summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarco Vedovati <mvedovati@suse.com>2019-07-05 12:54:07 +0200
committerMarco Vedovati <mvedovati@suse.com>2019-09-25 19:44:38 +0200
commitdacbc5beb2a8841e52cf8ea7f544b4d302469c1d (patch)
tree59789993d8dafec7b96ca1eb7a31b3959c50e7b0
parent83b2348313c52cc3e20d72285a9d81d3d72c2d5d (diff)
downloadpodman-dacbc5beb2a8841e52cf8ea7f544b4d302469c1d.tar.gz
podman-dacbc5beb2a8841e52cf8ea7f544b4d302469c1d.tar.bz2
podman-dacbc5beb2a8841e52cf8ea7f544b4d302469c1d.zip
rm: add containers eviction with `rm --force`
Add ability to evict a container when it becomes unusable. This may happen when the host setup changes after a container creation, making it impossible for that container to be used or removed. Evicting a container is done using the `rm --force` command. Signed-off-by: Marco Vedovati <mvedovati@suse.com>
-rwxr-xr-xAPI.md22
-rw-r--r--cmd/podman/rm.go7
-rw-r--r--cmd/podman/varlink/io.podman.varlink18
-rw-r--r--docs/podman-rm.1.md7
-rw-r--r--libpod/boltdb_state.go147
-rw-r--r--libpod/boltdb_state_internal.go83
-rw-r--r--libpod/define/errors.go4
-rw-r--r--libpod/in_memory_state.go108
-rw-r--r--libpod/runtime_cstorage.go6
-rw-r--r--libpod/runtime_ctr.go116
-rw-r--r--libpod/state.go6
-rw-r--r--libpod/state_test.go70
-rw-r--r--libpod/util_linux.go13
-rw-r--r--libpod/util_unsupported.go4
-rw-r--r--pkg/adapter/containers.go17
-rw-r--r--pkg/adapter/containers_remote.go25
-rw-r--r--pkg/varlinkapi/containers.go9
17 files changed, 540 insertions, 122 deletions
diff --git a/API.md b/API.md
index f0e5cf18f..7d11fdd3f 100755
--- a/API.md
+++ b/API.md
@@ -41,6 +41,8 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in
[func Diff(name: string) DiffInfo](#Diff)
+[func EvictContainer(name: string, removeVolumes: bool) string](#EvictContainer)
+
[func ExecContainer(opts: ExecOpts) ](#ExecContainer)
[func ExportContainer(name: string, path: string) string](#ExportContainer)
@@ -445,6 +447,22 @@ $ varlink call -m unix:/run/podman/io.podman/io.podman.DeleteUnusedImages
method Diff(name: [string](https://godoc.org/builtin#string)) [DiffInfo](#DiffInfo)</div>
Diff returns a diff between libpod objects
+### <a name="EvictContainer"></a>func EvictContainer
+<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;">
+
+method EvictContainer(name: [string](https://godoc.org/builtin#string), removeVolumes: [bool](https://godoc.org/builtin#bool)) [string](https://godoc.org/builtin#string)</div>
+EvictContainer requires the name or ID of a container as well as a boolean that
+indicates to remove builtin volumes. Upon successful eviction of the container,
+its ID is returned. If the container cannot be found by name or ID,
+a [ContainerNotFound](#ContainerNotFound) error will be returned.
+See also [RemoveContainer](RemoveContainer).
+#### Example
+~~~
+$ varlink call -m unix:/run/podman/io.podman/io.podman.EvictContainer '{"name": "62f4fd98cb57"}'
+{
+ "container": "62f4fd98cb57f529831e8f90610e54bba74bd6f02920ffb485e15376ed365c20"
+}
+~~~
### <a name="ExecContainer"></a>func ExecContainer
<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;">
@@ -953,10 +971,12 @@ ReceiveFile allows the host to send a remote client a file
<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;">
method RemoveContainer(name: [string](https://godoc.org/builtin#string), force: [bool](https://godoc.org/builtin#bool), removeVolumes: [bool](https://godoc.org/builtin#bool)) [string](https://godoc.org/builtin#string)</div>
-RemoveContainer requires the name or ID of container as well a boolean representing whether a running container can be stopped and removed, and a boolean
+RemoveContainer requires the name or ID of a container as well as a boolean that
+indicates whether a container should be forcefully removed (e.g., by stopping it), and a boolean
indicating whether to remove builtin volumes. Upon successful removal of the
container, its ID is returned. If the
container cannot be found by name or ID, a [ContainerNotFound](#ContainerNotFound) error will be returned.
+See also [EvictContainer](EvictContainer).
#### Example
~~~
$ varlink call -m unix:/run/podman/io.podman/io.podman.RemoveContainer '{"name": "62f4fd98cb57"}'
diff --git a/cmd/podman/rm.go b/cmd/podman/rm.go
index 9e3ce4d0b..89062f524 100644
--- a/cmd/podman/rm.go
+++ b/cmd/podman/rm.go
@@ -13,7 +13,7 @@ var (
rmCommand cliconfig.RmValues
rmDescription = fmt.Sprintf(`Removes one or more containers from the host. The container name or ID can be used.
