diff options
86 files changed, 2334 insertions, 811 deletions
@@ -3,6 +3,10 @@ Podman Service Interface and API description. The master version of this docume in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in the upstream libpod repository. ## Index +[func Attach(name: string, detachKeys: string, start: bool) ](#Attach) + +[func AttachControl(name: string) ](#AttachControl) + [func BuildImage(build: BuildInfo) MoreResponse](#BuildImage) [func BuildImageHierarchyMap(name: string) string](#BuildImageHierarchyMap) @@ -115,6 +119,8 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in [func PodStateData(name: string) string](#PodStateData) +[func Ps(opts: PsOpts) PsContainer](#Ps) + [func PullImage(name: string, certDir: string, creds: string, signaturePolicy: string, tlsVerify: ) MoreResponse](#PullImage) [func PushImage(name: string, tag: string, tlsverify: , signaturePolicy: string, creds: string, certDir: string, compress: bool, format: string, removeSignatures: bool, signBy: string) MoreResponse](#PushImage) @@ -135,6 +141,8 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in [func SendFile(type: string, length: int) string](#SendFile) +[func Spec(name: string) string](#Spec) + [func StartContainer(name: string) string](#StartContainer) [func StartPod(name: string) string](#StartPod) @@ -219,6 +227,10 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in [type PodmanInfo](#PodmanInfo) +[type PsContainer](#PsContainer) + +[type PsOpts](#PsOpts) + [type Runlabel](#Runlabel) [type Sockets](#Sockets) @@ -252,6 +264,17 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in [error WantsMoreRequired](#WantsMoreRequired) ## Methods +### <a name="Attach"></a>func Attach +<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;"> + +method Attach(name: [string](https://godoc.org/builtin#string), detachKeys: [string](https://godoc.org/builtin#string), start: [bool](https://godoc.org/builtin#bool)) </div> +Attach takes the name or ID of a container and sets up a the ability to remotely attach to its console. The start +bool is whether you wish to start the container in question first. +### <a name="AttachControl"></a>func AttachControl +<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;"> + +method AttachControl(name: [string](https://godoc.org/builtin#string)) </div> + ### <a name="BuildImage"></a>func BuildImage <div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;"> @@ -841,6 +864,11 @@ $ varlink call -m unix:/run/podman/io.podman/io.podman.PausePod '{"name": "fooba method PodStateData(name: [string](https://godoc.org/builtin#string)) [string](https://godoc.org/builtin#string)</div> PodStateData returns inspectr level information of a given pod in string form. This call is for development of Podman only and generally should not be used. +### <a name="Ps"></a>func Ps +<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;"> + +method Ps(opts: [PsOpts](#PsOpts)) [PsContainer](#PsContainer)</div> + ### <a name="PullImage"></a>func PullImage <div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;"> @@ -945,6 +973,11 @@ search results per registry. method SendFile(type: [string](https://godoc.org/builtin#string), length: [int](https://godoc.org/builtin#int)) [string](https://godoc.org/builtin#string)</div> Sendfile allows a remote client to send a file to the host +### <a name="Spec"></a>func Spec +<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;"> + +method Spec(name: [string](https://godoc.org/builtin#string)) [string](https://godoc.org/builtin#string)</div> +Spec returns the oci spec for a container. This call is for development of Podman only and generally should not be used. ### <a name="StartContainer"></a>func StartContainer <div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;"> @@ -1728,6 +1761,82 @@ insecure_registries [[]string](#[]string) store [InfoStore](#InfoStore) podman [InfoPodmanBinary](#InfoPodmanBinary) +### <a name="PsContainer"></a>type PsContainer + + + +id [string](https://godoc.org/builtin#string) + +image [string](https://godoc.org/builtin#string) + +command [string](https://godoc.org/builtin#string) + +created [string](https://godoc.org/builtin#string) + +ports [string](https://godoc.org/builtin#string) + +names [string](https://godoc.org/builtin#string) + +isInfra [bool](https://godoc.org/builtin#bool) + +status [string](https://godoc.org/builtin#string) + +state [string](https://godoc.org/builtin#string) + +pidNum [int](https://godoc.org/builtin#int) + +rootFsSize [int](https://godoc.org/builtin#int) + +rwSize [int](https://godoc.org/builtin#int) + +pod [string](https://godoc.org/builtin#string) + +createdAt [string](https://godoc.org/builtin#string) + +exitedAt [string](https://godoc.org/builtin#string) + +startedAt [string](https://godoc.org/builtin#string) + +labels [map[string]](#map[string]) + +nsPid [string](https://godoc.org/builtin#string) + +cgroup [string](https://godoc.org/builtin#string) + +ipc [string](https://godoc.org/builtin#string) + +mnt [string](https://godoc.org/builtin#string) + +net [string](https://godoc.org/builtin#string) + +pidNs [string](https://godoc.org/builtin#string) + +user [string](https://godoc.org/builtin#string) + +uts [string](https://godoc.org/builtin#string) + +mounts [string](https://godoc.org/builtin#string) +### <a name="PsOpts"></a>type PsOpts + + + +all [bool](https://godoc.org/builtin#bool) + +filters [](#) + +last [](#) + +latest [](#) + +noTrunc [](#) + +pod [](#) + +quiet [](#) + +sort [](#) + +sync [](#) ### <a name="Runlabel"></a>type Runlabel Runlabel describes the required input for container runlabel @@ -29,7 +29,7 @@ This project tests all builds against each supported version of Fedora, the late 1. Further work on the podman pod command 1. Further improvements on rootless containers -## [Shortcomings of Rootless Podman](https://github.com/containers/libpod/blob/master/docs/rootless.md) +## [Shortcomings of Rootless Podman](https://github.com/containers/libpod/blob/master/rootless.md) ## Out of scope diff --git a/cmd/podman/attach.go b/cmd/podman/attach.go index f326f53c3..2fa05a3b1 100644 --- a/cmd/podman/attach.go +++ b/cmd/podman/attach.go @@ -1,11 +1,7 @@ package main import ( - "os" - "github.com/containers/libpod/cmd/podman/cliconfig" - "github.com/containers/libpod/cmd/podman/libpodruntime" - "github.com/containers/libpod/libpod" "github.com/containers/libpod/pkg/adapter" "github.com/pkg/errors" "github.com/spf13/cobra" @@ -39,49 +35,21 @@ func init() { flags.BoolVar(&attachCommand.SigProxy, "sig-proxy", true, "Proxy received signals to the process") flags.BoolVarP(&attachCommand.Latest, "latest", "l", false, "Act on the latest container podman is aware of") markFlagHiddenForRemoteClient("latest", flags) + // TODO allow for passing of a new deatch keys + markFlagHiddenForRemoteClient("detach-keys", flags) } func attachCmd(c *cliconfig.AttachValues) error { - args := c.InputArgs - var ctr *libpod.Container - if len(c.InputArgs) > 1 || (len(c.InputArgs) == 0 && !c.Latest) { return errors.Errorf("attach requires the name or id of one running container or the latest flag") } - - runtime, err := libpodruntime.GetRuntime(&c.PodmanCommand) - if err != nil { - return errors.Wrapf(err, "error creating libpod runtime") - } - defer runtime.Shutdown(false) - - if c.Latest { - ctr, err = runtime.GetLatestContainer() - } else { - ctr, err = runtime.LookupContainer(args[0]) - } - - if err != nil { - return errors.Wrapf(err, "unable to exec into %s", args[0]) + if remoteclient && len(c.InputArgs) != 1 { + return errors.Errorf("attach requires the name or id of one running container") } - - conState, err := ctr.State() + runtime, err := adapter.GetRuntime(&c.PodmanCommand) if err != nil { - return errors.Wrapf(err, "unable to determine state of %s", args[0]) - } - if conState != libpod.ContainerStateRunning { - return errors.Errorf("you can only attach to running containers") - } - - inputStream := os.Stdin - if c.NoStdin { - inputStream = nil + return errors.Wrapf(err, "error creating runtime") } - - // If the container is in a pod, also set to recursively start dependencies - if err := adapter.StartAttachCtr(getContext(), ctr, os.Stdout, os.Stderr, inputStream, c.DetachKeys, c.SigProxy, false, ctr.PodID() != ""); err != nil && errors.Cause(err) != libpod.ErrDetach { - return errors.Wrapf(err, "error attaching to container %s", ctr.ID()) - } - - return nil + defer runtime.Shutdown(false) + return runtime.Attach(getContext(), c) } diff --git a/cmd/podman/checkpoint.go b/cmd/podman/checkpoint.go index dbf72c2cd..5b8d00ff9 100644 --- a/cmd/podman/checkpoint.go +++ b/cmd/podman/checkpoint.go @@ -1,13 +1,9 @@ package main import ( - "context" - "fmt" - "os" - "github.com/containers/libpod/cmd/podman/cliconfig" - "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/libpod" + "github.com/containers/libpod/pkg/adapter" "github.com/containers/libpod/pkg/rootless" "github.com/pkg/errors" "github.com/spf13/cobra" @@ -57,7 +53,7 @@ func checkpointCmd(c *cliconfig.CheckpointValues) error { return errors.New("checkpointing a container requires root") } - runtime, err := libpodruntime.GetRuntime(&c.PodmanCommand) + runtime, err := adapter.GetRuntime(&c.PodmanCommand) if err != nil { return errors.Wrapf(err, "could not get runtime") } @@ -68,17 +64,5 @@ func checkpointCmd(c *cliconfig.CheckpointValues) error { KeepRunning: c.LeaveRunning, TCPEstablished: c.TcpEstablished, } - containers, lastError := getAllOrLatestContainers(&c.PodmanCommand, runtime, libpod.ContainerStateRunning, "running") - - for _, ctr := range containers { - if err = ctr.Checkpoint(context.TODO(), options); err != nil { - if lastError != nil { - fmt.Fprintln(os.Stderr, lastError) - } - lastError = errors.Wrapf(err, "failed to checkpoint container %v", ctr.ID()) - } else { - fmt.Println(ctr.ID()) - } - } - return lastError + return runtime.Checkpoint(c, options) } diff --git a/cmd/podman/cliconfig/commands.go b/cmd/podman/cliconfig/commands.go index 3361c14b8..00b66e32a 100644 --- a/cmd/podman/cliconfig/commands.go +++ b/cmd/podman/cliconfig/commands.go @@ -1,6 +1,8 @@ package cliconfig -import "github.com/sirupsen/logrus" +import ( + "github.com/sirupsen/logrus" +) // GlobalIsSet is a compatibility method for urfave func (p *PodmanCommand) GlobalIsSet(opt string) bool { diff --git a/cmd/podman/cliconfig/config.go b/cmd/podman/cliconfig/config.go index f7ac0de6c..2692ace36 100644 --- a/cmd/podman/cliconfig/config.go +++ b/cmd/podman/cliconfig/config.go @@ -88,12 +88,13 @@ type CheckpointValues struct { type CommitValues struct { PodmanCommand - Change []string - Format string - Message string - Author string - Pause bool - Quiet bool + Change []string + Format string + Message string + Author string + Pause bool + Quiet bool + IncludeVolumes bool } type ContainersPrune struct { diff --git a/cmd/podman/commands.go b/cmd/podman/commands.go index e9afcbc06..6156fc2f8 100644 --- a/cmd/podman/commands.go +++ b/cmd/podman/commands.go @@ -11,12 +11,9 @@ const remoteclient = false // Commands that the local client implements func getMainCommands() []*cobra.Command { rootCommands := []*cobra.Command{ - _attachCommand, _commitCommand, _execCommand, - _generateCommand, _playCommand, - &_psCommand, _loginCommand, _logoutCommand, _mountCommand, @@ -24,12 +21,10 @@ func getMainCommands() []*cobra.Command { _portCommand, _refreshCommand, _restartCommand, - _rmCommand, _searchCommand, _startCommand, _statsCommand, _topCommand, - _umountCommand, _unpauseCommand, } @@ -50,7 +45,6 @@ func getImageSubCommands() []*cobra.Command { func getContainerSubCommands() []*cobra.Command { return []*cobra.Command{ - _attachCommand, _checkpointCommand, _cleanupCommand, _commitCommand, @@ -76,12 +70,6 @@ func getContainerSubCommands() []*cobra.Command { } } -func getGenerateSubCommands() []*cobra.Command { - return []*cobra.Command{ - _containerKubeCommand, - } -} - // Commands that the local client implements func getPlaySubCommands() []*cobra.Command { return []*cobra.Command{ @@ -107,7 +95,7 @@ func getSystemSubCommands() []*cobra.Command { } // Commands that the local client implements -func getHealtcheckSubCommands() []*cobra.Command { +func getHealthcheckSubCommands() []*cobra.Command { return []*cobra.Command{ _healthcheckrunCommand, } diff --git a/cmd/podman/commands_remoteclient.go b/cmd/podman/commands_remoteclient.go index 9b09e7dbc..278fe229c 100644 --- a/cmd/podman/commands_remoteclient.go +++ b/cmd/podman/commands_remoteclient.go @@ -49,6 +49,6 @@ func getSystemSubCommands() []*cobra.Command { } // Commands that the remoteclient implements -func getHealtcheckSubCommands() []*cobra.Command { +func getHealthcheckSubCommands() []*cobra.Command { return []*cobra.Command{} } diff --git a/cmd/podman/commit.go b/cmd/podman/commit.go index f7e206856..0077ff297 100644 --- a/cmd/podman/commit.go +++ b/cmd/podman/commit.go @@ -2,19 +2,19 @@ package main import ( "fmt" - "github.com/containers/libpod/cmd/podman/cliconfig" - "github.com/spf13/cobra" "io" "os" "strings" "github.com/containers/buildah" "github.com/containers/image/manifest" + "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/libpod" "github.com/containers/libpod/libpod/image" "github.com/containers/libpod/pkg/util" "github.com/pkg/errors" + "github.com/spf13/cobra" ) var ( @@ -47,7 +47,7 @@ func init() { flags.StringVarP(&commitCommand.Author, "author", "a", "", "Set the author for the image committed") flags.BoolVarP(&commitCommand.Pause, "pause", "p", false, "Pause container during commit") flags.BoolVarP(&commitCommand.Quiet, "quiet", "q", false, "Suppress output") - + flags.BoolVar(&commitCommand.IncludeVolumes, "include-volumes", false, "Include container volumes as image volumes") } func commitCmd(c *cliconfig.CommitValues) error { @@ -109,11 +109,12 @@ func commitCmd(c *cliconfig.CommitValues) error { PreferredManifestType: mimeType, } options := libpod.ContainerCommitOptions{ - CommitOptions: coptions, - Pause: c.Pause, - Message: c.Message, - Changes: c.Change, - Author: c.Author, + CommitOptions: coptions, + Pause: c.Pause, + IncludeVolumes: c.IncludeVolumes, + Message: c.Message, + Changes: c.Change, + Author: c.Author, } newImage, err := ctr.Commit(getContext(), reference, options) if err != nil { diff --git a/cmd/podman/container.go b/cmd/podman/container.go index d1c42f673..380d1f250 100644 --- a/cmd/podman/container.go +++ b/cmd/podman/container.go @@ -50,6 +50,7 @@ var ( // Commands that are universally implemented. containerCommands = []*cobra.Command{ + _attachCommand, _containerExistsCommand, _contInspectSubCommand, _diffCommand, diff --git a/cmd/podman/create.go b/cmd/podman/create.go index 1af3920dd..3267e5b7b 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -66,7 +66,7 @@ func createCmd(c *cliconfig.CreateValues) error { } func createInit(c *cliconfig.PodmanCommand) error { - if c.Bool("trace") { + if !remote && c.Bool("trace") { span, _ := opentracing.StartSpanFromContext(Ctx, "createInit") defer span.Finish() } diff --git a/cmd/podman/generate.go b/cmd/podman/generate.go index 197fd26a6..a0637ecb2 100644 --- a/cmd/podman/generate.go +++ b/cmd/podman/generate.go @@ -14,10 +14,15 @@ var ( Long: generateDescription, RunE: commandRunE(), } + + // Commands that are universally implemented + generateCommands = []*cobra.Command{ + _containerKubeCommand, + } ) func init() { generateCommand.Command = _generateCommand - generateCommand.AddCommand(getGenerateSubCommands()...) + generateCommand.AddCommand(generateCommands...) generateCommand.SetUsageTemplate(UsageTemplate()) } diff --git a/cmd/podman/generate_kube.go b/cmd/podman/generate_kube.go index c58372899..30818403b 100644 --- a/cmd/podman/generate_kube.go +++ b/cmd/podman/generate_kube.go @@ -3,13 +3,11 @@ package main import ( "fmt" "github.com/containers/libpod/cmd/podman/cliconfig" - "github.com/containers/libpod/cmd/podman/libpodruntime" - "github.com/containers/libpod/libpod" + "github.com/containers/libpod/pkg/adapter" podmanVersion "github.com/containers/libpod/version" "github.com/ghodss/yaml" "github.com/pkg/errors" "github.com/spf13/cobra" - "k8s.io/api/core/v1" ) var ( @@ -42,14 +40,12 @@ func init() { func generateKubeYAMLCmd(c *cliconfig.GenerateKubeValues) error { var ( - podYAML *v1.Pod - container *libpod.Container - err error - output []byte - pod *libpod.Pod + //podYAML *v1.Pod + err error + output []byte + //pod *libpod.Pod marshalledPod []byte marshalledService []byte - servicePorts []v1.ServicePort ) args := c.InputArgs @@ -57,43 +53,27 @@ func generateKubeYAMLCmd(c *cliconfig.GenerateKubeValues) error { return errors.Errorf("you must provide exactly one container|pod ID or name") } - runtime, err := libpodruntime.GetRuntime(&c.PodmanCommand) + runtime, err := adapter.GetRuntime(&c.PodmanCommand) if err != nil { return errors.Wrapf(err, "could not get runtime") } defer runtime.Shutdown(false) - // Get the container in question - container, err = runtime.LookupContainer(args[0]) + podYAML, serviceYAML, err := runtime.GenerateKube(c) if err != nil { - pod, err = runtime.LookupPod(args[0]) - if err != nil { - return err - } - podYAML, servicePorts, err = pod.GenerateForKube() - } else { - if len(container.Dependencies()) > 0 { - return errors.Wrapf(libpod.ErrNotImplemented, "containers with dependencies") - } - podYAML, err = container.GenerateForKube() + return err } + // Marshall the results + marshalledPod, err = yaml.Marshal(podYAML) if err != nil { return err } - if c.Service { - serviceYAML := libpod.GenerateKubeServiceFromV1Pod(podYAML, servicePorts) marshalledService, err = yaml.Marshal(serviceYAML) if err != nil { return err } } - // Marshall the results - marshalledPod, err = yaml.Marshal(podYAML) - if err != nil { - return err - } - header := `# Generation of