With F35 released, F33 is officially dead. Move it out of the way
temporarily until F35 VM images are ready.
Signed-off-by: Chris Evich <cevich@redhat.com>
To make testing easier we can overwrite the network backend with the
global `--network-backend` option.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
make sure the /etc/mtab symlink is created inside the rootfs when /etc
is a symlink.
Closes: https://github.com/containers/podman/issues/12189
[NO NEW TESTS NEEDED] there is already a test case
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
You can change the network backendend in containers.conf supported
values are "cni" and "netavark".
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
THe rust netlink library is very verbose. It contains way to much debug
and trave logs. We can set `RUST_LOG=netavark=<level>` to make sure this
log level only applies to netavark and not the libraries.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add a new boltdb to handle IPAM assignment.
The db structure is the following:
Each network has their own bucket with the network name as bucket key.
Inside the network bucket there is an ID bucket which maps the container ID (key)
to a json array of ip addresses (value).
The network bucket also has a bucket for each subnet, the subnet is used as key.
Inside the subnet bucket an ip is used as key and the container ID as value.
The db should be stored on a tmpfs to ensure we always have a clean
state after a reboot.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Implement a new network interface for netavark.
For now only bridge networking is supported.
The interface can create/list/inspect/remove networks. For setup and
teardown netavark will be invoked.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
To prevent code duplication when creating new network backends move
reusable code into a separate internal package.
This allows all network backends to use the same code as long as they
implement the new NetUtil interface.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The cni plugins need access to /run/cni and the dnsname plugin needs
access to /run/containers.
The race condition was basically that a `podman stop` could either do the
cleanup itself or the spawned cleanup process would do the cleanup if it
was fast enough. The `podman stop` is executed on the host while the
podman cleanup process is executed in the "parent container". The parent
container contains older plugins than on the host. The dnsname plugin
before version 1.3 could error and this would prevent CNI from
doing a proper cleanup. The plugin errors because it could not find its
files in /run/containers. On my system the test always failed because
the cleanup process was always faster than the stop process. However in
the CI VMs the stop process was usually faster and so it failed only
sometimes.
Fixes#11558
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Podman and Docker will not commit changes via RUN command
of a VOLUME directory, so we need to chown path first.
Not doing do will cause: https://bugzilla.redhat.com/show_bug.cgi?id=2009266
Signed-off-by: Jindrich Novy <jnovy@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
As rootless we have to reload the port mappings. If it fails we should
return an error instead of the warning.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When run as rootless the podman network reload command tries to reload
the rootlessport ports because the childIP could have changed.
However if the containers has no ports we should skip this instead of
printing a warning.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Print out the headers even if the system connection list
is empty to match the behavior of other list commands.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Add new CI check to confirm that links and references
in SEE ALSO sections are properly formatted and that
links are valid (at least in theory: we do no actual
URL fetching to test for 404).
The check is piggybacked into existing xref-helpmsgs-manpages
script. It could conceivably be more elegant to write a
separate tool for this purpose, but I don't wish to duplicate
the logic for finding and reading markdown files.
Script identified various problems, which I fix in this PR:
. missing '**' (asterisks) around some references, or '**'
in the wrong place.
. links pointing to github.com/.../tree/ instead of /blob/
(github redirects those automatically, but I like
consistency)
. a few copy-paste errors, e.g. subgid linking to subuid.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Support downloading files, for instance via
`podman load -i server.com/image.tar`. The specified URL is downloaded
in the frontend and stored as a temp file that gets passed down to the
backend.
Also vendor in c/common@main to use the new `pkg/download`.
Fixes: #11970
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Fix a bug where pods would be created with the hard-coded default infra
image instead of the custom one from containers.conf. Add a simple
regression test.
Fixes: #12245
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
since we now support reading additional IDs with libsubid, clarify
that the /etc/subuid and /etc/subgid files are honored only when
shadow-utils is configured to use them.
[NO TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
A rootless container created with a custom userns and forwarded ports
did not work. I refactored the network setup to make the setup logic
more clear.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Health checks may be defined in the container config or the config of an
image. So far, Podman only looked at the container config.
The plumbing happened in libimage but add a regression test to Podman as
well to make sure the glue code will not regress.
Note that I am pinning github.com/onsi/gomega to v1.16.0 since v1.17.0
requires go 1.16 which in turn is breaking CI.
Fixes: #12226
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
We now do not copy the `bin` directory to the target nix sources to
avoid skipping the build because "everything is up to date".
Fixes https://github.com/containers/podman/issues/12198
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
When starting a container libpod/runtime_pod_linux.go:NewPod calls
libpod/lock/lock.go:AllocateLock ends up in here. If you exceed
num_locks, in response to a "podman run ..." you will see:
Error: error allocating lock for new container: no space left on device
As noted inline, this error is technically true as it is talking about
the SHM area, but for anyone who has not dug into the source (i.e. me,
before a few hours ago :) your initial thought is going to be that
your disk is full. I spent quite a bit of time trying to diagnose
what disk, partition, overlay, etc. was filling up before I realised
this was actually due to leaking from failing containers.
This overrides this case to give a more explicit message that
hopefully puts people on the right track to fixing this faster. You
will now see:
$ ./bin/podman run --rm -it fedora bash
Error: error allocating lock for new container: allocation failed; exceeded num_locks (20)
[NO NEW TESTS NEEDED] (just changes an existing error message)
Signed-off-by: Ian Wienand <iwienand@redhat.com>