- Command does not remove images. Running containers will not be removed without the -f option.`)
+ Command does not remove images. Running or unusable containers will not be removed without the -f option.`)
_rmCommand = &cobra.Command{
Use: "rm [flags] CONTAINER [CONTAINER...]",
Short: "Remove one or more containers",
@@ -29,7 +29,8 @@ var (
},
Example: `podman rm imageID
podman rm mywebserver myflaskserver 860a4b23
- podman rm --force --all`,
+ podman rm --force --all
+ podman rm -f c684f0d469f2`,
}
)
@@ -39,7 +40,7 @@ func init() {
rmCommand.SetUsageTemplate(UsageTemplate())
flags := rmCommand.Flags()
flags.BoolVarP(&rmCommand.All, "all", "a", false, "Remove all containers")
- flags.BoolVarP(&rmCommand.Force, "force", "f", false, "Force removal of a running container. The default is false")
+ flags.BoolVarP(&rmCommand.Force, "force", "f", false, "Force removal of a running or unusable container. The default is false")
flags.BoolVarP(&rmCommand.Latest, "latest", "l", false, "Act on the latest container podman is aware of")
flags.BoolVar(&rmCommand.Storage, "storage", false, "Remove container from storage library")
flags.BoolVarP(&rmCommand.Volumes, "volumes", "v", false, "Remove the volumes associated with the container")
diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink
index 4692525e3..3434a2bcb 100644
--- a/cmd/podman/varlink/io.podman.varlink
+++ b/cmd/podman/varlink/io.podman.varlink
@@ -727,10 +727,12 @@ method GetAttachSockets(name: string) -> (sockets: Sockets)
# or name, a [ContainerNotFound](#ContainerNotFound) error is returned.
method WaitContainer(name: string, interval: int) -> (exitcode: int)
-# RemoveContainer requires the name or ID of container as well a boolean representing whether a running container can be stopped and removed, and a boolean
+# RemoveContainer requires the name or ID of a container as well as a boolean that
+# indicates whether a container should be forcefully removed (e.g., by stopping it), and a boolean
# indicating whether to remove builtin volumes. Upon successful removal of the
# container, its ID is returned. If the
# container cannot be found by name or ID, a [ContainerNotFound](#ContainerNotFound) error will be returned.
+# See also [EvictContainer](EvictContainer).
# #### Example
# ~~~
# $ varlink call -m unix:/run/podman/io.podman/io.podman.RemoveContainer '{"name": "62f4fd98cb57"}'
@@ -740,6 +742,20 @@ method WaitContainer(name: string, interval: int) -> (exitcode: int)
# ~~~
method RemoveContainer(name: string, force: bool, removeVolumes: bool) -> (container: string)
+# EvictContainer requires the name or ID of a container as well as a boolean that
+# indicates to remove builtin volumes. Upon successful eviction of the container,
+# its ID is returned. If the container cannot be found by name or ID,
+# a [ContainerNotFound](#ContainerNotFound) error will be returned.
+# See also [RemoveContainer](RemoveContainer).
+# #### Example
+# ~~~
+# $ varlink call -m unix:/run/podman/io.podman/io.podman.EvictContainer '{"name": "62f4fd98cb57"}'
+# {
+# "container": "62f4fd98cb57f529831e8f90610e54bba74bd6f02920ffb485e15376ed365c20"
+# }
+# ~~~
+method EvictContainer(name: string, removeVolumes: bool) -> (container: string)
+
# DeleteStoppedContainers will delete all containers that are not running. It will return a list the deleted
# container IDs. See also [RemoveContainer](RemoveContainer).
# #### Example
diff --git a/docs/podman-rm.1.md b/docs/podman-rm.1.md
index 88339af16..207d9d61d 100644
--- a/docs/podman-rm.1.md
+++ b/docs/podman-rm.1.md
@@ -9,7 +9,8 @@ podman\-rm - Remove one or more containers
**podman container rm** [*options*] *container*
## DESCRIPTION
-**podman rm** will remove one or more containers from the host. The container name or ID can be used. This does not remove images. Running containers will not be removed without the `-f` option
+**podman rm** will remove one or more containers from the host. The container name or ID can be used. This does not remove images.
+Running or unusable containers will not be removed without the `-f` option.
## OPTIONS
@@ -19,9 +20,11 @@ Remove all containers. Can be used in conjunction with -f as well.
**--force**, **-f**
-Force the removal of running and paused containers. Forcing a containers removal also
+Force the removal of running and paused containers. Forcing a container removal also
removes containers from container storage even if the container is not known to podman.
Containers could have been created by a different container engine.
+In addition, forcing can be used to remove unusable containers, e.g. containers
+whose OCI runtime has become unavailable.
**--latest**, **-l**
diff --git a/libpod/boltdb_state.go b/libpod/boltdb_state.go
index a6fd9a7d8..e43d54eee 100644
--- a/libpod/boltdb_state.go
+++ b/libpod/boltdb_state.go
@@ -407,6 +407,60 @@ func (s *BoltState) Container(id string) (*Container, error) {
return ctr, nil
}
+// LookupContainerID retrieves a container ID from the state by full or unique
+// partial ID or name
+func (s *BoltState) LookupContainerID(idOrName string) (string, error) {
+ if idOrName == "" {
+ return "", define.ErrEmptyID
+ }
+
+ if !s.valid {
+ return "", define.ErrDBClosed
+ }
+
+ db, err := s.getDBCon()
+ if err != nil {
+ return "", err
+ }
+ defer s.deferredCloseDBCon(db)
+
+ var id []byte
+ err = db.View(func(tx *bolt.Tx) error {
+ ctrBucket, err := getCtrBucket(tx)
+ if err != nil {
+ return err
+ }
+
+ namesBucket, err := getNamesBucket(tx)
+ if err != nil {
+ return err
+ }
+
+ nsBucket, err := getNSBucket(tx)
+ if err != nil {
+ return err
+ }
+
+ fullID, err := s.lookupContainerID(idOrName, ctrBucket, namesBucket, nsBucket)
+ // Check if it is in our namespace
+ if s.namespaceBytes != nil {
+ ns := nsBucket.Get(fullID)
+ if !bytes.Equal(ns, s.namespaceBytes) {
+ return errors.Wrapf(define.ErrNoSuchCtr, "no container found with name or ID %s", idOrName)
+ }
+ }
+ id = fullID
+ return err
+ })
+
+ if err != nil {
+ return "", err
+ }
+
+ retID := string(id)
+ return retID, nil
+}
+
// LookupContainer retrieves a container from the state by full or unique
// partial ID or name
func (s *BoltState) LookupContainer(idOrName string) (*Container, error) {
@@ -444,67 +498,9 @@ func (s *BoltState) LookupContainer(idOrName string) (*Container, error) {
return err
}
- // First, check if the ID given was the actual container ID
- var id []byte
- ctrExists := ctrBucket.Bucket([]byte(idOrName))
- if ctrExists != nil {
- // A full container ID was given.
