA1 Message Date
Giuseppe Scrivano cf364703fc
linux: add /sys/fs/cgroup if /sys is a bind mount
if /sys is bind mounted from the host then also add an explicit mount
for /sys/fs/cgroup so that 'ro' is honored.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2023-01-09 19:42:51 +01:00
OpenShift Merge Robot 1da081f289
Merge pull request #17017 from edsantiago/ditch_ubi
e2e tests: stop using UBI images
2023-01-09 10:25:43 -05:00
OpenShift Merge Robot f7c9f93f27
Merge pull request #17003 from vrothberg/fix-16964
remove service container _after_ pods
2023-01-09 10:09:59 -05:00
OpenShift Merge Robot 31e22aade6
Merge pull request #16997 from n1hility/winstaller-arm-compat
Fixes automated WSL installation on ARM
2023-01-09 09:56:04 -05:00
Ygal Blum 1bd3d32c5f Quadlet: Add support for ConfigMap key in Kube section
For each instance of ConfigMap pass the path via --configmap
Add tests
Add to doc

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2023-01-09 14:58:31 +02:00
Valentin Rothberg 4a7a45f973 remove service container _after_ pods
Do not allow for removing the service container unless all associated
pods have been removed.  Previously, the service container could be
removed when all pods have exited which can lead to a number of issues.

Now, the service container is treated like an infra container and can
only be removed along with the pods.

Also make sure that a pod is unlinked from the service container once
it's being removed.

Fixes: #16964
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2023-01-09 13:44:51 +01:00
OpenShift Merge Robot bc6908e761
Merge pull request #17014 from rhatdan/VENDOR
Vendor in latest containers/common
2023-01-09 03:46:16 -05:00
Ygal Blum 07cc49efdb Kube Play - allow setting and overriding published host ports
Add a new flag --publish
Remote - Pass PublishPorts as a string array
ABI - translate the string array to Ports and merge with the ports in the spec
Add e2e tests
Add option to man doc

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2023-01-08 13:49:53 +02:00
OpenShift Merge Robot 74a961a9b8
Merge pull request #17025 from giuseppe/terminate-processes-no-pid-namespace
oci: terminate all container processes on cleanup
2023-01-08 06:45:03 -05:00
OpenShift Merge Robot c83a2f8a0a
Merge pull request #17022 from mheon/fix_defer_locking
Fix a potential defer logic error around locking
2023-01-08 06:42:28 -05:00
OpenShift Merge Robot 5de8cd74f9
Merge pull request #16820 from rhatdan/names
Allow '/' to prefix container names to match Docker
2023-01-07 09:38:19 -05:00
Daniel J Walsh 9b27ca1bbf
Merge pull request #17023 from n1hility/update-win-sshproxy
Update win-sshproxy to 0.5.0 gvisor tag
2023-01-07 09:34:22 -05:00
Giuseppe Scrivano 9fe86ec7f6
oci: terminate all container processes on cleanup
if the container has no pid namespace, they are not killed when the
container process ends.  In this case, attempt to kill them in the
same way.

The problem was noticed with toolbox where the exec'ed sessions are
not terminated when the container is stopped, blocking the system
shutdown.

[NO NEW TESTS NEEDED]

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2023-01-07 15:00:51 +01:00
Jason T. Greene 6dd1d48fd8 Update win-sshproxy to 0.5.0 gvisor tag
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
2023-01-06 16:52:53 -06:00
Daniel J Walsh e332b6246b
Vendor in latest containers/common
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-01-06 14:19:47 -05:00
OpenShift Merge Robot ea63b27132
Merge pull request #17020 from edsantiago/logformatter_tweaks
logformatter: nicer formatting for bats failures
2023-01-06 13:37:08 -05:00
Matthew Heon 92cdad0315 Fix a potential defer logic error around locking
in several top-level API functions. These are the first line of
the function that contains them, which makes sense; we want to
capture any error returned by the function. However, making this
the first defer means that it is the last thing to run after the
function returns - meaning that the container's
`defer c.lock.Unlock()` has already fired, leading to a chance we
modify the container without holding its lock.

We could move the function around so it's no longer the first
defer, but then we'd have to call it twice (immediately after
`defer c.lock.Unlock()` if the container is not batched, and a
second time in a new `else` block right after the lock/sync call
to make sure we handle batched containers). Seems simpler to just
leave it like this.

