Add support for containers.conf #4698
Conversation
openshift-ci-robot
added
the
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
Replaces #4569 |
openshift-ci-robot
added
the
size/XXL
rhatdan
force-pushed
the
containers.conf
branch
from
7b844a1 to
2e60cc0
Compare
rhatdan
force-pushed
the
containers.conf
branch
from
2e60cc0 to
bd88eda
Compare
|
☔ The latest upstream changes (presumably #4699) made this pull request unmergeable. Please resolve the merge conflicts. |
openshift-ci-robot
added
the
needs-rebase
rhatdan
force-pushed
the
containers.conf
branch
from
bd88eda to
2abe2d1
Compare
openshift-ci-robot
removed
the
needs-rebase
|
☔ The latest upstream changes (presumably #4730) made this pull request unmergeable. Please resolve the merge conflicts. |
openshift-ci-robot
added
the
needs-rebase
rhatdan
force-pushed
the
containers.conf
branch
from
2abe2d1 to
da0ff59
Compare
openshift-ci-robot
removed
the
needs-rebase
rhatdan
force-pushed
the
containers.conf
branch
3 times, most recently
from
242b1aa to
8384542
Compare
|
☔ The latest upstream changes (presumably #4592) made this pull request unmergeable. Please resolve the merge conflicts. |
openshift-ci-robot
added
the
needs-rebase
rhatdan
force-pushed
the
containers.conf
branch
from
8384542 to
c537c5e
Compare
openshift-ci-robot
removed
the
needs-rebase
|
☔ The latest upstream changes (presumably #4816) made this pull request unmergeable. Please resolve the merge conflicts. |
openshift-ci-robot
added
the
needs-rebase
rhatdan
force-pushed
the
containers.conf
branch
from
c537c5e to
9edb1b4
Compare
openshift-ci-robot
removed
the
needs-rebase
|
Please don't merge today, before I cut 1.8.2 final. Will do a review this afternoon. |
|
/hold |
openshift-ci-robot
added
the
do-not-merge/hold
|
/hold cancel Full review delayed until tomorrow |
openshift-ci-robot
removed
the
do-not-merge/hold
|
@mheon @vrothberg @giuseppe @TomSweeneyRedHat @QiWang19 @baude Could some give this a review, so we can finally get it merged... |
There was a problem hiding this comment.
Just a couple of nits. It's very hard to review such a gigantic PR but the green tests (in addition with the new tests) give me a good feeling.
What worries me a bit is that the CLI and API v2 are diverging with all the new defaults being set in cmd/podman/.... I didn't catch up on all recent developments and I am certain that's already being worked on but it would be great to consolidate container creation (and let the backend do the validation in contrast to cmd/podman/...).
Other than that LGTM.
cmd/podman/shared/create.go
Outdated
| // Check for . and dns-search domains | ||
| if util.StringInSlice(".", dnsSearches) { | ||
| if len(dnsSearches) > 1 { | ||
| return nil, errors.Errorf("cannot pass additional search domains when also specifying '.'") |
There was a problem hiding this comment.
We could move the check down to if dom == "." in the following loop. Would avoid iterating twice.
docs/source/markdown/podman-run.1.md
Outdated
| @@ -867,6 +869,8 @@ Set the user namespace mode for the container. It defaults to the **PODMAN_USER | |||
| - **host**: run in the user namespace of the caller. This is the default if no user namespace options are set. The processes running in the container will have the same privileges on the host as any other process launched by the calling user. | |||
| - **keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user. | |||
| - **ns**: run the container in the given existing user namespace. | |||
| - **private**: create a new namespace for the container (default) | |||
| - **private**: | |||
| @@ -609,3 +609,46 @@ func Tmpdir() string { | |||
|
|
|||
| return tmpdir | |||
| } | |||
|
|
|||
| // ValidateSysctls validates a list of sysctl and returns it. | |||
| func ValidateSysctls(strSlice []string) (map[string]string, error) { | |||
There was a problem hiding this comment.
Looks like a candidate for a c/common/pkg/sysctl.
There was a problem hiding this comment.
WIll open a different PR for this, but I would prefer to get this merged and fixed later.
rhatdan
force-pushed
the
containers.conf
branch
from
6887554 to
1e5c6cd
Compare
| } | ||
|
|
||
| // If we need to, switch to cgroupfs and logger=file on rootless. | ||
| config.checkCgroupsAndLogger() |
There was a problem hiding this comment.
should use func (c *Config) CheckCgroupsAndAdjustConfig() directly in podman. containers/common#80 removed it from NewConfig
rhatdan
force-pushed
the
containers.conf
branch
2 times, most recently
from
ccc88dd to
c634565
Compare
|
@mheon @vrothberg @QiWang19 @TomSweeneyRedHat @baude @jwhonce PTAL |
|
LGTM |
|
@mheon @vrothberg @QiWang19 @TomSweeneyRedHat @baude @jwhonce @giuseppe PTAL |
rhatdan
force-pushed
the
containers.conf
branch
3 times, most recently
from
0ec7c52 to
c1caffb
Compare
vendor in c/common config pkg for containers.conf Signed-off-by: Qi Wang [email protected] Signed-off-by: Daniel J Walsh <[email protected]>
rhatdan
force-pushed
the
containers.conf
branch
from
c1caffb to
4352d58
Compare
|
/lgtm |
|
K. It turns out we just need to specify the |
github-actions
bot
added
the
locked - please file new issue/PR
vendor in c/common config pkg for containers.conf
Signed-off-by: Qi Wang [email protected]
Signed-off-by: Daniel J Walsh [email protected]