20595 Commits

Author SHA1 Message Date
cad4d0ee9f Fix path for omvf vars on Darwin/arm64
On darwin arm64, we need to set the location of the ovmf vars. It should be put into the imageDir (also known as as dataDir).  But because qemu determines the image path late in Init(), the image path is set something like a stream marker.

Fixes #20361

[NO NEW TESTS NEEDED]

Signed-off-by: Brent Baude <bbaude@redhat.com>
2023-10-18 10:40:08 -05:00
02757ab20d Merge pull request #20391 from sstosh/nanocpu-api-test
test/apiv2/20-containers.at: fix NanoCPUs tests on cgroups v1
2023-10-18 13:39:18 +00:00
ef2392f21c Merge pull request #20381 from vrothberg/fix-20375
image history: fix walking layers
2023-10-18 10:37:48 +00:00
a1982c043d Merge pull request #20365 from p-fruck/fix/api-compat-network-connected
fix(API): Catch ErrNetworkConnected for compat
2023-10-18 08:55:31 +00:00
074a0de7f9 Merge pull request #20388 from cevich/cross_target_comment
[CI:DOCS] Add cross-build target info.
2023-10-18 08:41:06 +00:00
c65d1c02b9 test/apiv2/20-containers.at: fix NanoCPUs tests on cgroups v1
* rootful: NanoCpus needs to set more than 10000000 on cgroups v1.
* rootless: Resource limits that include NanoCPUs are not supported and ignored.

Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
2023-10-18 16:56:18 +09:00
6624ccb4b1 Merge pull request #20384 from Luap99/double-netns
libpod: restart+userns cleanup netns correctly
2023-10-18 07:47:02 +00:00
9394171cbb Merge pull request #20387 from Luap99/machine-doc
[CI:DOCS] machine set: document --rootful better
2023-10-18 07:45:06 +00:00
831844b596 image history: fix walking layers
libimage did not walk thte layers correctly which was probably
inherited by old Podman code.  Fix that by vendoring in the
corresponding changes in c/common.

Fixes: #20375
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2023-10-18 09:19:24 +02:00
ad53190253 fix(api): Ensure compatibality for network connect
When trying to connect a container to a network and the connection
already exists, an error should only be raised if the container is
already running (or is in the `ContainerStateCreated` transition)
to mimic the behavior of Docker as described here:
https://github.com/containers/podman/pull/15516#issuecomment-1229265942
For running and connected containers 403 is returned which fixes #20365

Signed-off-by: Philipp Fruck <dev@p-fruck.de>
2023-10-17 22:56:32 +02:00
b0a45a905b Merge pull request #20366 from ygalblum/quadlet-kube-down-force
Quadlet - add support for KubeDownForce
2023-10-17 19:50:45 +00:00
91264e7d2e Merge pull request #19586 from rhatdan/ps
Fix output of podman --remote top
2023-10-17 19:12:27 +00:00
c909afb883 Merge pull request #20239 from jackgris/docker-api-error-response
fix: pull error response docker rest api compatibility
2023-10-17 18:51:37 +00:00
e0561301c9 [CI:DOCS] Add cross-build target info.
In case a future maintainer asks "why" all these weird looking
four-letter architectures are present here and in CI.

Signed-off-by: Chris Evich <cevich@redhat.com>
2023-10-17 14:23:21 -04:00
dc705d3702 machine set: document --rootful better
If you change this option all the containers disappear from the default
connection and socket. Thus it is required to recreate the resources.
Sharing between root and rootless is not possible for various reasons.

Fixes #19936

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-10-17 18:09:13 +02:00
bbd6281ecc libpod: restart+userns cleanup netns correctly
When a userns and netns is used we need to let the runtime create the
netns otherwise the netns is not owned by the right userns and thus
the capabilities would not be correct.

The current restart logic tries to reuse the netns which is fine if no
userns is used but when one is used we setup a new netns (which is
correct) but forgot to cleanup the old netns. This resulted in leaked
network namespaces and because no teardown was ever called leaked ipam
assignments, thus a quickly restarting container will run out of ip
space very fast.

Fixes #18615

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-10-17 17:25:50 +02:00
3b6a4ac37a Minor log and doc fixes
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2023-10-17 14:43:02 +03:00
f875ae3176 Quadlet man page - discuss volume removal explicitly
Co-authored-by: Valentin Rothberg <vrothberg@redhat.com>
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2023-10-17 14:43:02 +03:00
5d5facbd79 Quadlet - add support for KubeDownForce
Allow users to set --force for Stop command
Add doc and tests

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2023-10-17 14:43:01 +03:00
5853e2bee9 Merge pull request #20363 from ygalblum/quadlet-kube-oneshot-test
System Test - Quadlet kube oneshot
2023-10-17 10:53:40 +00:00
6ba67ba96c System Test - Quadlet kube oneshot
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2023-10-17 11:15:11 +03:00
206177c592 Merge pull request #20376 from edsantiago/buildah_tests
buildah-bud: test relative TMPDIR
2023-10-17 04:50:10 +00:00
ae707b58d8 Merge pull request #20338 from umohnani8/vendor-common
Update common and buildah vendor
2023-10-17 04:48:17 +00:00
9637fed2fd Fix output of podman --remote top
Allow users to specify

podman-remote top $cid -eo "pid comm"
or
podman-remote top $cid -eo pid,comm

Fixes: https://github.com/containers/podman/issues/19176

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

didid#	new file:   test/system/085-top.bats

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-10-16 17:25:10 -04:00
acc7a94dfc Merge pull request #20235 from rhatdan/read-only
Fix handling of --read-only-tmpfs flag
2023-10-16 21:22:53 +00:00
dcb421bc5b buildah-bud: test relative TMPDIR
(buildah PR 5084). Should actually have been added as a bud.bats
test in that PR, but I didn't catch it in time.

