When creating a network we pass down a name which end up in the
K8S_POD_NAME argument to cni plugins. Currently this name is always
filled with the container name, so for pods it is the name of the
infra container, not really what one would expect.
This mess up with the dnsname plugin as it doesn't receive the pod
name in K8S_POD_NAME. To fix this pass the pod name when the container
is part of a pod, otherwise use the container name like before.
Signed-off-by: Alban Bedel <albeu@free.fr>
---
v2: Only call GetPod() when a pod id is set
For volume and bind mount tests, use the in-container mount point path
that has no common ancestor with any host path (except for root).
This might help to uncover bugs like [1]. Even if not, it seems
lile a good cleanup regardless.
[1] https://github.com/containers/libpod/pull/5676
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Move declaration of a dockerfile closer to its use.
Since it is used only once, there's no sense in having it declared
globally.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Remove repeated mountPath directory creation.
* For the first two hunks it is the same dir ("secrets") that was
already created before.
* For the last hunk ("scratchpad") it is not used at all.
Add an empty line after Mkdir for cases where dir is used more than once.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* Implement `podman-push` and `podman-image-push` for the podmanV2
client.
* Tests for `pkg/bindings` are not possible at the time of writing as we
don't have a local registry running.
* Implement `/images/{name}/push` compat endpoint. Tests are not
implemented for this v2 endpoint. It has been tested manually.
General note: The auth config extraction from the http header is not
implement for push. Since it's not yet supported for other endpoints
either, I deferred it to future work.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Instead of getting mount options from /proc/self/mountinfo, which is
very costly to read/parse (and can even be unreliable), let's use
statfs(2) to figure out the flags we need.
[v2: move getting default options to pkg/util, make it linux-specific]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
skip doing a socket shutdown on an error, since we are not sure the
socket was already closed and we end up using the wrong fd.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
if the control path file is deleted, libpod hangs waiting for a reader
to open it. Attempt to open it as non blocking until it returns an
error different than EINTR or EAGAIN.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
./hack/podmanv2-retry will first invoke $PODMAN_V2 with given
arguments. If that fails with any of the following errors:
unrecognized command
unknown flag
unknown shorthand
...it will run $PODMAN_FALLBACK with the same arguments.
Output and exit code will be those of the final podman command,
although be aware that stderr and stdout are combined.
This is a quick-hack script intended for use in v2 testing, to
test implemented commands without noise from unimplemented ones.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Without the systemd build tag, podman will fail with the error "No
support for journald logging".
This commit adds the `systemd` build tag explicitly, rather than
relying on `hack/systemd_tag.sh` (because we're building an rpm and
we've explicitly included systemd-devel as a dependency).
Signed-off-by: Lars Kellogg-Stedman <lars@redhat.com>
We need to consistently use --time rather then --timeout throughout the code.
Fix locations where timeout defaults are not set correctly as well.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Implement pulling images for the v2 client. What I _really_ don't like
is the fact that we are now having a near identical code clone among
`pkg/domain/infra/abi` and `pkg/api/handlers/libpod`. Partly because we
don't yet have a higher-level pull function and partly because we have
redudancy among `pkg/domain` and `pkg/api`. Pull might be a high
outlier but I am concerned already by the potential of introducing more
redundancy. I'd love to `infra/abi` and `pkg/abi` to really use the
same code in the future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
> $ ./bin/podman run -v /tmp:/tmp alpine true; echo $?
> 0
> $ ./bin/podman run -v /tmp:/tmp:ro alpine true; echo $?
> 0
> $ ./bin/podman run -v /tmp:/w0w:ro alpine true; echo $?
> Error: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"rootfs_linux.go:58: mounting \\\"/tmp\\\" to rootfs \\\"/home/kir/.local/share/containers/storage/overlay/7636ef3650fc91ee4996ccc026532bb3cff7182c0430db662fffb933e0bcadc9/merged\\\" at \\\"/home/kir/.local/share/containers/storage/overlay/7636ef3650fc91ee4996ccc026532bb3cff7182c0430db662fffb933e0bcadc9/merged/w0w\\\" caused \\\"operation not permitted\\\"\"": OCI runtime permission denied error
> 126
The last command is not working because in-container mount point
is used to search for a parent mount in /proc/self/mountinfo.
And yet the following
> $ ./bin/podman run -v /tmp:/run/test:ro alpine true; echo $?
> 0
still works fine! Here's why:
> $ mount | grep -E '/run |/tmp '
> tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,mode=755)
> tmpfs on /tmp type tmpfs (rw,nosuid,nodev,seclabel)
This is the reason why previous commit modified in-container mount
point.
Fixes: 0f5ae3c5af
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
It's advisable to have the initial gating job execute as quickly as
possible, weeding out simple mistakes early on, when possible. However,
over time it has bloated to duplicate some more specific testing which
occurs in other tasks. In this specific case the
`special_testing_cross` task. Remove these duplicate items from the gate
job to speed things up for everyone.
Signed-off-by: Chris Evich <cevich@redhat.com>
