17387 Commits

Author SHA1 Message Date
9ef2d9dcd9 Merge pull request #16530 from elezar/bump-golang
Bump golang version to 1.18
2022-12-12 08:28:51 -05:00
7153d716d3 Merge pull request #16754 from containers/dependabot/go_modules/golang.org/x/term-0.3.0
build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0
2022-12-12 07:41:05 -05:00
bf66b6ac7a build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0
Bumps [golang.org/x/term](https://github.com/golang/term) from 0.2.0 to 0.3.0.
- [Release notes](https://github.com/golang/term/releases)
- [Commits](https://github.com/golang/term/compare/v0.2.0...v0.3.0)

---
updated-dependencies:
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-10 06:13:44 -05:00
6f1bc98dce Merge pull request #16743 from ashley-cui/secdocs
[CI:DOCS] Clarify secret target behavior
2022-12-09 14:22:29 -05:00
ecd33d0c8a Merge pull request #16698 from rhatdan/wait
Init containers should not be restarted
2022-12-09 13:57:14 -05:00
59ce7cf1c0 [CI:DOCS] Clarify secret target behavior
Add documentation on how the the target option works when adding a secret to a container

Signed-off-by: Ashley Cui <acui@redhat.com>
2022-12-09 09:31:39 -05:00
859f40a2eb Merge pull request #16776 from Luap99/http-proxy
remote: allow --http-proxy for remote clients
2022-12-09 05:23:38 -05:00
205cb50250 Merge pull request #16785 from vrothberg/fix-14531
health check: ignore dependencies of transient systemd units/timers
2022-12-09 04:51:16 -05:00
7d2a19ce67 Merge pull request #16631 from andrei-n-cosma/fix-secret-unmarshal
Fixes secret marshaling for kube play. Merge stringData with data for secrets.
2022-12-09 04:48:42 -05:00
15fca66e78 Merge pull request #16777 from Luap99/build-remote-volume
podman-remote build add --volume support
2022-12-09 04:32:57 -05:00
02b7866e60 Merge pull request #16750 from umohnani8/teardown
Cleanup kube play workloads if error happens
2022-12-09 03:31:20 -05:00
9f6cf50d52 podman-remote build add --volume support
Just like podman-remote run users should still be able to set volumes,
of course the source must be on the server machine but this is already
the case for podman machine for example.

Fixes #16694

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-12-08 17:10:46 +01:00
2dde30b93a remote: allow --http-proxy for remote clients
The remote client should be allowed to specify if the container should
be run with the proxy env vars. It will still use the proxy vars from
the server process and not the client. This makes podman-remote more
consistent with the local version and easier to use in environments
where a proxy is required.

Fixes #16520

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-12-08 17:08:37 +01:00
2f29639bd3 Cleanup kube play workloads if error happens
If an error happening while playing a kube yaml,
clean up any pods, containers, and volumes that might
have been created before the error was hit.
This improves the user experience for when they go to
re-run the same yaml with their fixes and podman doesn't
complain about any existing workloads from the previously
failed run.

Suppress the clean up output when clean up happens after an
error as the user doesn't need to see or know about that.

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
2022-12-08 10:30:44 -05:00
1ed982753c health check: ignore dependencies of transient systemd units/timers
When stopping the transient systemd timer/unit which powers running
health checks, make sure to ignore its dependencies.  It turns out
that we're otherwise running into a timeout when running a container in
a systemd unit and reboot.

An alternative may be to further tweak some attributes/options when
creating the timer/unit via systemd-run but it seems safe to just ignore
the dependencies and stop.

[NO NEW TESTS NEEDED] - we don't yet have means to test reboots.

Fixes: #14531
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2022-12-08 15:01:57 +01:00
db4d018711 Fixes secret (un)marshaling for kube play.
Fixes e2e tests, remove '\n' from base64 encoded data.
Correct test to check that data in secret mounted file is decoded.