[NO NEW TESTS NEEDED] Can't really test for DB corruption easily.

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2023-01-06 13:12:19 -05:00
OpenShift Merge Robot 6f4eafe37c
Merge pull request #16992 from Luap99/log-since
several podman logs fixes
2023-01-06 12:05:34 -05:00
Ed Santiago a7f53932a7 logformatter: nicer formatting for bats failures
add a new failblock style, with light red background all across
the entire page, and use it for bats "FAIL" blocks.

Also highlight logrus level=(debug|info|warning|error|fatal)
messages in increasingly prominent styles

Signed-off-by: Ed Santiago <santiago@redhat.com>
2023-01-06 08:26:37 -07:00
Ed Santiago ee3380e6b1 logformatter: refactor verbose line-print
Signed-off-by: Ed Santiago <santiago@redhat.com>
2023-01-06 08:26:37 -07:00
Ed Santiago e82045f73c e2e tests: stop using UBI images
Red Hat registry is too unreliable. (As of this writing
in January 2023, quay.io is not much better, but this is
a new flake. Ubi has been flaking for a year or more).

Instead of UBI, use the new systemd-image added to system tests
in #16814. Since this reduces the number of cached images,
a few unrelated tests (image count) need to be tweaked.

And, sigh, Fedora systemd colorizes boot messages by default,
causing a failure where we don't see an expected Reached Target
message. I don't want to rely on ASCII formatting codes, so
I've updated the build-systemd-image script so it disables
systemd colors, and have built a new systemd-image:20230106.
Made a few small usability improvements to the script as well.

Closes: #16695

Signed-off-by: Ed Santiago <santiago@redhat.com>
2023-01-06 08:21:50 -07:00
OpenShift Merge Robot 609df3ec32
Merge pull request #17002 from containers/dependabot/go_modules/test/tools/golang.org/x/tools-0.5.0
Bump golang.org/x/tools from 0.4.0 to 0.5.0 in /test/tools
2023-01-06 09:40:41 -05:00
Paul Holzinger 6038200fe0
k8s-file: podman logs --until --follow exit after time
When you use podman logs with --until and --follow it should exit after
the requested until time and not keep hanging forever.

This fixes the behavior for the k8s-file backend.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-01-06 15:19:23 +01:00
Paul Holzinger 767947ab88
journald: podman logs --until --follow exit after time
When you use podman logs with --until and --follow it should exit after
the requested until time and not keep hanging forever.

To make this work I reworked the code to use the better journald event
reading code for logs as well. this correctly uses the sd_journal API
without having to compare the cursors to find the EOF.

The same problems exists for the k8s-file driver, I will fix this in the
next commit.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-01-06 15:19:22 +01:00
Paul Holzinger c674b3dd83
journald: seek to time when --since is used
Instead of reading the full journal which can be expensive we can seek
based on the time.

If you have a journald with many podman events just compare the time
`time podman events --since 1s --stream=false` with and without this
patch.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-01-06 15:19:22 +01:00
Paul Holzinger 5f032256db
podman logs: journald fix --since and --follow
The `containerCouldBeLogging` bool should not be false by default, when
--since is used we seek in the journal and can miss the start event so
that bool would stay false forever. This means that a running container
is not followed even when it should.

To fix this we can just set the `containerCouldBeLogging` bool based on
the current contianer state.

Fixes #16950

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-01-06 15:19:16 +01:00
OpenShift Merge Robot 98d95f0735
Merge pull request #17015 from eschnett/patch-1
[CI:DOCS] Preprocess files in UTF-8 mode
2023-01-05 17:20:40 -05:00
OpenShift Merge Robot b7314bdc68
Merge pull request #16806 from jakecorrenti/podman-inspect-add-error-info
Add container error message to ContainerState
2023-01-05 16:02:42 -05:00
Erik Schnetter 7826e1ced6
Preprocess files in UTF-8 mode
Some (?) Python versions assume that text files are encoded as 7-bit ASCII and abort when encountering other encoding. Some of podman's markdown documentation files are encoded as UTF-8, and this needs to be specified explicitly when opening files.

Closes https://github.com/containers/podman/issues/16996.