Also, remove an obsolete bud-tests skip

Signed-off-by: Ed Santiago <santiago@redhat.com>
2023-10-16 14:11:35 -06:00
c8604081e8 Fix handling of --read-only-tmpfs flag
Fixes: https://github.com/containers/podman/issues/20225

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-10-16 14:18:55 -04:00
1b0be2f348 Vendor common and buildah main
Update the common and buildah vendor to pull in the
platform code move.

[NO NEW TESTS NEEDED]

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
2023-10-16 13:35:29 -04:00
dabf6c83a7 Merge pull request #20367 from flouthoc/bump-and-test-buildah
buildah: bump to `v1.32.1-0.20231012130144-244170240d85` and test builds with relative `TMPDIR`
2023-10-16 14:44:18 +00:00
091d83d3c9 Merge pull request #20360 from containers/renovate/github.com-vbauerster-mpb-v8-8.x
fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.2
2023-10-16 12:57:30 +00:00
5db3b753af remote,build: wire unsetlabels
Signed-off-by: Aditya R <arajan@redhat.com>
2023-10-16 15:34:02 +05:30
331e47acb1 test: build with TMPDIR as relative
Test edge-case described here: https://github.com/containers/buildah/pull/5084
Test case in: RHEL-2598

Signed-off-by: Aditya R <arajan@redhat.com>
2023-10-16 14:02:31 +05:30
6cf3dd4931 docs: add unsetlabel
Signed-off-by: Aditya R <arajan@redhat.com>
2023-10-16 14:02:21 +05:30
64ff149324 vendor: bump buildah to v1.32.1-0.20231012130144-244170240d85
Signed-off-by: Aditya R <arajan@redhat.com>
2023-10-16 11:55:53 +05:30
74ed1d6e70 fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.2
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-10-14 05:10:56 +00:00
b9f2c4d171 fix: pull error response docker rest api compatibility
This is related to the issue #20013

Signed-off-by: Gabriel Pozo <jackgris2@gmail.com>
2023-10-13 20:19:18 -03:00
b5fec41f26 Merge pull request #20333 from baude/showinfo
Show client info even if remote connection fails
2023-10-13 21:52:47 +00:00
aa0e96e781 Merge pull request #20274 from ashley-cui/cleanup
Machine: Teardown on init failure
2023-10-13 14:22:46 +00:00
29f5c563e4 Show client info even if remote connection fails
When people report issues, we often ask for the result of `podman info`.
However, if the problem is the remote connection, it will error out with
no information at all.  This PR at least will report client information
before disclosing the connection error.  For example on Windows:

> .\bin\windows\podman.exe info
client:
  OS: windows/amd64
  provider: hyperv
  version: 4.8.0-dev
  host: null

Satisfies: RUN-1720

Signed-off-by: Brent Baude <bbaude@redhat.com>
2023-10-13 08:53:56 -05:00
3e86bece98 Merge pull request #20354 from containers/renovate/github.com-containers-libhvee-digest
fix(deps): update github.com/containers/libhvee digest to e51be96
2023-10-13 06:32:04 +00:00
52112fc5c1 fix(deps): update github.com/containers/libhvee digest to e51be96
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-10-13 03:19:39 +00:00
5afa949a43 Merge pull request #20322 from jakecorrenti/set-lock
Implement SetLock for all virt providers
2023-10-12 23:15:40 +00:00
6e40a5f9c6 Merge pull request #20348 from rhatdan/codespell
Run codespell
2023-10-12 22:39:26 +00:00
e4ef271376 Merge pull request #20347 from Luap99/healthcheck-event
healthcheck: make sure to always show health_status events
2023-10-12 18:15:58 +00:00
cb53bcf23f Run codespell
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-10-12 12:45:44 -04:00
fb87f0a7bb Merge pull request #20337 from ygalblum/quadlet-kube-oneshot
Quadlet - support oneshot .kube files
2023-10-12 16:27:13 +00:00
987dc2b8bb SetLock for all virt providers
Implements a shared `GetLock` function for virtualization providers. Returns
a pointer to a lockfile used for serializing write operations.

[NO NEW TESTS NEEDED]

Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
2023-10-12 12:06:31 -04:00
61e0b64b91 Machine: Teardown on init failure
If init fails, or if a SIGINT is sent during init, podman machine should remove all files and configs
created during the init. This includes config jsons, image files, ssh
id's, and system connections. On Windows, the VM instances are also
unregistered.

Signed-off-by: Ashley Cui <acui@redhat.com>
2023-10-12 09:26:06 -04:00
99a14332ef healthcheck: make sure to always show health_status events
This fixes a regression caused by commit 7e6e267329, unfortunately this
was not caught during review as for some reason this works fine rootless
and only fails as root.

Because we set the systemd log level to notice in order to hide the unit
started/stopped messages to prevent spamming the journal the issue is
that this now also causes systemd to ignore the events we write to
journald as we also send them as info level.

To fix this we simply send health_status events now on notice level. I
decided against sending all events on notice as I think info is fine for
them. Whenever the notice level is right is of course debatable but
given it may contain the unhealthy message I think having this a notice
should be ok.

The main reason this made it through testing is because we do not rely
on the systemd unit to fire healthchecks in the tests as this is flaky.
There is one test were we rely on it though and I added a check there
to make sure events are displayed correctly when trigger via systemd.

Fixes #20342

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-10-12 15:02:32 +02:00
7b84b55daa Apply suggestions from code review
Co-authored-by: Valentin Rothberg <vrothberg@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-10-12 07:45:41 -04:00