diff options
64 files changed, 820 insertions, 235 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index 9cab8f0f0..c14e38771 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -503,8 +503,7 @@ docker-py_test_task: always: *runner_stats -# Does exactly what it says, execute the podman unit-tests on all primary -# platforms and release versions. +# Does exactly what it says, execute the podman unit-tests on Fedora. unit_test_task: name: "Unit tests on $DISTRO_NV" alias: unit_test @@ -515,9 +514,6 @@ unit_test_task: - validate matrix: - env: *stdenvars - # Fedora 35 skipped for podman4 - #- env: *priorfedora_envvars - - env: *ubuntu_envvars # Special-case: Rootless on latest Fedora (standard) VM - name: "Rootless unit on $DISTRO_NV" env: @@ -872,7 +868,7 @@ rootless_gitlab_test_task: name: *std_name_fmt alias: rootless_gitlab_test # Docs: ./contrib/cirrus/CIModes.md - only_if: *not_tag_branch_build_docs + only_if: &cirrus_cron "${CIRRUS_CRON} == 'main'" # Community-maintained downstream test may fail unexpectedly. # Ref. repository: https://gitlab.com/gitlab-org/gitlab-runner # If necessary, uncomment the next line and file issue(s) with details. diff --git a/cmd/podman/common/netflags.go b/cmd/podman/common/netflags.go index 90f05ab15..081914017 100644 --- a/cmd/podman/common/netflags.go +++ b/cmd/podman/common/netflags.go @@ -33,18 +33,12 @@ func DefineNetFlags(cmd *cobra.Command) { ) _ = cmd.RegisterFlagCompletionFunc(dnsFlagName, completion.AutocompleteNone) - dnsOptFlagName := "dns-opt" + dnsOptFlagName := "dns-option" netFlags.StringSlice( dnsOptFlagName, containerConfig.DNSOptions(), "Set custom DNS options", ) _ = cmd.RegisterFlagCompletionFunc(dnsOptFlagName, completion.AutocompleteNone) - netFlags.StringSlice( - "dns-option", containerConfig.DNSOptions(), - "Docker compatibility option== --dns-opt", - ) - _ = netFlags.MarkHidden("dns-option") - dnsSearchFlagName := "dns-search" netFlags.StringSlice( dnsSearchFlagName, containerConfig.DNSSearches(), @@ -143,20 +137,12 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet) (*enti } } - if flags.Changed("dns-opt") { - options, err := flags.GetStringSlice("dns-opt") - if err != nil { - return nil, err - } - opts.DNSOptions = options - } - if flags.Changed("dns-option") { options, err := flags.GetStringSlice("dns-option") if err != nil { return nil, err } - opts.DNSOptions = append(opts.DNSOptions, options...) + opts.DNSOptions = options } if flags.Changed("dns-search") { diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go index b854ff4b2..f9e37178e 100644 --- a/cmd/podman/containers/create.go +++ b/cmd/podman/containers/create.go @@ -280,7 +280,7 @@ func CreateInit(c *cobra.Command, vals entities.ContainerCreateOptions, isInfra if c.Flag("shm-size").Changed { vals.ShmSize = c.Flag("shm-size").Value.String() } - if (c.Flag("dns").Changed || c.Flag("dns-opt").Changed || c.Flag("dns-search").Changed) && vals.Net != nil && (vals.Net.Network.NSMode == specgen.NoNetwork || vals.Net.Network.IsContainer()) { + if (c.Flag("dns").Changed || c.Flag("dns-option").Changed || c.Flag("dns-search").Changed) && vals.Net != nil && (vals.Net.Network.NSMode == specgen.NoNetwork || vals.Net.Network.IsContainer()) { return vals, fmt.Errorf("conflicting options: dns and the network mode: " + string(vals.Net.Network.NSMode)) } noHosts, err := c.Flags().GetBool("no-hosts") diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go index d30f4782a..1f8152f32 100644 --- a/cmd/podman/pods/create.go +++ b/cmd/podman/pods/create.go @@ -17,6 +17,7 @@ import ( "github.com/containers/podman/v4/cmd/podman/containers" "github.com/containers/podman/v4/cmd/podman/parse" "github.com/containers/podman/v4/cmd/podman/registry" + "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/errorhandling" @@ -26,7 +27,6 @@ import ( "github.com/docker/docker/pkg/parsers" "github.com/sirupsen/logrus" "github.com/spf13/cobra" - "github.com/spf13/pflag" ) var ( @@ -99,14 +99,7 @@ func init() { shareParentFlagName := "share-parent" flags.BoolVar(&shareParent, shareParentFlagName, true, "Set the pod's cgroup as the cgroup parent for all containers joining the pod") - flags.SetNormalizeFunc(aliasNetworkFlag) -} - -func aliasNetworkFlag(_ *pflag.FlagSet, name string) pflag.NormalizedName { - if name == "net" { - name = "network" - } - return pflag.NormalizedName(name) + flags.SetNormalizeFunc(utils.AliasFlags) } func create(cmd *cobra.Command, args []string) error { diff --git a/cmd/podman/registry/remote.go b/cmd/podman/registry/remote.go index afe32e0b9..02aa31c58 100644 --- a/cmd/podman/registry/remote.go +++ b/cmd/podman/registry/remote.go @@ -32,6 +32,8 @@ func IsRemote() bool { fs.BoolVarP(&remoteFromCLI.Value, "remote", "r", remote, "") connectionFlagName := "connection" fs.StringP(connectionFlagName, "c", "", "") + contextFlagName := "context" + fs.String(contextFlagName, "", "") hostFlagName := "host" fs.StringP(hostFlagName, "H", "", "") urlFlagName := "url" @@ -46,7 +48,7 @@ func IsRemote() bool { } _ = fs.Parse(os.Args[start:]) // --connection or --url implies --remote - remoteFromCLI.Value = remoteFromCLI.Value || fs.Changed(connectionFlagName) || fs.Changed(urlFlagName) || fs.Changed(hostFlagName) + remoteFromCLI.Value = remoteFromCLI.Value || fs.Changed(connectionFlagName) || fs.Changed(urlFlagName) || fs.Changed(hostFlagName) || fs.Changed(contextFlagName) }) return podmanOptions.EngineMode == entities.TunnelMode || remoteFromCLI.Value } diff --git a/cmd/podman/root.go b/cmd/podman/root.go index 2e00777a4..9e3ff48aa 100644 --- a/cmd/podman/root.go +++ b/cmd/podman/root.go @@ -174,11 +174,7 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error { } } - // --connection is not as "special" as --remote so we can wait and process it here - conn := cmd.Root().LocalFlags().Lookup("connection") - if conn != nil && conn.Changed { - cfg.Engine.ActiveService = conn.Value.String() - + setupConnection := func() error { var err error cfg.URI, cfg.Identity, err = cfg.ActiveDestination() if err != nil { @@ -192,6 +188,29 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error { if err := cmd.Root().LocalFlags().Set("identity", cfg.Identity); err != nil { return fmt.Errorf("failed to override --identity flag: %w", err) } + return nil + } + + // --connection is not as "special" as --remote so we can wait and process it here + contextConn := cmd.Root().LocalFlags().Lookup("context") + conn := cmd.Root().LocalFlags().Lookup("connection") + if conn != nil && conn.Changed { + if contextConn != nil && contextConn.Changed { + return fmt.Errorf("use of --connection and --context at the same time is not allowed") + } + cfg.Engine.ActiveService = conn.Value.String() + if err := setupConnection(); err != nil { + return err + } + } + if contextConn != nil && contextConn.Changed { + service := contextConn.Value.String() + if service != "default" { + cfg.Engine.ActiveService = service + if err := setupConnection(); err != nil { + return err + } + } } // Special case if command is hidden completion command ("__complete","__completeNoDesc") @@ -232,10 +251,6 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error { } } - context := cmd.Root().LocalFlags().Lookup("context") - if context.Value.String() != "default" { - return errors.New("podman does not support swarm, the only --context value allowed is \"default\"") - } if !registry.IsRemote() { if cmd.Flag("cpu-profile").Changed { f, err := os.Create(cfg.CPUProfile) @@ -362,7 +377,7 @@ func rootFlags(cmd *cobra.Command, opts *entities.PodmanConfig) { _ = cmd.RegisterFlagCompletionFunc(sshFlagName, common.AutocompleteSSH) connectionFlagName := "connection" - lFlags.StringVarP(&opts.Engine.ActiveService, connectionFlagName, "c", srv, "Connection to use for remote Podman service") + lFlags.StringP(connectionFlagName, "c", srv, "Connection to use for remote Podman service") _ = cmd.RegisterFlagCompletionFunc(connectionFlagName, common.AutocompleteSystemConnections) urlFlagName := "url" diff --git a/cmd/podman/system/connection/add.go b/cmd/podman/system/connection/add.go index f3b61b254..2730ebfb7 100644 --- a/cmd/podman/system/connection/add.go +++ b/cmd/podman/system/connection/add.go @@ -6,6 +6,7 @@ import ( "net/url" "os" "regexp" + "strings" "github.com/containers/common/pkg/completion" "github.com/containers/common/pkg/config" @@ -37,6 +38,17 @@ var ( `, } + createCmd = &cobra.Command{ + Use: "create [options] NAME DESTINATION", + Args: cobra.ExactArgs(1), + Short: addCmd.Short, + Long: addCmd.Long, + RunE: create, + ValidArgsFunction: completion.AutocompleteNone, + } + + dockerPath string + cOpts = struct { Identity string Port int @@ -50,7 +62,6 @@ func init() { Command: addCmd, Parent: system.ConnectionCmd, }) - flags := addCmd.Flags() portFlagName := "port" @@ -66,6 +77,21 @@ func init() { _ = addCmd.RegisterFlagCompletionFunc(socketPathFlagName, completion.AutocompleteDefault) flags.BoolVarP(&cOpts.Default, "default", "d", false, "Set connection to be default") + + registry.Commands = append(registry.Commands, registry.CliCommand{ + Command: createCmd, + Parent: system.ContextCmd, + }) + + flags = createCmd.Flags() + dockerFlagName := "docker" + flags.StringVar(&dockerPath, dockerFlagName, "", "Description of the context") + + _ = createCmd.RegisterFlagCompletionFunc(dockerFlagName, completion.AutocompleteNone) + flags.String("description", "", "Ignored. Just for script compatibility") + flags.String("from", "", "Ignored. Just for script compatibility") + flags.String("kubernetes", "", "Ignored. Just for script compatibility") + flags.String("default-stack-orchestrator", "", "Ignored. Just for script compatibility") } func add(cmd *cobra.Command, args []string) error { @@ -171,3 +197,59 @@ func add(cmd *cobra.Command, args []string) error { } return cfg.Write() } + +func create(cmd *cobra.Command, args []string) error { + dest, err := translateDest(dockerPath) + if err != nil { + return err + } + if match, err := regexp.Match("^[A-Za-z][A-Za-z0-9+.