Kubernetes YAML is still under development! # # Save the output of this file and use kubectl create -f to import diff --git a/cmd/podman/healthcheck.go b/cmd/podman/healthcheck.go index 48d6b6bbf..9fb099ffa 100644 --- a/cmd/podman/healthcheck.go +++ b/cmd/podman/healthcheck.go @@ -20,7 +20,7 @@ var healthcheckCommands []*cobra.Command func init() { healthcheckCommand.AddCommand(healthcheckCommands...) - healthcheckCommand.AddCommand(getHealtcheckSubCommands()...) + healthcheckCommand.AddCommand(getHealthcheckSubCommands()...) healthcheckCommand.SetUsageTemplate(UsageTemplate()) rootCmd.AddCommand(healthcheckCommand.Command) } diff --git a/cmd/podman/imagefilters/filters.go b/cmd/podman/imagefilters/filters.go index 2932d61c0..aa5776599 100644 --- a/cmd/podman/imagefilters/filters.go +++ b/cmd/podman/imagefilters/filters.go @@ -37,9 +37,12 @@ func CreatedAfterFilter(createTime time.Time) ResultFilter { } // DanglingFilter allows you to filter images for dangling images -func DanglingFilter() ResultFilter { +func DanglingFilter(danglingImages bool) ResultFilter { return func(i *adapter.ContainerImage) bool { - return i.Dangling() + if danglingImages { + return i.Dangling() + } + return !i.Dangling() } } diff --git a/cmd/podman/images.go b/cmd/podman/images.go index 6133450be..c38d7035d 100644 --- a/cmd/podman/images.go +++ b/cmd/podman/images.go @@ -5,6 +5,7 @@ import ( "fmt" "reflect" "sort" + "strconv" "strings" "time" "unicode" @@ -318,13 +319,14 @@ func getImagesJSONOutput(ctx context.Context, images []*adapter.ContainerImage) func generateImagesOutput(ctx context.Context, images []*adapter.ContainerImage, opts imagesOptions) error { templateMap := GenImageOutputMap() - if len(images) == 0 { - return nil - } var out formats.Writer switch opts.format { case formats.JSONString: + // If 0 images are present, print nothing for JSON + if len(images) == 0 { + return nil + } imagesOutput := getImagesJSONOutput(ctx, images) out = formats.JSONStructArray{Output: imagesToGeneric([]imagesTemplateParams{}, imagesOutput)} default: @@ -359,6 +361,9 @@ func CreateFilterFuncs(ctx context.Context, r *adapter.LocalRuntime, filters []s var filterFuncs []imagefilters.ResultFilter for _, filter := range filters { splitFilter := strings.Split(filter, "=") + if len(splitFilter) != 2 { + return nil, errors.Errorf("invalid filter syntax %s", filter) + } switch splitFilter[0] { case "before": before, err := r.NewImageFromLocal(splitFilter[1]) @@ -373,7 +378,11 @@ func CreateFilterFuncs(ctx context.Context, r *adapter.LocalRuntime, filters []s } filterFuncs = append(filterFuncs, imagefilters.CreatedAfterFilter(after.Created())) case "dangling": - filterFuncs = append(filterFuncs, imagefilters.DanglingFilter()) + danglingImages, err := strconv.ParseBool(splitFilter[1]) + if err != nil { + return nil, errors.Wrapf(err, "invalid filter dangling=%s", splitFilter[1]) + } + filterFuncs = append(filterFuncs, imagefilters.DanglingFilter(danglingImages)) case "label": labelFilter := strings.Join(splitFilter[1:], "=") filterFuncs = append(filterFuncs, imagefilters.LabelFilter(ctx, labelFilter)) diff --git a/cmd/podman/kill.go b/cmd/podman/kill.go index 6019fbfec..20142e0bf 100644 --- a/cmd/podman/kill.go +++ b/cmd/podman/kill.go @@ -1,9 +1,6 @@ package main import ( - "fmt" - "reflect" - "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/pkg/adapter" "github.com/docker/docker/pkg/signal" @@ -71,21 +68,5 @@ func killCmd(c *cliconfig.KillValues) error { if err != nil { return err } - - for _, id := range ok { - fmt.Println(id) - } - - if len(failures) > 0 { - keys := reflect.ValueOf(failures).MapKeys() - lastKey := keys[len(keys)-1].String() - lastErr := failures[lastKey] - delete(failures, lastKey) - - for _, err := range failures { - outputError(err) - } - return lastErr - } - return nil + return printCmdResults(ok, failures) } diff --git a/cmd/podman/main.go b/cmd/podman/main.go index b44cf9f0a..e8c3e14ea 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -3,26 +3,18 @@ package main import ( "context" "io" - "io/ioutil" - "log/syslog" "os" - "runtime/pprof" - "strconv" - "strings" "syscall" "github.com/containers/libpod/cmd/podman/cliconfig" - "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/libpod" _ "github.com/containers/libpod/pkg/hooks/0.1.0" "github.com/containers/libpod/pkg/rootless" - "github.com/containers/libpod/pkg/tracing" "github.com/containers/libpod/version" "github.com/containers/storage/pkg/reexec" "github.com/opentracing/opentracing-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" - lsyslog "github.com/sirupsen/logrus/hooks/syslog" "github.com/spf13/cobra" ) @@ -38,11 +30,13 @@ var ( // Commands that the remote and local client have // implemented. var mainCommands = []*cobra.Command{ + _attachCommand, _buildCommand, _diffCommand, _createCommand, _eventsCommand, _exportCommand, + _generateCommand, _historyCommand, &_imagesCommand, _importCommand, @@ -52,13 +46,16 @@ var mainCommands = []*cobra.Command{ _loadCommand, _logsCommand, podCommand.Command, + &_psCommand, _pullCommand, _pushCommand, + _rmCommand, &_rmiCommand, _runCommand, _saveCommand, _stopCommand, _tagCommand, + _umountCommand, _versionCommand, _waitCommand, imageCommand.Command, @@ -85,40 +82,13 @@ func init() { cobra.OnInitialize(initConfig) rootCmd.TraverseChildren = true rootCmd.Version = version.Version - rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.CGroupManager, "cgroup-manager", "", "Cgroup manager to use (cgroupfs or systemd, default systemd)") - // -c is deprecated due to conflict with -c on subcommands - rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.CpuProfile, "cpu-profile", "", "Path for the cpu profiling results") - rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Config, "config", "", "Path of a libpod config file detailing container server configuration options") - rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.ConmonPath, "conmon", "", "Path of the conmon binary") - rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.NetworkCmdPath, "network-cmd-path", "", "Path to the command for configuring the network") - rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.CniConfigDir, "cni-config-dir", "", "Path of the configuration directory for CNI networks") - rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.DefaultMountsFile, "default-mounts-file", "", "Path to default mounts file") - rootCmd.PersistentFlags().MarkHidden("defaults-mount-file") - // Override default --help information of `--help` global flag - var dummyHelp bool - rootCmd.PersistentFlags().BoolVar(&dummyHelp, "help", false, "Help for podman") - rootCmd.PersistentFlags().StringSliceVar(&MainGlobalOpts.HooksDir, "hooks-dir", []string{}, "Set the OCI hooks directory path (may be set multiple times)") - rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.LogLevel, "log-level", "error", "Log messages above specified level: debug, info, warn, error, fatal or panic") - rootCmd.PersistentFlags().IntVar(&MainGlobalOpts.MaxWorks, "max-workers", 0, "The maximum number of workers for parallel operations") - rootCmd.PersistentFlags().MarkHidden("max-workers") - rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Namespace, "namespace", "", "Set the libpod namespace, used to create separate views of the containers and pods on the system") - rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Root, "root", "", "Path to the root directory in which data, including images, is stored") - rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Runroot, "runroot", "", "Path to the 'run directory' where all state information is stored") - rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Runtime, "runtime", "", "Path to the OCI-compatible binary used to run containers, default is /usr/bin/runc") - // -s is depracated due to conflict with -s on subcommands - rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.StorageDriver, "storage-driver", "", "Select which storage driver is used to manage storage of images and containers (default is overlay)") - rootCmd.PersistentFlags().StringSliceVar(&MainGlobalOpts.StorageOpts, "storage-opt", []string{}, "Used to pass an option to the storage driver") - rootCmd.PersistentFlags().BoolVar(&MainGlobalOpts.Syslog, "syslog", false, "Output logging information to syslog as well as the console") - - rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.TmpDir, "tmpdir", "", "Path to the tmp directory") - rootCmd.PersistentFlags().BoolVar(&MainGlobalOpts.Trace, "trace", false, "Enable opentracing output") // Override default --help information of `--version` global flag var dummyVersion bool rootCmd.PersistentFlags().BoolVar(&dummyVersion, "version", false, "Version for podman") rootCmd.AddCommand(mainCommands...) rootCmd.AddCommand(getMainCommands()...) - } + func initConfig() { // we can do more stuff in here. } @@ -128,63 +98,16 @@ func before(cmd *cobra.Command, args []string) error { logrus.Errorf(err.Error()) os.Exit(1) } - if os.Geteuid() != 0 && cmd != _searchCommand && cmd != _versionCommand && !strings.HasPrefix(cmd.Use, "help") { - podmanCmd := cliconfig.PodmanCommand{ - cmd, - args, - MainGlobalOpts, - } - runtime, err := libpodruntime.GetRuntime(&podmanCmd) - if err != nil { - return errors.Wrapf(err, "could not get runtime") - } - defer runtime.Shutdown(false) - - ctrs, err := runtime.GetRunningContainers() - if err != nil { - logrus.Errorf(err.Error()) - os.Exit(1) - } - var became bool - var ret int - if len(ctrs) == 0 { - became, ret, err = rootless.BecomeRootInUserNS() - } else { - for _, ctr := range ctrs { - data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile) - if err != nil { - logrus.Errorf(err.Error()) - os.Exit(1) - } - conmonPid, err := strconv.Atoi(string(data)) - if err != nil { - logrus.Errorf(err.Error()) - os.Exit(1) - } - became, ret, err = rootless.JoinUserAndMountNS(uint(conmonPid)) - if err == nil { - break - } - } - } - if err != nil { - logrus.Errorf(err.Error()) - os.Exit(1) - } - if became { - os.Exit(ret) - } + if err := setupRootless(cmd, args); err != nil { + return err } - if MainGlobalOpts.Syslog { - hook, err := lsyslog.NewSyslogHook("", "", syslog.LOG_INFO, "") - if err == nil { - logrus.AddHook(hook) - } + // Set log level; if not log-level is provided, default to error + logLevel := MainGlobalOpts.LogLevel + if logLevel == "" { + logLevel = "error" } - - // Set log level - level, err := logrus.ParseLevel(MainGlobalOpts.LogLevel) + level, err := logrus.ParseLevel(logLevel) if err != nil { return err } @@ -209,36 +132,11 @@ func before(cmd *cobra.Command, args []string) error { // Be sure we can create directories with 0755 mode. syscall.Umask(0022) - - if cmd.Flag("cpu-profile").Changed { - f, err := os.Create(MainGlobalOpts.CpuProfile) - if err != nil { - return errors.Wrapf(err, "unable to create cpu profiling file %s", - MainGlobalOpts.CpuProfile) - } - pprof.StartCPUProfile(f) - } - if cmd.Flag("trace").Changed { - var tracer opentracing.Tracer - tracer, closer = tracing.Init("podman") - opentracing.SetGlobalTracer(tracer) - - span = tracer.StartSpan("before-context") - - Ctx = opentracing.ContextWithSpan(context.Background(), span) - } - return nil + return profileOn(cmd) } func after(cmd *cobra.Command, args []string) error { - if cmd.Flag("cpu-profile").Changed { - pprof.StopCPUProfile() - } - if cmd.Flag("trace").Changed { - span.Finish() - closer.Close() - } - return nil + return profileOff(cmd) } func main() { diff --git a/cmd/podman/main_local.go b/cmd/podman/main_local.go new file mode 100644 index 000000000..e008a4617 --- /dev/null +++ b/cmd/podman/main_local.go @@ -0,0 +1,155 @@ +// +build !remoteclient + +package main + +import ( + "context" + "github.com/containers/libpod/cmd/podman/cliconfig" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/pkg/rootless" + "io/ioutil" + "log/syslog" + "os" + "runtime/pprof" + "strconv" + "strings" + + "github.com/containers/libpod/pkg/tracing" + "github.com/opentracing/opentracing-go" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" + lsyslog "github.com/sirupsen/logrus/hooks/syslog" + "github.com/spf13/cobra" +) + +const remote = false + +func init() { + + rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.CGroupManager, "cgroup-manager", "", "Cgroup manager to use (cgroupfs or systemd, default systemd)") + // -c is deprecated due to conflict with -c on subcommands + rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.CpuProfile, "cpu-profile", "", "Path for the cpu profiling results") + rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Config, "config", "", "Path of a libpod config file detailing container server configuration options") + rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.ConmonPath, "conmon", "", "Path of the conmon binary") + rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.NetworkCmdPath, "network-cmd-path", "", "Path to the command for configuring the network") + rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.CniConfigDir, "cni-config-dir", "", "Path of the configuration directory for CNI networks") + rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.DefaultMountsFile, "default-mounts-file", "", "Path to default mounts file") + rootCmd.PersistentFlags().MarkHidden("defaults-mount-file") + // Override default --help information of `--help` global flag + var dummyHelp bool + rootCmd.PersistentFlags().BoolVar(&dummyHelp, "help", false, "Help for podman") + rootCmd.PersistentFlags().StringSliceVar(&MainGlobalOpts.HooksDir, "hooks-dir", []string{}, "Set the OCI hooks directory path (may be set multiple times)") + rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.LogLevel, "log-level", "error", "Log messages above specified level: debug, info, warn, error, fatal or panic") + rootCmd.PersistentFlags().IntVar(&MainGlobalOpts.MaxWorks, "max-workers", 0, "The maximum number of workers for parallel operations") + rootCmd.PersistentFlags().MarkHidden("max-workers") + rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Namespace, "namespace", "", "Set the libpod namespace, used to create separate views of the containers and pods on the system") + rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Root, "root", "", "Path to the root directory in which data, including images, is stored") + rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Runroot, "runroot", "", "Path to the 'run directory' where all state information is stored") + rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Runtime, "runtime", "", "Path to the OCI-compatible binary used to run containers, default is /usr/bin/runc") + // -s is depracated due to conflict with -s on subcommands + rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.StorageDriver, "storage-driver", "", "Select which storage driver is used to manage storage of images and containers (default is overlay)") + rootCmd.PersistentFlags().StringSliceVar(&MainGlobalOpts.StorageOpts, "storage-opt", []string{}, "Used to pass an option to the storage driver") + rootCmd.PersistentFlags().BoolVar(&MainGlobalOpts.Syslog, "syslog", false, "Output logging information to syslog as well as the console") + + rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.TmpDir, "tmpdir", "", "Path to the tmp directory") + rootCmd.PersistentFlags().BoolVar(&MainGlobalOpts.Trace, "trace", false, "Enable opentracing output") +} + +func setSyslog() error { + if MainGlobalOpts.Syslog { + hook, err := lsyslog.NewSyslogHook("", "", syslog.LOG_INFO, "") + if err == nil { + logrus.AddHook(hook) + return nil + } + return err + } + return nil +} + +func profileOn(cmd *cobra.Command) error { + if cmd.Flag("cpu-profile").Changed { + f, err := os.Create(MainGlobalOpts.CpuProfile) + if err != nil { + return errors.Wrapf(err, "unable to create cpu profiling file %s", + MainGlobalOpts.CpuProfile) + } + if err := pprof.StartCPUProfile(f); err != nil { + return err + } + } + + if cmd.Flag("trace").Changed { + var tracer opentracing.Tracer + tracer, closer = tracing.Init("podman") + opentracing.SetGlobalTracer(tracer) + + span = tracer.StartSpan("before-context") + + Ctx = opentracing.ContextWithSpan(context.Background(), span) + } + return nil +} + +func profileOff(cmd *cobra.Command) error { + if cmd.Flag("cpu-profile").Changed { + pprof.StopCPUProfile() + } + if cmd.Flag("trace").Changed { + span.Finish() + closer.Close() + } + return nil +} + +func setupRootless(cmd *cobra.Command, args []string) error { + if os.Geteuid() == 0 || cmd == _searchCommand || cmd == _versionCommand || strings.HasPrefix(cmd.Use, "help") { + return nil + } + podmanCmd := cliconfig.PodmanCommand{ + cmd, + args, + MainGlobalOpts, + } + runtime, err := libpodruntime.GetRuntime(&podmanCmd) + if err != nil { + return errors.Wrapf(err, "could not get runtime") + } + defer runtime.Shutdown(false) + + ctrs, err := runtime.GetRunningContainers() + if err != nil { + logrus.Errorf(err.Error()) + os.Exit(1) + } + var became bool + var ret int + if len(ctrs) == 0 { + became, ret, err = rootless.BecomeRootInUserNS() + } else { + for _, ctr := range ctrs { + data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile) + if err != nil { + logrus.Errorf(err.Error()) + os.Exit(1) + } + conmonPid, err := strconv.Atoi(string(data)) + if err != nil { + logrus.Errorf(err.Error()) + os.Exit(1) + } + became, ret, err = rootless.JoinUserAndMountNS(uint(conmonPid)) + if err == nil { + break + } + } + } + if err != nil { + logrus.Errorf(err.Error()) + os.Exit(1) + } + if became { + os.Exit(ret) + } + return nil +} diff --git a/cmd/podman/main_remote.go b/cmd/podman/main_remote.go new file mode 100644 index 000000000..2a7d184cd --- /dev/null +++ b/cmd/podman/main_remote.go @@ -0,0 +1,43 @@ +// +build remoteclient + +package main + +import ( + "os" + + "github.com/containers/libpod/pkg/rootless" + "github.com/sirupsen/logrus" + "github.com/spf13/cobra" +) + +const remote = true + +func init() { + // remote client specific flags can go here. +} + +func setSyslog() error { + return nil +} + +func profileOn(cmd *cobra.Command) error { + return nil +} + +func profileOff(cmd *cobra.Command) error { + return nil +} + +func setupRootless(cmd *cobra.Command, args []string) error { + if rootless.IsRootless() { + became, ret, err := rootless.BecomeRootInUserNS() + if err != nil { + logrus.Errorf(err.Error()) + os.Exit(1) + } + if became { + os.Exit(ret) + } + } + return nil +} diff --git a/cmd/podman/ps.go b/cmd/podman/ps.go index 759a03b86..5bb88f227 100644 --- a/cmd/podman/ps.go +++ b/cmd/podman/ps.go @@ -6,7 +6,6 @@ import ( "os" "reflect" "sort" - "strconv" "strings" "text/tabwriter" "time" @@ -14,15 +13,12 @@ import ( tm "github.com/buger/goterm" "github.com/containers/buildah/pkg/formats" "github.com/containers/libpod/cmd/podman/cliconfig" - "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/cmd/podman/shared" - "github.com/containers/libpod/libpod" - "github.com/containers/libpod/pkg/util" + "github.com/containers/libpod/pkg/adapter" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/docker/go-units" "github.com/opentracing/opentracing-go" "github.com/pkg/errors" - "github.com/sirupsen/logrus" "github.com/spf13/cobra" "k8s.io/apimachinery/pkg/fields" ) @@ -205,10 +201,6 @@ func psCmd(c *cliconfig.PsValues) error { span, _ := opentracing.StartSpanFromContext(Ctx, "psCmd") defer span.Finish() } - // TODO disable when single rootless userns merges - if c.Bool("size") && os.Geteuid() != 0 { - return errors.New("the --size option is not presently supported without root") - } var watch bool @@ -224,7 +216,7 @@ func psCmd(c *cliconfig.PsValues) error { return errors.Wrapf(err, "error with flags passed") } - runtime, err := libpodruntime.GetRuntime(&c.PodmanCommand) + runtime, err := adapter.GetRuntime(&c.PodmanCommand) if err != nil { return errors.Wrapf(err, "error creating libpod runtime") } @@ -279,128 +271,6 @@ func checkFlagsPassed(c *cliconfig.PsValues) error { return nil } -func generateContainerFilterFuncs(filter, filterValue string, runtime *libpod.Runtime) (func(container *libpod.Container) bool, error) { - switch filter { - case "id": - return func(c *libpod.Container) bool { - return strings.Contains(c.ID(), filterValue) - }, nil - case "label": - var filterArray []string = strings.SplitN(filterValue, "=", 2) - var filterKey string = filterArray[0] - if len(filterArray) > 1 { - filterValue = filterArray[1] - } else { - filterValue = "" - } - return func(c *libpod.Container) bool { - for labelKey, labelValue := range c.Labels() { - if labelKey == filterKey && ("" == filterValue || labelValue == filterValue) { - return true - } - } - return false - }, nil - case "name": - return func(c *libpod.Container) bool { - return strings.Contains(c.Name(), filterValue) - }, nil - case "exited": - exitCode, err := strconv.ParseInt(filterValue, 10, 32) - if err != nil { - return nil, errors.Wrapf(err, "exited code out of range %q", filterValue) - } - return func(c *libpod.Container) bool { - ec, exited, err := c.ExitCode() - if ec == int32(exitCode) && err == nil && exited == true { - return true - } - return false - }, nil - case "status": - if !util.StringInSlice(filterValue, []string{"created", "running", "paused", "stopped", "exited", "unknown"}) { - return nil, errors.Errorf("%s is not a valid status", filterValue) - } - return func(c *libpod.Container) bool { - status, err := c.State() - if err != nil { - return false - } - if filterValue == "stopped" { - filterValue = "exited" - } - state := status.String() - if status == libpod.ContainerStateConfigured { - state = "created" - } else if status == libpod.ContainerStateStopped { - state = "exited" - } - return state == filterValue - }, nil - case "ancestor": - // This needs to refine to match docker - // - ancestor=(<image-name>[:tag]|<image-id>| ⟨image@digest⟩) - containers created from an image or a descendant. - return func(c *libpod.Container) bool { - containerConfig := c.Config() - if strings.Contains(containerConfig.RootfsImageID, filterValue) || strings.Contains(containerConfig.RootfsImageName, filterValue) { - return true - } - return false - }, nil - case "before": - ctr, err := runtime.LookupContainer(filterValue) - if err != nil { - return nil, errors.Errorf("unable to find container by name or id of %s", filterValue) - } - containerConfig := ctr.Config() - createTime := containerConfig.CreatedTime - return func(c *libpod.Container) bool { - cc := c.Config() - return createTime.After(cc.CreatedTime) - }, nil - case "since": - ctr, err := runtime.LookupContainer(filterValue) - if err != nil { - return nil, errors.Errorf("unable to find container by name or id of %s", filterValue) - } - containerConfig := ctr.Config() - createTime := containerConfig.CreatedTime - return func(c *libpod.Container) bool { - cc := c.Config() - return createTime.Before(cc.CreatedTime) - }, nil - case "volume": - //- volume=(<volume-name>|<mount-point-destination>) - return func(c *libpod.Container) bool { - containerConfig := c.Config() - var dest string - arr := strings.Split(filterValue, ":") - source := arr[0] - if len(arr) == 2 { - dest = arr[1] - } - for _, mount := range containerConfig.Spec.Mounts { - if dest != "" && (mount.Source == source && mount.Destination == dest) { - return true - } - if dest == "" && mount.Source == source { - return true - } - } - return false - }, nil - case "health": - return func(c *libpod.Container) bool { - hcStatus, err := c.HealthCheckStatus() - if err != nil { - return false - } - return hcStatus == filterValue - }, nil - } - return nil, errors.Errorf("%s is an invalid filter", filter) -} - // generate the accurate header based on template given func (p *psTemplateParams) headerMap() map[string]string { v := reflect.Indirect(reflect.ValueOf(p)) @@ -550,11 +420,9 @@ func dumpJSON(containers []shared.PsContainerOutput) error { return nil } -func psDisplay(c *cliconfig.PsValues, runtime *libpod.Runtime) error { +func psDisplay(c *cliconfig.PsValues, runtime *adapter.LocalRuntime) error { var ( - filterFuncs []libpod.ContainerFilter - outputContainers []*libpod.Container - err error + err error ) opts := shared.PsOptions{ All: c.All, @@ -570,51 +438,8 @@ func psDisplay(c *cliconfig.PsValues, runtime *libpod.Runtime) error { Sync: c.Sync, } - maxWorkers := shared.Parallelize("ps") - if c.GlobalIsSet("max-workers") { - maxWorkers = c.GlobalFlags.MaxWorks - } - logrus.Debugf("Setting maximum workers to %d", maxWorkers) - - filters := c.Filter - if len(filters) > 0 { - for _, f := range filters { - filterSplit := strings.SplitN(f, "=", 2) - if len(filterSplit) < 2 { - return errors.Errorf("filter input must be in the form of filter=value: %s is invalid", f) - } - generatedFunc, err := generateContainerFilterFuncs(filterSplit[0], filterSplit[1], runtime) - if err != nil { - return errors.Wrapf(err, "invalid filter") - } - filterFuncs = append(filterFuncs, generatedFunc) - } - } - if !opts.Latest { - // Get all containers - containers, err := runtime.GetContainers(filterFuncs...) - if err != nil { - return err - } - - // We only want the last few containers - if opts.Last > 0 && opts.Last <= len(containers) { - return errors.Errorf("--last not yet supported") - } else { - outputContainers = containers - } - } else { - // Get just the latest container - // Ignore filters - latestCtr, err := runtime.GetLatestContainer() - if err != nil { - return err - } - - outputContainers = []*libpod.Container{latestCtr} - } - - pss := shared.PBatch(outputContainers, maxWorkers, opts) + pss, err := runtime.Ps(c, opts) + // Here and down if opts.Sort != "" { pss, err = sortPsOutput(opts.Sort, pss) if err != nil { diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go index 2aac28642..7cc7b65b3 100644 --- a/cmd/podman/pull.go +++ b/cmd/podman/pull.go @@ -46,18 +46,27 @@ func init() { pullCommand.SetUsageTemplate(UsageTemplate()) flags := pullCommand.Flags() flags.BoolVar(&pullCommand.AllTags, "all-tags", false, "All tagged images inthe repository will be pulled") - flags.StringVar(&pullCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override") flags.StringVar(&pullCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys") flags.StringVar(&pullCommand.Creds, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry") flags.BoolVarP(&pullCommand.Quiet, "quiet", "q", false, "Suppress output information when pulling images") - flags.StringVar(&pullCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)") - flags.BoolVar(&pullCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries") + + // Disabled flags for the remote client + if !remote { + flags.StringVar(&pullCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override") + flags.StringVar(&pullCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)") + flags.BoolVar(&pullCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries") + } } // pullCmd gets the data from the command line and calls pullImage // to copy an image from a registry to a local machine -func pullCmd(c *cliconfig.PullValues) error { +func pullCmd(c *cliconfig.PullValues) (retError error) { + defer func() { + if retError != nil && exitCode == 0 { + exitCode = 1 + } + }() if c.Bool("trace") { span, _ := opentracing.StartSpanFromContext(Ctx, "pullCmd") defer span.Finish() @@ -159,7 +168,7 @@ func pullCmd(c *cliconfig.PullValues) error { for _, name := range names { newImage, err := runtime.New(getContext(), name, c.String("signature-policy"), authfile, writer, &dockerRegistryOptions, image.SigningOptions{}, true, nil) if err != nil { - println(errors.Wrapf(err, "error pulling image %q", name)) + logrus.Errorf("error pulling image %q", name) foundImage = false continue } diff --git a/cmd/podman/push.go b/cmd/podman/push.go index a1dac24ae..a5638a698 100644 --- a/cmd/podman/push.go +++ b/cmd/podman/push.go @@ -45,16 +45,20 @@ func init() { pushCommand.SetUsageTemplate(UsageTemplate()) flags := pushCommand.Flags() flags.MarkHidden("signature-policy") - flags.StringVar(&pushCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override") flags.StringVar(&pushCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys") - flags.BoolVar(&pushCommand.Compress, "compress", false, "Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type as source)") flags.StringVar(&pushCommand.Creds, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry") flags.StringVarP(&pushCommand.Format, "format", "f", "", "Manifest type (oci, v2s1, or v2s2) to use when pushing an image using the 'dir:' transport (default is manifest type of source)") flags.BoolVarP(&pushCommand.Quiet, "quiet", "q", false, "Don't output progress information when pushing images") flags.BoolVar(&pushCommand.RemoveSignatures, "remove-signatures", false, "Discard any pre-existing signatures in the image") - flags.StringVar(&pushCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)") flags.StringVar(&pushCommand.SignBy, "sign-by", "", "Add a signature at the destination using the specified key") - flags.BoolVar(&pushCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries") + + // Disabled flags for the remote client + if !remote { + flags.StringVar(&pushCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override") + flags.BoolVar(&pushCommand.Compress, "compress", false, "Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type as source)") + flags.StringVar(&pushCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)") + flags.BoolVar(&pushCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries") + } } func pushCmd(c *cliconfig.PushValues) error { diff --git a/cmd/podman/restore.go b/cmd/podman/restore.go index 0f6828432..0f0150644 100644 --- a/cmd/podman/restore.go +++ b/cmd/podman/restore.go @@ -1,13 +1,9 @@ package main import ( - "context" - "fmt" - "os" - "github.com/containers/libpod/cmd/podman/cliconfig" - "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/libpod" + "github.com/containers/libpod/pkg/adapter" "github.com/containers/libpod/pkg/rootless" "github.com/pkg/errors" "github.com/spf13/cobra" @@ -57,7 +53,7 @@ func restoreCmd(c *cliconfig.RestoreValues) error { return errors.New("restoring a container requires root") } - runtime, err := libpodruntime.GetRuntime(&c.PodmanCommand) + runtime, err := adapter.GetRuntime(&c.PodmanCommand) if err != nil { return errors.Wrapf(err, "could not get runtime") } @@ -67,18 +63,5 @@ func restoreCmd(c *cliconfig.RestoreValues) error { Keep: c.Keep, TCPEstablished: c.TcpEstablished, } - - containers, lastError := getAllOrLatestContainers(&c.PodmanCommand, runtime, libpod.ContainerStateExited, "checkpointed") - - for _, ctr := range containers { - if err = ctr.Restore(context.TODO(), options); err != nil { - if lastError != nil { - fmt.Fprintln(os.Stderr, lastError) - } - lastError = errors.Wrapf(err, "failed to restore container %v", ctr.ID()) - } else { - fmt.Println(ctr.ID()) - } - } - return lastError + return runtime.Restore(c, options) } diff --git a/cmd/podman/rm.go b/cmd/podman/rm.go index 52e281402..66f70a36f 100644 --- a/cmd/podman/rm.go +++ b/cmd/podman/rm.go @@ -4,12 +4,9 @@ import ( "fmt" "github.com/containers/libpod/cmd/podman/cliconfig" - "github.com/containers/libpod/cmd/podman/libpodruntime" - "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/libpod" - "github.com/containers/libpod/libpod/image" + "github.com/containers/libpod/pkg/adapter" "github.com/pkg/errors" - "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) @@ -48,78 +45,29 @@ func init() { markFlagHiddenForRemoteClient("latest", flags) } -// saveCmd saves the image to either docker-archive or oci +// rmCmd removes one or more containers func rmCmd(c *cliconfig.RmValues) error { - var ( - deleteFuncs []shared.ParallelWorkerInput - ) - - ctx := getContext() - runtime, err := libpodruntime.GetRuntime(&c.PodmanCommand) + runtime, err := adapter.GetRuntime(&c.PodmanCommand) if err != nil { return errors.Wrapf(err, "could not get runtime") } defer runtime.Shutdown(false) - failureCnt := 0 - delContainers, err := getAllOrLatestContainers(&c.PodmanCommand, runtime, -1, "all") + ok, failures, err := runtime.RemoveContainers(getContext(), c) if err != nil { - if c.Force && len(c.InputArgs) > 0 { - if errors.Cause(err) == libpod.ErrNoSuchCtr { - err = nil + if errors.Cause(err) == libpod.ErrNoSuchCtr { + if len(c.InputArgs) > 1 { + exitCode = 125 } else { - failureCnt++ - } - runtime.RemoveContainersFromStorage(c.InputArgs) - } - if len(delContainers) == 0 { - if err != nil && failureCnt == 0 { exitCode = 1 } - return err - } - if err != nil { - if errors.Cause(err) == libpod.ErrNoSuchCtr { - exitCode = 1 - } - fmt.Println(err.Error()) - } - } - - for _, container := range delContainers { - con := container - f := func() error { - return runtime.RemoveContainer(ctx, con, c.Force, c.Volumes) - } - - deleteFuncs = append(deleteFuncs, shared.ParallelWorkerInput{ - ContainerID: con.ID(), - ParallelFunc: f, - }) - } - maxWorkers := shared.Parallelize("rm") - if c.GlobalIsSet("max-workers") { - maxWorkers = c.GlobalFlags.MaxWorks - } - logrus.Debugf("Setting maximum workers to %d", maxWorkers) - - // Run the parallel funcs - deleteErrors, errCount := shared.ParallelExecuteWorkerPool(maxWorkers, deleteFuncs) - err = printParallelOutput(deleteErrors, errCount) - if err != nil { - for _, result := range deleteErrors { - if result != nil && errors.Cause(result) != image.ErrNoSuchCtr { - failureCnt++ - } - } - if failureCnt == 0 { - exitCode = 1 } + return err } - if failureCnt > 0 { + if len(failures) > 0 { exitCode = 125 } - return err + return printCmdResults(ok, failures) } diff --git a/cmd/podman/run.go b/cmd/podman/run.go index bac5c3c18..d3158de6b 100644 --- a/cmd/podman/run.go +++ b/cmd/podman/run.go @@ -38,7 +38,7 @@ func init() { } func runCmd(c *cliconfig.RunValues) error { - if c.Bool("trace") { + if !remote && c.Bool("trace") { span, _ := opentracing.StartSpanFromContext(Ctx, "runCmd") defer span.Finish() } diff --git a/cmd/podman/run_test.go b/cmd/podman/run_test.go index 27b34c323..af9e6923c 100644 --- a/cmd/podman/run_test.go +++ b/cmd/podman/run_test.go @@ -83,7 +83,7 @@ func getRuntimeSpec(c *cliconfig.PodmanCommand) (*spec.Spec, error) { createConfig, err := parseCreateOpts(c, runtime, "alpine", generateAlpineImageData()) */ ctx := getContext() - genericResults := shared.NewIntermediateLayer(c) + genericResults := shared.NewIntermediateLayer(c, false) createConfig, err := shared.ParseCreateOpts(ctx, &genericResults, nil, "alpine", generateAlpineImageData()) if err != nil { return nil, err diff --git a/cmd/podman/shared/container.go b/cmd/podman/shared/container.go index 6826191c5..e14276bdf 100644 --- a/cmd/podman/shared/container.go +++ b/cmd/podman/shared/container.