Commit Graph

5783 Commits

Author SHA1 Message Date
Paul Holzinger
32c25c6026 pkg/specgen/generate: NOP verifyContainerResources() on freebsd
There is no point in calling into cgroup specific code as freebsd does
not support cgroups.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-12-07 11:24:47 +01:00
Paul Holzinger
a687c38860 use rootless netns from c/common
Use the new rootlessnetns logic from c/common, drop the podman code
here and make use of the new much simpler API.

ref: https://github.com/containers/common/pull/1761

[NO NEW TESTS NEEDED]

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-12-07 11:24:46 +01:00
openshift-merge-bot[bot]
72ceb6ee82 Merge pull request #20905 from Odilhao/issue-20585-entrypoint
Add support for Entrypoint in quadlet
2023-12-06 14:13:03 +00:00
openshift-merge-bot[bot]
67aae8e62e Merge pull request #20866 from giuseppe/add-preserve-fds-list
podman: new option --preserve-fd
2023-12-06 13:34:34 +00:00
openshift-merge-bot[bot]
6efebb35cb Merge pull request #20889 from ygalblum/quadlet-build-crash
Kube Play - set ReportWriter when building an image
2023-12-05 19:55:35 +00:00
openshift-merge-bot[bot]
e8f30989b0 Merge pull request #20691 from cevich/mac_podman_machine_ci
Implement bare-metal Mac M1 podman-machine testing
2023-12-05 19:22:49 +00:00
openshift-merge-bot[bot]
100089f411 Merge pull request #20885 from IceWreck/userns-kube
Add support for the userns annotation in kube play
2023-12-05 13:55:20 +00:00
Giuseppe Scrivano
01d397a658 podman: new option --preserve-fd
add a new option --preserve-fd that allows to specify a list of FDs to
pass down to the container.

It is similar to --preserve-fds but it allows to specify a list of FDs
instead of the maximum FD number to preserve.

--preserve-fd and --preserve-fds are mutually exclusive.

It requires crun since runc would complain if any fd below
--preserve-fds is not preserved.

Closes: https://github.com/containers/podman/issues/20844

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2023-12-05 10:16:41 +01:00
Ygal Blum
a943be7e8e Kube Play - set ReportWriter when building an image
Add test for a specific crash
Update play build test to expect message in stderr

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2023-12-05 09:45:21 +02:00
Odilon Sousa
972ffaca4d Add support for Entrypoint in quadlet
This PR closes #20585

Add Inital support for Entrypoint on quadlets
Add Bats Tests for Entrypoint
Updates the documentation with one example to use the Entrypoint option

Signed-off-by: Odilon Sousa <osousa@redhat.com>
2023-12-04 23:38:53 -03:00
Chris Evich
2d46d05373 Implement bare-metal Mac M1 podman-machine testing
Setup and execute podman machine testing on bare-metal M1 Macs
using a pool of shared and semi-persistent hosts.  Automated
and manual processes outside this repository are responsible
for providing and maintaining all hosts.  Ref.
https://github.com/containers/automation/tree/main/mac_pw_pool

Update the `localmachine` make target to standardize execution
across platforms.  Update/simplify podman-machine e2e README to
reflect current reality.

Warning: This CI setup and supporting infrastructure was developed
in favor of expediency vs reliability and stability.  There are
many possible failure-modes (known and unknown) which may lead
to undefined test behaviors.  Future work may address some of
these as they are encountered or discovered.

[NO NEW TESTS NEEDED]

Signed-off-by: Chris Evich <cevich@redhat.com>
2023-12-04 10:40:13 -05:00
openshift-merge-bot[bot]
cbb3e4d20f Merge pull request #19518 from arixmkii/qemu_win_settings_qemu64
Change default QEMU CPU level to `qemu64` on Windows amd64
2023-12-04 13:39:53 +00:00
Ygal Blum
7e2a8d58ab Quadlet .pod - add support for the Volume Key
Add e2e tests
Update documentation

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2023-12-03 10:23:13 +02:00
Ygal Blum
212b4c9e93 Quadlet .pod - add support for the Network Key
Add e2e tests
Update documentation

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2023-12-03 10:22:33 +02:00
Ygal Blum
0d260bdc1f Quadlet - fix pod service file name
Using replaceExtension breaks when the service name has a dot
Just add .service

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2023-12-03 09:53:52 +02:00
Anchit Bajaj
04519234e8 Add support for the userns annotation in kube play
[NO NEW TESTS NEEDED]

Signed-off-by: Anchit Bajaj <ab@abifog.com>
2023-12-02 23:14:29 +01:00
openshift-merge-bot[bot]
c47962802a Merge pull request #20657 from nalind/commit-config
RHEL-14922: accept a config blob alongside the "changes" slice when committing
2023-12-01 21:09:23 +00:00
openshift-merge-bot[bot]
3b03e85471 Merge pull request #20789 from umohnani8/healthcheck
Don't update health check status during initialDelaySeconds
2023-12-01 13:12:50 +00:00
openshift-merge-bot[bot]
d3d9293b2a Merge pull request #20831 from Luap99/remote-exec-rm
fix podman-remote exec regression with v4.8
2023-12-01 09:59:21 +00:00
Nalin Dahyabhai
426db6fcc1 Accept a config blob alongside the "changes" slice when committing
When committing containers to create new images, accept a container
config blob being passed in the body of the API request by adding a
Config field to our API structures.  Populate it from the body of
requests that we receive, and use its contents as the body of requests
that we make.