-]*://", []byte(dest)); err != nil { + return fmt.Errorf("invalid destination: %w", err) + } else if !match { + dest = "ssh://" + dest + } + + uri, err := url.Parse(dest) + if err != nil { + return err + } + + cfg, err := config.ReadCustomConfig() + if err != nil { + return err + } + + dst := config.Destination{ + URI: uri.String(), + } + + if cfg.Engine.ServiceDestinations == nil { + cfg.Engine.ServiceDestinations = map[string]config.Destination{ + args[0]: dst, + } + cfg.Engine.ActiveService = args[0] + } else { + cfg.Engine.ServiceDestinations[args[0]] = dst + } + return cfg.Write() +} + +func translateDest(path string) (string, error) { + if path == "" { + return "", nil + } + split := strings.SplitN(path, "=", 2) + if len(split) == 1 { + return split[0], nil + } + if split[0] != "host" { + return "", fmt.Errorf("\"host\" is requited for --docker option") + } + // "host=tcp://myserver:2376,ca=~/ca-file,cert=~/cert-file,key=~/key-file" + vals := strings.Split(split[1], ",") + if len(vals) > 1 { + return "", fmt.Errorf("--docker additional options %q not supported", strings.Join(vals[1:], ",")) + } + // for now we ignore other fields specified on command line + return vals[0], nil +} diff --git a/cmd/podman/system/connection/default.go b/cmd/podman/system/connection/default.go index 81866df55..8d1709e9f 100644 --- a/cmd/podman/system/connection/default.go +++ b/cmd/podman/system/connection/default.go @@ -21,10 +21,24 @@ var ( RunE: defaultRunE, Example: `podman system connection default testing`, } + + useCmd = &cobra.Command{ + Use: "use NAME", + Args: cobra.ExactArgs(1), + Short: dfltCmd.Short, + Long: dfltCmd.Long, + ValidArgsFunction: dfltCmd.ValidArgsFunction, + RunE: dfltCmd.RunE, + Example: `podman context use testing`, + } ) func init() { registry.Commands = append(registry.Commands, registry.CliCommand{ + Command: useCmd, + Parent: system.ContextCmd, + }) + registry.Commands = append(registry.Commands, registry.CliCommand{ Command: dfltCmd, Parent: system.ConnectionCmd, }) diff --git a/cmd/podman/system/connection/list.go b/cmd/podman/system/connection/list.go index 2c5f6a310..190a68d52 100644 --- a/cmd/podman/system/connection/list.go +++ b/cmd/podman/system/connection/list.go @@ -8,6 +8,7 @@ import ( "github.com/containers/common/pkg/completion" "github.com/containers/common/pkg/config" "github.com/containers/common/pkg/report" + "github.com/containers/common/pkg/util" "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/system" @@ -29,16 +30,36 @@ var ( RunE: list, TraverseChildren: false, } + inspectCmd = &cobra.Command{ + Use: "inspect [options] [CONTEXT] [CONTEXT...]", + Short: "Inspect destination for a Podman service(s)", + ValidArgsFunction: completion.AutocompleteNone, + RunE: inspect, + } ) func init() { + initFlags := func(cmd *cobra.Command) { + cmd.Flags().StringP("format", "f", "", "Custom Go template for printing connections") + _ = cmd.RegisterFlagCompletionFunc("format", common.AutocompleteFormat(&namedDestination{})) + cmd.Flags().BoolP("quiet", "q", false, "Custom Go template for printing connections") + } + + registry.Commands = append(registry.Commands, registry.CliCommand{ + Command: listCmd, + Parent: system.ContextCmd, + }) registry.Commands = append(registry.Commands, registry.CliCommand{ Command: listCmd, Parent: system.ConnectionCmd, }) + initFlags(listCmd) - listCmd.Flags().String("format", "", "Custom Go template for printing connections") - _ = listCmd.RegisterFlagCompletionFunc("format", common.AutocompleteFormat(&namedDestination{})) + registry.Commands = append(registry.Commands, registry.CliCommand{ + Command: inspectCmd, + Parent: system.ContextCmd, + }) + initFlags(inspectCmd) } type namedDestination struct { @@ -48,13 +69,34 @@ type namedDestination struct { } func list(cmd *cobra.Command, _ []string) error { + return inspect(cmd, nil) +} + +func inspect(cmd *cobra.Command, args []string) error { cfg, err := config.ReadCustomConfig() if err != nil { return err } + format := cmd.Flag("format").Value.String() + if format == "" && args != nil { + format = "json" + } + + quiet, err := cmd.Flags().GetBool("quiet") + if err != nil { + return err + } rows := make([]namedDestination, 0) for k, v := range cfg.Engine.ServiceDestinations { + if args != nil && !util.StringInSlice(k, args) { + continue + } + + if quiet { + fmt.Println(k) + continue + } def := false if k == cfg.Engine.ActiveService { def = true @@ -71,6 +113,10 @@ func list(cmd *cobra.Command, _ []string) error { rows = append(rows, r) } + if quiet { + return nil + } + sort.Slice(rows, func(i, j int) bool { return rows[i].Name < rows[j].Name }) @@ -78,7 +124,7 @@ func list(cmd *cobra.Command, _ []string) error { rpt := report.New(os.Stdout, cmd.Name()) defer rpt.Flush() - if report.IsJSON(cmd.Flag("format").Value.String()) { + if report.IsJSON(format) { buf, err := registry.JSONLibrary().MarshalIndent(rows, "", " ") if err == nil { fmt.Println(string(buf)) @@ -86,8 +132,8 @@ func list(cmd *cobra.Command, _ []string) error { return err } - if cmd.Flag("format").Changed { - rpt, err = rpt.Parse(report.OriginUser, cmd.Flag("format").Value.String()) + if format != "" { + rpt, err = rpt.Parse(report.OriginUser, format) } else { rpt, err = rpt.Parse(report.OriginPodman, "{{range .}}{{.Name}}\t{{.URI}}\t{{.Identity}}\t{{.Default}}\n{{end -}}") diff --git a/cmd/podman/system/connection/remove.go b/cmd/podman/system/connection/remove.go index 29bf98c43..5ff0000d6 100644 --- a/cmd/podman/system/connection/remove.go +++ b/cmd/podman/system/connection/remove.go @@ -31,11 +31,19 @@ var ( func init() { registry.Commands = append(registry.Commands, registry.CliCommand{ Command: rmCmd, + Parent: system.ContextCmd, + }) + + registry.Commands = append(registry.Commands, registry.CliCommand{ + Command: rmCmd, Parent: system.ConnectionCmd, }) flags := rmCmd.Flags() flags.BoolVarP(&rmOpts.All, "all", "a", false, "Remove all connections") + + flags.BoolP("force", "f", false, "Ignored: for Docker compatibility") + _ = flags.MarkHidden("force") } func rm(cmd *cobra.Command, args []string) error { diff --git a/cmd/podman/system/context.go b/cmd/podman/system/context.go new file mode 100644 index 000000000..926e4a443 --- /dev/null +++ b/cmd/podman/system/context.go @@ -0,0 +1,28 @@ +package system + +import ( + "github.com/containers/podman/v4/cmd/podman/registry" + "github.com/containers/podman/v4/cmd/podman/validate" + "github.com/spf13/cobra" +) + +var ( + // ContextCmd skips creating engines (PersistentPreRunE/PersistentPostRunE are No-Op's) since + // sub-commands will obtain connection information to said engines + ContextCmd = &cobra.Command{ + Use: "context", + Short: "Manage remote API service destinations", + Long: `Manage remote API service destination information in podman configuration`, + PersistentPreRunE: validate.NoOp, + RunE: validate.SubCommandExists, + PersistentPostRunE: validate.NoOp, + Hidden: true, + TraverseChildren: false, + } +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Command: ContextCmd, + }) +} diff --git a/cmd/podman/utils/alias.go b/cmd/podman/utils/alias.go index b37d0f714..f6ea5110e 100644 --- a/cmd/podman/utils/alias.go +++ b/cmd/podman/utils/alias.go @@ -5,6 +5,8 @@ import "github.com/spf13/pflag" // AliasFlags is a function to handle backwards compatibility with old flags func AliasFlags(f *pflag.FlagSet, name string) pflag.NormalizedName { switch name { + case "dns-opt": + name = "dns-option" case "healthcheck-command": name = "health-cmd" case "healthcheck-interval": diff --git a/docs/README.md b/docs/README.md index 0f2af16d6..abe7d7758 100644 --- a/docs/README.md +++ b/docs/README.md @@ -13,7 +13,6 @@ link on that page. | ------------------------------------ | --------------------------- | | Markdown source for man pages | docs/source/markdown/ | | man pages aliases as .so files | docs/source/markdown/links/ | -| restructured text for readthedocs.io | docs/rst/ | | target for output | docs/build | | man pages | docs/build/man | | remote linux man pages | docs/build/remote/linux | @@ -60,16 +59,24 @@ incorrect, or the file isn't accessible for some other reason. ## Local Testing -Assuming that you have the [dependencies](https://podman.io/getting-started/installation#build-and-run-dependencies) +To build standard man pages, run `make docs`. Results will be in `docs/build/man`. + +To build HTMLized man pages: Assuming that you have the +[dependencies](https://podman.io/getting-started/installation#build-and-run-dependencies) installed, then also install (showing Fedora in the example): ``` -# dnf install python3-sphinx python3-recommonmark -# pip install sphinx-markdown-tables +$ sudo dnf install python3-sphinx python3-recommonmark +$ pip install sphinx-markdown-tables myst_parser ``` +(The above dependencies are current as of 2022-09-15. If you experience problems, +please see [requirements.txt](requirements.txt) in this directory, it will almost +certainly be more up-to-date than this README.) + After that completes, cd to the `docs` directory in your Podman sandbox and then do `make html`. You can then preview the html files in `docs/build/html` with: ``` python -m http.server 8000 --directory build/html ``` +...and point your web browser at `http://localhost:8000/` diff --git a/docs/source/conf.py b/docs/source/conf.py index b58bb3f46..345e289e1 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -86,12 +86,12 @@ def convert_markdown_title(app, docname, source): if docpath.endswith(".md"): # Convert pandoc title line into eval_rst block for myst_parser # - # Remove the ending "(1)" to avoid it from being displayed + # Remove the ending " 1" (section) to avoid it from being displayed # in the web tab. Often such a text indicates that # a web page got an update. For instance GitHub issues # shows the number of new comments that have been written # after the user's last visit. - source[0] = re.sub(r"^% (.*)(\(\d\))", r"```{title} \g<1>\n```", source[0]) + source[0] = re.sub(r"^% (.*)\s(\d)", r"```{title} \g<1>\n```", source[0]) def setup(app): app.connect("source-read", convert_markdown_title) diff --git a/docs/source/markdown/options/dns-opt.container.md b/docs/source/markdown/options/dns-opt.container.md deleted file mode 100644 index ea26fd013..000000000 --- a/docs/source/markdown/options/dns-opt.container.md +++ /dev/null @@ -1,3 +0,0 @@ -#### **--dns-opt**=*option* - -Set custom DNS options. Invalid if using **--dns-opt** with **--network** that is set to **none** or **container:**_id_. diff --git a/docs/source/markdown/options/dns-option.container.md b/docs/source/markdown/options/dns-option.container.md new file mode 100644 index 000000000..cfbded5e6 --- /dev/null +++ b/docs/source/markdown/options/dns-option.container.md @@ -0,0 +1,3 @@ +#### **--dns-option**=*option* + +Set custom DNS options. Invalid if using **--dns-option** with **--network** that is set to **none** or **container:**_id_. diff --git a/docs/source/markdown/options/dns.md b/docs/source/markdown/options/dns.md new file mode 100644 index 000000000..39380ace2 --- /dev/null +++ b/docs/source/markdown/options/dns.md @@ -0,0 +1,11 @@ +#### **--dns**=*ipaddr* + +Set custom DNS servers. + +This option can be used to override the DNS +configuration passed to the container. Typically this is necessary when the +host DNS configuration is invalid for the container (e.g., **127.0.0.1**). When this +is the case the **--dns** flag is necessary for every run. + +The special value **none** can be specified to disable creation of _/etc/resolv.conf_ in the container by Podman. +The _/etc/resolv.conf_ file in the image will be used without changes. diff --git a/docs/source/markdown/podman-build.1.md.in b/docs/source/markdown/podman-build.1.md.in index 94644a051..e201806e5 100644 --- a/docs/source/markdown/podman-build.1.md.in +++ b/docs/source/markdown/podman-build.1.md.in @@ -223,18 +223,12 @@ specifying **--disable-compression=false**. @@option disable-content-trust -#### **--dns**=*dns* +@@option dns -Set custom DNS servers to be used during the build. +This option cannot be combined with **--network** that is set to **none**. -This option can be used to override the DNS configuration passed to the -container. Typically this is necessary when the host DNS configuration is -invalid for the container (e.g., 127.0.0.1). When this is the case the `--dns` -option is necessary for every run. - -The special value **none** can be specified to disable creation of -/etc/resolv.conf in the container by Podman. The /etc/resolv.conf file in the -image will be used without changes. +Note: this option takes effect only during *RUN* instructions in the build. +It does not affect _/etc/resolv.conf_ in the final image. #### **--dns-option**=*option* diff --git a/docs/source/markdown/podman-container-inspect.1.md b/docs/source/markdown/podman-container-inspect.1.md index f92eea7bd..7157a3ec0 100644 --- a/docs/source/markdown/podman-container-inspect.1.md +++ b/docs/source/markdown/podman-container-inspect.1.md @@ -18,6 +18,50 @@ all results in a JSON array. If a format is specified, the given template will b Format the output using the given Go template. The keys of the returned JSON can be used as the values for the --format flag (see examples below). +Valid placeholders for the Go template are listed below: + +| **Placeholder** | **Description** | +| ----------------- | ------------------ | +| .AppArmorProfile | AppArmor profile (string) | +| .Args | Command-line arguments (array of strings) | +| .BoundingCaps | Bounding capability set (array of strings) | +| .Config ... | Structure with config info | +| .ConmonPidFile | Path to file containing conmon pid (string) | +| .Created | Container creation time (string, ISO3601) | +| .Dependencies | Dependencies (array of strings) | +| .Driver | Storage driver (string) | +| .EffectiveCaps | Effective capability set (array of strings) | +| .ExecIDs | Exec IDs (array of strings) | +| .GraphDriver ... | Further details of graph driver (struct) | +| .HostConfig ... | Host config details (struct) | +| .HostnamePath | Path to file containing hostname (string) | +| .HostsPath | Path to container /etc/hosts file (string) | +| .ID | Container ID (full 64-char hash) | +| .Image | Container image ID (64-char hash) | +| .ImageName | Container image name (string) | +| .IsInfra | Is this an infra container? (string: true/false) | +| .IsService | Is this a service container? (string: true/false) | +| .MountLabel | SELinux label of mount (string) | +| .Mounts | Mounts (array of strings) | +| .Name | Container name (string) | +| .Namespace | Container namespace (string) | +| .NetworkSettings ... | Network settings (struct) | +| .OCIConfigPath | Path to OCI config file (string) | +| .OCIRuntime | OCI runtime name (string) | +| .Path | Path to container command (string) | +| .PidFile | Path to file containing container PID (string) | +| .Pod | Parent pod (string) | +| .ProcessLabel | SELinux label of process (string) | +| .ResolvConfPath | Path to container's resolv.conf file (string) | +| .RestartCount | Number of times container has been restarted (int) | +| .Rootfs | Container rootfs (string) | +| .SizeRootFs | Size of rootfs, in bytes [1] | +| .SizeRw | Size of upper (R/W) container layer, in bytes [1] | +| .State ... | Container state info (struct) | +| .StaticDir | Path to container metadata dir (string) | + +[1] This format specifier requires the **--size** option + #### **--latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman diff --git a/docs/source/markdown/podman-create.1.md.in b/docs/source/markdown/podman-create.1.md.in index 835976eba..742a32b5a 100644 --- a/docs/source/markdown/podman-create.1.md.in +++ b/docs/source/markdown/podman-create.1.md.in @@ -141,19 +141,11 @@ flag to pass the user's supplementary group access into the container. @@option disable-content-trust -#### **--dns**=*dns* +@@option dns -Set custom DNS servers. Invalid if using **--dns** and **--network** that is set to 'none' or `container:<name|id>`. +This option cannot be combined with **--network** that is set to **none** or **container:**_id_. -This option can be used to override the DNS -configuration passed to the container. Typically this is necessary when the -host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this -is the case the **--dns** flag is necessary for every run. - -The special value **none** can be specified to disable creation of **/etc/resolv.conf** in the container by Podman. -The **/etc/resolv.conf** file in the image will be used without changes. - -@@option dns-opt.container +@@option dns-option.container @@option dns-search.container @@ -273,7 +265,7 @@ This option is currently supported only by the **journald** log driver. #### **--network**=*mode*, **--net** -Set the network mode for the container. Invalid if using **--dns**, **--dns-opt**, or **--dns-search** with **--network** set to **none** or **container:**_id_. If used together with **--pod**, the container will not join the pod's network namespace. +Set the network mode for the container. Invalid if using **--dns**, **--dns-option**, or **--dns-search** with **--network** set to **none** or **container:**_id_. If used together with **--pod**, the container will not join the pod's network namespace. Valid _mode_ values are: diff --git a/docs/source/markdown/podman-events.1.md b/docs/source/markdown/podman-events.1.md index d0c95fe06..dd62ef5a2 100644 --- a/docs/source/markdown/podman-events.1.md +++ b/docs/source/markdown/podman-events.1.md @@ -95,6 +95,20 @@ In the case where an ID is used, the ID may be in its full or shortened form. Format the output to JSON Lines or using the given Go template. +| **Placeholder** | **Description** | +|--------------------|-----------------------------------------------| +| .Attributes | created_at, _by, labels, and more (map[]) | +| .ContainerExitCode | Exit code (int) | +| .Details ... | Internal structure, not actually useful | +| .HealthStatus | Health Status (string) | +| .ID | Container ID (full 64-bit SHA) | +| .Image | Name of image being run (string) | +| .Name | Container name (string) | +| .Network | Name of network being used (string) | +| .Status | Event status (e.g., create, start, died, ...) | +| .Time | Event timestamp (string) | +| .Type | Event type (e.g., image, container, pod, ...) | + #### **--help** Print usage statement. diff --git a/docs/source/markdown/podman-info.1.md b/docs/source/markdown/podman-info.1.md index b0e4d68c0..f892c2d7d 100644 --- a/docs/source/markdown/podman-info.1.md +++ b/docs/source/markdown/podman-info.1.md @@ -19,6 +19,16 @@ Displays information pertinent to the host, current storage stats, configured co Change output format to "json" or a Go template. +| **Placeholder** | **Info pertaining to ...** | +| ------------------- | --------------------------------------- | +| .Host ... | ...the host on which podman is running | +| .Plugins ... | ...external plugins | +| .Registries ... | ...configured registries | +| .Store ... | ...the storage driver and paths | +| .Version ... | ...podman version | + +Each of the above branch out into further subfields, more than can +reasonably be enumerated in this document. ## EXAMPLES diff --git a/docs/source/markdown/podman-pod-create.1.md.in b/docs/source/markdown/podman-pod-create.1.md.in index 7700f5e62..fdae1d249 100644 --- a/docs/source/markdown/podman-pod-create.1.md.in +++ b/docs/source/markdown/podman-pod-create.1.md.in @@ -60,7 +60,7 @@ Note: the pod implements devices by storing the initial configuration passed by Set custom DNS servers in the /etc/resolv.conf file that will be shared between all containers in the pod. A special option, "none" is allowed which disables creation of /etc/resolv.conf for the pod. -#### **--dns-opt**=*option* +#### **--dns-option**=*option* Set custom DNS options in the /etc/resolv.conf file that will be shared between all containers in the pod. @@ -119,7 +119,7 @@ Assign a name to the pod. #### **--network**=*mode*, **--net** -Set the network mode for the pod. Invalid if using **--dns**, **--dns-opt**, or **--dns-search** with **--network** that is set to **none** or **container:**_id_. +Set the network mode for the pod. Invalid if using **--dns**, **--dns-option**, or **--dns-search** with **--network** that is set to **none** or **container:**_id_. Valid _mode_ values are: diff --git a/docs/source/markdown/podman-pod-inspect.1.md b/docs/source/markdown/podman-pod-inspect.1.md index e100256af..609cc47da 100644 --- a/docs/source/markdown/podman-pod-inspect.1.md +++ b/docs/source/markdown/podman-pod-inspect.1.md @@ -18,22 +18,42 @@ Change the default output format. This can be of a supported type like 'json' or a Go template. Valid placeholders for the Go template are listed below: -| **Placeholder** | **Description** | -| ----------------- | ----------------------------------------------------------------------------- | -| .ID | Pod ID | -| .Name | Pod name | -| .State | Pod state | -| .Hostname | Pod hostname | -| .Labels | Pod labels | -| .Created | Time when the pod was created | -| .CreateCgroup | Whether cgroup was created | -| .CgroupParent | Pod cgroup parent | -| .CgroupPath | Pod cgroup path | -| .CreateInfra | Whether infrastructure created | -| .InfraContainerID | Pod infrastructure ID | -| .SharedNamespaces | Pod shared namespaces | -| .NumContainers | Number of containers in the pod | -| .Containers | Pod containers | +| **Placeholder** | **Description** | +|----------------------|---------------------------------------------| +| .BlkioDeviceReadBps | Block I/O Device Read, in bytes/sec | +| .BlkioDeviceWriteBps | Block I/O Device Read, in bytes/sec | +| .BlkioWeight | Block I/O Weight | +| .BlkioWeightDevice | Block I/O Device Weight | +| .CgroupParent | Pod cgroup parent | +| .CgroupPath | Pod cgroup path | +| .Containers | Pod containers | +| .CPUPeriod | CPU period | +| .CPUQuota | CPU quota | +| .CPUSetCPUs | CPU Set CPUs | +| .CPUSetMems | CPU Set Mems | +| .CPUShares | CPU Shares | +| .CreateCgroup | Whether cgroup was created | +| .CreateCommand | Create command | +| .Created | Time when the pod was created | +| .CreateInfra | Whether infrastructure created | +| .Devices | Devices | +| .ExitPolicy | Exit policy | +| .Hostname | Pod hostname | +| .ID | Pod ID | +| .InfraConfig ... | Infra config (contains further fields) | +| .InfraContainerID | Pod infrastructure ID | +| .InspectPodData ... | Nested structure, for experts only | +| .Labels | Pod labels | +| .MemoryLimit | Memory limit, bytes | +| .MemorySwap | Memory swap limit, in bytes | +| .Mounts | Mounts | +| .Name | Pod name | +| .Namespace | Namespace | +| .NumContainers | Number of containers in the pod | +| .SecurityOpts | Security options | +| .SharedNamespaces | Pod shared namespaces | +| .State | Pod state | +| .VolumesFrom | Volumes from | #### **--latest**, **-l** diff --git a/docs/source/markdown/podman-pod-stats.1.md.in b/docs/source/markdown/podman-pod-stats.1.md.in index 83a4b7a1e..4ecb30bdb 100644 --- a/docs/source/markdown/podman-pod-stats.1.md.in +++ b/docs/source/markdown/podman-pod-stats.1.md.in @@ -23,16 +23,16 @@ Valid placeholders for the Go template are listed below: | **Placeholder** | **Description** | | --------------- | ------------------ | -| .Pod | Pod ID | +| .BlockIO | Block IO | | .CID | Container ID | -| .Name | Container Name | | .CPU | CPU percentage | +| .Mem | Memory percentage | | .MemUsage | Memory usage | | .MemUsageBytes | Memory usage (IEC) | -| .Mem | Memory percentage | +| .Name | Container Name | | .NetIO | Network IO | -| .BlockIO | Block IO | | .PIDS | Number of PIDs | +| .Pod | Pod ID | When using a GO template, you may precede the format with `table` to print headers. diff --git a/docs/source/markdown/podman-run.1.md.in b/docs/source/markdown/podman-run.1.md.in index b4bb107d6..2109a0e33 100644 --- a/docs/source/markdown/podman-run.1.md.in +++ b/docs/source/markdown/podman-run.1.md.in @@ -177,19 +177,11 @@ flag to pass the user's supplementary group access into the container. @@option disable-content-trust -#### **--dns**=*ipaddr* +@@option dns -Set custom DNS servers. Invalid if using **--dns** with **--network** that is set to **none** or **container:**_id_. +This option cannot be combined with **--network** that is set to **none** or **container:**_id_. -This option can be used to override the DNS -configuration passed to the container. Typically this is necessary when the -host DNS configuration is invalid for the container (e.g., **127.0.0.1**). When this -is the case the **--dns** flag is necessary for every run. - -The special value **none** can be specified to disable creation of _/etc/resolv.conf_ in the container by Podman. -The _/etc/resolv.conf_ file in the image will be used without changes. - -@@option dns-opt.container +@@option dns-option.container @@option dns-search.container @@ -294,7 +286,7 @@ This option is currently supported only by the **journald** log driver. #### **--network**=*mode*, **--net** -Set the network mode for the container. Invalid if using **--dns**, **--dns-opt**, or **--dns-search** with **--network** set to **none** or **container:**_id_. If used together with **--pod**, the container will not join the pod's network namespace. +Set the network mode for the container. Invalid if using **--dns**, **--dns-option**, or **--dns-search** with **--network** set to **none** or **container:**_id_. If used together with **--pod**, the container will not join the pod's network namespace. Valid _mode_ values are: diff --git a/docs/source/markdown/podman-secret-inspect.1.md b/docs/source/markdown/podman-secret-inspect.1.md index 0e0d16120..77d9276bd 100644 --- a/docs/source/markdown/podman-secret-inspect.1.md +++ b/docs/source/markdown/podman-secret-inspect.1.md @@ -19,6 +19,17 @@ Secrets can be queried individually by providing their full name or a unique par Format secret output using Go template. +| **Placeholder** | **Description** | +| ------------------------ | ----------------------------------------------------------------- | +| .CreatedAt | When secret was created (relative timestamp, human-readable) | +| .ID | ID of secret | +| .Spec | Details of secret | +| .Spec.Driver | Driver info | +| .Spec.Driver.Name | Driver name (string) | +| .Spec.Driver.Options ... | Driver options (map of driver-specific options) | +| .Spec.Name | Name of secret | +| .UpdatedAt | When secret was last updated (relative timestamp, human-readable) | + #### **--help** Print usage statement. diff --git a/docs/source/markdown/podman-stats.1.md.in b/docs/source/markdown/podman-stats.1.md.in index f06bd3fcc..a14bd81e6 100644 --- a/docs/source/markdown/podman-stats.1.md.in +++ b/docs/source/markdown/podman-stats.1.md.in @@ -30,17 +30,37 @@ Pretty-print container statistics to JSON or using a Go template Valid placeholders for the Go template are listed below: -| **Placeholder** | **Description** | -| --------------- | ------------------ | -| .ID | Container ID | -| .Name | Container Name | -| .CPUPerc | CPU percentage | -| .MemUsage | Memory usage | -| .MemUsageBytes | Memory usage (IEC) | -| .MemPerc | Memory percentage | -| .NetIO | Network IO | -| .BlockIO | Block IO | -| .PIDS | Number of PIDs | +| **Placeholder** | **Description** | +|---------------------|--------------------------------------------------| +| .AvgCPU | Average CPU, full precision float | +| .AVGCPU | Average CPU, formatted as a percent | +| .BlockInput | Block Input | +| .BlockIO | Block IO | +| .BlockOutput | Block Output | +| .ContainerID | Container ID, full (untruncated) hash | +| .ContainerStats ... | Nested structure, for experts only | +| .CPU | Percent CPU, full precision float | +| .CPUNano | CPU Usage, total, in nanoseconds | +| .CPUPerc | CPU percentage | +| .CPUSystemNano | CPU Usage, kernel, in nanoseconds | +| .Duration | Same as CPUNano | +| .ID | Container ID, truncated | +| .MemLimit | Memory limit, in bytes | +| .MemPerc | Memory percentage | +| .MemUsage | Memory usage | +| .MemUsageBytes | Memory usage (IEC) | +| .Name | Container Name | +| .NetInput | Network Input | +| .NetIO | Network IO | +| .NetOutput | Network Output | +| .PerCPU | CPU time consumed by all tasks [1] | +| .PIDs | Number of PIDs | +| .PIDS | Number of PIDs (yes, we know it's a dup) | +| .SystemNano | Current system datetime, nanoseconds since epoch | +| .Up | Duration (CPUNano), in human-readable form | +| .UpTime | Same as UpTime | + +[1] Cgroups V1 only When using a GO template, you may precede the format with `table` to print headers. diff --git a/docs/source/markdown/podman-system-connection-list.1.md b/docs/source/markdown/podman-system-connection-list.1.md index 325c78a5c..99804f77f 100644 --- a/docs/source/markdown/podman-system-connection-list.1.md +++ b/docs/source/markdown/podman-system-connection-list.1.md @@ -13,7 +13,7 @@ List ssh destination(s) for podman service(s). ## OPTIONS -#### **--format**=*format* +#### **--format**, **-f**=*format* Change the default output format. This can be of a supported type like 'json' or a Go template. Valid placeholders for the Go template listed below: @@ -25,6 +25,10 @@ Valid placeholders for the Go template listed below: | .URI | URI to podman service. Valid schemes are ssh://[user@]*host*[:port]*Unix domain socket*[?secure=True], unix://*Unix domain socket*, and tcp://localhost[:*port*] | | .Default | Indicates whether connection is the default | +#### **--quiet**, **-q** + +Only show connection names + ## EXAMPLE ``` $ podman system connection list diff --git a/docs/source/markdown/podman-version.1.md b/docs/source/markdown/podman-version.1.md index 3062d10ab..93d4d54d5 100644 --- a/docs/source/markdown/podman-version.1.md +++ b/docs/source/markdown/podman-version.1.md @@ -16,6 +16,14 @@ OS, and Architecture. Change output format to "json" or a Go template. +| **Placeholder** | **Description** | +| ------------------- | ------------------------ | +| .Client ... | Version of local podman | +| .Server ... | Version of remote podman | + +Each of the above fields branch deeper into further subfields +such as .Version, .APIVersion, .GoVersion, and more. + ## Example A sample output of the `version` command: diff --git a/docs/tutorials/podman-for-windows.md b/docs/tutorials/podman-for-windows.md index bb37f4a48..da1e0c059 100644 --- a/docs/tutorials/podman-for-windows.md +++ b/docs/tutorials/podman-for-windows.md @@ -415,3 +415,8 @@ your WSL system state and perform a manual WSL installation using the `wsl wsl --install ``` 5. Continue with podman machine init + +Install Certificate Authority +============================= + +Instructions for installing a CA certificate can be found [here](podman-install-certificate-authority.md). diff --git a/docs/tutorials/podman-install-certificate-authority.md b/docs/tutorials/podman-install-certificate-authority.md new file mode 100644 index 000000000..bcd3056ba --- /dev/null +++ b/docs/tutorials/podman-install-certificate-authority.md @@ -0,0 +1,102 @@ + + +Install Certificate Authority +============================= + +Organizations may create their own local certificate authority (CA) or acquire one from a third party. This may mean more than one certificate, such as one or more intermediate certificates and a root certificate, for example. In any case, it is necessary to add the certificate authority (CA) certificate(s) so that it can be employed for various use cases. + +### Method one + +Certificates may be either individual or concatenated (bundles). The following steps are one method to add such certificates to Podman. It is assumed that Podman is running and the certificate(s) to be installed are available on an accessible server via curl. If such access is not possible, an alternative method follows. + +First, assuming a running Podman machine, ssh into the machine: +``` +podman machine ssh +``` + +If Podman is running in the default rootless mode, an additional command is required to get to a root shell: + +``` +[core@localhost ~]$ sudo su - +``` + +After issuing the above command, the prompt should change to indicate the "root" instead of the "core" user. + +Next, while in the machine, change to the directory where the certificate(s) should be installed: +``` +[root@localhost ~]# cd /etc/pki/ca-trust/source/anchors +``` + +Then use curl to download the certificate. Notes: +* The -k is only necessary if connecting securely to a server for which the certificate is not yet trusted +* The MY-SERVER.COM/SOME-CERTIFICATE.pem should be replaced as appropriate +``` +[root@localhost anchors]# curl -k -o some-certificate.pem https://MY-SERVER.COM/SOME-CERTIFICATE.pem +``` + +Repeat as necessary for multiple certificates. + +Once all of the certificates have been downloaded, run the command to add the certificates to the list of trusted CAs: +``` +[root@localhost anchors]# update-ca-trust +``` + +Exit the machine: +``` +[root@localhost anchors]# exit +``` + +If the "sudo su -" command was used to switch to a root shell as described above, an additional exit command is needed to exit the machine: + +``` +[core@localhost ~]$ exit +``` + +### Alternative Method + +If the above method is for some reason not practical or desirable, the certificate may be created using vi. + +As above, assuming a running Podman machine, ssh into the machine: + +``` +podman machine ssh +``` + +If the prompt starts with "core" instead of "root", switch to a root shell: + +``` +[core@localhost ~]$ sudo su - +``` + +Next, change to the directory where the certificate(s) should be installed: +``` +[root@localhost ~]# cd /etc/pki/ca-trust/source/anchors +``` + +Then use vi to create the certificate. +``` +[root@localhost ~]# vi SOME-CERTIFICATE.pem +``` +After vi opens, copy the certificate to the clipboard, then in insert mode, paste the clipboard contents to vi. Lastly, save the file and close vi. + +Repeat as necessary for multiple certificates. + +Once all of the certificates have been created, run the command to add the certificates to the list of trusted CAs: +``` +[root@localhost anchors]# update-ca-trust +``` + +Exit the machine: +``` +[root@localhost anchors]# exit +``` + +If the "sudo su -" command described above was used, an additional exit command is needed: + +``` +[core@localhost ~]$ exit +``` + +### Final Notes + +The certificate installation will persist during machine restarts. There is no need to stop and start the machine to begin using the certificate. @@ -18,7 +18,7 @@ require ( github.com/containers/ocicrypt v1.1.5 github.com/containers/psgo v1.7.3 github.com/containers/storage v1.42.1-0.20220911223137-e11b246de159 - github.com/coreos/go-systemd/v22 v22.3.2 + github.com/coreos/go-systemd/v22 v22.4.0 github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3 github.com/cyphar/filepath-securejoin v0.2.3 github.com/digitalocean/go-qemu v0.0.0-20210326154740-ac9e0b687001 @@ -466,8 +466,9 @@ github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f h1:JOrtw2xFKzlg+ github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= -github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/coreos/go-systemd/v22 v22.4.0 h1:y9YHcjnjynCd/DVbg5j9L/33jQM3MxJlbj/zWskzfGU= +github.com/coreos/go-systemd/v22 v22.4.