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "io" + v1 "k8s.io/api/core/v1" "os" "path/filepath" "regexp" @@ -44,7 +45,6 @@ type PsOptions struct { Quiet bool Size bool Sort string - Label string Namespace bool Sync bool } @@ -274,6 +274,176 @@ func worker(wg *sync.WaitGroup, jobs <-chan workerInput, results chan<- PsContai } } +func generateContainerFilterFuncs(filter, filterValue string, r *libpod.Runtime) (func(container *libpod.Container) bool, error) { + switch filter { + case "id": + return func(c *libpod.Container) bool { + return strings.Contains(c.ID(), filterValue) + }, nil + case "label": + var filterArray []string = strings.SplitN(filterValue, "=", 2) + var filterKey string = filterArray[0] + if len(filterArray) > 1 { + filterValue = filterArray[1] + } else { + filterValue = "" + } + return func(c *libpod.Container) bool { + for labelKey, labelValue := range c.Labels() { + if labelKey == filterKey && ("" == filterValue || labelValue == filterValue) { + return true + } + } + return false + }, nil + case "name": + return func(c *libpod.Container) bool { + return strings.Contains(c.Name(), filterValue) + }, nil + case "exited": + exitCode, err := strconv.ParseInt(filterValue, 10, 32) + if err != nil { + return nil, errors.Wrapf(err, "exited code out of range %q", filterValue) + } + return func(c *libpod.Container) bool { + ec, exited, err := c.ExitCode() + if ec == int32(exitCode) && err == nil && exited == true { + return true + } + return false + }, nil + case "status": + if !util.StringInSlice(filterValue, []string{"created", "running", "paused", "stopped", "exited", "unknown"}) { + return nil, errors.Errorf("%s is not a valid status", filterValue) + } + return func(c *libpod.Container) bool { + status, err := c.State() + if err != nil { + return false + } + if filterValue == "stopped" { + filterValue = "exited" + } + state := status.String() + if status == libpod.ContainerStateConfigured { + state = "created" + } else if status == libpod.ContainerStateStopped { + state = "exited" + } + return state == filterValue + }, nil + case "ancestor": + // This needs to refine to match docker + // - ancestor=(<image-name>[:tag]|<image-id>| ⟨image@digest⟩) - containers created from an image or a descendant. + return func(c *libpod.Container) bool { + containerConfig := c.Config() + if strings.Contains(containerConfig.RootfsImageID, filterValue) || strings.Contains(containerConfig.RootfsImageName, filterValue) { + return true + } + return false + }, nil + case "before": + ctr, err := r.LookupContainer(filterValue) + if err != nil { + return nil, errors.Errorf("unable to find container by name or id of %s", filterValue) + } + containerConfig := ctr.Config() + createTime := containerConfig.CreatedTime + return func(c *libpod.Container) bool { + cc := c.Config() + return createTime.After(cc.CreatedTime) + }, nil + case "since": + ctr, err := r.LookupContainer(filterValue) + if err != nil { + return nil, errors.Errorf("unable to find container by name or id of %s", filterValue) + } + containerConfig := ctr.Config() + createTime := containerConfig.CreatedTime + return func(c *libpod.Container) bool { + cc := c.Config() + return createTime.Before(cc.CreatedTime) + }, nil + case "volume": + //- volume=(<volume-name>|<mount-point-destination>) + return func(c *libpod.Container) bool { + containerConfig := c.Config() + var dest string + arr := strings.Split(filterValue, ":") + source := arr[0] + if len(arr) == 2 { + dest = arr[1] + } + for _, mount := range containerConfig.Spec.Mounts { + if dest != "" && (mount.Source == source && mount.Destination == dest) { + return true + } + if dest == "" && mount.Source == source { + return true + } + } + return false + }, nil + case "health": + return func(c *libpod.Container) bool { + hcStatus, err := c.HealthCheckStatus() + if err != nil { + return false + } + return hcStatus == filterValue + }, nil + } + return nil, errors.Errorf("%s is an invalid filter", filter) +} + +// GetPsContainerOutput returns a slice of containers specifically for ps output +func GetPsContainerOutput(r *libpod.Runtime, opts PsOptions, filters []string, maxWorkers int) ([]PsContainerOutput, error) { + var ( + filterFuncs []libpod.ContainerFilter + outputContainers []*libpod.Container + ) + + if len(filters) > 0 { + for _, f := range filters { + filterSplit := strings.SplitN(f, "=", 2) + if len(filterSplit) < 2 { + return nil, errors.Errorf("filter input must be in the form of filter=value: %s is invalid", f) + } + generatedFunc, err := generateContainerFilterFuncs(filterSplit[0], filterSplit[1], r) + if err != nil { + return nil, errors.Wrapf(err, "invalid filter") + } + filterFuncs = append(filterFuncs, generatedFunc) + } + } + if !opts.Latest { + // Get all containers + containers, err := r.GetContainers(filterFuncs...) + if err != nil { + return nil, err + } + + // We only want the last few containers + if opts.Last > 0 && opts.Last <= len(containers) { + return nil, errors.Errorf("--last not yet supported") + } else { + outputContainers = containers + } + } else { + // Get just the latest container + // Ignore filters + latestCtr, err := r.GetLatestContainer() + if err != nil { + return nil, err + } + + outputContainers = []*libpod.Container{latestCtr} + } + + pss := PBatch(outputContainers, maxWorkers, opts) + return pss, nil +} + // PBatch is performs batch operations on a container in parallel. It spawns the number of workers // relative to the the number of parallel operations desired. func PBatch(containers []*libpod.Container, workers int, opts PsOptions) []PsContainerOutput { @@ -769,3 +939,37 @@ func envSliceToMap(env []string) map[string]string { } return m } + +// GenerateKube generates kubernetes yaml based on a pod or container +func GenerateKube(name string, service bool, r *libpod.Runtime) (*v1.Pod, *v1.Service, error) { + var ( + pod *libpod.Pod + podYAML *v1.Pod + err error + container *libpod.Container + servicePorts []v1.ServicePort + serviceYAML v1.Service + ) + // Get the container in question + container, err = r.LookupContainer(name) + if err != nil { + pod, err = r.LookupPod(name) + if err != nil { + return nil, nil, err + } + podYAML, servicePorts, err = pod.GenerateForKube() + } else { + if len(container.Dependencies()) > 0 { + return nil, nil, errors.Wrapf(libpod.ErrNotImplemented, "containers with dependencies") + } + podYAML, err = container.GenerateForKube() + } + if err != nil { + return nil, nil, err + } + + if service { + serviceYAML = libpod.GenerateKubeServiceFromV1Pod(podYAML, servicePorts) + } + return podYAML, &serviceYAML, nil +} diff --git a/cmd/podman/shared/intermediate.go b/cmd/podman/shared/intermediate.go index 9afbd68c8..2e1827561 100644 --- a/cmd/podman/shared/intermediate.go +++ b/cmd/podman/shared/intermediate.go @@ -360,7 +360,7 @@ func newCRStringArray(c *cliconfig.PodmanCommand, flag string) CRStringArray { } // NewIntermediateLayer creates a GenericCLIResults from a create or run cli-command -func NewIntermediateLayer(c *cliconfig.PodmanCommand) GenericCLIResults { +func NewIntermediateLayer(c *cliconfig.PodmanCommand, remote bool) GenericCLIResults { m := make(map[string]GenericCLIResult) m["add-host"] = newCRStringSlice(c, "add-host") @@ -458,8 +458,10 @@ func NewIntermediateLayer(c *cliconfig.PodmanCommand) GenericCLIResults { m["volumes-from"] = newCRStringSlice(c, "volumes-from") m["workdir"] = newCRString(c, "workdir") // global flag - m["trace"] = newCRBool(c, "trace") - m["syslog"] = newCRBool(c, "syslog") + if !remote { + m["trace"] = newCRBool(c, "trace") + m["syslog"] = newCRBool(c, "syslog") + } return GenericCLIResults{m, c.InputArgs} } diff --git a/cmd/podman/shared/workers.go b/cmd/podman/shared/workers.go new file mode 100644 index 000000000..112af89cc --- /dev/null +++ b/cmd/podman/shared/workers.go @@ -0,0 +1,133 @@ +package shared + +import ( + "reflect" + "runtime" + "strings" + "sync" + + "github.com/sirupsen/logrus" +) + +// JobFunc provides the function signature for the pool'ed functions +type JobFunc func() error + +// Job defines the function to run +type Job struct { + ID string + Fn JobFunc +} + +// JobResult defines the results from the function ran +type JobResult struct { + Job Job + Err error +} + +// Pool defines the worker pool and queues +type Pool struct { + id string + wg *sync.WaitGroup + jobs chan Job + results chan JobResult + size int + capacity int +} + +// NewPool creates and initializes a new Pool +func NewPool(id string, size int, capacity int) *Pool { + var wg sync.WaitGroup + + // min for int... + s := size + if s > capacity { + s = capacity + } + + return &Pool{ + id, + &wg, + make(chan Job, capacity), + make(chan JobResult, capacity), + s, + capacity, + } +} + +// Add Job to pool for parallel processing +func (p *Pool) Add(job Job) { + p.wg.Add(1) + p.jobs <- job +} + +// Run the Job's in the pool, gather and return results +func (p *Pool) Run() ([]string, map[string]error, error) { + var ( + ok = []string{} + failures = map[string]error{} + ) + + for w := 0; w < p.size; w++ { + w := w + go p.newWorker(w) + } + close(p.jobs) + p.wg.Wait() + + close(p.results) + for r := range p.results { + if r.Err == nil { + ok = append(ok, r.Job.ID) + } else { + failures[r.Job.ID] = r.Err + } + } + + if logrus.GetLevel() == logrus.DebugLevel { + for i, f := range failures { + logrus.Debugf("Pool[%s, %s: %s]", p.id, i, f.Error()) + } + } + + return ok, failures, nil +} + +// newWorker creates new parallel workers to monitor jobs channel from Pool +func (p *Pool) newWorker(slot int) { + for job := range p.jobs { + err := job.Fn() + p.results <- JobResult{job, err} + if logrus.GetLevel() == logrus.DebugLevel { + n := strings.Split(runtime.FuncForPC(reflect.ValueOf(job.Fn).Pointer()).Name(), ".") + logrus.Debugf("Worker#%d finished job %s/%s (%v)", slot, n[2:], job.ID, err) + } + p.wg.Done() + } +} + +// DefaultPoolSize provides the maximum number of parallel workers (int) as calculated by a basic +// heuristic. This can be overriden by the --max-workers primary switch to podman. +func DefaultPoolSize(name string) int { + numCpus := runtime.NumCPU() + switch name { + case "kill": + case "pause": + case "rm": + case "unpause": + if numCpus <= 3 { + return numCpus * 3 + } + return numCpus * 4 + case "ps": + return 8 + case "restart": + return numCpus * 2 + case "stop": + if numCpus <= 2 { + return 4 + } else { + return numCpus * 3 + } + } + return 3 +} diff --git a/cmd/podman/stop.go b/cmd/podman/stop.go index e27be64f6..38d90fe81 100644 --- a/cmd/podman/stop.go +++ b/cmd/podman/stop.go @@ -1,9 +1,6 @@ package main import ( - "fmt" - "reflect" - "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/libpod" "github.com/containers/libpod/pkg/adapter" @@ -68,21 +65,5 @@ func stopCmd(c *cliconfig.StopValues) error { if err != nil { return err } - - for _, id := range ok { - fmt.Println(id) - } - - if len(failures) > 0 { - keys := reflect.ValueOf(failures).MapKeys() - lastKey := keys[len(keys)-1].String() - lastErr := failures[lastKey] - delete(failures, lastKey) - - for _, err := range failures { - outputError(err) - } - return lastErr - } - return nil + return printCmdResults(ok, failures) } diff --git a/cmd/podman/umount.go b/cmd/podman/umount.go index a938c7c38..914e37cfa 100644 --- a/cmd/podman/umount.go +++ b/cmd/podman/umount.go @@ -1,20 +1,16 @@ package main import ( - "fmt" - "github.com/containers/libpod/cmd/podman/cliconfig" - "github.com/containers/libpod/cmd/podman/libpodruntime" - "github.com/containers/libpod/libpod" - "github.com/containers/storage" + "github.com/containers/libpod/pkg/adapter" "github.com/pkg/errors" - "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) var ( umountCommand cliconfig.UmountValues - description = `Container storage increments a mount counter each time a container is mounted. + + description = `Container storage increments a mount counter each time a container is mounted. When a container is unmounted, the mount counter is decremented. The container's root filesystem is physically unmounted only when the mount counter reaches zero indicating no other processes are using the mount. @@ -51,42 +47,15 @@ func init() { } func umountCmd(c *cliconfig.UmountValues) error { - runtime, err := libpodruntime.GetRuntime(&c.PodmanCommand) + runtime, err := adapter.GetRuntime(&c.PodmanCommand) if err != nil { - return errors.Wrapf(err, "could not get runtime") + return errors.Wrapf(err, "error creating runtime") } defer runtime.Shutdown(false) - force := c.Force - umountAll := c.All - - containers, err := getAllOrLatestContainers(&c.PodmanCommand, runtime, -1, "all") + ok, failures, err := runtime.UmountRootFilesystems(getContext(), c) if err != nil { - if len(containers) == 0 { - return err - } - fmt.Println(err.Error()) - } - - umountContainerErrStr := "error unmounting container" - var lastError error - for _, ctr := range containers { - ctrState, err := ctr.State() - if ctrState == libpod.ContainerStateRunning || err != nil { - continue - } - - if err = ctr.Unmount(force); err != nil { - if umountAll && errors.Cause(err) == storage.ErrLayerNotMounted { - continue - } - if lastError != nil { - logrus.Error(lastError) - } - lastError = errors.Wrapf(err, "%s %s", umountContainerErrStr, ctr.ID()) - continue - } - fmt.Printf("%s\n", ctr.ID()) + return err } - return lastError + return printCmdResults(ok, failures) } diff --git a/cmd/podman/utils.go b/cmd/podman/utils.go index c763940db..81bd02faa 100644 --- a/cmd/podman/utils.go +++ b/cmd/podman/utils.go @@ -2,11 +2,12 @@ package main import ( "fmt" + "reflect" "github.com/spf13/pflag" ) -//printParallelOutput takes the map of parallel worker results and outputs them +// printParallelOutput takes the map of parallel worker results and outputs them // to stdout func printParallelOutput(m map[string]error, errCount int) error { var lastError error @@ -23,6 +24,26 @@ func printParallelOutput(m map[string]error, errCount int) error { return lastError } +// print results from CLI command +func printCmdResults(ok []string, failures map[string]error) error { + for _, id := range ok { + fmt.Println(id) + } + + if len(failures) > 0 { + keys := reflect.ValueOf(failures).MapKeys() + lastKey := keys[len(keys)-1].String() + lastErr := failures[lastKey] + delete(failures, lastKey) + + for _, err := range failures { + outputError(err) + } + return lastErr + } + return nil +} + // markFlagHiddenForRemoteClient makes the flag not appear as part of the CLI // on the remote-client func markFlagHiddenForRemoteClient(flagName string, flags *pflag.FlagSet) { @@ -30,3 +51,29 @@ func markFlagHiddenForRemoteClient(flagName string, flags *pflag.FlagSet) { flags.MarkHidden(flagName) } } + +// TODO: remove when adapter package takes over this functionality +// func joinContainerOrCreateRootlessUserNS(runtime *libpod.Runtime, ctr *libpod.Container) (bool, int, error) { +// if os.Geteuid() == 0 { +// return false, 0, nil +// } +// s, err := ctr.State() +// if err != nil { +// return false, -1, err +// } +// opts := rootless.Opts{ +// Argument: ctr.ID(), +// } +// if s == libpod.ContainerStateRunning || s == libpod.ContainerStatePaused { +// data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile) +// if err != nil { +// return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile) +// } +// conmonPid, err := strconv.Atoi(string(data)) +// if err != nil { +// return false, -1, errors.Wrapf(err, "cannot parse PID %q", data) +// } +// return rootless.JoinDirectUserAndMountNSWithOpts(uint(conmonPid), &opts) +// } +// return rootless.BecomeRootInUserNSWithOpts(&opts) +// } diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink index 9098a9297..b5295273a 100644 --- a/cmd/podman/varlink/io.podman.varlink +++ b/cmd/podman/varlink/io.podman.varlink @@ -98,6 +98,11 @@ type ImageSearchFilter ( star_count: int ) +type KubePodService ( + pod: string, + service: string +) + type Container ( id: string, image: string, @@ -133,6 +138,47 @@ type ContainerStats ( pids: int ) +type PsOpts ( + all: bool, + filters: ?