| Age | Commit message (Collapse) | Author |
|---|
|
* container: T6219: Add support for container sysctl / kernel parameters
(cherry picked from commit 717ea64e4c54a8be619ffc29c16c6203b29319dd)
* T6219: align with system sysctl and limit parameters to supported
(cherry picked from commit f030464952168b553b5b3e29b461d437c2642a9b)
---------
Co-authored-by: Ben Pilgrim <ben@pilgrim.me.uk>
Co-authored-by: Nicolas Vollmar <nvollmar@gmail.com>
|
|
The intention of vyos.utils package is to have a common ground for repeating
actions/helpers. This is also true for number of CPUs and their respective
core count.
Move vyos.cpu to vyos.utils.cpu
(cherry picked from commit e318eb33446de47835480d4b8f1646b39fb5c388)
|
|
Commit 74910564f ("T6406: rename cpus to cpu") did not import the function
from the Python module.
(cherry picked from commit 8439f8a43e93c0560f1abfc2aa60990f521b4d4d)
|
|
(cherry picked from commit 74910564f82e2837cd7eb35ea21f07601e5f8f0d)
|
|
(cherry picked from commit 81dea053e7178b8fea836a85aacde2a38ffb9e09)
|
|
(cherry picked from commit f5051de4fc034bd95677ef142423e59eae47cd2f)
|
|
(cherry picked from commit 240f199cdfadbc12ce713dae74c8db3af44a398c)
|
|
(cherry picked from commit 6b5590ae3325320a2b6bbcb34086ddb178860160)
|
|
'upper'
Commit b30faa43c (container: T6208: rename "cap-add" CLI node to "capability")
added an AttributeError referencing an out of scope variable.
This has been fixed.
(cherry picked from commit 2463bd292f14e46fdb26116791a89ca2eb651d17)
|
|
Containers have the ability to add Linux system capabilities to them, this is
done using the "set container name <name> cap-add" command.
The CLI node sounds off and rather should be "set container name <name>
capability" instead as we use and pass a capability to a container and not
add/invent new ones.
(cherry picked from commit b30faa43c28b592febd83a7fd3a58247de6b27bc)
|
|
(cherry picked from commit 5bb27f0c6220fd940b63cdd37a60c312c0ac3efd)
|
|
It does not make sense to perform the "podman login" command when setting up
containers, as images are not automatically pulled in from the registry - due
to issues with the default route during startup.
The same issue manifests in "podman login" where we can not login to a registry
unless there is a default route present.
This commit changes the behavior that the container registry is part of the
configuration, but it is only referenced during "add container image" and thus
never during system boot.
(cherry picked from commit baf30d8319ef4d0f0cc4cdf0f7c12f03f8a492b6)
|
|
(cherry picked from commit 52e9707a43290f5f826766e2c42c5f0db3c9adec)
|
|
container: T5829: verify container network used supports the given AFI (backport)
|
|
conmon 402de34b31388b5a2e1c <error>: Unable to send container stderr message to parent Broken pipe
https://github.com/containers/conmon/issues/438
(cherry picked from commit 6c84ff41b92d7c2e0b239dca59955e8a247fecdb)
|
|
(cherry picked from commit 405cc66041d8035500f7b7116301983c48464a9b)
|
|
(cherry picked from commit e70ca62c474b4e2cc135851a6e5cceee037bf378)
|
|
(cherry picked from commit 79a46675b031a4edc0ea925a45066077c0804b9b)
|
|
Ability to set labels for container
set container name c1 allow-host-networks
set container name c1 image 'busybox'
set container name c1 label mypods value 'My label for containers'
|
|
|
|
Fix for add IPv6 link-local address for container interfaces
set container network NET01 prefix '10.0.0.0/24'
set container network NET01 prefix '2001:db8:2222::/64'
% ip -6 addr show scope link dev pod-NET01
17: pod-NET01: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet6 fe80::d89c:dfff:fe1a:8689/64 scope link
|
|
Ability to publish multiple IP/IPv6 addresses for container
set container name c1 port web destination '80'
set container name c1 port web listen-address '192.0.2.1'
set container name c1 port web listen-address '2001:db8:1111::1'
set container name c1 port web source '8080'
--publish 192.0.2.1:8080:80/tcp --publish [2001:db8:1111::1]:8080:80/tcp
|
|
|
|
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process
* T5195: use read_file and write_file implementation from vyos.utils.file
Changed code automatically using:
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} +
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} +
* T5195: move chmod* helpers to vyos.utils.permission
* T5195: use colon_separated_to_dict from vyos.utils.dict
* T5195: move is_systemd_service_* to vyos.utils.process
* T5195: fix boot issues with missing imports
* T5195: move dict_search_* helpers to vyos.utils.dict
* T5195: move network helpers to vyos.utils.network
* T5195: move commit_* helpers to vyos.utils.commit
* T5195: move user I/O helpers to vyos.utils.io
|
|
set container name c1 volume myvlm propagation rshared
|
|
With commit 0ea3e1420 ("container: T5082: switch to netavark network stack")
moving to a new network stack we should also enable the new DNS plugin provided
by default.