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3 h1:0JspqV66RwYqYfvi8lCUoL5zUZMh9uN4hx/J5+NRXIE= @@ -106,7 +106,7 @@ export PODMAN_ROOTLESS_USER=$(id -un) # Root if [ -z "$ROOTLESS_ONLY" ]; then - echo "# bats ${bats_filter[@]} $TESTS" + echo "# bats ${bats_filter[*]} $TESTS" sudo --preserve-env=PODMAN \ --preserve-env=PODMAN_TEST_DEBUG \ --preserve-env=OCI_RUNTIME \ @@ -119,7 +119,7 @@ fi # Rootless. (Only if we're not already root) if [[ -z "$ROOT_ONLY" && "$(id -u)" != 0 ]]; then echo "--------------------------------------------------" - echo "\$ bats ${bats_filter[@]} $TESTS" + echo "\$ bats ${bats_filter[*]} $TESTS" bats "${bats_opts[@]}" "${bats_filter[@]}" $TESTS rc=$((rc | $?)) fi diff --git a/hack/buildah-vendor-treadmill b/hack/buildah-vendor-treadmill index d579a180a..b95290841 100755 --- a/hack/buildah-vendor-treadmill +++ b/hack/buildah-vendor-treadmill @@ -38,10 +38,6 @@ our $Treadmill_PR_Title = 'DO NOT MERGE: buildah vendor treadmill'; # Github API; this is where we query to find out the active treadmill PR our $API_URL = 'https://api.github.com/graphql'; -# Temporary file used to preserve current treadmill patches. This file -# should only exist very briefly while we perform branch operations. -our $Patch_File = "0000-$ME.patch"; - # Use colors if available and if stdout is a tty our $C_Highlight = ''; our $C_Warning = ''; @@ -66,14 +62,14 @@ eval ' sub usage { print <<"END_USAGE"; -Usage: $ME [OPTIONS] [--sync | --pick | --reset ] +Usage: $ME [OPTIONS] [--sync | --pick [PR] | --reset ] $ME is (2022-04-20) **EXPERIMENTAL** $ME is intended to solve the problem of vendoring buildah into podman. -Call me with one of two options: +Call me with one of three options: --sync The usual case. Mostly used by Ed. Called from a development branch, this just updates everything so @@ -81,7 +77,8 @@ Call me with one of two options: latest-podman (main). With a few sanity checks. --pick Used for really-truly vendoring in a new buildah; will - cherry-pick a commit on your buildah-vendor working branch + cherry-pick a commit on your buildah-vendor working branch. + Optional PR arg is the ID of the treadmill PR on github. --reset Used after vendoring buildah into main, when there really aren't any buildah patches to keep rolling. @@ -103,6 +100,7 @@ END_USAGE our %action; our $debug = 0; our $force_old_main = 0; # in --pick, proceeds even if main is old +our $force_retry = 0; # in --sync, continue despite saved checkpoint our $force_testing = 0; # in --sync, test even no podman/buildah changes our $verbose = 0; our $NOT = ''; # print "blahing the blah$NOT\n" if $debug @@ -114,6 +112,7 @@ sub handle_opts { 'reset' => sub { $action{reset}++ }, 'force-old-main' => \$force_old_main, + 'force-retry' => \$force_retry, 'force-testing' => \$force_testing, 'debug!' => \$debug, @@ -140,11 +139,6 @@ sub main { # and there's no clean way to make it use @_. handle_opts(); # will set package globals - # Fetch command-line arguments. Barf if too many. - # FIXME: if called with arg, that's the --sync branch? - # FIXME: if called with --pick + arg, that's the PR? - die "$ME: Too many arguments; try $ME --help\n" if @ARGV; - my @action = keys(%action); die "$ME: Please invoke me with one of --sync or --pick\n" if ! @action; @@ -158,13 +152,15 @@ sub main { # that repo is clean. None of our actions can be run on a dirty repo. assert_clean_repo(); - $handler->(); + $handler->(@ARGV); } ############################################################################### # BEGIN sync and its helpers sub do_sync { + die "$ME: --sync takes no arguments; try $ME --help\n" if @_; + # Preserve current branch name, so we can come back after switching to main my $current_branch = git_current_branch(); @@ -188,11 +184,13 @@ sub do_sync { pull_main(); git('checkout', '-q', $current_branch); - # Preserve local patches. --always will generate empty patches (e.g., - # after a buildah vendor when everything is copacetic); --no-signature - # prevents a buildup of "-- 2.35" (git version) lines at the end. - git('format-patch', '--always', '--no-signature', "--output=$Patch_File", 'HEAD^'); - progress("Treadmill patches saved to $Patch_File"); + # Make a temporary copy of this branch + my $temp_branch = strftime("__buildah-treadmill-checkpoint/%Y%m%d-%H%M%S", localtime); + git('branch', $temp_branch, $current_branch); + progress("Current branch preserved as $temp_branch"); + + # Get the hash of the top (treadmill) commit, to cherry-pick later + my $treadmill_commit = git('rev-parse', 'HEAD'); # # Danger Will Robinson! This is where it gets scary: a failure here @@ -207,7 +205,11 @@ This is not something I can recover from. Your human judgment is needed. You will need to recover from this manually. Your best option is to look at the source code for this script. -Your treadmill patches are here: $Patch_File +Treadmill branch copy is preserved in $temp_branch + +To restore state to where you were before this sync: + \$ git checkout main + \$ git branch -f $current_branch $treadmill_commit END_FAIL_INSTRUCTIONS exit 1; @@ -260,12 +262,34 @@ END_FAIL_INSTRUCTIONS git_commit_buildah($buildah_new); # And, finally, this has the highest possibility of failing - progress('Reapplying preserved patches'); - git('am', '--empty=keep', $Patch_File); + local $SIG{__DIE__} = sub { + print STDERR $C_Warning, "@_", <<"END_FAIL_INSTRUCTIONS"; + +This is not something I can recover from. Your human judgment is needed. + +Chances are, you might be able to run 'git status', look for +merge conflicts, manually resolve those, 'git add', then +'git cherry-pick --continue'. If that works, run this script +again (you will probably need the --force-retry option). - # It worked! Clean up: remove our local die() handler and the patch file +If that DOES NOT work, your only option is to look at the source code +for this script. Sorry. There's only so much that can be done automatically. + +Treadmill branch copy is preserved in $temp_branch + +To restore state to where you were before this sync: + \$ git checkout main + \$ git branch -f $current_branch $treadmill_commit +END_FAIL_INSTRUCTIONS + + exit 1; + }; + progress('Reapplying treadmill patches'); + git('cherry-pick', '--allow-empty', $treadmill_commit); + + # It worked! Clean up: remove our local die() handler and the saved branch undef $SIG{__DIE__}; - unlink $Patch_File; + git('branch', '-D', $temp_branch); # if buildah is unchanged, and we did not pull main, exit cleanly my $change_message = ''; @@ -295,6 +319,13 @@ END_FAIL_INSTRUCTIONS progress("All OK. It's now up to you to 'git push --force'"); progress(" --- Reminder: $change_message"); + + # Kind of kludgy. If user had to retry a prior failed attempt, and + # things are now successful, remind them to delete old checkpoints. + # ($force_retry is a 'git branch -D' command string at this point.) + if ($force_retry) { + progress(" --- Retry worked! You may now $force_retry"); + } } ############### @@ -429,8 +460,9 @@ sub do_pick { assert_buildah_vendor_commit('HEAD'); progress("HEAD is a buildah vendor commit. Good."); - # Identify and pull the treadmill PR - my $treadmill_pr = treadmill_pr(); + # Identify and pull the treadmill PR. + my $treadmill_pr = shift || treadmill_pr(); + my $treadmill_branch = "$ME/pr$treadmill_pr/tmp$$"; progress("Fetching treadmill PR $treadmill_pr into $treadmill_branch"); git('fetch', '-q', git_upstream(), "pull/$treadmill_pr/head:$treadmill_branch"); @@ -465,6 +497,26 @@ sub do_pick { # treadmill_pr # Returns ID of open podman PR with the desired subject ################## sub treadmill_pr { + # Github API (or maybe just the search endpoint???) is restricted. + my $token = $ENV{GITHUB_TOKEN} + or do { + warn <<"END_NEED_PR"; +$ME: Cannot proceed without PR ID. + +If you have a github API token, please: export GITHUB_TOKEN=....... +and re-run me. + +If you do not have a github API token, please go here: + + https://github.com/containers/podman/pulls?q=is%3Apr+is%3Aopen+%22buildah+vendor+treadmill%22 + +...then reinvoke me, adding that PR ID to the command line args. + +As of 2022-09-12 the treadmill PR is 13808, but that may change over time. +END_NEED_PR + exit 1; + }; + my $query = <<'END_QUERY'; { search( @@ -481,16 +533,10 @@ END_QUERY $ua->agent("$ME " . $ua->agent); # Identify ourself my %headers = ( + 'Authorization' => "bearer $token", 'Accept' => "application/vnd.github.antiope-preview+json", 'Content-Type' => "application/json", ); - - # Use github token if available, but don't require it. (All it does is - # bump up our throttling limit, which shouldn't be an issue) (unless - # someone invokes this script hundreds of times per minute). - if (my $token = $ENV{GITHUB_TOKEN}) { - $headers{Authorization} = "bearer $token"; - } $ua->default_header($_ => $headers{$_}) for keys %headers; # Massage the query: escape quotes, put it all in one line, collapse spaces @@ -503,7 +549,9 @@ END_QUERY print $postquery, "\n" if $debug; my $res = $ua->post($API_URL, Content => $postquery); if ((my $code = $res->code) != 200) { - print $code, " ", $res->message, "\n"; + warn "$ME: GraphQL request failed on $API_URL:\n"; + print STDERR " ", $code, " ", $res->message, "\n"; + warn "Cannot continue.