Lets try this again: v2.0.5 backports, round 2 #7363
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openshift-ci-robot
added
the
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mheon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
God damn it Cirrus do not give out on me now |
mheon
force-pushed
the
lets_try_this_again
branch
from
28a2c8f to
74907b9
Compare
|
Alright, we need to vendor the latest version of c/common - too many changes needed for the |
|
SGTM |
This was referenced Aug 19, 2020
podman containers using IPv6 were missing the default route, breaking deployments trying to use them. The problem is that the default route was hardcoded to IPv4, this takes into consideration the podman subnet IP family to generate the corresponding default route. Signed-off-by: Antonio Ojea <[email protected]>
Commit 2b6dd3f set the killmode of the podman.service to the systemd default which ultimately lead to the problem that systemd will kill *all* processes inside the unit's cgroup and hence kill all containers whenever the service is stopped. Fix it by setting the type to sdnotify and the killmode to process. `podman system service` will send the necessary notify messages when the NOTIFY_SOCKET is set and unset it right after to prevent the backend and container runtimes from jumping in between and send messages as well. Fixes: containers#7294 Signed-off-by: Valentin Rothberg <[email protected]>
I'm not sure if this is an OS-specific issue, but on CentOS 8, if `path` doesn't exist, this hangs while waiting to read from this socket, even though the socket is closed by the `reexec_in_user_namespace`. Switching to a pipe fixes the problem, and pipes shouldn't be an issue since this is Linux-specific code. Signed-off-by: Jonathan Dieter <[email protected]>
podman save uses named pipe as output path, not directly using /dev/stdout. fix containers#7017 Signed-off-by: Qi Wang <[email protected]> <MH: Corrected imports during cherry-pick> Signed-off-by: Matt Heon <[email protected]>
I used the wrong propagation first time around because I forgot that rprivate is the default propagation. Oops. Switch to rprivate so we're using the default. Signed-off-by: Matthew Heon <[email protected]>
upon image build completion, a new image type event is written for "build". more intricate details, like pulling an image, that might be done by build must be implemented in different vendored packages only after libpod is split from podman. Fixes: containers#7022 Signed-off-by: Brent Baude <[email protected]> <MH: Fixed imports during cherry-pick> Signed-off-by: Matt Heon <[email protected]>
Signed-off-by: zhangguanzhang <[email protected]>
the deepcopy in the remote history code path was throwing an uncaught error on a type mismatch. we now manually do the conversion and fix the type mismatch on the fly. Fixes: containers#7122 Signed-off-by: Brent Baude <[email protected]>
Podman 1.6.2 changed systemd mode auto-detection from commands ending in ``init`` to hard-coded paths ``/sbin/init`` and ``/usr/sbin/init``. This broke FreeIPA container. ``podman run`` and ``podman create`` now activate systemd mode when the command is ``/usr/local/sbin/init``. Fixes: containers#7287 Signed-off-by: Christian Heimes <[email protected]>
Signed-off-by: Christian Heimes <[email protected]>
To sync the behavior between AppArmor and seccomp it is now possible to also specify seccomp profiles for privileged containers. Signed-off-by: Sascha Grunert <[email protected]>
A recent crun change stopped the creation of the container's working directory if it does not exist. This is arguably correct for user-specified directories, to protect against typos; it is definitely not correct for image WORKDIR, where the image author definitely intended for the directory to be used. This makes Podman create the working directory and chown it to container root, if it does not already exist, and only if it was specified by an image, not the user. Signed-off-by: Matthew Heon <[email protected]>
This matches Docker behavior, and seems to make sense - the CMD may have been specific to the original entrypoint and probably does not make sense if it was changed. While we're in here, greatly simplify the logic for populating the SpecGen's Command. We create the full command when making the OCI spec, so the client should not be doing any more than setting it to the Command the user passed in, and completely ignoring ENTRYPOINT. Fixes containers#7115 Signed-off-by: Matthew Heon <[email protected]>
Buildah and podman build can create images without a working dir. FROM fedora WORKDIR /test If you build this image with caching twice, the second time the image will not have a working dir. Similarly if you execute podman run --workdir /foobar fedora It blows up since the workingdir is not created automatically. Finally there was duplicated code for getting the workingdir out of an image, that this PR removes. Signed-off-by: Daniel J Walsh <[email protected]>
Included old error + wrapped Signed-off-by: Parker Van Roy <[email protected]>
Refactor the processing of Repository and Tag fields to default to <none>
when printing via --format flag. Previously, the default format would
print <none> but --format {{.Tag}} would not in some cases.