[]string, + last: ?int, + latest: ?bool, + noTrunc: ?bool, + pod: ?bool, + quiet: ?bool, + sort: ?string, + sync: ?bool +) + +type PsContainer ( + id: string, + image: string, + command: string, + created: string, + ports: string, + names: string, + isInfra: bool, + status: string, + state: string, + pidNum: int, + rootFsSize: int, + rwSize: int, + pod: string, + createdAt: string, + exitedAt: string, + startedAt: string, + labels: [string]string, + nsPid: string, + cgroup: string, + ipc: string, + mnt: string, + net: string, + pidNs: string, + user: string, + uts: string, + mounts: string +) + # ContainerMount describes the struct for mounts in a container type ContainerMount ( destination: string, @@ -474,6 +520,8 @@ method GetInfo() -> (info: PodmanInfo) # See also [GetContainer](#GetContainer). method ListContainers() -> (containers: []Container) +method Ps(opts: PsOpts) -> (containers: []PsContainer) + # GetContainer returns information about a single container. If a container # with the given id doesn't exist, a [ContainerNotFound](#ContainerNotFound) # error will be returned. See also [ListContainers](ListContainers) and @@ -615,8 +663,11 @@ method PauseContainer(name: string) -> (container: string) # See also [PauseContainer](#PauseContainer). method UnpauseContainer(name: string) -> (container: string) -# This method has not be implemented yet. -# method AttachToContainer() -> (notimplemented: NotImplemented) +# Attach takes the name or ID of a container and sets up a the ability to remotely attach to its console. The start +# bool is whether you wish to start the container in question first. +method Attach(name: string, detachKeys: string, start: bool) -> () + +method AttachControl(name: string) -> () # GetAttachSockets takes the name or ID of an existing container. It returns file paths for two sockets needed # to properly communicate with a container. The first is the actual I/O socket that the container uses. The @@ -1078,11 +1129,7 @@ method ImagesPrune(all: bool) -> (pruned: []string) # GenerateKube generates a Kubernetes v1 Pod description of a Podman container or pod # and its containers. The description is in YAML. See also [ReplayKube](ReplayKube). -# method GenerateKube() -> (notimplemented: NotImplemented) - -# GenerateKubeService generates a Kubernetes v1 Service description of a Podman container or pod -# and its containers. The description is in YAML. See also [GenerateKube](GenerateKube). -# method GenerateKubeService() -> (notimplemented: NotImplemented) +method GenerateKube(name: string, service: bool) -> (pod: KubePodService) # ReplayKube recreates a pod and its containers based on a Kubernetes v1 Pod description (in YAML) # like that created by GenerateKube. See also [GenerateKube](GenerateKube). @@ -1111,6 +1158,9 @@ method PodStateData(name: string) -> (config: string) # This call is for the development of Podman only and should not be used. method CreateFromCC(in: []string) -> (id: string) +# Spec returns the oci spec for a container. This call is for development of Podman only and generally should not be used. +method Spec(name: string) -> (config: string) + # Sendfile allows a remote client to send a file to the host method SendFile(type: string, length: int) -> (file_handle: string) diff --git a/cmd/podman/wait.go b/cmd/podman/wait.go index 4449898a0..827ac6826 100644 --- a/cmd/podman/wait.go +++ b/cmd/podman/wait.go @@ -1,8 +1,6 @@ package main import ( - "fmt" - "reflect" "time" "github.com/containers/libpod/cmd/podman/cliconfig" @@ -62,21 +60,5 @@ func waitCmd(c *cliconfig.WaitValues) error { if err != nil { return err } - - for _, id := range ok { - fmt.Println(id) - } - - if len(failures) > 0 { - keys := reflect.ValueOf(failures).MapKeys() - lastKey := keys[len(keys)-1].String() - lastErr := failures[lastKey] - delete(failures, lastKey) - - for _, err := range failures { - outputError(err) - } - return lastErr - } - return nil + return printCmdResults(ok, failures) } diff --git a/commands.md b/commands.md index 156a1cdf6..1c05640f2 100644 --- a/commands.md +++ b/commands.md @@ -4,8 +4,8 @@ ## Podman Commands -Command | Description | Demo -:----------------------------------------------------------------------- | :------------------------------------------------------------------------- | :-------------------------------------------------------------------------- +Command | Description | Demo | Script +:----------------------------------------------------------------------- | :------------------------------------------------------------------------- | :-------------------------------------------------------------------------- | :-------------------------------------------------------------------------- [podman(1)](/docs/podman.1.md) | Simple management tool for pods and images | [podman-attach(1)](/docs/podman-attach.1.md) | Attach to a running container | [podman-build(1)](/docs/podman-build.1.md) | Build an image using instructions from Dockerfiles | @@ -31,7 +31,7 @@ Command | Descr [podman-image-prune(1)](/docs/podman-image-prune.1.md) | Remove all unused images | [podman-image-sign(1)](/docs/podman-image-sign.1.md) | Create a signature for an image | [podman-image-trust(1)](/docs/podman-image-trust.1.md) | Manage container registry image trust policy | -[podman-images(1)](/docs/podman-images.1.md) | List images in local storage | [![...](/docs/play.png)](https://asciinema.org/a/133649) +[podman-images(1)](/docs/podman-images.1.md) | List images in local storage | [![...](/docs/play.png)](https://podman.io/asciinema/podman/images/) | [Here](https://github.com/containers/Demos/blob/master/podman_cli/podman_images.sh) [podman-import(1)](/docs/podman-import.1.md) | Import a tarball and save it as a filesystem image | [podman-info(1)](/docs/podman-info.1.md) | Display system information | [podman-inspect(1)](/docs/podman-inspect.1.md) | Display the configuration of a container or image | [![...](/docs/play.png)](https://asciinema.org/a/133418) diff --git a/completions/bash/podman b/completions/bash/podman index a3f381962..3616c6ca1 100644 --- a/completions/bash/podman +++ b/completions/bash/podman @@ -2388,7 +2388,7 @@ _podman_logout() { _complete_ "$options_with_args" "$boolean_options" } -_podman_healtcheck_run() { +_podman_healthcheck_run() { local options_with_args="" local boolean_options=" diff --git a/docs/podman-commit.1.md b/docs/podman-commit.1.md index acde51859..7c74d7a33 100644 --- a/docs/podman-commit.1.md +++ b/docs/podman-commit.1.md @@ -39,6 +39,10 @@ not specifically set, the default format used is _oci_. Write the image ID to the file. +**--include-volumes** + +Include in the committed image any volumes added to the container by the `--volume` or `--mount` options to the `podman create` and `podman run` commands. + **--message, -m** Set commit message for committed image. The message field is not supported in _oci_ format. diff --git a/docs/podman-healthcheck-run.1.md b/docs/podman-healthcheck-run.1.md index e19c6250c..21f2d9b20 100644 --- a/docs/podman-healthcheck-run.1.md +++ b/docs/podman-healthcheck-run.1.md @@ -29,7 +29,7 @@ Print usage statement ## EXAMPLES ``` -$ podman healtcheck run mywebapp +$ podman healthcheck run mywebapp ``` ## SEE ALSO diff --git a/install.md b/install.md index 5fe150db2..548b38c1b 100644 --- a/install.md +++ b/install.md @@ -55,11 +55,14 @@ sudo yum module install -y container-tools:1.0 ```bash sudo apt-get update -qq -sudo apt-get install -qq -y software-properties-common +sudo apt-get install -qq -y software-properties-common uidmap sudo add-apt-repository -y ppa:projectatomic/ppa +sudo apt-get update -qq sudo apt-get -qq -y install podman ``` +Take note of the [Build and Run Dependencies](#build-and-run-dependencies) listed below if you run into any issues. + ## Building from scratch ### Prerequisites @@ -129,7 +132,8 @@ apt-get install -y \ libprotobuf-c0-dev \ libseccomp-dev \ libselinux1-dev \ - pkg-config + pkg-config \ + uidmap ``` Debian, Ubuntu, and related distributions will also need to do the following setup: diff --git a/libpod/container.go b/libpod/container.go index 6d5e063ab..4bf9a1ba9 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -363,7 +363,7 @@ type ContainerConfig struct { // Systemd tells libpod to setup the container in systemd mode Systemd bool `json:"systemd"` - // HealtchCheckConfig has the health check command and related timings + // HealthCheckConfig has the health check command and related timings HealthCheckConfig *manifest.Schema2HealthConfig `json:"healthcheck"` } @@ -401,6 +401,29 @@ func (t ContainerStatus) String() string { return "bad state" } +// StringToContainerStatus converts a string representation of a containers +// status into an actual container status type +func StringToContainerStatus(status string) (ContainerStatus, error) { + switch status { + case ContainerStateUnknown.String(): + return ContainerStateUnknown, nil + case ContainerStateConfigured.String(): + return ContainerStateConfigured, nil + case ContainerStateCreated.String(): + return ContainerStateCreated, nil + case ContainerStateRunning.String(): + return ContainerStateRunning, nil + case ContainerStateStopped.String(): + return ContainerStateStopped, nil + case ContainerStatePaused.String(): + return ContainerStatePaused, nil + case ContainerStateExited.String(): + return ContainerStateExited, nil + default: + return ContainerStateUnknown, errors.Wrapf(ErrInvalidArg, "unknown container state: %s", status) + } +} + // Config accessors // Unlocked @@ -591,7 +614,7 @@ func (c *Container) NewNetNS() bool { func (c *Container) PortMappings() ([]ocicni.PortMapping, error) { // First check if the container belongs to a network namespace (like a pod) if len(c.config.NetNsCtr) > 0 { - netNsCtr, err := c.runtime.LookupContainer(c.config.NetNsCtr) + netNsCtr, err := c.runtime.GetContainer(c.config.NetNsCtr) if err != nil { return nil, errors.Wrapf(err, "unable to lookup network namespace for container %s", c.ID()) } diff --git a/libpod/container_api.go b/libpod/container_api.go index 2a2381923..465b23831 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -15,7 +15,7 @@ import ( "github.com/containers/libpod/pkg/lookup" "github.com/containers/storage/pkg/stringid" "github.com/docker/docker/oci/caps" - opentracing "github.com/opentracing/opentracing-go" + "github.com/opentracing/opentracing-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/util/wait" @@ -174,7 +174,7 @@ func (c *Container) StopWithTimeout(timeout uint) error { if c.state.State == ContainerStateConfigured || c.state.State == ContainerStateUnknown || c.state.State == ContainerStatePaused { - return errors.Wrapf(ErrCtrStateInvalid, "can only stop created, running, or stopped containers") + return errors.Wrapf(ErrCtrStateInvalid, "can only stop created, running, or stopped containers. %s in state %s", c.ID(), c.state.State.String()) } if c.state.State == ContainerStateStopped || diff --git a/libpod/container_commit.go b/libpod/container_commit.go index 0604a550b..db67f7a30 100644 --- a/libpod/container_commit.go +++ b/libpod/container_commit.go @@ -20,10 +20,11 @@ import ( //libpod type ContainerCommitOptions struct { buildah.CommitOptions - Pause bool - Author string - Message string - Changes []string + Pause bool + IncludeVolumes bool + Author string + Message string + Changes []string } // ChangeCmds is the list of valid Changes commands to passed to the Commit call @@ -113,9 +114,11 @@ func (c *Container) Commit(ctx context.Context, destImage string, options Contai // User importBuilder.SetUser(c.User()) // Volumes - for _, v := range c.config.UserVolumes { - if v != "" { - importBuilder.AddVolume(v) + if options.IncludeVolumes { + for _, v := range c.config.UserVolumes { + if v != "" { + importBuilder.AddVolume(v) + } } } // Workdir diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 485b43f7d..927b71b2b 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -340,7 +340,7 @@ func (c *Container) teardownStorage() error { artifacts := filepath.Join(c.config.StaticDir, artifactsDir) if err := os.RemoveAll(artifacts); err != nil { - return errors.Wrapf(err, "error removing artifacts %q", artifacts) + return errors.Wrapf(err, "error removing container %s artifacts %q", c.ID(), artifacts) } if err := c.cleanupStorage(); err != nil { @@ -666,7 +666,7 @@ func (c *Container) getAllDependencies(visited map[string]*Container) error { } for _, depID := range depIDs { if _, ok := visited[depID]; !ok { - dep, err := c.runtime.state.LookupContainer(depID) + dep, err := c.runtime.state.Container(depID) if err != nil { return err } @@ -938,7 +938,7 @@ func (c *Container) start() error { // Internal, non-locking function to stop container func (c *Container) stop(timeout uint) error { - logrus.Debugf("Stopping ctr %s with timeout %d", c.ID(), timeout) + logrus.Debugf("Stopping ctr %s (timeout %d)", c.ID(), timeout) if err := c.runtime.ociRuntime.stopContainer(c, timeout); err != nil { return err @@ -1054,14 +1054,16 @@ func (c *Container) mountStorage() (string, error) { func (c *Container) cleanupStorage() error { if !c.state.Mounted { // Already unmounted, do nothing - logrus.Debugf("Storage is already unmounted, skipping...") + logrus.Debugf("Container %s storage is already unmounted, skipping...", c.ID()) return nil } + for _, mount := range c.config.Mounts { if err := c.unmountSHM(mount); err != nil { return err } } + if c.config.Rootfs != "" { return nil } @@ -1101,13 +1103,13 @@ func (c *Container) cleanup(ctx context.Context) error { // Remove healthcheck unit/timer file if it execs if c.config.HealthCheckConfig != nil { if err := c.removeTimer(); err != nil { - logrus.Error(err) + logrus.Errorf("Error removing timer for container %s healthcheck: %v", c.ID(), err) } } // Clean up network namespace, if present if err := c.cleanupNetwork(); err != nil { - lastError = err + lastError = errors.Wrapf(err, "error removing container %s network", c.ID()) } // Unmount storage @@ -1115,7 +1117,7 @@ func (c *Container) cleanup(ctx context.Context) error { if lastError != nil { logrus.Errorf("Error unmounting container %s storage: %v", c.ID(), err) } else { - lastError = err + lastError = errors.Wrapf(err, "error unmounting container %s storage", c.ID()) } } diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 4d6bf61a3..f352b188e 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -30,7 +30,7 @@ import ( spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/selinux/go-selinux/label" - opentracing "github.com/opentracing/opentracing-go" + "github.com/opentracing/opentracing-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" @@ -48,6 +48,8 @@ func (c *Container) unmountSHM(mount string) error { if err := unix.Unmount(mount, unix.MNT_DETACH); err != nil { if err != syscall.EINVAL { logrus.Warnf("container %s failed to unmount %s : %v", c.ID(), mount, err) + } else { + logrus.Debugf("container %s failed to unmount %s : %v", c.ID(), mount, err) } } return nil @@ -502,17 +504,9 @@ func (c *Container) checkpointRestoreSupported() (err error) { return nil } -func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointOptions) (err error) { - if err := c.checkpointRestoreSupported(); err != nil { - return err - } - - if c.state.State != ContainerStateRunning { - return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, cannot checkpoint", c.state.State) - } - +func (c *Container) checkpointRestoreLabelLog(fileName string) (err error) { // Create the CRIU log file and label it - dumpLog := filepath.Join(c.bundlePath(), "dump.log") + dumpLog := filepath.Join(c.bundlePath(), fileName) logFile, err := os.OpenFile(dumpLog, os.O_CREATE, 0600) if err != nil { @@ -522,6 +516,21 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO if err = label.SetFileLabel(dumpLog, c.MountLabel()); err != nil { return errors.Wrapf(err, "failed to label CRIU log file %q", dumpLog) } + return nil +} + +func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointOptions) (err error) { + if err := c.checkpointRestoreSupported(); err != nil { + return err + } + + if c.state.State != ContainerStateRunning { + return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, cannot checkpoint", c.state.State) + } + + if err := c.checkpointRestoreLabelLog("dump.log"); err != nil { + return err + } if err := c.runtime.ociRuntime.checkpointContainer(c, options); err != nil { return err @@ -575,6 +584,10 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti return errors.Wrapf(err, "A complete checkpoint for this container cannot be found, cannot restore") } + if err := c.checkpointRestoreLabelLog("restore.log"); err != nil { + return err + } + // Read network configuration from checkpoint // Currently only one interface with one IP is supported. networkStatusFile, err := os.Open(filepath.Join(c.bundlePath(), "network.status")) diff --git a/libpod/healthcheck.go b/libpod/healthcheck.go index d8f56860b..3a6609740 100644 --- a/libpod/healthcheck.go +++ b/libpod/healthcheck.go @@ -41,7 +41,7 @@ const ( HealthCheckDefined HealthCheckStatus = iota // MaxHealthCheckNumberLogs is the maximum number of attempts we keep - // in the healtcheck history file + // in the healthcheck history file MaxHealthCheckNumberLogs int = 5 // MaxHealthCheckLogLength in characters MaxHealthCheckLogLength = 500 diff --git a/libpod/kube.go b/libpod/kube.go index 484127870..260269b2e 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -69,7 +69,7 @@ func (p *Pod) getInfraContainer() (*Container, error) { if err != nil { return nil, err } - return p.runtime.LookupContainer(infraID) + return p.runtime.GetContainer(infraID) } // GenerateKubeServiceFromV1Pod creates a v1 service object from a v1 pod object diff --git a/libpod/oci.go b/libpod/oci.go index 62331b879..189359753 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -143,6 +143,7 @@ func waitContainerStop(ctr *Container, timeout time.Duration) error { return nil case <-time.After(timeout): close(chControl) + logrus.Debugf("container %s did not die within timeout %d", ctr.ID(), timeout) return errors.Errorf("container %s did not die within timeout", ctr.ID()) } } diff --git a/libpod/oci_linux.go b/libpod/oci_linux.go index 8c0abad80..01f7c3649 100644 --- a/libpod/oci_linux.go +++ b/libpod/oci_linux.go @@ -3,15 +3,20 @@ package libpod import ( + "fmt" "os" "os/exec" "path/filepath" + "runtime" "strings" "syscall" "github.com/containerd/cgroups" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/utils" + pmount "github.com/containers/storage/pkg/mount" spec "github.com/opencontainers/runtime-spec/specs-go" + "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -91,6 +96,54 @@ func (r *OCIRuntime) createContainer(ctr *Container, cgroupParent string, restor return err } } + + // if we are running a non privileged container, be sure to umount some kernel paths so they are not + // bind mounted inside the container at all. + if !ctr.config.Privileged && !rootless.IsRootless() { + ch := make(chan error) + go func() { + runtime.LockOSThread() + err := func() error { + fd, err := os.Open(fmt.Sprintf("/proc/%d/task/%d/ns/mnt", os.Getpid(), unix.Gettid())) + if err != nil { + return err + } + defer fd.Close() + + // create a new mountns on the current thread + if err = unix.Unshare(unix.CLONE_NEWNS); err != nil { + return err + } + defer unix.Setns(int(fd.Fd()), unix.CLONE_NEWNS) + + // don't spread our mounts around. We are setting only /sys to be slave + // so that the cleanup process is still able to umount the storage and the + // changes are propagated to the host. + err = unix.Mount("/sys", "/sys", "none", unix.MS_REC|unix.MS_SLAVE, "") + if err != nil { + return errors.Wrapf(err, "cannot make /sys slave") + } + + mounts, err := pmount.GetMounts() + if err != nil { + return err + } + for _, m := range mounts { + if !strings.HasPrefix(m.Mountpoint, "/sys/kernel") { + continue + } + err = unix.Unmount(m.Mountpoint, 0) + if err != nil { + return errors.Wrapf(err, "cannot unmount %s", m.Mountpoint) + } + } + return r.createOCIContainer(ctr, cgroupParent, restoreOptions) + }() + ch <- err + }() + err := <-ch + return err + } } return r.createOCIContainer(ctr, cgroupParent, restoreOptions) } diff --git a/libpod/options.go b/libpod/options.go index 9326e54e4..8038f1935 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -17,7 +17,8 @@ import ( ) var ( - nameRegex = regexp.MustCompile("^[a-zA-Z0-9][a-zA-Z0-9_.