- // It might not be in our namespace, but
- // getContainerFromDB() will handle that case.
- id = []byte(idOrName)
- return s.getContainerFromDB(id, ctr, ctrBucket)
- }
-
- // Next, check if the full name was given
- isPod := false
- fullID := namesBucket.Get([]byte(idOrName))
- if fullID != nil {
- // The name exists and maps to an ID.
- // However, we are not yet certain the ID is a
- // container.
- ctrExists = ctrBucket.Bucket(fullID)
- if ctrExists != nil {
- // A container bucket matching the full ID was
- // found.
- return s.getContainerFromDB(fullID, ctr, ctrBucket)
- }
- // Don't error if we have a name match but it's not a
- // container - there's a chance we have a container with
- // an ID starting with those characters.
- // However, so we can return a good error, note whether
- // this is a pod.
- isPod = true
- }
-
- // We were not given a full container ID or name.
- // Search for partial ID matches.
- exists := false
- err = ctrBucket.ForEach(func(checkID, checkName []byte) error {
- // If the container isn't in our namespace, we
- // can't match it
- if s.namespaceBytes != nil {
- ns := nsBucket.Get(checkID)
- if !bytes.Equal(ns, s.namespaceBytes) {
- return nil
- }
- }
- if strings.HasPrefix(string(checkID), idOrName) {
- if exists {
- return errors.Wrapf(define.ErrCtrExists, "more than one result for container ID %s", idOrName)
- }
- id = checkID
- exists = true
- }
-
- return nil
- })
+ id, err := s.lookupContainerID(idOrName, ctrBucket, namesBucket, nsBucket)
if err != nil {
return err
- } else if !exists {
- if isPod {
- return errors.Wrapf(define.ErrNoSuchCtr, "%s is a pod, not a container", idOrName)
- }
- return errors.Wrapf(define.ErrNoSuchCtr, "no container with name or ID %s found", idOrName)
}
return s.getContainerFromDB(id, ctr, ctrBucket)
@@ -860,6 +856,39 @@ func (s *BoltState) AllContainers() ([]*Container, error) {
return ctrs, nil
}
+// GetContainerConfig returns a container config from the database by full ID
+func (s *BoltState) GetContainerConfig(id string) (*ContainerConfig, error) {
+ if len(id) == 0 {
+ return nil, define.ErrEmptyID
+ }
+
+ if !s.valid {
+ return nil, define.ErrDBClosed
+ }
+
+ config := new(ContainerConfig)
+
+ db, err := s.getDBCon()
+ if err != nil {
+ return nil, err
+ }
+ defer s.deferredCloseDBCon(db)
+
+ err = db.View(func(tx *bolt.Tx) error {
+ ctrBucket, err := getCtrBucket(tx)
+ if err != nil {
+ return err
+ }
+
+ return s.getContainerConfigFromDB([]byte(id), config, ctrBucket)
+ })
+ if err != nil {
+ return nil, err
+ }
+
+ return config, nil
+}
+
// RewriteContainerConfig rewrites a container's configuration.
// WARNING: This function is DANGEROUS. Do not use without reading the full
// comment on this function in state.go.
diff --git a/libpod/boltdb_state_internal.go b/libpod/boltdb_state_internal.go
index a50fce31e..ed87373e9 100644
--- a/libpod/boltdb_state_internal.go
+++ b/libpod/boltdb_state_internal.go
@@ -347,7 +347,7 @@ func getRuntimeConfigBucket(tx *bolt.Tx) (*bolt.Bucket, error) {
return bkt, nil
}
-func (s *BoltState) getContainerFromDB(id []byte, ctr *Container, ctrsBkt *bolt.Bucket) error {
+func (s *BoltState) getContainerConfigFromDB(id []byte, config *ContainerConfig, ctrsBkt *bolt.Bucket) error {
ctrBkt := ctrsBkt.Bucket(id)
if ctrBkt == nil {
return errors.Wrapf(define.ErrNoSuchCtr, "container %s not found in DB", string(id))
@@ -365,10 +365,18 @@ func (s *BoltState) getContainerFromDB(id []byte, ctr *Container, ctrsBkt *bolt.