Closes #16269
Closes #16625

Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
2022-12-08 10:33:44 +01:00
6e2e9ab227 Merge pull request #16709 from vrothberg/fix-16515
kube sdnotify: run proxies for the lifespan of the service
2022-12-07 18:10:31 -05:00
22790b63d0 Merge pull request #16761 from ashley-cui/machelper
Makefile: Add podman-mac-helper to darwin client zip
2022-12-07 16:32:05 -05:00
4abc164f56 Merge pull request #16751 from rhatdan/you
[CI:DOCS] Remove 'you' from man pages
2022-12-07 12:36:57 -05:00
4096d04123 Merge pull request #16569 from rst0git/run-checkpoint-image-v2
Add support for checkpoint images with 'podman run'
2022-12-07 11:39:37 -05:00
5b6a03fbab Merge pull request #16763 from sstosh/e2e-http_proxy
e2e: keeps the http_proxy value
2022-12-07 09:30:08 -05:00
7665bbc127 Remove 'you' from man pages
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-12-07 09:29:29 -05:00
f1e167d584 Merge pull request #16770 from containers/dependabot/go_modules/test/tools/golang.org/x/tools-0.4.0
build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools
2022-12-07 09:27:03 -05:00
1bfaf51941 build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-07 12:09:43 +00:00
06c3b1d499 Merge pull request #16764 from vrothberg/test-docs
[CI:DOCS] test/README.md: run tests with podman-remote
2022-12-07 06:34:40 -05:00
97c56eef6f [CI:DOCS] test/README.md: run tests with podman-remote
Drop a note on how to run single tests with the remote client.

Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2022-12-07 09:25:32 +01:00
8b87665f23 e2e: keeps the http_proxy value
In a proxy environment, http_proxy needs to keep
the value to use a proxy.

Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
2022-12-07 16:30:32 +09:00
7784f1d165 Merge pull request #16758 from Luap99/nv-ipam-none
test/e2e: enable "podman run with ipam none driver" for nv
2022-12-06 20:02:43 -05:00
3a68b90dc1 Merge pull request #16742 from cevich/add_volume_warning
[CI:DOCS] Add warning about --opts,o with mount's -o
2022-12-06 19:59:57 -05:00
1b62e9049e Merge pull request #16684 from sstosh/e2e-proxy
e2e: fix e2e tests in proxy environment
2022-12-06 19:57:10 -05:00
883ff665b2 Merge pull request #16748 from ygalblum/quadlet_kube_userns
Quadlet Kube: Add support for userns flag
2022-12-06 18:03:41 -05:00
2e9eb170c6 Merge pull request #16668 from karta0807913/main
fix an override logic in Inherit function
2022-12-06 17:58:31 -05:00
9b702460e1 Makefile: Add podman-mac-helper to darwin client zip
As well as as small fix for zipping the correct folder when building on Mac

Signed-off-by: Ashley Cui <acui@redhat.com>
2022-12-06 15:39:58 -05:00
73e6539f97 Merge pull request #16757 from cevich/fix_job_sequence
[skip-ci] GHA/Cirrus-cron: Fix execution order
2022-12-06 12:26:40 -05:00
c7b936a415 test/e2e: enable "podman run with ipam none driver" for nv
This should work since nv v1.1.

Fixes #13931

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-12-06 18:25:34 +01:00
f218a4617b Merge pull request #16740 from ygalblum/network-create-options
Update containers common package
2022-12-06 10:56:47 -05:00
7cdf37624e Merge pull request #16747 from Luap99/ipvlan-parent
network create: support "-o parent=XXX" for ipvlan
2022-12-06 10:54:11 -05:00
45f8b1ca9e [skip-ci] GHA/Cirrus-cron: Fix execution order
Fairly universally, the last Cirrus-Cron job is set to fire off at
22:22 UTC.  However, the re-run of failed jobs GHA workflow was
scheduled for 22:05, meaning it will never re-run the last cirrus-cron
job should it fail.