Fixes containers#7123
Signed-off-by: Jhon Honce <[email protected]>
The ListContainers API previously had a Pod parameter, which determined if pod name was returned (but, notably, not Pod ID, which was returned unconditionally). This was fairly confusing, so we decided to deprecate/remove the parameter and return it unconditionally. To do this without serious performance implications, we need to avoid expensive JSON decodes of pod configuration in the DB. The way our Bolt tables are structured, retrieving name given ID is actually quite cheap, but we did not expose this via the Libpod API. Add a new GetName API to do this. Fixes containers#7214 Signed-off-by: Matthew Heon <[email protected]>
Addresses the multiple "default" userns values found in the podman-run(1) man page: http://docs.podman.io/en/latest/markdown/podman-run.1.html. This in response to: https://bugzilla.redhat.com/show_bug.cgi?id=1860126 which this PR wil fix. Signed-off-by: TomSweeneyRedHat <[email protected]>
Signed-off-by: Matthew Heon <[email protected]>
Add the go module version v2 to the libpod path. Signed-off-by: Paul Holzinger <[email protected]>
create a scope everytime we don't own the current cgroup and we are running on systemd. Closes: containers#6734 Signed-off-by: Giuseppe Scrivano <[email protected]>
Add better error message when using `--pod` and `--hostname`. Improve the docs to better explain the uts hostname relation. Add more valid options for the `--uts` flag. Signed-off-by: Paul Holzinger <[email protected]>
Signed-off-by: Matthew Heon <[email protected]>
mheon
force-pushed
the
lets_try_this_again
branch
from
2185610 to
855ce48
Compare
|
Re-pushed on top of CI fixes. This should have anything except |
instead of hiding the latest options for podman-remote or catching an error if podman --remote <cmd> -l is used, we no longer add the latest option to any remote command. podman will error with a "unknown flag" option. Fixes: containers#7127 Signed-off-by: Brent Baude <[email protected]>
* override --url and/or --identity fields from containers.conf * --connection flag has higher precedence than ActiveService from containers.conf. Which is set via podman system connection default * Add newline to error message printed on stderr * Added --connection to bash completion and documentation * Updated bindings to query server in case of no path or / Closes #jira-991 Fixes containers#7276 Signed-off-by: Daniel J Walsh <[email protected]> Signed-off-by: Jhon Honce <[email protected]> Squashed commits to work around CI issue <MH: Fixed rebase conflicts on v2.0> Signed-off-by: Matthew Heon <[email protected]>
Signed-off-by: Matthew Heon <[email protected]>
|
Added --connection flag, removing WIP, we're good to go |
mheon
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
Signed-off-by: Matthew Heon <[email protected]>
mheon
force-pushed
the
lets_try_this_again
branch
from
791ae52 to
de75ae2
Compare
|
LGTM |
| ### Features | ||
| - Rootless Podman will now add an entry to `/etc/passwd` for the user who ran Podman if run with `--userns=keep-id`. | ||
| - The `podman system connection` command has been reworked to support multiple connections, and reenabled for use! | ||
| - Podman now has a new global flag, `--connection`, to specify a connection to a remote Podman API instance. |
There was a problem hiding this comment.
if you end up bailing on the connection stuff, will need to remove this
There was a problem hiding this comment.
--connection stuff must be in this release.
|
Minimal patch for # e.g. 'podman ps' should not show 'podman container ps' in usage
- is "$usage" " $command_string .*" "Usage string matches command"
+ # Trailing space in usage handles 'podman system renumber' which
+ # has no ' [flags]'
+ is "$usage " " $command_string .*" "Usage string matches command"I can't quickly tell if anything else will fail down the line, nor if it's safe to import the entire .bats file. Looking now, just wanted to get this posted in real time. |
|
UPDATE: the diff above will fix the There's another failure, in the diff --git a/Makefile b/Makefile
index da8997ea3..bef7fe2a2 100644
--- a/Makefile
+++ b/Makefile
@@ -66,7 +66,7 @@ else
BUILD_INFO ?= $(shell date "+$(DATE_FMT)")
ISODATE ?= $(shell date --iso-8601)
endif
-LIBPOD := ${PROJECT}/v2/libpod
+LIBPOD := ${PROJECT}/libpod
GCFLAGS ?= all=-trimpath=${PWD}
ASMFLAGS ?= all=-trimpath=${PWD}
LDFLAGS_PODMAN ?= \ |
Signed-off-by: Matthew Heon <[email protected]>
Signed-off-by: Matthew Heon <[email protected]>
Fixes: 4c75fe3 ("fix pod creation with "new:" syntax") Commit 4c75fe3 passes all net options to the pod but forgot to unset the options for the container creation. This leads to erros when using flags like `--ip` since we tried setting the ip on the pod and container which obviously fails. I didn't notice the bug because we don't throw an error when specifing port bindings on a container which joins the pods network namespace. (containers#7373) Also allow the use of `--hostname` and pass that option to the pod and unset it for the container. The container has to use the pods hostname anyway. This would error otherwise. Added tests to prevent regression. Signed-off-by: Paul Holzinger <[email protected]>
|
Restarted a flake (#7148, cgroup.freeze) |
|
/lgtm |
github-actions
bot
added
the
locked - please file new issue/PR
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Alright, I give up on trying to move libpod->podman. Let's just try and get things working without it, to save my sanity.