return errors.Wrapf(define.ErrInternal, "container %s missing config key in DB", string(id))
}
- if err := json.Unmarshal(configBytes, ctr.config); err != nil {
+ if err := json.Unmarshal(configBytes, config); err != nil {
return errors.Wrapf(err, "error unmarshalling container %s config", string(id))
}
+ return nil
+}
+
+func (s *BoltState) getContainerFromDB(id []byte, ctr *Container, ctrsBkt *bolt.Bucket) error {
+ if err := s.getContainerConfigFromDB(id, ctr.config, ctrsBkt); err != nil {
+ return err
+ }
+
// Get the lock
lock, err := s.runtime.lockManager.RetrieveLock(ctr.config.LockID)
if err != nil {
@@ -388,7 +396,7 @@ func (s *BoltState) getContainerFromDB(id []byte, ctr *Container, ctrsBkt *bolt.
ociRuntime, ok := s.runtime.ociRuntimes[runtimeName]
if !ok {
- return errors.Wrapf(define.ErrInternal, "container %s was created with OCI runtime %s, but that runtime is not available in the current configuration", ctr.ID(), ctr.config.OCIRuntime)
+ return errors.Wrapf(define.ErrOCIRuntimeUnavailable, "cannot find OCI runtime %q for container %s", ctr.config.OCIRuntime, ctr.ID())
}
ctr.ociRuntime = ociRuntime
}
@@ -862,3 +870,72 @@ func (s *BoltState) removeContainer(ctr *Container, pod *Pod, tx *bolt.Tx) error
return nil
}
+
+// lookupContainerID retrieves a container ID from the state by full or unique
+// partial ID or name.
+// NOTE: the retrieved container ID namespace may not match the state namespace.
+func (s *BoltState) lookupContainerID(idOrName string, ctrBucket, namesBucket, nsBucket *bolt.Bucket) ([]byte, error) {
+ // First, check if the ID given was the actual container ID
+ ctrExists := ctrBucket.Bucket([]byte(idOrName))
+ if ctrExists != nil {
+ // A full container ID was given.
+ // It might not be in our namespace, but this will be handled
+ // the callers.
+ return []byte(idOrName), nil
+ }
+
+ // Next, check if the full name was given
+ isPod := false
+ fullID := namesBucket.Get([]byte(idOrName))
+ if fullID != nil {
+ // The name exists and maps to an ID.
+ // However, we are not yet certain the ID is a
+ // container.
+ ctrExists = ctrBucket.Bucket(fullID)
+ if ctrExists != nil {
+ // A container bucket matching the full ID was
+ // found.
+ return fullID, nil
+ }
+ // Don't error if we have a name match but it's not a
+ // container - there's a chance we have a container with
+ // an ID starting with those characters.
+ // However, so we can return a good error, note whether
+ // this is a pod.
+ isPod = true
+ }
+
+ var id []byte
+ // We were not given a full container ID or name.
+ // Search for partial ID matches.
+ exists := false
+ err := ctrBucket.ForEach(func(checkID, checkName []byte) error {
+ // If the container isn't in our namespace, we
+ // can't match it
+ if s.namespaceBytes != nil {
+ ns := nsBucket.Get(checkID)
+ if !bytes.Equal(ns, s.namespaceBytes) {
+ return nil
+ }
+ }
+ if strings.HasPrefix(string(checkID), idOrName) {
+ if exists {
+ return errors.Wrapf(define.ErrCtrExists, "more than one result for container ID %s", idOrName)
+ }
+ id = checkID
+ exists = true
+ }
+
+ return nil
+ })
+
+ if err != nil {
+ return nil, err
+ } else if !exists {
+ if isPod {
+ return nil, errors.Wrapf(define.ErrNoSuchCtr, "%s is a pod, not a container", idOrName)
+ }
+ return nil, errors.Wrapf(define.ErrNoSuchCtr, "no container with name or ID %s found", idOrName)
+ }
+ return id, nil
+}
diff --git a/libpod/define/errors.go b/libpod/define/errors.go
index 004acd58f..5392fbc62 100644
--- a/libpod/define/errors.go
+++ b/libpod/define/errors.go
@@ -112,6 +112,10 @@ var (
// that was not found
ErrOCIRuntimeNotFound = errors.New("OCI runtime command not found error")
+ // ErrOCIRuntimeUnavailable indicates that the OCI runtime associated to a container
+ // could not be found in the configuration
+ ErrOCIRuntimeUnavailable = errors.New("OCI runtime not available in the current configuration")
+
// ErrConmonOutdated indicates the version of conmon found (whether via the configuration or $PATH)
// is out of date for the current podman version
ErrConmonOutdated = errors.New("outdated conmon version")
diff --git a/libpod/in_memory_state.go b/libpod/in_memory_state.go
index a008fcb39..5ab258772 100644
--- a/libpod/in_memory_state.go
+++ b/libpod/in_memory_state.go
@@ -115,15 +115,16 @@ func (s *InMemoryState) Container(id string) (*Container, error) {
return ctr, nil
}
-// LookupContainer retrieves a container by full ID, unique partial ID, or name
-func (s *InMemoryState) LookupContainer(idOrName string) (*Container, error) {
+// lookupID retrieves a container or pod ID by full ID, unique partial ID, or
+// name
+func (s *InMemoryState) lookupID(idOrName string) (string, error) {
var (
nameIndex *registrar.Registrar
idIndex *truncindex.TruncIndex
)
if idOrName == "" {
- return nil, define.ErrEmptyID
+ return "", define.ErrEmptyID
}
if s.namespace != "" {
@@ -131,7 +132,7 @@ func (s *InMemoryState) LookupContainer(idOrName string) (*Container, error) {