\n"; exit 1; } @@ -621,8 +669,8 @@ from the buildah vendor treadmill PR, #%s EOF # Strip the "DO NOT MERGE" header from the treadmill PR, print only -# the "Changes as of YYYY-MM-DD" and subsequent lines -sed -ne '/^Changes as of/,$ p' <$msgfile >>$tmpfile +# the "Changes since YYYY-MM-DD" and subsequent lines +sed -ne '/^Changes since /,$ p' <$msgfile >>$tmpfile mv $tmpfile $msgfile END_EDIT_SCRIPT @@ -639,6 +687,8 @@ END_EDIT_SCRIPT # BEGIN reset and its helpers sub do_reset { + die "$ME: --sync takes no arguments; try $ME --help\n" if @_; + my $current_branch = git_current_branch(); # Make sure side branch == main (i.e., there are no commits on the branch) @@ -681,20 +731,46 @@ sub progress { # assert_clean_repo # Don't even think of running with local changes ####################### sub assert_clean_repo { - # Our patch file should only exist for brief moments during a sync run. - # If it exists at any other time, something has gone very wrong. - if (-e $Patch_File) { - warn <<"END_WARN"; -$ME: File exists: $Patch_File + # During --sync we create a temporary copy of the treadmill branch, + # in case something goes wrong. The branch is deleted on success. + # If one exists, it means we may have lost work. + my @relics = grep { + m!^__buildah-treadmill-checkpoint/\d+-\d+$! + } git('branch', '--list', '--format=%(refname:lstrip=2)'); + if (@relics) { + if ($force_retry) { + warn <<"END_WARN"; +$ME: WARNING: leftover checkpoint(s): @relics + + ...continuing due to --force-retry. + + If things work out, you can 'git branch -D @relics' +END_WARN + + # OK, ugly override of a binary flag, but it's OK because + # it helps with user-friendliness: offer a reminder upon + # successful completion of the script. + $force_retry = "git branch -D @relics"; + } + else { + warn <<"END_WARN"; +$ME: FATAL: leftover checkpoint: @relics This means that something went very wrong during an earlier sync run. Your git branch may be in an inconsistent state. Your work to date - may be lost. This file may be your only hope of recovering it. + may be lost. This branch may be your only hope of recovering it. This is not something a script can resolve. You need to look at this - file, compare to your git HEAD, and manually reconcile any differences. + branch, compare to your git HEAD, and manually reconcile any differences. + + If you really know what you're doing, i.e., if you've reconciled + merge conflicts and have a pretty secure branch structure, try + rerunning me with --force-retry. Or, if that checkpoint is a + remnant from a past run, and you're ultra-certain that you don't + need it, you can git branch -D @relics END_WARN - exit 1; + exit 1; + } } # OK so far. Now check for modified files. @@ -727,7 +803,15 @@ sub git_current_branch() { # git_forkpoint # Hash at which branch (default: cur) branched from main ################### sub git_forkpoint { - return git('merge-base', '--fork-point', 'main', @_); + # '--fork-point vendor-branch' fails silently on Paul's git tree, + # but plain merge-base works fine. My head hurts from trying to + # understand the docs, so I give up. Just try fork-point first, + # and if it fails, try without. #cargocult #gitishard + my $forkpoint = eval { git('merge-base', '--fork-point', 'main', @_) }; + if ($@) { + $forkpoint = git('merge-base', 'main', @_); + } + return $forkpoint; } ##################### diff --git a/hack/check_root.sh b/hack/check_root.sh index 1f53887ff..2489a4edd 100755 --- a/hack/check_root.sh +++ b/hack/check_root.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash if ! [ $(id -u) = 0 ]; then - echo "Please run as root! '$@' requires root privileges." + echo "Please run as root! '$*' requires root privileges." exit 1 fi diff --git a/hack/man-page-checker b/hack/man-page-checker index 8ee0aaf6d..83e0b8b1d 100755 --- a/hack/man-page-checker +++ b/hack/man-page-checker @@ -87,7 +87,7 @@ function compare_usage() { # strip off command name from both from_man=$(sed -e "s/\*\*$cmd\*\*[[:space:]]*//" <<<"$from_man") - from_help=$(sed -e "s/^[[:space:]]*$cmd[[:space:]]*//" <<<"$from_help") + from_help=$(sed -e "s/^[[:space:]]*${cmd}[[:space:]]*//" <<<"$from_help") # man page lists 'foo [*options*]', help msg shows 'foo [flags]'. # Make sure if one has it, the other does too. @@ -153,7 +153,7 @@ for md in *.1.md;do # special case: the command is "auto-update", with a hyphen md_nodash='podman auto-update' fi - if [ "$cmd" != "$md_nodash" -a "$cmd" != "podman-remote" ]; then + if [[ "$cmd" != "$md_nodash" ]] && [[ "$cmd" != "podman-remote" ]]; then echo printf "Inconsistent program name in SYNOPSIS in %s:\n" $md printf " SYNOPSIS = %s (expected: '%s')\n" "$cmd" "$md_nodash" diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go index 9c4a3bb67..a0ae22ff4 100644 --- a/libpod/container_internal_common.go +++ b/libpod/container_internal_common.go @@ -2659,7 +2659,7 @@ func (c *Container) fixVolumePermissions(v *ContainerNamedVolume) error { return nil } -func (c *Container) relabel(src, mountLabel string, recurse bool) error { +func (c *Container) relabel(src, mountLabel string, shared bool) error { if !selinux.GetEnabled() || mountLabel == "" { return nil } @@ -2674,7 +2674,7 @@ func (c *Container) relabel(src, mountLabel string, recurse bool) error { return nil } } - return label.Relabel(src, mountLabel, recurse) + return label.Relabel(src, mountLabel, shared) } func (c *Container) ChangeHostPathOwnership(src string, recurse bool, uid, gid int) error { diff --git a/pkg/api/handlers/libpod/containers.go b/pkg/api/handlers/libpod/containers.go index d1460569f..a76e3d988 100644 --- a/pkg/api/handlers/libpod/containers.go +++ b/pkg/api/handlers/libpod/containers.go @@ -266,16 +266,16 @@ func Checkpoint(w http.ResponseWriter, r *http.Request) { utils.InternalServerError(w, err) return } + if len(reports) != 1 { + utils.InternalServerError(w, fmt.Errorf("expected 1 restore report but got %d", len(reports))) + return + } + if reports[0].Err != nil { + utils.InternalServerError(w, reports[0].Err) + return + } if !query.Export { - if len(reports) != 1 { - utils.InternalServerError(w, fmt.Errorf("expected 1 restore report but got %d", len(reports))) - return - } - if reports[0].Err != nil { - utils.InternalServerError(w, reports[0].Err) - return - } utils.WriteResponse(w, http.StatusOK, reports[0]) return } diff --git a/pkg/bindings/containers/checkpoint.go b/pkg/bindings/containers/checkpoint.go index bcb944488..8c072f588 100644 --- a/pkg/bindings/containers/checkpoint.go +++ b/pkg/bindings/containers/checkpoint.go @@ -39,7 +39,7 @@ func Checkpoint(ctx context.Context, nameOrID string, options *CheckpointOptions } defer response.Body.Close() - if !export { + if response.StatusCode != http.StatusOK || !export { return &report, response.Process(&report) } diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go index 4f955e45c..c82c9ba33 100644 --- a/pkg/domain/infra/tunnel/containers.go +++ b/pkg/domain/infra/tunnel/containers.go @@ -413,7 +413,7 @@ func (ic *ContainerEngine) ContainerCheckpoint(ctx context.Context, namesOrIds [ if err != nil { reports = append(reports, &entities.CheckpointReport{Id: c.ID, Err: err}) } else { - report.RawInput = idToRawInput[report.Id] + report.RawInput = idToRawInput[c.ID] reports = append(reports, report) } } diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c index 3588313c6..fb22ed221 100644 --- a/pkg/rootless/rootless_linux.c +++ b/pkg/rootless/rootless_linux.c @@ -235,6 +235,7 @@ can_use_shortcut () if (strcmp (argv[argc], "mount") == 0 || strcmp (argv[argc], "machine") == 0 + || strcmp (argv[argc], "context") == 0 || strcmp (argv[argc], "search") == 0 || (strcmp (argv[argc], "system") == 0 && argv[argc+1] && strcmp (argv[argc+1], "service") != 0)) { diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index c18b5654a..736fa5ab3 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -352,7 +352,7 @@ func ConfigToSpec(rt *libpod.Runtime, specg *specgen.SpecGenerator, contaierID s if conf.Spec.Process != nil && conf.Spec.Process.Env != nil { env := make(map[string]string) for _, entry := range conf.Spec.Process.Env { - split := strings.Split(entry, "=") + split := strings.SplitN(entry, "=", 2) if len(split) == 2 { env[split[0]] = split[1] } diff --git a/test/apiv2/test-apiv2 b/test/apiv2/test-apiv2 index b762cff9e..8132e6432 100755 --- a/test/apiv2/test-apiv2 +++ b/test/apiv2/test-apiv2 @@ -272,8 +272,8 @@ function t() { esac done if [[ -z "$curl_args" ]]; then - curl_args=(-d $(jsonify ${post_args[@]})) - testname="$testname [${curl_args[@]}]" + curl_args=(-d $(jsonify ${post_args[*]})) + testname="$testname [${curl_args[*]}]" fi fi @@ -336,7 +336,7 @@ function t() { # Any error from curl is instant bad news, from which we can't recover if [[ $rc -ne 0 ]]; then - die "curl failure ($rc) on $url - cannot continue" + die "curl failure ($rc) on $url - cannot continue. args=${curl_args[*]}" fi # Show returned headers (without trailing ^M or empty lines) in log file. @@ -384,7 +384,7 @@ function t() { # Special case: if response code does not match, dump the response body # and skip all further subtests. - if [[ $actual_code != $expected_code ]]; then + if [[ "$actual_code" != "$expected_code" ]]; then echo -e "# response: $output" for i; do _show_ok skip "$testname: $i # skip - wrong return code" @@ -671,11 +671,11 @@ echo -e "collected ${#tests_to_run[@]} items\n" start_service -for i in ${tests_to_run[@]}; do +for i in "${tests_to_run[@]}"; do TEST_CONTEXT="[$(basename $i .at)]" # Clear output from 'podman' helper - >| $WORKDIR/output.log + truncate --size=0 $WORKDIR/output.log source $i done diff --git a/test/buildah-bud/make-new-buildah-diffs b/test/buildah-bud/make-new-buildah-diffs index 3d0a77008..f6404fa51 100644 --- a/test/buildah-bud/make-new-buildah-diffs +++ b/test/buildah-bud/make-new-buildah-diffs @@ -17,7 +17,7 @@ if [[ ! $whereami =~ test-buildah-v ]]; then fi # FIXME: check that git repo is buildah -git remote -v | grep -q [BUILDAHREPO] \ +git remote -v | grep -q '[BUILDAHREPO]' \ || die "This does not look like a buildah repo (git remote -v)" # We could do the commit automatically, but it's prudent to require human diff --git a/test/compose/test-compose b/test/compose/test-compose index 99d063c25..fe2da9532 100755 --- a/test/compose/test-compose +++ b/test/compose/test-compose @@ -64,7 +64,7 @@ function is() { local expect=$2 local testname=$3 - if [[ $actual = $expect ]]; then + if [[ "$actual" = "$expect" ]]; then # On success, include expected value; this helps readers understand _show_ok 1 "$testname=$expect" return @@ -303,12 +303,12 @@ n_tests=0 # We aren't really TAP 13; this helps logformatter recognize our output as BATS echo "TAP version 13" -for t in ${tests_to_run[@]}; do +for t in "${tests_to_run[@]}"; do testdir="$(dirname $t)" testname="$(basename $testdir)" if [ -e $test_dir/SKIP ]; then - local reason="$(<$test_dir/SKIP)" + reason="$(<$test_dir/SKIP)" if [ -n "$reason" ]; then reason=" - $reason" fi diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go index 16e43aa73..a33936549 100644 --- a/test/e2e/checkpoint_test.go +++ b/test/e2e/checkpoint_test.go @@ -95,13 +95,15 @@ var _ = Describe("Podman checkpoint", func() { It("podman checkpoint bogus container", func() { session := podmanTest.Podman([]string{"container", "checkpoint", "foobar"}) session.WaitWithDefaultTimeout() - Expect(session).To(ExitWithError()) + Expect(session).Should(Exit(125)) + Expect(session.ErrorToString()).To(ContainSubstring("no such container")) }) It("podman restore bogus container", func() { session := podmanTest.Podman([]string{"container", "restore", "foobar"}) session.WaitWithDefaultTimeout() - Expect(session).To(ExitWithError()) + Expect(session).Should(Exit(125)) + Expect(session.ErrorToString()).To(ContainSubstring("no such container or image")) }) It("podman checkpoint a running container by id", func() { @@ -585,6 +587,7 @@ var _ = Describe("Podman checkpoint", func() { // As the container has been started with '--rm' it will be completely // cleaned up after checkpointing. Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(cid)) fixmeFixme14653(podmanTest, cid) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.NumberOfContainers()).To(Equal(0)) @@ -604,6 +607,7 @@ var _ = Describe("Podman checkpoint", func() { // As the container has been started with '--rm' it will be completely // cleaned up after checkpointing. Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(cid)) fixmeFixme14653(podmanTest, cid) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.NumberOfContainers()).To(Equal(0)) @@ -623,6 +627,7 @@ var _ = Describe("Podman checkpoint", func() { // As the container has been started with '--rm' it will be completely // cleaned up after checkpointing. Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(cid)) fixmeFixme14653(podmanTest, cid) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.NumberOfContainers()).To(Equal(0)) @@ -642,6 +647,7 @@ var _ = Describe("Podman checkpoint", func() { // As the container has been started with '--rm' it will be completely // cleaned up after checkpointing. Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(cid)) fixmeFixme14653(podmanTest, cid) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.NumberOfContainers()).To(Equal(0)) @@ -659,6 +665,7 @@ var _ = Describe("Podman checkpoint", func() { result.WaitWithDefaultTimeout() Expect(result).Should(Exit(125)) + Expect(result.ErrorToString()).To(ContainSubstring("not supported")) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) Expect(podmanTest.NumberOfContainers()).To(Equal(1)) @@ -704,6 +711,7 @@ var _ = Describe("Podman checkpoint", func() { result.WaitWithDefaultTimeout() Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(cid)) fixmeFixme14653(podmanTest, cid) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.NumberOfContainers()).To(Equal(0)) @@ -754,6 +762,7 @@ var _ = Describe("Podman checkpoint", func() { result.WaitWithDefaultTimeout() Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(cid)) fixmeFixme14653(podmanTest, cid) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.NumberOfContainers()).To(Equal(0)) @@ -796,6 +805,7 @@ var _ = Describe("Podman checkpoint", func() { result.WaitWithDefaultTimeout() Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(cid)) fixmeFixme14653(podmanTest, cid) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.NumberOfContainers()).To(Equal(0)) @@ -834,6 +844,7 @@ var _ = Describe("Podman checkpoint", func() { result.WaitWithDefaultTimeout() Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(cid)) fixmeFixme14653(podmanTest, cid) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.NumberOfContainers()).To(Equal(0)) @@ -884,6 +895,7 @@ var _ = Describe("Podman checkpoint", func() { // As the container has been started with '--rm' it will be completely // cleaned up after checkpointing. Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(cid)) fixmeFixme14653(podmanTest, cid) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.NumberOfContainers()).To(Equal(0)) @@ -954,6 +966,7 @@ var _ = Describe("Podman checkpoint", func() { result = podmanTest.Podman([]string{"container", "checkpoint", cid, "-e", checkpointFileName}) result.WaitWithDefaultTimeout() Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(cid)) fixmeFixme14653(podmanTest, cid) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.NumberOfContainers()).To(Equal(0)) @@ -1057,6 +1070,7 @@ var _ = Describe("Podman checkpoint", func() { result.WaitWithDefaultTimeout() Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(cid)) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Exited")) @@ -1103,6 +1117,7 @@ var _ = Describe("Podman checkpoint", func() { // As the container has been started with '--rm' it will be completely // cleaned up after checkpointing. Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(cid)) fixmeFixme14653(podmanTest, cid) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.NumberOfContainers()).To(Equal(0)) @@ -1317,6 +1332,7 @@ var _ = Describe("Podman checkpoint", func() { // As the container has been started with '--rm' it will be completely // cleaned up after checkpointing. Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(cid)) fixmeFixme14653(podmanTest, cid) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.NumberOfContainers()).To(Equal(0)) @@ -1648,6 +1664,7 @@ var _ = Describe("Podman checkpoint", func() { // As the container has been started with '--rm' it will be completely // cleaned up after checkpointing. Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).To(ContainSubstring(cid)) fixmeFixme14653(podmanTest, cid) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.NumberOfContainers()).To(Equal(0)) @@ -1802,6 +1819,7 @@ var _ = Describe("Podman checkpoint", func() { // As the container has been started with '--rm' it will be completely // cleaned up after checkpointing. Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(cid)) fixmeFixme14653(podmanTest, cid) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.NumberOfContainers()).To(Equal(0)) diff --git a/test/e2e/container_clone_test.go b/test/e2e/container_clone_test.go index 1ba5de1a3..29ef3bc2a 100644 --- a/test/e2e/container_clone_test.go +++ b/test/e2e/container_clone_test.go @@ -308,5 +308,18 @@ var _ = Describe("Podman container clone", func() { Expect(session).Should(Exit(0)) Expect(session.OutputToString()).Should(ContainSubstring("123")) + session = podmanTest.Podman([]string{"run", "--name", "env_ctr2", "-e", "ENV_TEST=12=3", ALPINE, "printenv", "ENV_TEST"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"container", "clone", "env_ctr2"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"start", "-a", "env_ctr2-clone"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).Should(ContainSubstring("12=3")) + }) }) diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go index d8308aeea..cd2378bdf 100644 --- a/test/e2e/generate_kube_test.go +++ b/test/e2e/generate_kube_test.go @@ -912,7 +912,7 @@ var _ = Describe("Podman generate kube", func() { }) It("podman generate kube on a container with dns options", func() { - top := podmanTest.Podman([]string{"run", "-dt", "--name", "top", "--dns", "8.8.8.8", "--dns-search", "foobar.com", "--dns-opt", "color:blue", ALPINE, "top"}) + top := podmanTest.Podman([]string{"run", "-dt", "--name", "top", "--dns", "8.8.8.8", "--dns-search", "foobar.com", "--dns-option", "color:blue", ALPINE, "top"}) top.WaitWithDefaultTimeout() Expect(top).Should(Exit(0)) diff --git a/test/system/001-basic.bats b/test/system/001-basic.bats index 378edc013..ba6bde4df 100644 --- a/test/system/001-basic.bats +++ b/test/system/001-basic.bats @@ -56,14 +56,17 @@ function setup() { @test "podman --context emits reasonable output" { + if ! is_remote; then + skip "only applicable on podman-remote" + fi # All we care about here is that the command passes run_podman --context=default version # This one must fail run_podman 125 --context=swarm version is "$output" \ - "Error: podman does not support swarm, the only --context value allowed is \"default\"" \ - "--context=default or fail" + "Error: failed to resolve active destination: \"swarm\" service destination not found" \ + "--context=swarm should fail" } @test "podman can pull an image" { diff --git a/test/system/015-help.bats b/test/system/015-help.bats index dd5a7ed44..927645f29 100644 --- a/test/system/015-help.bats +++ b/test/system/015-help.bats @@ -121,7 +121,7 @@ function check_help() { # Exceptions: these commands don't work rootless if is_rootless; then # "pause is not supported for rootless containers" - if [ "$cmd" = "pause" -o "$cmd" = "unpause" ]; then + if [[ "$cmd" = "pause" ]] || [[ "$cmd" = "unpause" ]]; then continue fi # "network rm" too @@ -162,17 +162,17 @@ function check_help() { # Any command that takes subcommands, prints its help and errors if called # without one. - dprint "podman $@" + dprint "podman $*" run_podman '?' "$@" is "$status" 125 "'podman $*' without any subcommand - exit status" - is "$output" ".*Usage:.*Error: missing command '.*$@ COMMAND'" \ + is "$output" ".*Usage:.*Error: missing command '.*$* COMMAND'" \ "'podman $*' without any subcommand - expected error message" # Assume that 'NoSuchCommand' is not a command - dprint "podman $@ NoSuchCommand" + dprint "podman $* NoSuchCommand" run_podman '?' "$@" NoSuchCommand is "$status" 125 "'podman $* NoSuchCommand' - exit status" - is "$output" "Error: unrecognized command .*$@ NoSuchCommand" \ + is "$output" "Error: unrecognized command .*$* NoSuchCommand" \ "'podman $* NoSuchCommand' - expected error message" # This can happen if the output of --help changes, such as between diff --git a/test/system/065-cp.bats b/test/system/065-cp.bats index 8f5abd228..c8ad8468c 100644 --- a/test/system/065-cp.bats +++ b/test/system/065-cp.bats @@ -436,7 +436,7 @@ load helpers run_podman cp cpcontainer:$src $destdir$dest is "$(< $destdir$dest_fullname/containerfile0)" "${randomcontent[0]}" "$description" is "$(< $destdir$dest_fullname/containerfile1)" "${randomcontent[1]}" "$description" - rm -rf $destdir/* + rm -rf ${destdir:?}/* done < <(parse_table "$tests") run_podman kill cpcontainer run_podman rm -t 0 -f cpcontainer @@ -456,7 +456,7 @@ load helpers run_podman cp cpcontainer:$src $destdir$dest is "$(< $destdir$dest_fullname/containerfile0)" "${randomcontent[0]}" "$description" is "$(< $destdir$dest_fullname/containerfile1)" "${randomcontent[1]}" "$description" - rm -rf $destdir/* + rm -rf ${destdir:?}/* done < <(parse_table "$tests") touch $destdir/testfile diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 9fddbaa21..87979483e 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -541,7 +541,7 @@ Labels.