The systemd generator looks for certain flags in the containers' create
commands to determine which flags need to be added. In case of named
containers, the generator adds the `--replace` flag to prevent name
conflicts at container creation. Fix the generator to not only cover
the `--name foo` syntax but also the `--name=foo` one.
Fixes: #7157
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
There is no need to setup the image and container engine when calling
a command with subcommands since we only print a usage message.
e.g `podman`,`podman container`
This also allows the remote client to show the usage message on
these commands without a running endpoint. I added a test for this.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
This commit adds additional targets for which we provide binary packages
on fedora and other distros.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
CI and system tests currently pull some images from docker.io.
Eliminate that, by:
- building a custom image containing much of what we need
for testing; and
- copying other needed images to quay.io
(Reason: effective 2020-11-01 docker.io will limit the
number of image pulls).
The principal change is to create a new quay.io/libpod/testimage,
using the new test/system/build-testimage script, instead of
relying on quay.io/libpod/alpine_labels. We also switch to
using a hardcoded :YYYYMMDD tag, instead of :latest, in an
attempt to futureproof our CI. This image includes 'httpd'
from busybox-extras, which we use in our networking test
(previously we had to pull and run busybox from docker.io).
The testimage can and should be extended as needed for future
tests, e.g. adding test file content or other useful tools.
For the '--pull' tests which require actually pulling from
the registry, I've created an image with the same name but
tagged :00000000 so it will never be pulled by default.
Since this image is only used minimally, it's just busybox.
Unfortunately there remain two cases we cannot solve in
this tiny alpine-based image:
1) docker registry
2) systemd
For those, I've (manually) run:
podman pull [ docker.io/library/registry:2.7 | registry.fedoraproject.org/fedora:31 ]
podman tag !$ quay.io/...
podman push !$
...and amended the calling tests accordingly.
I've tried to make the the smallest reasonable diff, not the
smallest possible one. I hope it's a reasonable tradeoff.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Do not perform a container clean up for containers configured for
auto-removal (e.g., via `podman run --rm`). There is a small race
window with the other process performing the removal where a clean up
during podman-stop may fail since the container has already been removed
and cleaned up. As the removing process will clean up the container,
we don't have to do it during podman-stop.
Fixes: #7384
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Support loading and saving tarballs with more than one image.
Add a new `/libpod/images/export` endpoint to the rest API to
allow for exporting/saving multiple images into an archive.
Note that a non-release version of containers/image is vendored.
A release version must be vendored before cutting a new Podman
release. We force the containers/image version via a replace in
the go.mod file; this way go won't try to match the versions.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Follow up on issue #7444 and make the parent checks more robust.
We can end up with an incoherent storage when, for instance, a
build has been killed.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
If we select "unconfined" as AppArmor profile, then we should not error
even if the host does not support it at all. This behavior has been
fixed and a corresponding e2e test has been added as well.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Use RWSzir as system df verbose containers size to remain consistent with the summery. Volume is reclaimable only if not used by container.
Signed-off-by: Qi Wang <qiwan@redhat.com>
We've recently had a number of issues reported against our
pre-fabricated images on quay.io and a couple of rhel repositories
throwing a fuse error when run:
```
fuse: device not found, try 'modprobe fuse' first
```
The tip on modprobe fuse is not always seen by or displayed to
the end user. Adding a couple of doc pointers to hopefully help.
Arises from this BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1867892
and several others.
Replaces: 7453 where I was going crazy with whitespace and merge issues.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
(This is an adoption of #7533 because Brent is on PTO).
Pick up new crun and crio-runc.
Also: renames from useful fedora-32 and -31 to less-useful
names; presumably this is needed by something-something in
the new VM setup.
Also: tweak two e2e tests to more properly handle a kernel
(5.8.4) with a greater set of capabilities than what we
or crun can yet handle.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add support for generating systemd units
via the api and podman-remote.
Change the GenerateSystemdReport type to return the
units as map[string]string with the unit name as key.
Add `--format` flag to `podman generate systemd`
to allow the output to be formatted as json.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
The system defaults /run to "exec" mode, and we default --read-only
mounts on /run to "exec", so --systemd should follow suit.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Fixes#7509. There is no need to create a ~/.config directory now that
~/.config/containers/storage.conf is not created automatically. Podman
has no use for it if it does not exist already.
Signed-off-by: jjzmajic <uros.m.perisic@gmail.com>
We want to modify /etc/passwd to add an entry for the user in
question, but at the same time we don't want to require the
container provide a /etc/passwd (a container with a single,
statically linked binary and nothing else is perfectly fine and
should be allowed, for example). We could create the passwd file
if it does not exist, but if the container doesn't provide one,
it's probably better not to make one at all. Gate changes to
/etc/passwd behind a stat() of the file in the container
returning cleanly.
Fixes#7515
Signed-off-by: Matthew Heon <mheon@redhat.com>
when running CICD on Ubuntu where no cgroups v2, we need to use a newer runc for things like seccomp and the default ubuntu runc
is not new enough.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Reference: #6518, a very-frequently-flaking CI test, disabled
a month ago (#7143) because it was triggering so often in CI.
Unfortunately, that seems to have simply swept the problem
under the rug. AFAICT nobody has bothered to look at the
root bug, so let's just reenable. If the problem persists,
I'll let annoyed developers squeaky-wheel 6158 so there's
some incentive to fix it. If the problem has miraculously
gone away in the last month, that's a win too.
(This test failure does not reproduce on my laptop, nor
does it lend itself to devising a simple reproducer on
a test VM.)
Also: since #5325 appears to have been closed as fixed,
remove a 'Skip' that references it. Unfortunately this
also requires removing a lot of other cruft. This was
an incidental oh-by-the-way addition that I thought
would be trivial but ended up causing a much larger diff.
Signed-off-by: Ed Santiago <santiago@redhat.com>