if !ok {
// We have no containers in the namespace
// Return false
- return nil, errors.Wrapf(define.ErrNoSuchCtr, "no container found with name or ID %s", idOrName)
+ return "", define.ErrNoSuchCtr
}
nameIndex = nsIndex.nameIndex
idIndex = nsIndex.idIndex
@@ -147,15 +148,55 @@ func (s *InMemoryState) LookupContainer(idOrName string) (*Container, error) {
fullID, err = idIndex.Get(idOrName)
if err != nil {
if err == truncindex.ErrNotExist {
- return nil, errors.Wrapf(define.ErrNoSuchCtr, "no container found with name or ID %s", idOrName)
+ return "", define.ErrNoSuchCtr
}
- return nil, errors.Wrapf(err, "error performing truncindex lookup for ID %s", idOrName)
+ return "", errors.Wrapf(err, "error performing truncindex lookup for ID %s", idOrName)
}
} else {
- return nil, errors.Wrapf(err, "error performing registry lookup for ID %s", idOrName)
+ return "", errors.Wrapf(err, "error performing registry lookup for ID %s", idOrName)
}
}
+ return fullID, nil
+}
+
+// LookupContainerID retrieves a container ID by full ID, unique partial ID, or
+// name
+func (s *InMemoryState) LookupContainerID(idOrName string) (string, error) {
+ fullID, err := s.lookupID(idOrName)
+
+ switch err {
+ case nil:
+ _, ok := s.containers[fullID]
+ if !ok {
+ // It's a pod, not a container
+ return "", errors.Wrapf(define.ErrNoSuchCtr, "name or ID %s is a pod, not a container", idOrName)
+ }
+
+ case define.ErrNoSuchCtr:
+ return "", errors.Wrapf(define.ErrNoSuchCtr, "no container found with name or ID %s", idOrName)
+
+ default:
+ return "", err
+ }
+
+ return fullID, nil
+}
+
+// LookupContainer retrieves a container by full ID, unique partial ID, or name
+func (s *InMemoryState) LookupContainer(idOrName string) (*Container, error) {
+ fullID, err := s.lookupID(idOrName)
+
+ switch err {
+ case nil:
+
+ case define.ErrNoSuchCtr:
+ return nil, errors.Wrapf(define.ErrNoSuchCtr, "no container found with name or ID %s", idOrName)
+
+ default:
+ return nil, err
+ }
+
ctr, ok := s.containers[fullID]
if !ok {
// It's a pod, not a container
@@ -385,6 +426,16 @@ func (s *InMemoryState) AllContainers() ([]*Container, error) {
return ctrs, nil
}
+// GetContainerConfig returns a container config from the database by full ID
+func (s *InMemoryState) GetContainerConfig(id string) (*ContainerConfig, error) {
+ ctr, err := s.LookupContainer(id)
+ if err != nil {
+ return nil, err
+ }
+
+ return ctr.Config(), nil
+}
+
// RewriteContainerConfig rewrites a container's configuration.
// This function is DANGEROUS, even with an in-memory state.
// Please read the full comment on it in state.go before using it.
@@ -623,49 +674,22 @@ func (s *InMemoryState) Pod(id string) (*Pod, error) {
// LookupPod retrieves a pod from the state from a full or unique partial ID or
// a full name
func (s *InMemoryState) LookupPod(idOrName string) (*Pod, error) {
- var (
- nameIndex *registrar.Registrar
- idIndex *truncindex.TruncIndex
- )
+ fullID, err := s.lookupID(idOrName)
- if idOrName == "" {
- return nil, define.ErrEmptyID
- }
+ switch err {
+ case nil:
- if s.namespace != "" {
- nsIndex, ok := s.namespaceIndexes[s.namespace]
- if !ok {
- // We have no containers in the namespace
- // Return false
- return nil, errors.Wrapf(define.ErrNoSuchCtr, "no container found with name or ID %s", idOrName)
- }
- nameIndex = nsIndex.nameIndex
- idIndex = nsIndex.idIndex
- } else {
- nameIndex = s.nameIndex
- idIndex = s.idIndex
- }
+ case define.ErrNoSuchCtr, define.ErrNoSuchPod:
+ return nil, errors.Wrapf(define.ErrNoSuchPod, "no pod found with name or ID %s", idOrName)
- fullID, err := nameIndex.Get(idOrName)
- if err != nil {
- if err == registrar.ErrNameNotReserved {
- // What was passed is not a name, assume it's an ID
- fullID, err = idIndex.Get(idOrName)
- if err != nil {
- if err == truncindex.ErrNotExist {
- return nil, errors.Wrapf(define.ErrNoSuchPod, "no pod found with name or ID %s", idOrName)
- }
- return nil, errors.Wrapf(err, "error performing truncindex lookup for ID %s", idOrName)
- }
- } else {
- return nil, errors.Wrapf(err, "error performing registry lookup for ID %s", idOrName)
- }
+ default:
+ return nil, err
}
pod, ok := s.pods[fullID]
if !ok {
// It's a container not a pod
- return nil, errors.Wrapf(define.ErrNoSuchPod, "id or name %s is a container not a pod", idOrName)
+ return nil, errors.Wrapf(define.ErrNoSuchPod, "id or name %s is a container, not a pod", idOrName)
}
return pod, nil
diff --git a/libpod/runtime_cstorage.go b/libpod/runtime_cstorage.go
index 1e84aef4b..47a91c881 100644
--- a/libpod/runtime_cstorage.go
+++ b/libpod/runtime_cstorage.go
@@ -60,6 +60,12 @@ func (r *Runtime) RemoveStorageContainer(idOrName string, force bool) error {
r.lock.Lock()
defer r.lock.Unlock()
+ return r.removeStorageContainer(idOrName, force)
+}
+
+// Internal function to remove the container storage without
+// locking the runtime.