[NO NEW TESTS NEEDED]

Signed-off-by: Erik Schnetter <schnetter@gmail.com>
2023-01-05 14:15:44 -05:00
OpenShift Merge Robot 7f3dd309c6
Merge pull request #16989 from sstosh/fix-e2e
e2e: fix run_volume_test
2023-01-05 13:56:42 -05:00
dependabot[bot] 4587e7fdb4
Bump golang.org/x/tools from 0.4.0 to 0.5.0 in /test/tools
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-05 18:54:13 +00:00
OpenShift Merge Robot d0b0d95aa8
Merge pull request #17012 from rhatdan/VENDOR
Vendor in latest containers/(common, image, storage)
2023-01-05 13:53:22 -05:00
Daniel J Walsh eea78ec7b3
Vendor in latest containers/(common, image, storage)
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-01-05 10:40:36 -05:00
OpenShift Merge Robot 8e80c199d7
Merge pull request #16991 from rhatdan/copy
[CI:DOCS] Describe copy volume options
2023-01-05 06:26:03 -05:00
OpenShift Merge Robot 1ba94bc3ca
Merge pull request #16987 from n1hility/win-arm64
Add support for Windows on ARM64
2023-01-05 05:38:28 -05:00
Jason T. Greene 54afda22bf Switch to C based msi hooks for win installer
Fixes automated WSL installation on ARM

Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
2023-01-05 01:49:49 -06:00
OpenShift Merge Robot b89435a820
Merge pull request #16993 from edsantiago/bats_remote
[CI:DOCS] hack/bats: various improvements
2023-01-04 22:47:43 -05:00
Ed Santiago 710eeb3403 hack/bats: improve usage message
Signed-off-by: Ed Santiago <santiago@redhat.com>
2023-01-04 14:26:26 -07:00
Ed Santiago d7ac11005c hack/bats: add --remote option
Even though we still rely on the user to start the podman
system service, enable the option anyway. It's much, much
friendlier than requiring 'env PODMAN=etc-etc'.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2023-01-04 14:04:27 -07:00
Ed Santiago 1a2e54ce65 hack/bats: fix root/rootless logic
The ROOT{,LESS}_ONLY logic is confusing and unmaintainable.
Change it to an easier-to-read positive check.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2023-01-04 14:04:27 -07:00
Daniel J Walsh d0c89e90bf
Describe copy volume options
Fixes: https://github.com/containers/podman/issues/16961

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-01-04 14:58:51 -05:00
OpenShift Merge Robot e28184e0fe
Merge pull request #16986 from rhatdan/docs
[CI:DOCS] Add shared --compress to man pages
2023-01-04 13:40:42 -05:00
OpenShift Merge Robot 49075c3813
Merge pull request #16985 from ashley-cui/attachsig
Support sig-proxy for podman-remote attach and start
2023-01-04 13:15:29 -05:00
Ashley Cui bfdffb5b62 Support sig-proxy for podman-remote attach and start
Signals were not proxied for attach and start for podman-remote. Now
they are.

Signed-off-by: Ashley Cui <acui@redhat.com>
2023-01-04 09:38:17 -05:00
OpenShift Merge Robot 1c8b40d097
Merge pull request #16449 from cevich/localbenchmarks
Cirrus: Collect benchmarks on machine instances
2023-01-04 07:31:09 -05:00
OpenShift Merge Robot ff9d1c1309
Merge pull request #16978 from giuseppe/fix-race-condition-podman-rm-stopping
libpod: fix race condition rm'ing stopping containers
2023-01-04 07:14:33 -05:00
OpenShift Merge Robot 0b1e163057
Merge pull request #16981 from Luap99/format-df
system df: improve json output code
2023-01-04 04:17:56 -05:00
Giuseppe Scrivano 6886e80b45
libpod: fix race condition rm'ing stopping containers
do not allow removing containers that are in the stopping state,
otherwise it can lead to a race condition where a "podman rm" removes
the container from the storage while another process is stopping the
same container.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2155828

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2023-01-04 08:53:19 +01:00
Toshiki Sonoda fb73121c4c e2e: fix run_volume_test
When SELinux is running in enforcing mode,
this test needs to add an suffix :Z to the volume mount.

Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
2023-01-04 15:34:37 +09:00
Jason T. Greene 86965f7580 Add support for Windows ARM64
Use system call instead of GOARCH to support Windows userspace x86 emulation, as well as native arm

Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
2023-01-03 16:22:02 -06:00