TODO: add CLI nodes to manually disable DNS and/or supply external DNS servers
to the container.
|
|
If the name of the network + the length of the podman- prefix exceeds
the maximum supported length of netavark we get an error:
Error: netavark: get bridge interface: Netlink error: Numerical result out of
range (os error 34)
|
|
Networks are started only as soon as there is a consumer. If only a network is
created in the first place, no need to assign it to a VRF as there's no
consumer, yet.
|
|
Container networks now can be bound to a specific VRF instance.
set vrf name <foo> table <xxx>
set container network <name> vrf <foo>
|
|
Commit fe82d86d ("container: T4959: add registry authentication option") looked
up the wrong config dict level when validating that both username and password
need to be specified when registries are in use.
|
|
We now support assigning discrete IPv6 addresses to a container.
|
|
Commit 52e51ffb ("container: T5047: restart only containers that changed")
started to iterate over a NoneType which is invalid. This happened when a
network description was changed but no container was due for restart.
|
|
By default VyOS used to restart all containers it managed. This makes no sense
as it will be service disrupting. Instead only restart the containers that had
changes on the CLI beeing made.
|
|
As podman is going to use netavark as new default we must explicitly select
the old driver until we have migrated to netavark.
|
|
Container registry CLI node changed from leafNode to tagNode with the same
defaults. In addition we can now configure an authentication option per
registry.
|
|
Ability setting container hostname
This host name is used as /etc/hostname
set container name <tag> host-name 'mybox'
|
|
container: T4014: Add `command`, `arg` and `entrypoint` configuration options for containers
|
|
As we have the same variable name 'default_values' for container
name, port and volume, it rewrites default container parameters
with default port parameters
Fix it
|
|
containers"
This reverts commit b17251334c57c2f6875c19ad4e6c6127aa9e1811.
|
|
options for containers
|
|
|
|
Whenever a container is used and a folder is mounted, this happenes as
read-write which is the default in Docker/Podman - so is the default in VyOS.
A new option is added "set container name foo volume mode <ro|rw>" to specify
explicitly if rw (default) or ro should be used for this mounted folder.
|
|
Instead of hardcoding the default protocol as TCP in the Python script we shall
use the XML based defaultValue approach instead. This also automatically exports
the default to the CLI completion helper.
|
|
If port is specified on the CLI so must be source and destination under
the port node.
|
|
Size of /dev/shm within a container can be defined via --shm-size when invoking
the container. Add corresponding CLI node.
|
|
* ExecStop action with defined timeout allows for quicker reboot/shutdown with containers
|
|
containers: T4473: Fix create container with not exist network
|
|
Fix correct path for removing containers and container networks
Reduce timoute from 10 (default) to 3 seconds for stopping
containers
|
|
Fix for setting container without or wrong network decalaration
|
|
|