+func (r *Runtime) removeStorageContainer(idOrName string, force bool) error {
targetID, err := r.store.Lookup(idOrName)
if err != nil {
if err == storage.ErrLayerUnknown {
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index bffce7bca..1a2987244 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -550,6 +550,122 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool,
return cleanupErr
}
+// EvictContainer removes the given container partial or full ID or name, and
+// returns the full ID of the evicted container and any error encountered.
+// It should be used to remove a container when obtaining a Container struct
+// pointer has failed.
+// Running container will not be stopped.
+// If removeVolume is specified, named volumes used by the container will
+// be removed also if and only if the container is the sole user.
+func (r *Runtime) EvictContainer(ctx context.Context, idOrName string, removeVolume bool) (string, error) {
+ r.lock.RLock()
+ defer r.lock.RUnlock()
+ return r.evictContainer(ctx, idOrName, removeVolume)
+}
+
+// evictContainer is the internal function to handle container eviction based
+// on its partial or full ID or name.
+// It returns the full ID of the evicted container and any error encountered.
+// This does not lock the runtime nor the container.
+// removePod is used only when removing pods. It instructs Podman to ignore
+// infra container protections, and *not* remove from the database (as pod
+// remove will handle that).
+func (r *Runtime) evictContainer(ctx context.Context, idOrName string, removeVolume bool) (string, error) {
+ var err error
+
+ if !r.valid {
+ return "", define.ErrRuntimeStopped
+ }
+ id, err := r.state.LookupContainerID(idOrName)
+ if err != nil {
+ return "", errors.Wrapf(err, "Failed to find container %q in state", idOrName)
+ }
+
+ // Error out if the container does not exist in libpod
+ exists, err := r.state.HasContainer(id)
+ if err != nil {
+ return id, err
+ }
+ if !exists {
+ return id, errors.Wrapf(err, "Failed to find container ID %q for eviction", id)
+ }
+
+ // Re-create a container struct for removal purposes
+ c := new(Container)
+ c.config, err = r.state.GetContainerConfig(id)
+ if err != nil {
+ return id, errors.Wrapf(err, "failed to retrieve config for ctr ID %q", id)
+ }
+ c.state = new(ContainerState)
+
+ // We need to lock the pod before we lock the container.
+ // To avoid races around removing a container and the pod it is in.
+ // Don't need to do this in pod removal case - we're evicting the entire
+ // pod.
+ var pod *Pod
+ if c.config.Pod != "" {
+ pod, err = r.state.Pod(c.config.Pod)
+ if err != nil {
+ return id, errors.Wrapf(err, "container %s is in pod %s, but pod cannot be retrieved", c.ID(), pod.ID())
+ }
+
+ // Lock the pod while we're removing container
+ pod.lock.Lock()
+ defer pod.lock.Unlock()
+ if err := pod.updatePod(); err != nil {
+ return id, err
+ }
+
+ infraID := pod.state.InfraContainerID
+ if c.ID() == infraID {
+ return id, errors.Errorf("container %s is the infra container of pod %s and cannot be removed without removing the pod", c.ID(), pod.ID())
+ }
+ }
+
+ var cleanupErr error
+ // Remove the container from the state
+ if c.config.Pod != "" {
+ // If we're removing the pod, the container will be evicted
+ // from the state elsewhere
+ if err := r.state.RemoveContainerFromPod(pod, c); err != nil {
+ cleanupErr = err
+ }
+ } else {
+ if err := r.state.RemoveContainer(c); err != nil {
+ cleanupErr = err
+ }
+ }
+
+ // Unmount container mount points
+ for _, mount := range c.config.Mounts {
+ Unmount(mount)
+ }
+
+ // Remove container from c/storage
+ if err := r.removeStorageContainer(id, true); err != nil {
+ if cleanupErr == nil {
+ cleanupErr = err
+ }
+ }
+
+ if !removeVolume {
+ return id, cleanupErr
+ }
+
+ for _, v := range c.config.NamedVolumes {
+ if volume, err := r.state.Volume(v.Name); err == nil {
+ if !volume.IsCtrSpecific() {
+ continue
+ }
+ if err := r.removeVolume(ctx, volume, false); err != nil && err != define.ErrNoSuchVolume && err != define.ErrVolumeBeingUsed {
+ logrus.Errorf("cleanup volume (%s): %v", v, err)
+ }
+ }
+ }
+
+ return id, cleanupErr
+}
+
// GetContainer retrieves a container by its ID
func (r *Runtime) GetContainer(id string) (*Container, error) {
r.lock.RLock()
diff --git a/libpod/state.go b/libpod/state.go
index 40080d2cc..e38f820b5 100644
--- a/libpod/state.go
+++ b/libpod/state.go
@@ -58,6 +58,9 @@ type State interface {
// If the container is not in the set namespace, an error will be
// returned.
Container(id string) (*Container, error)
+ // Return a container ID from the database by full or partial ID or full
+ // name.
+ LookupContainerID(idOrName string) (string, error)
// Return a container from the database by full or partial ID or full
// name.
// Containers not in the set namespace will be ignored.
@@ -98,6 +101,9 @@ type State interface {
// returned.
AllContainers() ([]*Container, error)
+ // Return a container config from the database by full ID
+ GetContainerConfig(id string) (*ContainerConfig, error)
+
// PLEASE READ FULL DESCRIPTION BEFORE USING.
// Rewrite a container's configuration.
