implement init containers in podman

this is the first pass at implementing init containers for podman pods.
init containersare made popular by k8s as a way to run setup for pods
before the pods standard containers run.

unlike k8s, we support two styles of init containers: always and
oneshot.  always means the container stays in the pod and starts
whenever a pod is started.  this does not apply to pods restarting.
oneshot means the container runs onetime when the pod starts and then is
removed.

Signed-off-by: Brent Baude <bbaude@redhat.com>

4 files changed, 30 insertions, 3 deletions

diff --git a/pkg/domain/infra/abi/pods.go b/pkg/domain/infra/abi/pods.go
index 9f033a4c0..055c495d5 100644
--- a/pkg/domain/infra/abi/pods.go
+++ b/pkg/domain/infra/abi/pods.go
@@ -250,7 +250,9 @@ func (ic *ContainerEngine) prunePodHelper(ctx context.Context) ([]*entities.PodP
 
 func (ic *ContainerEngine) PodCreate(ctx context.Context, opts entities.PodCreateOptions) (*entities.PodCreateReport, error) {
 	podSpec := specgen.NewPodSpecGenerator()
-	opts.ToPodSpecGen(podSpec)
+	if err := opts.ToPodSpecGen(podSpec); err != nil {
+		return nil, err
+	}
 	pod, err := generate.MakePod(podSpec, ic.Libpod)
 	if err != nil {
 		return nil, err
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 1f6d00eb7..ae26807a9 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -140,10 +140,29 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 	//   VM, which is the default behavior
 	// - "container" denotes the container should join the VM of the SandboxID
 	//   (the infra container)
-
 	if len(s.Pod) > 0 {
 		annotations[ann.SandboxID] = s.Pod
 		annotations[ann.ContainerType] = ann.ContainerTypeContainer
+		// Check if this is an init-ctr and if so, check if
+		// the pod is running.  we do not want to add init-ctrs to
+		// a running pod because it creates confusion for us.
+		if len(s.InitContainerType) > 0 {
+			p, err := r.LookupPod(s.Pod)
+			if err != nil {
+				return nil, err
+			}
+			containerStatuses, err := p.Status()
+			if err != nil {
+				return nil, err
+			}
+			// If any one of the containers is running, the pod is considered to be
+			// running
+			for _, con := range containerStatuses {
+				if con == define.ContainerStateRunning {
+					return nil, errors.New("cannot add init-ctr to a running pod")
+				}
+			}
+		}
 	}
 
 	for _, v := range rtc.Containers.Annotations {
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 4e3a86ae4..5101a6ccb 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -144,11 +144,14 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
 		options = append(options, libpod.WithNetworkAliases(s.Aliases))
 	}
 
+	if containerType := s.InitContainerType; len(containerType) > 0 {
+		options = append(options, libpod.WithInitCtrType(containerType))
+	}
+
 	if len(s.Devices) > 0 {
 		opts = extractCDIDevices(s)
 		options = append(options, opts...)
 	}
-
 	runtimeSpec, err := SpecGenToOCI(ctx, s, rt, rtc, newImage, finalMounts, pod, command)
 	if err != nil {
 		return nil, err
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index 7eec48a55..b4ac337b5 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -183,6 +183,9 @@ type ContainerBasicConfig struct {
 	// EnvSecrets are secrets that will be set as environment variables
 	// Optional.
 	EnvSecrets map[string]string `json:"secret_env,omitempty"`
+	// InitContainerType describes if this container is an init container
+	// and if so, what type: always or oneshot
+	InitContainerType string `json:"init_container_type"`
 }
 
 // ContainerStorageConfig contains information on the storage configuration of a