Make the libpod commit endpoint split changes values at newlines, just
like the compat endpoint does.

Pass both the config blob and the "changes" slice to buildah's Commit()
API, so that it can handle cases where they overlap or conflict.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2023-11-30 09:00:52 -05:00
openshift-merge-bot[bot]
f2f7d60741 Merge pull request #20841 from ashley-cui/wsldeadlock
Fix locking error in WSL machine rm -f
2023-11-30 14:00:35 +00:00
openshift-merge-bot[bot]
6b9221d852 Merge pull request #20837 from dfr/freebsd-vnet
libpod: Allow using just one jail per container on FreeBSD
2023-11-30 08:38:20 +00:00
openshift-merge-bot[bot]
572a7692e3 Merge pull request #20828 from alexlarsson/quadlet-snippets
quadlet: Support systemd style dropin files
2023-11-29 23:24:33 +00:00
Ashley Cui
42ea211211 Fix locking error in WSL machine rm -f
Fixed a bug where `podman machine rm -f` would cause a deadlock when
running with WSL.

The deadlock is caused by the Remove() function calling the Stop()
function after Remove() locks the VM. Stop() also has a lock call, which
fails and deadlocks because Remove() already claimed lock. Fix this by
moving the stop call before the lock

[NO NEW TESTS NEEDED]

Signed-off-by: Ashley Cui <acui@redhat.com>
2023-11-29 16:28:59 -05:00
Doug Rabson
d4ac2f3dd5 libpod: Allow using just one jail per container on FreeBSD
In FreeBSD-14.0, it is possible to configure a jail's network settings
from outside the jail using ifconfig and route's new '-j' option. This
removes the need for a separate jail to own the container's vnet.

[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
2023-11-29 16:18:34 +00:00
Paul Holzinger
86296ff8da pkg/bindings: add new APIVersionError error type
When a new API call is added to the bindings we should guard it based on
the version and throw a useful error. Right now an old server that does
not implement a given endpoint would throw a "NOT FOUND" error which is
not good for callers.

Instead implement a custom error type to give a usefule error instead.
This allows bindings users to call errors.As() to know if they call and
to old version.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-11-29 15:31:42 +01:00
Urvashi Mohnani
f35d1c1c25 Don't update health check status during initialDelaySeconds
When InitialDelaySeconds in the kube yaml is set for a helthcheck,
don't update the healthcheck status till those initial delay seconds are over.
We were waiting to update for a failing healtcheck, but when the healthcheck
was successful during the initial delay time, the status was being updated as healthy
immediately.
This is misleading to the users wondering why their healthcheck takes
much longer to fail for a failing case while it is quick to succeed for
a healthy case. It also doesn't match what the k8s InitialDelaySeconds
does. This change is only for kube play, podman healthcheck run is
unaffected.

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
2023-11-29 08:37:39 -05:00
Alexander Larsson
8ee2622028 quadlet: Support systemd style dropin files
For a source file like `foo.container`, look for drop in named
`foo.container.d/*.conf` and merged them into the main file.  The
dropins are applied in alphabetical order, and files in earlier
diretories override later files with same name.

This is similar to how systemd dropins work, see:
https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html

Also adds some tests for these

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2023-11-29 13:46:52 +01:00
Paul Holzinger
93bcd2a25d fix podman-remote exec regression with v4.8
Commit f48a706abc added a new API endpoint to remove exec session
correctly. And the bindings try to call that endpoint for exec every
time. Now since client and server must not be the same version this
causes a problem if a new 4.8 client calls an older 4.7 server as it has
no idea about such endpoint and throws an ugly error. This is a common
scenario for podman machine setups.

The client does know the server version so it should make sure to not
call such endpoint if the server is older than 4.8.

I added a exec test to the machine tests as this can be reproduced with
podman machine as at the moment at least the VM image does not contain
podman 4.8. And it should at least make sure podman exec keeps working
for podman machine without regressions.

Fixes #20821

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-11-29 13:22:46 +01:00
openshift-merge-bot[bot]
d6fefe0ba7 Merge pull request #20822 from mtrmac/chown-cleanup
Fix transferring data using tar
2023-11-29 02:15:17 +00:00
openshift-merge-bot[bot]
6d9d8f06ce Merge pull request #20517 from rhatdan/mask
Get masked paths and readonly masked patchs from containers/common @rhatdan
2023-11-29 02:12:37 +00:00
openshift-merge-bot[bot]
5ab4513b26 Merge pull request #20798 from n1hility/fix-user-mode-disable
Fix wsl.conf generation when user-mode-networking is disabled
2023-11-29 01:20:12 +00:00
Miloslav Trmač
4314b1c344 Fix transferring data using tar
Instead of relying on the remote server to create tar files
with the right account IDs (which the remote server doesn't
even know, when the client and server run under different accounts),
have the remote client ignore the account IDs when unpacking.

