diff options
author | haircommander <pehunt@redhat.com> | 2018-07-27 13:58:50 -0400 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-08-23 18:16:28 +0000 |
commit | d5e690914dc78eca8664442e7677eb5004522bfd (patch) | |
tree | 3f7ed30e4302c871c16126a0032b8a3d51c46f98 /pkg | |
parent | 63dd200e7e47261454c7e55fed2ad972144e147f (diff) | |
download | podman-d5e690914dc78eca8664442e7677eb5004522bfd.tar.gz podman-d5e690914dc78eca8664442e7677eb5004522bfd.tar.bz2 podman-d5e690914dc78eca8664442e7677eb5004522bfd.zip |
Added option to share kernel namespaces in libpod and podman
A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/inspect/inspect.go | 1 | ||||
-rw-r--r-- | pkg/spec/createconfig.go | 17 | ||||
-rw-r--r-- | pkg/spec/parse.go | 17 | ||||
-rw-r--r-- | pkg/spec/spec.go | 6 | ||||
-rw-r--r-- | pkg/varlinkapi/pods.go | 2 |
5 files changed, 42 insertions, 1 deletions
diff --git a/pkg/inspect/inspect.go b/pkg/inspect/inspect.go index d2c9e79a5..be3818db8 100644 --- a/pkg/inspect/inspect.go +++ b/pkg/inspect/inspect.go @@ -170,6 +170,7 @@ type ContainerInspectData struct { NetworkSettings *NetworkSettings `json:"NetworkSettings"` //TODO ExitCommand []string `json:"ExitCommand"` Namespace string `json:"Namespace"` + IsPause bool `json:"IsPause"` } // ContainerInspectState represents the state of a container. diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go index 6df6fb480..dd1cd5833 100644 --- a/pkg/spec/createconfig.go +++ b/pkg/spec/createconfig.go @@ -364,6 +364,9 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib networks := make([]string, 0) userNetworks := c.NetMode.UserDefined() + if IsPod(userNetworks) { + userNetworks = "" + } if userNetworks != "" { for _, netName := range strings.Split(userNetworks, ",") { if netName == "" { @@ -381,6 +384,8 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib return nil, errors.Wrapf(err, "container %q not found", c.NetMode.ConnectedContainer()) } options = append(options, libpod.WithNetNSFrom(connectedCtr)) + } else if IsPod(string(c.NetMode)) { + options = append(options, libpod.WithNetNSFromPod()) } else if !c.NetMode.IsHost() && !c.NetMode.IsNone() { isRootless := rootless.IsRootless() postConfigureNetNS := isRootless || (len(c.IDMappings.UIDMap) > 0 || len(c.IDMappings.GIDMap) > 0) && !c.UsernsMode.IsHost() @@ -398,6 +403,10 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib options = append(options, libpod.WithPIDNSFrom(connectedCtr)) } + if IsPod(string(c.PidMode)) { + options = append(options, libpod.WithPIDNSFromPod()) + } + if c.IpcMode.IsContainer() { connectedCtr, err := c.Runtime.LookupContainer(c.IpcMode.Container()) if err != nil { @@ -406,7 +415,15 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib options = append(options, libpod.WithIPCNSFrom(connectedCtr)) } + if IsPod(string(c.IpcMode)) { + options = append(options, libpod.WithIPCNSFromPod()) + } + + if IsPod(string(c.UtsMode)) { + options = append(options, libpod.WithUTSNSFromPod()) + } + // TODO: MNT, USER, CGROUP options = append(options, libpod.WithStopSignal(c.StopSignal)) options = append(options, libpod.WithStopTimeout(c.StopTimeout)) if len(c.DNSSearch) > 0 { diff --git a/pkg/spec/parse.go b/pkg/spec/parse.go index d34e10760..4cdc62de6 100644 --- a/pkg/spec/parse.go +++ b/pkg/spec/parse.go @@ -18,12 +18,29 @@ func (w *weightDevice) String() string { return fmt.Sprintf("%s:%d", w.path, w.weight) } +// LinuxNS is a struct that contains namespace information +// It implemented Valid to show it is a valid namespace +type LinuxNS interface { + Valid() bool +} + // IsNS returns if the specified string has a ns: prefix func IsNS(s string) bool { parts := strings.SplitN(s, ":", 2) return len(parts) > 1 && parts[0] == "ns" } +// IsPod returns if the specified string is pod +func IsPod(s string) bool { + return s == "pod" +} + +// Valid checks the validity of a linux namespace +// s should be the string representation of ns +func Valid(s string, ns LinuxNS) bool { + return IsPod(s) || IsNS(s) || ns.Valid() +} + // NS is the path to the namespace to join. func NS(s string) string { parts := strings.SplitN(s, ":", 2) diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 7323b2d2b..8d8a07a2e 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -349,6 +349,9 @@ func addPidNS(config *CreateConfig, g *generate.Generator) error { if pidMode.IsContainer() { logrus.Debug("using container pidmode") } + if IsPod(string(pidMode)) { + logrus.Debug("using pod pidmode") + } return nil } @@ -384,6 +387,9 @@ func addNetNS(config *CreateConfig, g *generate.Generator) error { } else if IsNS(string(netMode)) { logrus.Debug("Using ns netmode") return g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, NS(string(netMode))) + } else if IsPod(string(netMode)) { + logrus.Debug("Using pod netmode, unless pod is not sharing") + return nil } else if netMode.IsUserDefined() { logrus.Debug("Using user defined netmode") return nil diff --git a/pkg/varlinkapi/pods.go b/pkg/varlinkapi/pods.go index 9e49ab687..6252d815b 100644 --- a/pkg/varlinkapi/pods.go +++ b/pkg/varlinkapi/pods.go @@ -23,7 +23,7 @@ func (i *LibpodAPI) CreatePod(call iopodman.VarlinkCall, create iopodman.PodCrea } options = append(options, libpod.WithPodCgroups()) - pod, err := i.Runtime.NewPod(options...) + pod, err := i.Runtime.NewPod(getContext(), options...) if err != nil { return call.ReplyErrorOccurred(err.Error()) } |