-]*$") + nameRegex = regexp.MustCompile("^[a-zA-Z0-9][a-zA-Z0-9_.-]*$") + regexError = errors.Wrapf(ErrInvalidArg, "names must match [a-zA-Z0-9][a-zA-Z0-9_.-]*") ) // Runtime Creation Options @@ -593,7 +594,7 @@ func WithName(name string) CtrCreateOption { // Check the name against a regex if !nameRegex.MatchString(name) { - return errors.Wrapf(ErrInvalidArg, "name must match regex [a-zA-Z0-9_-]+") + return regexError } ctr.config.Name = name @@ -1276,7 +1277,7 @@ func WithVolumeName(name string) VolumeCreateOption { // Check the name against a regex if !nameRegex.MatchString(name) { - return errors.Wrapf(ErrInvalidArg, "name must match regex [a-zA-Z0-9_-]+") + return regexError } volume.config.Name = name @@ -1382,7 +1383,7 @@ func WithPodName(name string) PodCreateOption { // Check the name against a regex if !nameRegex.MatchString(name) { - return errors.Wrapf(ErrInvalidArg, "name must match regex [a-zA-Z0-9_-]+") + return regexError } pod.config.Name = name diff --git a/libpod/runtime.go b/libpod/runtime.go index 4dd2707e8..3b1c2be98 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -870,6 +870,20 @@ func makeRuntime(runtime *Runtime) (err error) { _, err = os.Stat(runtimeAliveFile) if err != nil { + // If we need to refresh, then it is safe to assume there are + // no containers running. Create immediately a namespace, as + // we will need to access the storage. + if os.Geteuid() != 0 { + aliveLock.Unlock() + became, ret, err := rootless.BecomeRootInUserNS() + if err != nil { + return err + } + if became { + os.Exit(ret) + } + + } // If the file doesn't exist, we need to refresh the state // This will trigger on first use as well, but refreshing an // empty state only creates a single file diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 800b42851..48c254c0f 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -372,7 +372,7 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool, // Clean up network namespace, cgroups, mounts if err := c.cleanup(ctx); err != nil { if cleanupErr == nil { - cleanupErr = err + cleanupErr = errors.Wrapf(err, "error cleaning up container %s", c.ID()) } else { logrus.Errorf("cleanup network, cgroups, mounts: %v", err) } @@ -404,12 +404,14 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool, // Deallocate the container's lock if err := c.lock.Free(); err != nil { if cleanupErr == nil { - cleanupErr = err + cleanupErr = errors.Wrapf(err, "error freeing lock for container %s", c.ID()) } else { logrus.Errorf("free container lock: %v", err) } } + c.newContainerEvent(events.Remove) + if !removeVolume { return cleanupErr } @@ -425,7 +427,6 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool, } } - c.newContainerEvent(events.Remove) return cleanupErr } @@ -547,16 +548,6 @@ func (r *Runtime) GetLatestContainer() (*Container, error) { return ctrs[lastCreatedIndex], nil } -// Export is the libpod portion of exporting a container to a tar file -func (r *Runtime) Export(name string, path string) error { - ctr, err := r.LookupContainer(name) - if err != nil { - return err - } - return ctr.Export(path) - -} - // RemoveContainersFromStorage attempt to remove containers from storage that do not exist in libpod database func (r *Runtime) RemoveContainersFromStorage(ctrs []string) { for _, i := range ctrs { diff --git a/pkg/adapter/containers.go b/pkg/adapter/containers.go index 1bca99cec..931c55a57 100644 --- a/pkg/adapter/containers.go +++ b/pkg/adapter/containers.go @@ -18,6 +18,7 @@ import ( "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/libpod" "github.com/containers/libpod/pkg/adapter/shortcuts" + "github.com/containers/storage" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -62,52 +63,144 @@ func (r *LocalRuntime) StopContainers(ctx context.Context, cli *cliconfig.StopVa timeout = &t } - var ( - ok = []string{} - failures = map[string]error{} - ) + maxWorkers := shared.DefaultPoolSize("stop") + if cli.GlobalIsSet("max-workers") { + maxWorkers = cli.GlobalFlags.MaxWorks + } + logrus.Debugf("Setting maximum stop workers to %d", maxWorkers) ctrs, err := shortcuts.GetContainersByContext(cli.All, cli.Latest, cli.InputArgs, r.Runtime) if err != nil { - return ok, failures, err + return nil, nil, err } + pool := shared.NewPool("stop", maxWorkers, len(ctrs)) for _, c := range ctrs { + c := c + if timeout == nil { t := c.StopTimeout() timeout = &t logrus.Debugf("Set timeout to container %s default (%d)", c.ID(), *timeout) } - if err := c.StopWithTimeout(*timeout); err == nil { - ok = append(ok, c.ID()) - } else if errors.Cause(err) == libpod.ErrCtrStopped { - ok = append(ok, c.ID()) - logrus.Debugf("Container %s is already stopped", c.ID()) - } else { - failures[c.ID()] = err - } + + pool.Add(shared.Job{ + c.ID(), + func() error { + err := c.StopWithTimeout(*timeout) + if err != nil { + if errors.Cause(err) == libpod.ErrCtrStopped { + logrus.Debugf("Container %s is already stopped", c.ID()) + return nil + } + logrus.Debugf("Failed to stop container %s: %s", c.ID(), err.Error()) + } + return err + }, + }) } - return ok, failures, nil + return pool.Run() } // KillContainers sends signal to container(s) based on CLI inputs. // Returns list of successful id(s), map of failed id(s) + error, or error not from container func (r *LocalRuntime) KillContainers(ctx context.Context, cli *cliconfig.KillValues, signal syscall.Signal) ([]string, map[string]error, error) { + maxWorkers := shared.DefaultPoolSize("kill") + if cli.GlobalIsSet("max-workers") { + maxWorkers = cli.GlobalFlags.MaxWorks + } + logrus.Debugf("Setting maximum kill workers to %d", maxWorkers) + + ctrs, err := shortcuts.GetContainersByContext(cli.All, cli.Latest, cli.InputArgs, r.Runtime) + if err != nil { + return nil, nil, err + } + + pool := shared.NewPool("kill", maxWorkers, len(ctrs)) + for _, c := range ctrs { + c := c + + pool.Add(shared.Job{ + c.ID(), + func() error { + return c.Kill(uint(signal)) + }, + }) + } + return pool.Run() +} + +// RemoveContainers removes container(s) based on CLI inputs. +func (r *LocalRuntime) RemoveContainers(ctx context.Context, cli *cliconfig.RmValues) ([]string, map[string]error, error) { var ( ok = []string{} failures = map[string]error{} ) + maxWorkers := shared.DefaultPoolSize("rm") + if cli.GlobalIsSet("max-workers") { + maxWorkers = cli.GlobalFlags.MaxWorks + } + logrus.Debugf("Setting maximum rm workers to %d", maxWorkers) + ctrs, err := shortcuts.GetContainersByContext(cli.All, cli.Latest, cli.InputArgs, r.Runtime) if err != nil { + // Force may be used to remove containers no longer found in the database + if cli.Force && len(cli.InputArgs) > 0 && errors.Cause(err) == libpod.ErrNoSuchCtr { + r.RemoveContainersFromStorage(cli.InputArgs) + } return ok, failures, err } + pool := shared.NewPool("rm", maxWorkers, len(ctrs)) for _, c := range ctrs { - if err := c.Kill(uint(signal)); err == nil { - ok = append(ok, c.ID()) + c := c + + pool.Add(shared.Job{ + c.ID(), + func() error { + err := r.RemoveContainer(ctx, c, cli.Force, cli.Volumes) + if err != nil { + logrus.Debugf("Failed to remove container %s: %s", c.ID(), err.Error()) + } + return err + }, + }) + } + return pool.Run() +} + +// UmountRootFilesystems removes container(s) based on CLI inputs. +func (r *LocalRuntime) UmountRootFilesystems(ctx context.Context, cli *cliconfig.UmountValues) ([]string, map[string]error, error) { + var ( + ok = []string{} + failures = map[string]error{} + ) + + ctrs, err := shortcuts.GetContainersByContext(cli.All, cli.Latest, cli.InputArgs, r.Runtime) + if err != nil { + return ok, failures, err + } + + for _, ctr := range ctrs { + state, err := ctr.State() + if err != nil { + logrus.Debugf("Error umounting container %s state: %s", ctr.ID(), err.Error()) + continue + } + if state == libpod.ContainerStateRunning { + logrus.Debugf("Error umounting container %s, is running", ctr.ID()) + continue + } + + if err := ctr.Unmount(cli.Force); err != nil { + if cli.All && errors.Cause(err) == storage.ErrLayerNotMounted { + logrus.Debugf("Error umounting container %s, storage.ErrLayerNotMounted", ctr.ID()) + continue + } + failures[ctr.ID()] = errors.Wrapf(err, "error unmounting continaner %s", ctr.ID()) } else { - failures[c.ID()] = err + ok = append(ok, ctr.ID()) } } return ok, failures, nil @@ -162,14 +255,17 @@ func (r *LocalRuntime) Log(c *cliconfig.LogsValues, options *libpod.LogOptions) // CreateContainer creates a libpod container func (r *LocalRuntime) CreateContainer(ctx context.Context, c *cliconfig.CreateValues) (string, error) { - results := shared.NewIntermediateLayer(&c.PodmanCommand) + results := shared.NewIntermediateLayer(&c.PodmanCommand, false) ctr, _, err := shared.CreateContainer(ctx, &results, r.Runtime) - return ctr.ID(), err + if err != nil { + return "", err + } + return ctr.ID(), nil } // Run a libpod container func (r *LocalRuntime) Run(ctx context.Context, c *cliconfig.RunValues, exitCode int) (int, error) { - results := shared.NewIntermediateLayer(&c.PodmanCommand) + results := shared.NewIntermediateLayer(&c.PodmanCommand, false) ctr, createConfig, err := shared.CreateContainer(ctx, &results, r.Runtime) if err != nil { @@ -304,3 +400,113 @@ func ReadExitFile(runtimeTmp, ctrID string) (int, error) { return exitCode, nil } + +// Ps ... +func (r *LocalRuntime) Ps(c *cliconfig.PsValues, opts shared.PsOptions) ([]shared.PsContainerOutput, error) { + maxWorkers := shared.Parallelize("ps") + if c.GlobalIsSet("max-workers") { + maxWorkers = c.GlobalFlags.MaxWorks + } + logrus.Debugf("Setting maximum workers to %d", maxWorkers) + return shared.GetPsContainerOutput(r.Runtime, opts, c.Filter, maxWorkers) +} + +// Attach ... +func (r *LocalRuntime) Attach(ctx context.Context, c *cliconfig.AttachValues) error { + var ( + ctr *libpod.Container + err error + ) + + if c.Latest { + ctr, err = r.Runtime.GetLatestContainer() + } else { + ctr, err = r.Runtime.LookupContainer(c.InputArgs[0]) + } + + if err != nil { + return errors.Wrapf(err, "unable to exec into %s", c.InputArgs[0]) + } + + conState, err := ctr.State() + if err != nil { + return errors.Wrapf(err, "unable to determine state of %s", ctr.ID()) + } + if conState != libpod.ContainerStateRunning { + return errors.Errorf("you can only attach to running containers") + } + + inputStream := os.Stdin + if c.NoStdin { + inputStream = nil + } + // If the container is in a pod, also set to recursively start dependencies + if err := StartAttachCtr(ctx, ctr, os.Stdout, os.Stderr, inputStream, c.DetachKeys, c.SigProxy, false, ctr.PodID() != ""); err != nil && errors.Cause(err) != libpod.ErrDetach { + return errors.Wrapf(err, "error attaching to container %s", ctr.ID()) + } + return nil +} + +// Checkpoint one or more containers +func (r *LocalRuntime) Checkpoint(c *cliconfig.CheckpointValues, options libpod.ContainerCheckpointOptions) error { + var ( + containers []*libpod.Container + err, lastError error + ) + + if c.All { + containers, err = r.Runtime.GetRunningContainers() + } else { + containers, err = shortcuts.GetContainersByContext(false, c.Latest, c.InputArgs, r.Runtime) + } + if err != nil { + return err + } + + for _, ctr := range containers { + if err = ctr.Checkpoint(context.TODO(), options); err != nil { + if lastError != nil { + fmt.Fprintln(os.Stderr, lastError) + } + lastError = errors.Wrapf(err, "failed to checkpoint container %v", ctr.ID()) + } else { + fmt.Println(ctr.ID()) + } + } + return lastError +} + +// Restore one or more containers +func (r *LocalRuntime) Restore(c *cliconfig.RestoreValues, options libpod.ContainerCheckpointOptions) error { + var ( + containers []*libpod.Container + err, lastError error + filterFuncs []libpod.ContainerFilter + ) + + filterFuncs = append(filterFuncs, func(c *libpod.Container) bool { + state, _ := c.State() + return state == libpod.ContainerStateExited + }) + + if c.All { + containers, err = r.GetContainers(filterFuncs...) + } else { + containers, err = shortcuts.GetContainersByContext(false, c.Latest, c.InputArgs, r.Runtime) + } + if err != nil { + return err + } + + for _, ctr := range containers { + if err = ctr.Restore(context.TODO(), options); err != nil { + if lastError != nil { + fmt.Fprintln(os.Stderr, lastError) + } + lastError = errors.Wrapf(err, "failed to restore container %v", ctr.ID()) + } else { + fmt.Println(ctr.ID()) + } + } + return lastError +} diff --git a/pkg/adapter/containers_remote.go b/pkg/adapter/containers_remote.go index 3730827c7..50cff9fa0 100644 --- a/pkg/adapter/containers_remote.go +++ b/pkg/adapter/containers_remote.go @@ -6,18 +6,25 @@ import ( "context" "encoding/json" "fmt" + "io" + "os" "strconv" "syscall" "time" "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/cmd/podman/shared" - "github.com/containers/libpod/cmd/podman/varlink" + iopodman "github.com/containers/libpod/cmd/podman/varlink" "github.com/containers/libpod/libpod" "github.com/containers/libpod/pkg/inspect" + "github.com/containers/libpod/pkg/varlinkapi/virtwriter" + "github.com/docker/docker/pkg/term" + "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/varlink/go/varlink" + "golang.org/x/crypto/ssh/terminal" + "k8s.io/client-go/tools/remotecommand" ) // Inspect returns an inspect struct from varlink @@ -70,6 +77,19 @@ func (r *LocalRuntime) ContainerState(name string) (*libpod.ContainerState, erro } +// Spec obtains the container spec. +func (r *LocalRuntime) Spec(name string) (*specs.Spec, error) { + reply, err := iopodman.Spec().Call(r.Conn, name) + if err != nil { + return nil, err + } + data := specs.Spec{} + if err := json.Unmarshal([]byte(reply), &data); err != nil { + return nil, err + } + return &data, nil +} + // LookupContainer gets basic information about container over a varlink // connection and then translates it to a *Container func (r *LocalRuntime) LookupContainer(idOrName string) (*Container, error) { @@ -78,10 +98,6 @@ func (r *LocalRuntime) LookupContainer(idOrName string) (*Container, error) { return nil, err } config := r.Config(idOrName) - if err != nil { - return nil, err - } - return &Container{ remoteContainer{ r, @@ -128,7 +144,7 @@ func (c *Container) Name() string { return c.config.Name } -// StopContainers stops requested containers using CLI inputs. +// StopContainers stops requested containers using varlink. // Returns the list of stopped container ids, map of failed to stop container ids + errors, or any non-container error func (r *LocalRuntime) StopContainers(ctx context.Context, cli *cliconfig.StopValues) ([]string, map[string]error, error) { var ( @@ -152,7 +168,7 @@ func (r *LocalRuntime) StopContainers(ctx context.Context, cli *cliconfig.StopVa return ok, failures, nil } -// KillContainers sends signal to container(s) based on CLI inputs. +// KillContainers sends signal to container(s) based on varlink. // Returns list of successful id(s), map of failed id(s) + error, or error not from container func (r *LocalRuntime) KillContainers(ctx context.Context, cli *cliconfig.KillValues, signal syscall.Signal) ([]string, map[string]error, error) { var ( @@ -176,6 +192,52 @@ func (r *LocalRuntime) KillContainers(ctx context.Context, cli *cliconfig.KillVa return ok, failures, nil } +// RemoveContainer removes container(s) based on varlink inputs. +func (r *LocalRuntime) RemoveContainers(ctx context.Context, cli *cliconfig.RmValues) ([]string, map[string]error, error) { + ids, err := iopodman.GetContainersByContext().Call(r.Conn, cli.All, cli.Latest, cli.InputArgs) + if err != nil { + return nil, nil, err + } + + var ( + ok = []string{} + failures = map[string]error{} + ) + + for _, id := range ids { + _, err := iopodman.RemoveContainer().Call(r.Conn, id, cli.Force, cli.Volumes) + if err != nil { + failures[id] = err + } else { + ok = append(ok, id) + } + } + return ok, failures, nil +} + +// UmountRootFilesystems umounts container(s) root filesystems based on varlink inputs +func (r *LocalRuntime) UmountRootFilesystems(ctx context.Context, cli *cliconfig.UmountValues) ([]string, map[string]error, error) { + ids, err := iopodman.GetContainersByContext().Call(r.Conn, cli.All, cli.Latest, cli.InputArgs) + if err != nil { + return nil, nil, err + } + + var ( + ok = []string{} + failures = map[string]error{} + ) + + for _, id := range ids { + err := iopodman.UnmountContainer().Call(r.Conn, id, cli.Force) + if err != nil { + failures[id] = err + } else { + ok = append(ok, id) + } + } + return ok, failures, nil +} + // WaitOnContainers waits for all given container(s) to stop. // interval is currently ignored. func (r *LocalRuntime) WaitOnContainers(ctx context.Context, cli *cliconfig.WaitValues, interval time.Duration) ([]string, map[string]error, error) { @@ -227,7 +289,7 @@ func BatchContainerOp(ctr *Container, opts shared.PsOptions) (shared.BatchContai // Logs one or more containers over a varlink connection func (r *LocalRuntime) Log(c *cliconfig.LogsValues, options *libpod.LogOptions) error { - //GetContainersLogs + // GetContainersLogs reply, err := iopodman.GetContainersLogs().Send(r.Conn, uint64(varlink.More), c.InputArgs, c.Follow, c.Latest, options.Since.Format(time.RFC3339Nano), int64(c.Tail), c.Timestamps) if err != nil { return errors.Wrapf(err, "failed to get container logs") @@ -269,26 +331,281 @@ func (r *LocalRuntime) CreateContainer(ctx context.Context, c *cliconfig.CreateV // TODO need to add attach when that function becomes available return "", errors.New("the remote client only supports detached containers") } - results := shared.NewIntermediateLayer(&c.PodmanCommand) + results := shared.NewIntermediateLayer(&c.PodmanCommand, true) return iopodman.CreateContainer().Call(r.Conn, results.MakeVarlink()) } // Run creates a container overvarlink and then starts it func (r *LocalRuntime) Run(ctx context.Context, c *cliconfig.RunValues, exitCode