Re-arrange the execution order so as to give plenty of time between the
last cirrus-cron job starting, the auto-re-run attempt, and the final
failure-check e-mail.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-12-06 10:38:10 -05:00
4a8d953425 Merge pull request #16371 from alexlarsson/transient-store
Support transient store mode
2022-12-06 09:39:19 -05:00
293f1cd14d Merge pull request #16713 from alexlarsson/quadlet-drop-cid-remove
quadlet: Drop ExecStartPre=rm %t/%N.cid
2022-12-06 09:00:57 -05:00
53357b0f95 Merge pull request #16749 from Luap99/healthcheck
disable healthchecks automatically on non systemd systems
2022-12-06 08:58:24 -05:00
4fa307f149 kube sdnotify: run proxies for the lifespan of the service
As outlined in #16076, a subsequent BARRIER *may* follow the READY
message sent by a container.  To correctly imitate the behavior of
systemd's NOTIFY_SOCKET, the notify proxies span up by `kube play` must
hence process messages for the entirety of the workload.

We know that the workload is done and that all containers and pods have
exited when the service container exits.  Hence, all proxies are closed
at that time.

The above changes imply that Podman runs for the entirety of the
workload and will henceforth act as the MAINPID when running inside of
systemd.  Prior to this change, the service container acted as the
MAINPID which is now not possible anymore; Podman would be killed
immediately on exit of the service container and could not clean up.

The kube template now correctly transitions to in-active instead of
failed in systemd.

Fixes: #16076
Fixes: #16515
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2022-12-06 14:15:11 +01:00
7d16c2b69e Update containers common package
The new version adds NetworkCreateOptions. For now pass nil

[NO NEW TESTS NEEDED]

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2022-12-06 13:52:28 +02:00
75f4215717 podman manpage: Use man-page links instead of file names
This changes references to `/etc/containers/storage.conf` (and similar) to
links to `containers-storage.conf(5)`, as there are alternative locations
for this file.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2022-12-06 09:54:50 +01:00
86f4bd4f54 e2e: fix e2e tests in proxy environment
- podman generate kube inheritents the proxy environment valiable by default.
  Therefore, Env field is not empty if it is set.

- systemd-socket-acrivate needs to pass an proxy environment variable.

- busybox wget with an proxy doesn't work.
  Network tests should use not wget but curl.
  https://gitlab.alpinelinux.org/alpine/aports/-/issues/10446

Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
2022-12-06 11:14:19 +09:00
4134a37233 Fix test
Signed-off-by: karta0807913 <karta0807913@gmail.com>
2022-12-06 01:25:54 +00:00
28774f18c5 disable healthchecks automatically on non systemd systems
The podman healthchecks are implemented using systemd timers, this works
great but it will never work on non systemd distros. Currently the logic
always assumes systemd is available and will fail with an error, so users
are forced to always run with `--no-healthcheck` to disable healthchecks
that are defined in an image for example. This is annoying and IMO
unnecessary, we should just default to no healthcheck on these systems.

First, use the systemd build tag to disable it at build time if this tag
is not used.
Second, use make sure systemd is used as init before trying
to use healthchecks. This could be the case when we are run in a container.

[NO NEW TESTS NEEDED] We do not have any non systemd VMs in CI AFAIK.

Fixes #16644

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-12-05 20:58:30 +01:00
1ea00ebda1 Quadlet Kube: Add support for userns flag
Move the handling of userns keys from ConvertContainer to a separate method
Adjust the method according to the different supported values
Use the new method in both ConvertContainer and ConvertKube
Pass isUser to ConvertKube as well
Add tests

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2022-12-05 21:26:23 +02:00
68e51834a9 Merge pull request #16738 from ygalblum/quadlet_kube_relative_path
Quadlet Kube: Add support for relative path for YAML file
2022-12-05 14:21:10 -05:00
2f2df58fc9 Merge pull request #16745 from Luap99/docker-compose-mac
compat API: allow MacAddress on container config
2022-12-05 13:57:53 -05:00