$label_name | $label_value this-file-does-not-match-anything-in-ignore-file comment ) - for f in ${files[@]}; do + for f in "${files[@]}"; do # The magic '##-' strips off the '-' prefix echo "$f" > $tmpdir/${f##-} done diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats index 6829c6a78..08baaf468 100644 --- a/test/system/160-volumes.bats +++ b/test/system/160-volumes.bats @@ -315,11 +315,11 @@ EOF # List available volumes for pruning after using 1,2,3 run_podman volume prune <<< N - is "$(echo $(sort <<<${lines[@]:1:3}))" "${v[4]} ${v[5]} ${v[6]}" "volume prune, with 1,2,3 in use, lists 4,5,6" + is "$(echo $(sort <<<${lines[*]:1:3}))" "${v[4]} ${v[5]} ${v[6]}" "volume prune, with 1,2,3 in use, lists 4,5,6" # List available volumes for pruning after using 1,2,3 and filtering; see #8913 run_podman volume prune --filter label=mylabel <<< N - is "$(echo $(sort <<<${lines[@]:1:2}))" "${v[5]} ${v[6]}" "volume prune, with 1,2,3 in use and 4 filtered out, lists 5,6" + is "$(echo $(sort <<<${lines[*]:1:2}))" "${v[5]} ${v[6]}" "volume prune, with 1,2,3 in use and 4 filtered out, lists 5,6" # prune should remove v4 run_podman volume prune --force diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index 9bbd56fef..8ece6e476 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -221,7 +221,7 @@ EOF --add-host "$add_host_n:$add_host_ip" \ --dns "$dns_server" \ --dns-search "$dns_search" \ - --dns-opt "$dns_opt" \ + --dns-option "$dns_opt" \ --publish "$port_out:$port_in" \ --label "${labelname}=${labelvalue}" \ --infra-image "$infra_image" \ @@ -262,7 +262,7 @@ EOF run_podman run --rm --pod mypod $IMAGE cat /etc/resolv.conf is "$output" ".*nameserver $dns_server" "--dns [server] was added" is "$output" ".*search $dns_search" "--dns-search was added" - is "$output" ".*options $dns_opt" "--dns-opt was added" + is "$output" ".*options $dns_opt" "--dns-option was added" # pod inspect run_podman pod inspect --format '{{.Name}}: {{.ID}} : {{.NumContainers}} : {{.Labels}}' mypod diff --git a/test/system/272-system-connection.bats b/test/system/272-system-connection.bats index e937a7273..402e69736 100644 --- a/test/system/272-system-connection.bats +++ b/test/system/272-system-connection.bats @@ -56,8 +56,22 @@ function _run_podman_remote() { c1="c1_$(random_string 15)" c2="c2_$(random_string 15)" - run_podman system connection add $c1 tcp://localhost:12345 - run_podman system connection add --default $c2 tcp://localhost:54321 + run_podman system connection add $c1 tcp://localhost:12345 + run_podman context create --docker "host=tcp://localhost:54321" $c2 + run_podman system connection ls + is "$output" \ + ".*$c1[ ]\+tcp://localhost:12345[ ]\+true +$c2[ ]\+tcp://localhost:54321[ ]\+false" \ + "system connection ls" + run_podman system connection ls -q + is "$(echo $(sort <<<$output))" \ + "$c1 $c2" \ + "system connection ls -q should show two names" + run_podman context ls -q + is "$(echo $(sort <<<$output))" \ + "$c1 $c2" \ + "context ls -q should show two names" + run_podman context use $c2 run_podman system connection ls is "$output" \ ".*$c1[ ]\+tcp://localhost:12345[ ]\+false @@ -66,11 +80,11 @@ $c2[ ]\+tcp://localhost:54321[ ]\+true" \ # Remove default connection; the remaining one should still not be default run_podman system connection rm $c2 - run_podman system connection ls + run_podman context ls is "$output" ".*$c1[ ]\+tcp://localhost:12345[ ]\+false" \ "system connection ls (after removing default connection)" - run_podman system connection rm $c1 + run_podman context rm $c1 } # Test tcp socket; requires starting a local server diff --git a/test/system/400-unprivileged-access.bats b/test/system/400-unprivileged-access.bats index 0d6be2d60..d70c95973 100644 --- a/test/system/400-unprivileged-access.bats +++ b/test/system/400-unprivileged-access.bats @@ -119,7 +119,7 @@ EOF # Some of the above may not exist on our host. Find only the ones that do. local -a subset=() - for mp in ${mps[@]}; do + for mp in "${mps[@]}"; do if [ -e $mp ]; then subset+=($mp) fi @@ -128,7 +128,7 @@ EOF # Run 'stat' on all the files, plus /dev/null. Get path, file type, # number of links, major, and minor (see below for why). Do it all # in one go, to avoid multiple podman-runs - run_podman '?' run --rm $IMAGE stat -c'%n:%F:%h:%T:%t' /dev/null ${subset[@]} + run_podman '?' run --rm $IMAGE stat -c'%n:%F:%h:%T:%t' /dev/null "${subset[@]}" assert $status -le 1 "stat exit status: expected 0 or 1" local devnull= diff --git a/vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go b/vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go index fc7db98fb..bf7671dd2 100644 --- a/vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go +++ b/vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:build !windows // +build !windows // Package activation implements primitives for systemd socket activation. diff --git a/vendor/github.com/coreos/go-systemd/v22/daemon/watchdog.go b/vendor/github.com/coreos/go-systemd/v22/daemon/watchdog.go index 7a0e0d3a5..25d9c1aa9 100644 --- a/vendor/github.com/coreos/go-systemd/v22/daemon/watchdog.go +++ b/vendor/github.com/coreos/go-systemd/v22/daemon/watchdog.go @@ -30,8 +30,8 @@ import ( // It returns one of the following: // (0, nil) - watchdog isn't enabled or we aren't the watched PID. // (0, err) - an error happened (e.g. error converting time). -// (time, nil) - watchdog is enabled and we can send ping. -// time is delay before inactive service will be killed. +// (time, nil) - watchdog is enabled and we can send ping. time is delay +// before inactive service will be killed. func SdWatchdogEnabled(unsetEnvironment bool) (time.Duration, error) { wusec := os.Getenv("WATCHDOG_USEC") wpid := os.Getenv("WATCHDOG_PID") diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go b/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go index cff5af1a6..147f756fe 100644 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go +++ b/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go @@ -176,6 +176,11 @@ func (c *Conn) Close() { c.sigconn.Close() } +// Connected returns whether conn is connected +func (c *Conn) Connected() bool { + return c.sysconn.Connected() && c.sigconn.Connected() +} + // NewConnection establishes a connection to a bus using a caller-supplied function. // This allows connecting to remote buses through a user-supplied mechanism. // The supplied function may be called multiple times, and should return independent connections. diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go b/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go index fa04afc70..074148cb4 100644 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go +++ b/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go @@ -417,6 +417,29 @@ func (c *Conn) listUnitsInternal(f storeFunc) ([]UnitStatus, error) { return status, nil } +// GetUnitByPID returns the unit object path of the unit a process ID +// belongs to. It takes a UNIX PID and returns the object path. The PID must +// refer to an existing system process +func (c *Conn) GetUnitByPID(ctx context.Context, pid uint32) (dbus.ObjectPath, error) { + var result dbus.ObjectPath + + err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.GetUnitByPID", 0, pid).Store(&result) + + return result, err +} + +// GetUnitNameByPID returns the name of the unit a process ID belongs to. It +// takes a UNIX PID and returns the object path. The PID must refer to an +// existing system process +func (c *Conn) GetUnitNameByPID(ctx context.Context, pid uint32) (string, error) { + path, err := c.GetUnitByPID(ctx, pid) + if err != nil { + return "", err + } + + return unitName(path), nil +} + // Deprecated: use ListUnitsContext instead. func (c *Conn) ListUnits() ([]UnitStatus, error) { return c.ListUnitsContext(context.Background()) @@ -828,3 +851,14 @@ func (c *Conn) listJobsInternal(ctx context.Context) ([]JobStatus, error) { return status, nil } + +// Freeze the cgroup associated with the unit. +// Note that FreezeUnit and ThawUnit are only supported on systems running with cgroup v2. +func (c *Conn) FreezeUnit(ctx context.Context, unit string) error { + return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.FreezeUnit", 0, unit).Store() +} + +// Unfreeze the cgroup associated with the unit. +func (c *Conn) ThawUnit(ctx context.Context, unit string) error { + return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ThawUnit", 0, unit).Store() +} diff --git a/vendor/github.com/coreos/go-systemd/v22/journal/journal_unix.go b/vendor/github.com/coreos/go-systemd/v22/journal/journal_unix.go index 8d58ca0fb..439ad2874 100644 --- a/vendor/github.com/coreos/go-systemd/v22/journal/journal_unix.go +++ b/vendor/github.com/coreos/go-systemd/v22/journal/journal_unix.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:build !windows // +build !windows // Package journal provides write bindings to the local systemd journal. @@ -53,15 +54,9 @@ var ( onceConn sync.Once ) -func init() { - onceConn.Do(initConn) -} - // Enabled checks whether the local systemd journal is available for logging. func Enabled() bool { - onceConn.Do(initConn) - - if (*net.UnixConn)(atomic.LoadPointer(&unixConnPtr)) == nil { + if c := getOrInitConn(); c == nil { return false } @@ -82,7 +77,7 @@ func Enabled() bool { // (http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html) // for more details. vars may be nil. func Send(message string, priority Priority, vars map[string]string) error { - conn := (*net.UnixConn)(atomic.LoadPointer(&unixConnPtr)) + conn := getOrInitConn() if conn == nil { return errors.New("could not initialize socket to journald") } @@ -126,6 +121,16 @@ func Send(message string, priority Priority, vars map[string]string) error { return nil } +// getOrInitConn attempts to get the global `unixConnPtr` socket, initializing if necessary +func getOrInitConn() *net.UnixConn { + conn := (*net.UnixConn)(atomic.LoadPointer(&unixConnPtr)) + if conn != nil { + return conn + } + onceConn.Do(initConn) + return (*net.UnixConn)(atomic.LoadPointer(&unixConnPtr)) +} + func appendVariable(w io.Writer, name, value string) { if err := validVarName(name); err != nil { fmt.Fprintf(os.Stderr, "variable name %s contains invalid character, ignoring\n", name) @@ -194,7 +199,7 @@ func tempFd() (*os.File, error) { } // initConn initializes the global `unixConnPtr` socket. -// It is meant to be called exactly once, at program startup. +// It is automatically called when needed. func initConn() { autobind, err := net.ResolveUnixAddr("unixgram", "") if err != nil { diff --git a/vendor/modules.txt b/vendor/modules.txt index 1d2cb00f2..f06b92015 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -315,7 +315,7 @@ github.com/containers/storage/types # github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f ## explicit github.com/coreos/go-systemd/activation -# github.com/coreos/go-systemd/v22 v22.3.2 +# github.com/coreos/go-systemd/v22 v22.4.0 ## explicit; go 1.12 github.com/coreos/go-systemd/v22/activation github.com/coreos/go-systemd/v22/daemon |