Then just hard-code 0 in the remote server, so that the remote
server's account identity does not leak in the tar file contents.

Compare https://github.com/containers/image/issues/1627 .

[NO NEW TESTS NEEDED] : https://github.com/containers/podman/pull/18563
suggests that existing tests already cover these code paths / properties.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2023-11-28 20:44:17 +01:00
openshift-merge-bot[bot]
443e779a1f Merge pull request #20804 from BlackHole1/improve-vmtype
refactor(machine): improve machine marker value
2023-11-28 19:12:51 +00:00
openshift-merge-bot[bot]
83c08a2f5c Merge pull request #20609 from cgiradkar/19124_remove_event_fix
Set correct exitcode in remove events
2023-11-28 16:21:17 +00:00
openshift-merge-bot[bot]
545daed1e4 Merge pull request #20762 from ygalblum/quadlet-pod
Quadlet - Add support for .pod units
2023-11-28 14:44:00 +00:00
Black-Hole1
a2bf8c6d50 refactor(machine): improve machine marker value
1. Set the marker to the current virtual machine type instead of fixed qemu.
2. Update containers/common

[NO NEW TESTS NEEDED]

Signed-off-by: Black-Hole1 <bh@bugs.cc>
2023-11-28 21:47:12 +08:00
Chetan Giradkar
572f38c0db Set correct exitcode in remove events and change ContainerExitCode from int to int ptr
Added additional check for event type to be remove and set the correct exitcode.
While it was getting difficult to maintain the omitempty notation for Event->ContainerExitCode, changing the type from int to int ptr gives us the ability to check for ContainerExitCode to be not nil and continue operations from there.

closes #19124

Signed-off-by: Chetan Giradkar <cgiradka@redhat.com>
2023-11-28 13:31:18 +00:00
Ygal Blum
6b2f48129e Quadlet - Add support for .pod units
Add support for .pod unit files with only PodmanArgs, GlobalArgs, ContainersConfModule and PodName
Add support for linking .container units with .pod ones
Add e2e and system tests
Add to man page

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2023-11-28 14:31:53 +02:00
Jason T. Greene
8e2d5e1912 Fix wsl.conf generation when user-mode-networking is disabled
[NO NEW TESTS NEEDED]

Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
2023-11-27 11:49:03 -06:00
Paul Holzinger
386c8d6bfc swagger: document play kube annotations param
The annotations parameter was not documented, add it.

Fixes #20784

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-11-27 15:42:42 +01:00
openshift-merge-bot[bot]
d1236f46fc Merge pull request #20750 from baude/removeversionhack
podman machine image from oci updates
2023-11-27 14:10:33 +00:00
openshift-merge-bot[bot]
208ad3b330 Merge pull request #20769 from giuseppe/fix-crash-podman-info
system: enhance check for re-exec into rootless userns
2023-11-27 10:23:40 +00:00
openshift-merge-bot[bot]
1486ee5189 Merge pull request #20744 from rhatdan/pod
If API calls for kube play --replace, then replace pod
2023-11-25 13:46:56 +00:00
Giuseppe Scrivano
41a6b992aa system: enhance check for re-exec into rootless userns
Previously, the setup only checked for the CAP_SYS_ADMIN capability,
which could be not enough with containerized Podman where
CAP_SYS_ADMIN might be set for an unprivileged user.

Closes: https://github.com/containers/podman/issues/20766

[NO NEW TESTS NEEDED] needs containerized Podman

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2023-11-24 13:22:19 +01:00
Giuseppe Scrivano
fe65f059ab libpod: drop dead code
these functions are not used anymore in the codebase, so drop them.

[NO NEW TESTS NEEDED] no new functionalities are added

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2023-11-24 11:19:02 +01:00
openshift-merge-bot[bot]
6c29a870f7 Merge pull request #20528 from giuseppe/consolidate-xdg-runtime-code
Consolidate XDG_RUNTIME code
2023-11-24 09:27:30 +00:00
Giuseppe Scrivano
cd21973f47 pkg/util: use code from c/storage
[NO NEW TESTS NEEDED] no new functionalities are added

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2023-11-23 21:36:42 +01:00
Brent Baude
da9349ce42 podman machine image from oci updates
It makes more sense to key off the hypervisor/provider when pulling
disks from oci registries.

i.e. quay.io/libpod/podman-machine-images:5.0-qemu

Also, now that we are in 5.0-dev, I also removed the overrides always
making the podman version 4.6.

[NO NEW TESTS NEEDED]

Signed-off-by: Brent Baude <bbaude@redhat.com>
2023-11-22 13:21:24 -06:00
Daniel J Walsh
75638a72a8 If API calls for kube play --replace, then replace pod
Currently if user specifies podman kube play --replace, the
pod is removed on the client side, not the server side.  If
the API is called with replace=true, the pod was not being removed
and this called the API to fail. This PR removes the pod if it
exists and the caller specifies replace=true.

Fixes: https://github.com/containers/podman/discussions/20705

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-11-22 13:31:24 -05:00