// This function breaks libpod's normal prohibition on a read-only
diff --git a/libpod/state_test.go b/libpod/state_test.go
index 26a1dee7d..5db1f301c 100644
--- a/libpod/state_test.go
+++ b/libpod/state_test.go
@@ -452,6 +452,9 @@ func TestLookupContainerWithEmptyIDFails(t *testing.T) {
runForAllStates(t, func(t *testing.T, state State, manager lock.Manager) {
_, err := state.LookupContainer("")
assert.Error(t, err)
+
+ _, err = state.LookupContainerID("")
+ assert.Error(t, err)
})
}
@@ -459,6 +462,9 @@ func TestLookupNonexistentContainerFails(t *testing.T) {
runForAllStates(t, func(t *testing.T, state State, manager lock.Manager) {
_, err := state.LookupContainer("does not exist")
assert.Error(t, err)
+
+ _, err = state.LookupContainerID("does not exist")
+ assert.Error(t, err)
})
}
@@ -472,8 +478,11 @@ func TestLookupContainerByFullID(t *testing.T) {
retrievedCtr, err := state.LookupContainer(testCtr.ID())
assert.NoError(t, err)
-
testContainersEqual(t, retrievedCtr, testCtr, true)
+
+ retrievedID, err := state.LookupContainerID(testCtr.ID())
+ assert.NoError(t, err)
+ assert.Equal(t, retrievedID, testCtr.ID())
})
}
@@ -487,8 +496,11 @@ func TestLookupContainerByUniquePartialID(t *testing.T) {
retrievedCtr, err := state.LookupContainer(testCtr.ID()[0:8])
assert.NoError(t, err)
-
testContainersEqual(t, retrievedCtr, testCtr, true)
+
+ retrievedID, err := state.LookupContainerID(testCtr.ID()[0:8])
+ assert.NoError(t, err)
+ assert.Equal(t, retrievedID, testCtr.ID())
})
}
@@ -507,6 +519,9 @@ func TestLookupContainerByNonUniquePartialIDFails(t *testing.T) {
_, err = state.LookupContainer(testCtr1.ID()[0:8])
assert.Error(t, err)
+
+ _, err = state.LookupContainerID(testCtr1.ID()[0:8])
+ assert.Error(t, err)
})
}
@@ -520,8 +535,11 @@ func TestLookupContainerByName(t *testing.T) {
retrievedCtr, err := state.LookupContainer(testCtr.Name())
assert.NoError(t, err)
-
testContainersEqual(t, retrievedCtr, testCtr, true)
+
+ retrievedID, err := state.LookupContainerID(testCtr.Name())
+ assert.NoError(t, err)
+ assert.Equal(t, retrievedID, testCtr.ID())
})
}
@@ -535,6 +553,9 @@ func TestLookupCtrByPodNameFails(t *testing.T) {
_, err = state.LookupContainer(testPod.Name())
assert.Error(t, err)
+
+ _, err = state.LookupContainerID(testPod.Name())
+ assert.Error(t, err)
})
}
@@ -548,6 +569,9 @@ func TestLookupCtrByPodIDFails(t *testing.T) {
_, err = state.LookupContainer(testPod.ID())
assert.Error(t, err)
+
+ _, err = state.LookupContainerID(testPod.ID())
+ assert.Error(t, err)
})
}
@@ -565,8 +589,11 @@ func TestLookupCtrInSameNamespaceSucceeds(t *testing.T) {
ctr, err := state.LookupContainer(testCtr.ID())
assert.NoError(t, err)
-
testContainersEqual(t, ctr, testCtr, true)
+
+ ctrID, err := state.LookupContainerID(testCtr.ID())
+ assert.NoError(t, err)
+ assert.Equal(t, ctrID, testCtr.ID())
})
}
@@ -584,6 +611,9 @@ func TestLookupCtrInDifferentNamespaceFails(t *testing.T) {
_, err = state.LookupContainer(testCtr.ID())
assert.Error(t, err)
+
+ _, err = state.LookupContainerID(testCtr.ID())
+ assert.Error(t, err)
})
}
@@ -606,8 +636,11 @@ func TestLookupContainerMatchInDifferentNamespaceSucceeds(t *testing.T) {
ctr, err := state.LookupContainer("000")
assert.NoError(t, err)
-
testContainersEqual(t, ctr, testCtr2, true)
+
+ ctrID, err := state.LookupContainerID("000")
+ assert.NoError(t, err)
+ assert.Equal(t, ctrID, testCtr2.ID())
})
}
@@ -3599,3 +3632,30 @@ func TestSaveAndUpdatePodSameNamespace(t *testing.T) {
testPodsEqual(t, testPod, statePod, false)
})
}
+
+func TestGetContainerConfigSucceeds(t *testing.T) {
+ runForAllStates(t, func(t *testing.T, state State, manager lock.Manager) {
+ testCtr, err := getTestCtr1(manager)
+ assert.NoError(t, err)
+
+ err = state.AddContainer(testCtr)
+ assert.NoError(t, err)
+
+ ctrCfg, err := state.GetContainerConfig(testCtr.ID())
+ assert.NoError(t, err)
+ assert.Equal(t, ctrCfg, testCtr.Config())
+ })
+}
+
+func TestGetContainerConfigEmptyIDFails(t *testing.T) {
+ runForAllStates(t, func(t *testing.T, state State, manager lock.Manager) {
+ _, err := state.GetContainerConfig("")
+ assert.Error(t, err)
+ })
+}
+func TestGetContainerConfigNonExistentIDFails(t *testing.T) {
+ runForAllStates(t, func(t *testing.T, state State, manager lock.Manager) {
+ _, err := state.GetContainerConfig("does not exist")
+ assert.Error(t, err)
+ })
+}
diff --git a/libpod/util_linux.go b/libpod/util_linux.go
index d5c113daf..631f6836c 100644
--- a/libpod/util_linux.go
+++ b/libpod/util_linux.go
@@ -5,6 +5,7 @@ package libpod
import (
"fmt"
"strings"
+ "syscall"
"github.com/containers/libpod/libpod/define"
"github.com/containers/libpod/pkg/cgroups"
@@ -12,6 +13,7 @@ import (
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
+ "golang.org/x/sys/unix"
)
// systemdSliceFromPath makes a new systemd slice under the given parent with
@@ -107,3 +109,14 @@ func LabelVolumePath(path string, shared bool) error {
}
return nil
}
+
+// Unmount umounts a target directory
+func Unmount(mount string) {
+ if err := unix.Unmount(mount, unix.MNT_DETACH); err != nil {
+ if err != syscall.EINVAL {
+ logrus.Warnf("failed to unmount %s : %v", mount, err)
+ } else {
+ logrus.Debugf("failed to unmount %s : %v", mount, err)
+ }
+ }
+}
diff --git a/libpod/util_unsupported.go b/libpod/util_unsupported.go
index 58b0dfbcd..9a9a6eeb6 100644
--- a/libpod/util_unsupported.go
+++ b/libpod/util_unsupported.go
@@ -28,3 +28,7 @@ func assembleSystemdCgroupName(baseSlice, newSlice string) (string, error) {
func LabelVolumePath(path string, shared bool) error {
return define.ErrNotImplemented
}
+
+func Unmount(mount string) error {
+ return define.ErrNotImplemented
+}
diff --git a/pkg/adapter/containers.go b/pkg/adapter/containers.go
index 47db5c0dc..afca4c948 100644
--- a/pkg/adapter/containers.go
+++ b/pkg/adapter/containers.go
@@ -205,7 +205,22 @@ func (r *LocalRuntime) RemoveContainers(ctx context.Context, cli *cliconfig.RmVa
ctrs, err := shortcuts.GetContainersByContext(cli.All, cli.Latest, cli.InputArgs, r.Runtime)
if err != nil {
- return ok, failures, err
+ // Failed to get containers. If force is specified, get the containers ID
+ // and evict them
+ if !cli.Force {
+ return ok, failures, err
+ }
+
+ for _, ctr := range cli.InputArgs {
+ logrus.Debugf("Evicting container %q", ctr)
+ id, err := r.EvictContainer(ctx, ctr, cli.Volumes)
+ if err != nil {
+ failures[ctr] = errors.Wrapf(err, "Failed to evict container: %q", id)
+ continue
+ }
+ ok = append(ok, id)
+ }
+ return ok, failures, nil
}
pool := shared.NewPool("rm", maxWorkers, len(ctrs))
diff --git a/pkg/adapter/containers_remote.go b/pkg/adapter/containers_remote.go
index 01e008e87..07ec1f19e 100644
--- a/pkg/adapter/containers_remote.go
+++ b/pkg/adapter/containers_remote.go
@@ -321,16 +321,31 @@ func (r *LocalRuntime) KillContainers(ctx context.Context, cli *cliconfig.KillVa
// RemoveContainer removes container(s) based on varlink inputs.
func (r *LocalRuntime) RemoveContainers(ctx context.Context, cli *cliconfig.RmValues) ([]string, map[string]error, error) {
- ids, err := iopodman.GetContainersByContext().Call(r.Conn, cli.All, cli.Latest, cli.InputArgs)
- if err != nil {
- return nil, nil, TranslateError(err)
- }
-
var (
ok = []string{}
failures = map[string]error{}
)
+ ids, err := iopodman.GetContainersByContext().Call(r.Conn, cli.All, cli.Latest, cli.InputArgs)
+ if err != nil {
+ // Failed to get containers. If force is specified, get the containers ID
+ // and evict them
+ if !cli.Force {
+ return nil, nil, TranslateError(err)
+ }
+
+ for _, ctr := range cli.InputArgs {
+ logrus.Debugf("Evicting container %q", ctr)
+ id, err := iopodman.EvictContainer().Call(r.Conn, ctr, cli.Volumes)
+ if err != nil {
+ failures[ctr] = errors.Wrapf(err, "Failed to evict container: %q", id)
+ continue
+ }
+ ok = append(ok, string(id))
+ }
+ return ok, failures, nil
+ }
+
for _, id := range ids {
_, err := iopodman.RemoveContainer().Call(r.Conn, id, cli.Force, cli.Volumes)
if err != nil {
diff --git a/pkg/varlinkapi/containers.go b/pkg/varlinkapi/containers.go
index 93f9d4fe3..79fcef11a 100644
--- a/pkg/varlinkapi/containers.go
+++ b/pkg/varlinkapi/containers.go
@@ -508,7 +508,16 @@ func (i *LibpodAPI) RemoveContainer(call iopodman.VarlinkCall, name string, forc
return call.ReplyErrorOccurred(err.Error())
}
return call.ReplyRemoveContainer(ctr.ID())
+}
+// EvictContainer ...
+func (i *LibpodAPI) EvictContainer(call iopodman.VarlinkCall, name string, removeVolumes bool) error {
+ ctx := getContext()
+ id, err := i.Runtime.EvictContainer(ctx, name, removeVolumes)
+ if err != nil {
+ return call.ReplyErrorOccurred(err.Error())
+ }
+ return call.ReplyEvictContainer(id)
}
// DeleteStoppedContainers ...