int) (int, error) { + // FIXME + // podman-remote run -it alpine ls DOES NOT WORK YET + // podman-remote run -it alpine /bin/sh does, i suspect there is some sort of + // timing issue between the socket availability and terminal setup and the command + // being run. + // TODO the exit codes for run need to be figured out for remote connections - if !c.Bool("detach") { - return 0, errors.New("the remote client only supports detached containers") - } - results := shared.NewIntermediateLayer(&c.PodmanCommand) + results := shared.NewIntermediateLayer(&c.PodmanCommand, true) cid, err := iopodman.CreateContainer().Call(r.Conn, results.MakeVarlink()) if err != nil { return 0, err } - fmt.Println(cid) - _, err = iopodman.StartContainer().Call(r.Conn, cid) - return 0, err + if c.Bool("detach") { + _, err := iopodman.StartContainer().Call(r.Conn, cid) + fmt.Println(cid) + return 0, err + } + + errChan, err := r.attach(ctx, os.Stdin, os.Stdout, cid, true) + if err != nil { + return 0, err + } + finalError := <-errChan + return 0, finalError } func ReadExitFile(runtimeTmp, ctrID string) (int, error) { return 0, libpod.ErrNotImplemented } + +// Ps ... +func (r *LocalRuntime) Ps(c *cliconfig.PsValues, opts shared.PsOptions) ([]shared.PsContainerOutput, error) { + var psContainers []shared.PsContainerOutput + last := int64(c.Last) + PsOpts := iopodman.PsOpts{ + All: c.All, + Filters: &c.Filter, + Last: &last, + Latest: &c.Latest, + NoTrunc: &c.NoTrunct, + Pod: &c.Pod, + Quiet: &c.Quiet, + Sort: &c.Sort, + Sync: &c.Sync, + } + containers, err := iopodman.Ps().Call(r.Conn, PsOpts) + if err != nil { + return nil, err + } + for _, ctr := range containers { + createdAt, err := time.Parse(time.RFC3339Nano, ctr.CreatedAt) + if err != nil { + return nil, err + } + exitedAt, err := time.Parse(time.RFC3339Nano, ctr.ExitedAt) + if err != nil { + return nil, err + } + startedAt, err := time.Parse(time.RFC3339Nano, ctr.StartedAt) + if err != nil { + return nil, err + } + containerSize := shared.ContainerSize{ + RootFsSize: ctr.RootFsSize, + RwSize: ctr.RwSize, + } + state, err := libpod.StringToContainerStatus(ctr.State) + if err != nil { + return nil, err + } + psc := shared.PsContainerOutput{ + ID: ctr.Id, + Image: ctr.Image, + Command: ctr.Command, + Created: ctr.Created, + Ports: ctr.Ports, + Names: ctr.Names, + IsInfra: ctr.IsInfra, + Status: ctr.Status, + State: state, + Pid: int(ctr.PidNum), + Size: &containerSize, + Pod: ctr.Pod, + CreatedAt: createdAt, + ExitedAt: exitedAt, + StartedAt: startedAt, + Labels: ctr.Labels, + PID: ctr.NsPid, + Cgroup: ctr.Cgroup, + IPC: ctr.Ipc, + MNT: ctr.Mnt, + NET: ctr.Net, + PIDNS: ctr.PidNs, + User: ctr.User, + UTS: ctr.Uts, + Mounts: ctr.Mounts, + } + psContainers = append(psContainers, psc) + } + return psContainers, nil +} + +func (r *LocalRuntime) attach(ctx context.Context, stdin, stdout *os.File, cid string, start bool) (chan error, error) { + var ( + oldTermState *term.State + ) + errChan := make(chan error) + spec, err := r.Spec(cid) + if err != nil { + return nil, err + } + resize := make(chan remotecommand.TerminalSize) + haveTerminal := terminal.IsTerminal(int(os.Stdin.Fd())) + + // Check if we are attached to a terminal. If we are, generate resize + // events, and set the terminal to raw mode + if haveTerminal && spec.Process.Terminal { + logrus.Debugf("Handling terminal attach") + + subCtx, cancel := context.WithCancel(ctx) + defer cancel() + + resizeTty(subCtx, resize) + oldTermState, err = term.SaveState(os.Stdin.Fd()) + if err != nil { + return nil, errors.Wrapf(err, "unable to save terminal state") + } + + logrus.SetFormatter(&RawTtyFormatter{}) + term.SetRawTerminal(os.Stdin.Fd()) + + } + // TODO add detach keys support + _, err = iopodman.Attach().Send(r.Conn, varlink.Upgrade, cid, "", start) + if err != nil { + restoreTerminal(oldTermState) + return nil, err + } + + // These are the varlink sockets + reader := r.Conn.Reader + writer := r.Conn.Writer + + // These are the special writers that encode input from the client. + varlinkStdinWriter := virtwriter.NewVirtWriteCloser(writer, virtwriter.ToStdin) + varlinkResizeWriter := virtwriter.NewVirtWriteCloser(writer, virtwriter.TerminalResize) + + go func() { + // Read from the wire and direct to stdout or stderr + err := virtwriter.Reader(reader, stdout, os.Stderr, nil, nil) + defer restoreTerminal(oldTermState) + errChan <- err + }() + + go func() { + for termResize := range resize { + b, err := json.Marshal(termResize) + if err != nil { + defer restoreTerminal(oldTermState) + errChan <- err + } + _, err = varlinkResizeWriter.Write(b) + if err != nil { + defer restoreTerminal(oldTermState) + errChan <- err + } + } + }() + + // Takes stdinput and sends it over the wire after being encoded + go func() { + if _, err := io.Copy(varlinkStdinWriter, stdin); err != nil { + defer restoreTerminal(oldTermState) + errChan <- err + } + + }() + return errChan, nil + +} + +// Attach to a remote terminal +func (r *LocalRuntime) Attach(ctx context.Context, c *cliconfig.AttachValues) error { + ctr, err := r.LookupContainer(c.InputArgs[0]) + if err != nil { + return nil + } + if ctr.state.State != libpod.ContainerStateRunning { + return errors.New("you can only attach to running containers") + } + inputStream := os.Stdin + if c.NoStdin { + inputStream = nil + } + errChan, err := r.attach(ctx, inputStream, os.Stdout, c.InputArgs[0], false) + if err != nil { + return err + } + return <-errChan +} + +// Checkpoint one or more containers +func (r *LocalRuntime) Checkpoint(c *cliconfig.CheckpointValues, options libpod.ContainerCheckpointOptions) error { + var lastError error + ids, err := iopodman.GetContainersByContext().Call(r.Conn, c.All, c.Latest, c.InputArgs) + if err != nil { + return err + } + if c.All { + // We dont have a great way to get all the running containers, so need to get all and then + // check status on them bc checkpoint considers checkpointing a stopped container an error + var runningIds []string + for _, id := range ids { + ctr, err := r.LookupContainer(id) + if err != nil { + return err + } + if ctr.state.State == libpod.ContainerStateRunning { + runningIds = append(runningIds, id) + } + } + ids = runningIds + } + + for _, id := range ids { + if _, err := iopodman.ContainerCheckpoint().Call(r.Conn, id, options.Keep, options.KeepRunning, options.TCPEstablished); err != nil { + if lastError != nil { + fmt.Fprintln(os.Stderr, lastError) + } + lastError = errors.Wrapf(err, "failed to checkpoint container %v", id) + } else { + fmt.Println(id) + } + } + return lastError +} + +// Restore one or more containers +func (r *LocalRuntime) Restore(c *cliconfig.RestoreValues, options libpod.ContainerCheckpointOptions) error { + var lastError error + ids, err := iopodman.GetContainersByContext().Call(r.Conn, c.All, c.Latest, c.InputArgs) + if err != nil { + return err + } + if c.All { + // We dont have a great way to get all the exited containers, so need to get all and then + // check status on them bc checkpoint considers restoring a running container an error + var exitedIDs []string + for _, id := range ids { + ctr, err := r.LookupContainer(id) + if err != nil { + return err + } + if ctr.state.State != libpod.ContainerStateRunning { + exitedIDs = append(exitedIDs, id) + } + } + ids = exitedIDs + } + + for _, id := range ids { + if _, err := iopodman.ContainerRestore().Call(r.Conn, id, options.Keep, options.TCPEstablished); err != nil { + if lastError != nil { + fmt.Fprintln(os.Stderr, lastError) + } + lastError = errors.Wrapf(err, "failed to restore container %v", id) + } else { + fmt.Println(id) + } + } + return lastError +} diff --git a/pkg/adapter/runtime.go b/pkg/adapter/runtime.go index 182a04044..6aafed550 100644 --- a/pkg/adapter/runtime.go +++ b/pkg/adapter/runtime.go @@ -7,6 +7,7 @@ import ( "context" "io" "io/ioutil" + "k8s.io/api/core/v1" "os" "text/template" @@ -310,6 +311,46 @@ func (r *LocalRuntime) HealthCheck(c *cliconfig.HealthCheckValues) (libpod.Healt return r.Runtime.HealthCheck(c.InputArgs[0]) } +// JoinOrCreateRootlessPod joins the specified pod if it is running or it creates a new user namespace +// if the pod is stopped +// func (r *LocalRuntime) JoinOrCreateRootlessPod(pod *Pod) (bool, int, error) { +// if os.Geteuid() == 0 { +// return false, 0, nil +// } +// opts := rootless.Opts{ +// Argument: pod.ID(), +// } +// +// inspect, err := pod.Inspect() +// if err != nil { +// return false, 0, err +// } +// for _, ctr := range inspect.Containers { +// prevCtr, err := r.LookupContainer(ctr.ID) +// if err != nil { +// return false, -1, err +// } +// s, err := prevCtr.State() +// if err != nil { +// return false, -1, err +// } +// if s != libpod.ContainerStateRunning && s != libpod.ContainerStatePaused { +// continue +// } +// data, err := ioutil.ReadFile(prevCtr.Config().ConmonPidFile) +// if err != nil { +// return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", prevCtr.Config().ConmonPidFile) +// } +// conmonPid, err := strconv.Atoi(string(data)) +// if err != nil { +// return false, -1, errors.Wrapf(err, "cannot parse PID %q", data) +// } +// return rootless.JoinDirectUserAndMountNSWithOpts(uint(conmonPid), &opts) +// } +// +// return rootless.BecomeRootInUserNSWithOpts(&opts) +// } + // Events is a wrapper to libpod to obtain libpod/podman events func (r *LocalRuntime) Events(c *cliconfig.EventValues) error { var ( @@ -363,3 +404,8 @@ func (r *LocalRuntime) Events(c *cliconfig.EventValues) error { func (r *LocalRuntime) Diff(c *cliconfig.DiffValues, to string) ([]archive.Change, error) { return r.Runtime.GetDiff("", to) } + +// GenerateKube creates kubernetes email from containers and pods +func (r *LocalRuntime) GenerateKube(c *cliconfig.GenerateKubeValues) (*v1.Pod, *v1.Service, error) { + return shared.GenerateKube(c.InputArgs[0], c.Service, r.Runtime) +} diff --git a/pkg/adapter/runtime_remote.go b/pkg/adapter/runtime_remote.go index 807a9ad8f..71f7380db 100644 --- a/pkg/adapter/runtime_remote.go +++ b/pkg/adapter/runtime_remote.go @@ -5,9 +5,11 @@ package adapter import ( "bufio" "context" + "encoding/json" "fmt" "io" "io/ioutil" + v1 "k8s.io/api/core/v1" "os" "strings" "text/template" @@ -858,3 +860,20 @@ func stringToChangeType(change string) archive.ChangeType { return archive.ChangeModify } } + +// GenerateKube creates kubernetes email from containers and pods +func (r *LocalRuntime) GenerateKube(c *cliconfig.GenerateKubeValues) (*v1.Pod, *v1.Service, error) { + var ( + pod v1.Pod + service v1.Service + ) + reply, err := iopodman.GenerateKube().Call(r.Conn, c.InputArgs[0], c.Service) + if err != nil { + return nil, nil, errors.Wrap(err, "unable to create kubernetes YAML") + } + if err := json.Unmarshal([]byte(reply.Pod), &pod); err != nil { + return nil, nil, err + } + err = json.Unmarshal([]byte(reply.Service), &service) + return &pod, &service, err +} diff --git a/pkg/adapter/shortcuts/shortcuts.go b/pkg/adapter/shortcuts/shortcuts.go index 677d88457..3e4eff555 100644 --- a/pkg/adapter/shortcuts/shortcuts.go +++ b/pkg/adapter/shortcuts/shortcuts.go @@ -1,6 +1,8 @@ package shortcuts -import "github.com/containers/libpod/libpod" +import ( + "github.com/containers/libpod/libpod" +) // GetPodsByContext gets pods whether all, latest, or a slice of names/ids func GetPodsByContext(all, latest bool, pods []string, runtime *libpod.Runtime) ([]*libpod.Pod, error) { @@ -27,28 +29,23 @@ func GetPodsByContext(all, latest bool, pods []string, runtime *libpod.Runtime) } // GetContainersByContext gets pods whether all, latest, or a slice of names/ids -func GetContainersByContext(all, latest bool, names []string, runtime *libpod.Runtime) ([]*libpod.Container, error) { - var ctrs = []*libpod.Container{} +func GetContainersByContext(all, latest bool, names []string, runtime *libpod.Runtime) (ctrs []*libpod.Container, err error) { + var ctr *libpod.Container + ctrs = []*libpod.Container{} if all { - return runtime.GetAllContainers() - } - - if latest { - c, err := runtime.GetLatestContainer() - if err != nil { - return nil, err - } - ctrs = append(ctrs, c) - return ctrs, nil - } - - for _, c := range names { - ctr, err := runtime.LookupContainer(c) - if err != nil { - return nil, err - } + ctrs, err = runtime.GetAllContainers() + } else if latest { + ctr, err = runtime.GetLatestContainer() ctrs = append(ctrs, ctr) + } else { + for _, n := range names { + ctr, e := runtime.LookupContainer(n) + if e != nil && err == nil { + err = e + } + ctrs = append(ctrs, ctr) + } } - return ctrs, nil + return } diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c index 9cb79ed4d..d6a2793a7 100644 --- a/pkg/rootless/rootless_linux.c +++ b/pkg/rootless/rootless_linux.c @@ -16,6 +16,8 @@ #include <sys/types.h> #include <sys/prctl.h> #include <dirent.h> +#include <termios.h> +#include <sys/ioctl.h> static const char *_max_user_namespaces = "/proc/sys/user/max_user_namespaces"; static const char *_unprivileged_user_namespaces = "/proc/sys/kernel/unprivileged_userns_clone"; @@ -178,6 +180,11 @@ reexec_userns_join (int userns, int mountns) _exit (EXIT_FAILURE); } + if (isatty (1) && ioctl (1, TIOCSCTTY, 0) == -1) { + fprintf (stderr, "cannot ioctl(TIOCSCTTY): %s\n", strerror (errno)); + _exit (EXIT_FAILURE); + } + if (setns (userns, 0) < 0) { fprintf (stderr, "cannot setns: %s\n", strerror (errno)); diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index 1d1b1713d..2c99f41a4 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -28,6 +28,10 @@ extern int reexec_userns_join(int userns, int mountns); */ import "C" +const ( + numSig = 65 // max number of signals +) + func runInUser() error { os.Setenv("_CONTAINERS_USERNS_CONFIGURED", "done") return nil @@ -283,7 +287,15 @@ func BecomeRootInUserNS() (bool, int, error) { c := make(chan os.Signal, 1) - gosignal.Notify(c) + signals := []os.Signal{} + for sig := 0; sig < numSig; sig++ { + if sig == int(syscall.SIGTSTP) { + continue + } + signals = append(signals, syscall.Signal(sig)) + } + + gosignal.Notify(c, signals...) defer gosignal.Reset() go func() { for s := range c { diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 9b6bd089e..0371b6d4d 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -132,6 +132,9 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint Options: []string{"rprivate", "nosuid", "noexec", "nodev", r, "rbind"}, } g.AddMount(sysMnt) + if !config.Privileged && isRootless { + g.AddLinuxMaskedPaths("/sys/kernel") + } } if isRootless { nGids, err := getAvailableGids() diff --git a/pkg/varlinkapi/attach.go b/pkg/varlinkapi/attach.go new file mode 100644 index 000000000..9e2a265be --- /dev/null +++ b/pkg/varlinkapi/attach.go @@ -0,0 +1,103 @@ +// +build varlink + +package varlinkapi + +import ( + "bufio" + "io" + + "github.com/containers/libpod/cmd/podman/varlink" + "github.com/containers/libpod/libpod" + "github.com/containers/libpod/pkg/varlinkapi/virtwriter" + "github.com/sirupsen/logrus" + "k8s.io/client-go/tools/remotecommand" +) + +func setupStreams(call iopodman.VarlinkCall) (*bufio.Reader, *bufio.Writer, *io.PipeReader, *io.PipeWriter, *libpod.AttachStreams) { + + // These are the varlink sockets + reader := call.Call.Reader + writer := call.Call.Writer + + // This pipe is used to pass stdin from the client to the input stream + // once the msg has been "decoded" + pr, pw := io.Pipe() + + stdoutWriter := virtwriter.NewVirtWriteCloser(writer, virtwriter.ToStdout) + // TODO if runc ever starts passing stderr, we can too + //stderrWriter := NewVirtWriteCloser(writer, ToStderr) + + streams := libpod.AttachStreams{ + OutputStream: stdoutWriter, + InputStream: pr, + // Runc eats the error stream + ErrorStream: stdoutWriter, + AttachInput: true, + AttachOutput: true, + // Runc eats the error stream + AttachError: true, + } + return reader, writer, pr, pw, &streams +} + +// Attach connects to a containers console +func (i *LibpodAPI) Attach(call iopodman.VarlinkCall, name string, detachKeys string, start bool) error { + var finalErr error + resize := make(chan remotecommand.TerminalSize) + errChan := make(chan error) + + if !call.WantsUpgrade() { + return call.ReplyErrorOccurred("client must use upgraded connection to attach") + } + ctr, err := i.Runtime.LookupContainer(name) + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + + reader, writer, _, pw, streams := setupStreams(call) + + go func() { + if err := virtwriter.Reader(reader, nil, nil, pw, resize); err != nil { + errChan <- err + } + }() + + if start { + finalErr = startAndAttach(ctr, streams, detachKeys, resize, errChan) + } else { + finalErr = attach(ctr, streams, detachKeys, resize, errChan) + } + + if finalErr != libpod.ErrDetach && finalErr != nil { + logrus.Error(finalErr) + } + quitWriter := virtwriter.NewVirtWriteCloser(writer, virtwriter.Quit) + _, err = quitWriter.Write([]byte("HANG-UP")) + // TODO error handling is not quite right here yet + return call.Writer.Flush() +} + +func attach(ctr *libpod.Container, streams *libpod.AttachStreams, detachKeys string, resize chan remotecommand.TerminalSize, errChan chan error) error { + go func() { + if err := ctr.Attach(streams, detachKeys, resize); err != nil { + errChan <- err + } + }() + attachError := <-errChan + return attachError +} + +func startAndAttach(ctr *libpod.Container, streams *libpod.AttachStreams, detachKeys string, resize chan remotecommand.TerminalSize, errChan chan error) error { + var finalErr error + attachChan, err := ctr.StartAndAttach(getContext(), streams, detachKeys, resize, false) + if err != nil { + return err + } + select { + case attachChanErr := <-attachChan: + finalErr = attachChanErr + case chanError := <-errChan: + finalErr = chanError + } + return finalErr +} diff --git a/pkg/varlinkapi/containers.go b/pkg/varlinkapi/containers.go index ac1352dac..17792ccfe 100644 --- a/pkg/varlinkapi/containers.go +++ b/pkg/varlinkapi/containers.go @@ -47,6 +47,55 @@ func (i *LibpodAPI) ListContainers(call iopodman.VarlinkCall) error { return call.ReplyListContainers(listContainers) } +func (i *LibpodAPI) Ps(call iopodman.VarlinkCall, opts iopodman.PsOpts) error { + var ( + containers []iopodman.PsContainer + ) + maxWorkers := shared.Parallelize("ps") + psOpts := makePsOpts(opts) + filters := []string{} + if opts.Filters != nil { + filters = *opts.Filters + } + psContainerOutputs, err := shared.GetPsContainerOutput(i.Runtime, psOpts, filters, maxWorkers) + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + + for _, ctr := range psContainerOutputs { + container := iopodman.PsContainer{ + Id: ctr.ID, + Image: ctr.Image, + Command: ctr.Command, + Created: ctr.Created, + Ports: ctr.Ports, + Names: ctr.Names, + IsInfra: ctr.IsInfra, + Status: ctr.Status, + State: ctr.State.String(), + PidNum: int64(ctr.Pid), + RootFsSize: ctr.Size.RootFsSize, + RwSize: ctr.Size.RwSize, + Pod: ctr.Pod, + CreatedAt: ctr.CreatedAt.Format(time.RFC3339Nano), + ExitedAt: ctr.ExitedAt.Format(time.RFC3339Nano), + StartedAt: ctr.StartedAt.Format(time.RFC3339Nano), + Labels: ctr.Labels, + NsPid: ctr.PID, + Cgroup: ctr.Cgroup, + Ipc: ctr.Cgroup, + Mnt: ctr.MNT, + Net: ctr.NET, + PidNs: ctr.PIDNS, + User: ctr.User, + Uts: ctr.UTS, + Mounts: ctr.Mounts, + } + containers = append(containers, container) + } + return call.ReplyPs(containers) +} + // GetContainer ... func (i *LibpodAPI) GetContainer(call iopodman.VarlinkCall, id string) error { ctr, err := i.Runtime.LookupContainer(id) @@ -585,6 +634,22 @@ func (i *LibpodAPI) GetContainerStatsWithHistory(call iopodman.VarlinkCall, prev return call.ReplyGetContainerStatsWithHistory(cStats) } +// Spec ... +func (i *LibpodAPI) Spec(call iopodman.VarlinkCall, name string) error { + ctr, err := i.Runtime.LookupContainer(name) + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + + spec := ctr.Spec() + b, err := json.Marshal(spec) + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + + return call.ReplySpec(string(b)) +} + // GetContainersLogs is the varlink endpoint to obtain one or more container logs func (i *LibpodAPI) GetContainersLogs(call iopodman.VarlinkCall, names []string, follow, latest bool, since string, tail int64, timestamps bool) error { var wg sync.WaitGroup diff --git a/pkg/varlinkapi/generate.go b/pkg/varlinkapi/generate.go new file mode 100644 index 000000000..bc600c397 --- /dev/null +++ b/pkg/varlinkapi/generate.go @@ -0,0 +1,30 @@ +// +build varlink + +package varlinkapi + +import ( + "encoding/json" + "github.com/containers/libpod/cmd/podman/shared" + iopodman "github.com/containers/libpod/cmd/podman/varlink" +) + +// GenerateKube ... +func (i *LibpodAPI) GenerateKube(call iopodman.VarlinkCall, name string, service bool) error { + pod, serv, err := shared.GenerateKube(name, service, i.Runtime) + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + podB, err := json.Marshal(pod) + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + servB, err := json.Marshal(serv) + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + + return call.ReplyGenerateKube(iopodman.KubePodService{ + Pod: string(podB), + Service: string(servB), + }) +} diff --git a/pkg/varlinkapi/util.go b/pkg/varlinkapi/util.go index 3c4b9b79a..8716c963a 100644 --- a/pkg/varlinkapi/util.go +++ b/pkg/varlinkapi/util.go @@ -162,3 +162,36 @@ func stringPullPolicyToType(s string) buildah.PullPolicy { } return buildah.PullIfMissing } + +func derefBool(inBool *bool) bool { + if inBool == nil { + return false + } + return *inBool +} + +func derefString(in *string) string { + if in == nil { + return "" + } + return *in +} + +func makePsOpts(inOpts iopodman.PsOpts) shared.PsOptions { + last := 0 + if inOpts.Last != nil { + lastT := *inOpts.Last + last = int(lastT) + } + return shared.PsOptions{ + All: inOpts.All, + Last: last, + Latest: derefBool(inOpts.Latest), + NoTrunc: derefBool(inOpts.NoTrunc), + Pod: derefBool(inOpts.Pod), + Size: true, + Sort: derefString(inOpts.Sort), + Namespace: true, + Sync: derefBool(inOpts.Sync), + } +} diff --git a/pkg/varlinkapi/virtwriter/virtwriter.go b/pkg/varlinkapi/virtwriter/virtwriter.go new file mode 100644 index 000000000..3adaf6e17 --- /dev/null +++ b/pkg/varlinkapi/virtwriter/virtwriter.go @@ -0,0 +1,155 @@ +package virtwriter + +import ( + "bufio" + "encoding/binary" + "encoding/json" + "errors" + "io" + "os" + + "k8s.io/client-go/tools/remotecommand" +) + +// SocketDest is the "key" to where IO should go on the varlink +// multiplexed socket +type SocketDest int + +const ( + // ToStdout indicates traffic should go stdout + ToStdout SocketDest = iota + // ToStdin indicates traffic came from stdin + ToStdin SocketDest = iota + // ToStderr indicates traffuc should go to stderr + ToStderr SocketDest = iota + // TerminalResize indicates a terminal resize event has occurred + // and data should be passed to resizer + TerminalResize SocketDest = iota + // Quit and detach + Quit SocketDest = iota +) + +// IntToSocketDest returns a socketdest based on integer input +func IntToSocketDest(i int) SocketDest { + switch i { + case ToStdout.Int(): + return ToStdout + case ToStderr.Int(): + return ToStderr + case ToStdin.Int(): + return ToStdin + case TerminalResize.Int(): + return TerminalResize + case Quit.Int(): + return Quit + default: + return ToStderr + } +} + +// Int returns the integer representation of the socket dest +func (sd SocketDest) Int() int { + return int(sd) +} + +// VirtWriteCloser are writers for attach which include the dest +// of the data +type VirtWriteCloser struct { + writer *bufio.Writer + dest SocketDest +} + +// NewVirtWriteCloser is a constructor +func NewVirtWriteCloser(w *bufio.Writer, dest SocketDest) VirtWriteCloser { + return VirtWriteCloser{w, dest} +} + +// Close is a required method for a writecloser +func (v VirtWriteCloser) Close() error { + return nil +} + +// Write prepends a header to the input message. The header is +// 8bytes. Position one contains the destination. Positions +// 5,6,7,8 are a big-endian encoded uint32 for len of the message. +func (v VirtWriteCloser) Write(input []byte) (int, error) { + header := []byte{byte(v.dest), 0, 0, 0} + // Go makes us define the byte for big endian + mlen := make([]byte, 4) + binary.BigEndian.PutUint32(mlen, uint32(len(input))) + // append the message len to the header + msg := append(header, mlen...) + // append the message to the header + msg = append(msg, input...) + _, err := v.writer.Write(msg) + if err != nil { + return 0, err + } + err = v.writer.Flush() + return len(input), err +} + +// Reader decodes the content that comes over the wire and directs it to the proper destination. +func Reader(r *bufio.Reader, output, errput *os.File, input *io.PipeWriter, resize chan remotecommand.TerminalSize) error { + var saveb []byte + var eom int + for { + readb := make([]byte, 32*1024) + n, err := r.Read(readb) + // TODO, later may be worth checking in len of the read is 0 + if err != nil { + return err + } + b := append(saveb, readb[0:n]...) + // no sense in reading less than the header len + for len(b) > 7 { + eom = int(binary.BigEndian.Uint32(b[4:8])) + 8 + // The message and header are togther + if len(b) >= eom { + out := append([]byte{}, b[8:eom]...) + + switch IntToSocketDest(int(b[0])) { + case ToStdout: + n, err := output.Write(out) + if err != nil { + return err + } + if n < len(out) { + return errors.New("short write error occurred on stdout") + } + case ToStderr: + n, err := errput.Write(out) + if err != nil { + return err + } + if n < len(out) { + return errors.New("short write error occurred on stderr") + } + case ToStdin: + n, err := input.Write(out) + if err != nil { + return err + } + if n < len(out) { + return errors.New("short write error occurred on stdin") + } + case TerminalResize: + // Resize events come over in bytes, need to be reserialized + resizeEvent := remotecommand.TerminalSize{} + if err := json.Unmarshal(out, &resizeEvent); err != nil { + return err + } + resize <- resizeEvent + case Quit: + return nil + } + b = b[eom:] + } else { + // We do not have the header and full message, need to slurp again + saveb = b + break + } + } + } + return nil +} diff --git a/test/e2e/commit_test.go b/test/e2e/commit_test.go index fe4ae64cf..93e1ea7af 100644 --- a/test/e2e/commit_test.go +++ b/test/e2e/commit_test.go @@ -131,7 +131,7 @@ var _ = Describe("Podman commit", func() { Expect(check.ExitCode()).To(Equal(0)) }) - It("podman commit with volume mounts", func() { + It("podman commit with volumes mounts and no include-volumes", func() { s := podmanTest.Podman([]string{"run", "--name", "test1", "-v", "/tmp:/foo", "alpine", "date"}) s.WaitWithDefaultTimeout() Expect(s.ExitCode()).To(Equal(0)) @@ -145,6 +145,23 @@ var _ = Describe("Podman commit", func() { Expect(inspect.ExitCode()).To(Equal(0)) image := inspect.InspectImageJSON() _, ok := image[0].Config.Volumes["/foo"] + Expect(ok).To(BeFalse()) + }) + + It("podman commit with volume mounts and --include-volumes", func() { + s := podmanTest.Podman([]string{"run", "--name", "test1", "-v", "/tmp:/foo", "alpine", "date"}) + s.WaitWithDefaultTimeout() + Expect(s.ExitCode()).To(Equal(0)) + + c := podmanTest.Podman([]string{"commit", "--include-volumes", "test1", "newimage"}) + c.WaitWithDefaultTimeout() + Expect(c.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"inspect", "newimage"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + image := inspect.InspectImageJSON() + _, ok := image[0].Config.Volumes["/foo"] Expect(ok).To(BeTrue()) r := podmanTest.Podman([]string{"run", "newimage"}) diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index b20b3b37e..58f94f27e 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -3,7 +3,6 @@ package integration import ( "encoding/json" "fmt" - "github.com/containers/libpod/pkg/rootless" "io/ioutil" "os" "os/exec" @@ -12,6 +11,7 @@ import ( "strings" "testing" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/storage" "github.com/containers/libpod/pkg/inspect" @@ -86,7 +86,7 @@ func TestLibpod(t *testing.T) { } var _ = SynchronizedBeforeSuite(func() []byte { - //Cache images + // Cache images cwd, _ := os.Getwd() INTEGRATION_ROOT = filepath.Join(cwd, "../../") podman := PodmanTestCreate("/tmp") @@ -134,18 +134,18 @@ func (p *PodmanTestIntegration) Setup() { p.ArtifactPath = ARTIFACT_DIR } -//var _ = BeforeSuite(func() { -// cwd, _ := os.Getwd() -// INTEGRATION_ROOT = filepath.Join(cwd, "../../") -// podman := PodmanTestCreate("/tmp") -// podman.ArtifactPath = ARTIFACT_DIR -// if _, err := os.Stat(ARTIFACT_DIR); os.IsNotExist(err) { -// if err = os.Mkdir(ARTIFACT_DIR, 0777); err != nil { -// fmt.Printf("%q\n", err) -// os.Exit(1) -// } -// } -//}) +// var _ = BeforeSuite(func() { +// cwd, _ := os.Getwd() +// INTEGRATION_ROOT = filepath.Join(cwd, "../../") +// podman := PodmanTestCreate("/tmp") +// podman.ArtifactPath = ARTIFACT_DIR +// if _, err := os.Stat(ARTIFACT_DIR); os.IsNotExist(err) { +// if err = os.Mkdir(ARTIFACT_DIR, 0777); err != nil { +// fmt.Printf("%q\n", err) +// os.Exit(1) +// } +// } +// }) // for _, image := range CACHE_IMAGES { // if err := podman.CreateArtifact(image); err != nil { // fmt.Printf("%q\n", err) @@ -172,7 +172,7 @@ func (p *PodmanTestIntegration) Setup() { // os.Exit(1) // } // LockTmpDir = path -//}) +// }) var _ = AfterSuite(func() { sort.Sort(testResultsSortedLength{testResults}) diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go index 6ed5ad2d8..105cba37c 100644 --- a/test/e2e/create_test.go +++ b/test/e2e/create_test.go @@ -70,6 +70,17 @@ var _ = Describe("Podman create", func() { Expect(podmanTest.NumberOfContainers()).To(Equal(1)) }) + It("podman create using existing name", func() { + session := podmanTest.Podman([]string{"create", "--name=foo", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainers()).To(Equal(1)) + + session = podmanTest.Podman([]string{"create", "--name=foo", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(125)) + }) + It("podman create adds annotation", func() { session := podmanTest.Podman([]string{"create", "--annotation", "HELLO=WORLD", ALPINE, "ls"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/images_test.go b/test/e2e/images_test.go index a253dff63..48a964db4 100644 --- a/test/e2e/images_test.go +++ b/test/e2e/images_test.go @@ -43,6 +43,17 @@ var _ = Describe("Podman images", func() { Expect(session.LineInOuputStartsWith("docker.io/library/busybox")).To(BeTrue()) }) + It("podman images with no images prints header", func() { + rmi := podmanTest.Podman([]string{"rmi", "-a"}) + rmi.WaitWithDefaultTimeout() + Expect(rmi.ExitCode()).To(Equal(0)) + + session := podmanTest.Podman([]string{"images"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(len(session.OutputToStringArray())).To(Equal(1)) + }) + It("podman image List", func() { session := podmanTest.Podman([]string{"image", "list"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go index 685a08340..a69c1ba9a 100644 --- a/test/e2e/libpod_suite_test.go +++ b/test/e2e/libpod_suite_test.go @@ -61,9 +61,12 @@ func (p *PodmanTestIntegration) PodmanPID(args []string) (*PodmanSessionIntegrat func (p *PodmanTestIntegration) Cleanup() { // Remove all containers stopall := p.Podman([]string{"stop", "-a", "--timeout", "0"}) - stopall.WaitWithDefaultTimeout() + // stopall.WaitWithDefaultTimeout() + stopall.Wait(90) + session := p.Podman([]string{"rm", "-fa"}) session.Wait(90) + // Nuke tempdir if err := os.RemoveAll(p.TempDir); err != nil { fmt.Printf("%q\n", err) @@ -141,7 +144,7 @@ func (p *PodmanTestIntegration) CreatePod(name string) (*PodmanSessionIntegratio return session, session.ExitCode(), session.OutputToString() } -//RunTopContainer runs a simple container in the background that +// RunTopContainer runs a simple container in the background that // runs top. If the name passed != "", it will have a name func (p *PodmanTestIntegration) RunTopContainer(name string) *PodmanSessionIntegration { var podmanArgs = []string{"run"} @@ -161,7 +164,7 @@ func (p *PodmanTestIntegration) RunTopContainerInPod(name, pod string) *PodmanSe return p.Podman(podmanArgs) } -//RunLsContainer runs a simple container in the background that +// RunLsContainer runs a simple container in the background that // simply runs ls. If the name passed != "", it will have a name func (p *PodmanTestIntegration) RunLsContainer(name string) (*PodmanSessionIntegration, int, string) { var podmanArgs = []string{"run"} @@ -215,13 +218,19 @@ func PodmanTestCreate(tempDir string) *PodmanTestIntegration { return PodmanTestCreateUtil(tempDir, false) } -//MakeOptions assembles all the podman main options +// MakeOptions assembles all the podman main options func (p *PodmanTestIntegration) makeOptions(args []string) []string { - podmanOptions := strings.Split(fmt.Sprintf("--root %s --runroot %s --runtime %s --conmon %s --cni-config-dir %s --cgroup-manager %s --tmpdir %s", - p.CrioRoot, p.RunRoot, p.OCIRuntime, p.ConmonBinary, p.CNIConfigDir, p.CgroupManager, p.TmpDir), " ") + var debug string + if _, ok := os.LookupEnv("DEBUG"); ok { + debug = "--log-level=debug --syslog=true " + } + + podmanOptions := strings.Split(fmt.Sprintf("%s--root %s --runroot %s --runtime %s --conmon %s --cni-config-dir %s --cgroup-manager %s --tmpdir %s", + debug, p.CrioRoot, p.RunRoot, p.OCIRuntime, p.ConmonBinary, p.CNIConfigDir, p.CgroupManager, p.TmpDir), " ") if os.Getenv("HOOK_OPTION") != "" { podmanOptions = append(podmanOptions, os.Getenv("HOOK_OPTION")) } + podmanOptions = append(podmanOptions, strings.Split(p.StorageOptions, " ")...) podmanOptions = append(podmanOptions, args...) return podmanOptions diff --git a/test/e2e/prune_test.go b/test/e2e/prune_test.go index 869ca3289..682f7ff2b 100644 --- a/test/e2e/prune_test.go +++ b/test/e2e/prune_test.go @@ -82,7 +82,7 @@ var _ = Describe("Podman rm", func() { prune.WaitWithDefaultTimeout() Expect(prune.ExitCode()).To(Equal(0)) - images := podmanTest.Podman([]string{"images", "-a"}) + images := podmanTest.Podman([]string{"images", "-aq"}) images.WaitWithDefaultTimeout() // all images are unused, so they all should be deleted! Expect(len(images.OutputToStringArray())).To(Equal(0)) @@ -95,7 +95,7 @@ var _ = Describe("Podman rm", func() { prune.WaitWithDefaultTimeout() Expect(prune.ExitCode()).To(Equal(0)) - images := podmanTest.Podman([]string{"images", "-a"}) + images := podmanTest.Podman([]string{"images", "-aq"}) images.WaitWithDefaultTimeout() // all images are unused, so they all should be deleted! Expect(len(images.OutputToStringArray())).To(Equal(0)) diff --git a/test/e2e/pull_test.go b/test/e2e/pull_test.go index de6d4ea09..4e4e80d56 100644 --- a/test/e2e/pull_test.go +++ b/test/e2e/pull_test.go @@ -38,6 +38,12 @@ var _ = Describe("Podman pull", func() { }) + It("podman pull from docker a not existing image", func() { + session := podmanTest.Podman([]string{"pull", "ibetthisdoesntexistthere:foo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Not(Equal(0))) + }) + It("podman pull from docker with tag", func() { session := podmanTest.Podman([]string{"pull", "busybox:glibc"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/rmi_test.go b/test/e2e/rmi_test.go index 78d175637..e034f24cf 100644 --- a/test/e2e/rmi_test.go +++ b/test/e2e/rmi_test.go @@ -270,7 +270,7 @@ RUN find $LOCAL fmt.Println(session.OutputToString()) Expect(session.ExitCode()).To(Equal(0)) - images := podmanTest.Podman([]string{"images", "--all"}) + images := podmanTest.Podman([]string{"images", "-aq"}) images.WaitWithDefaultTimeout() Expect(images.ExitCode()).To(Equal(0)) Expect(len(images.OutputToStringArray())).To(Equal(0)) diff --git a/test/e2e/search_test.go b/test/e2e/search_test.go index 589389b3b..61d581c6d 100644 --- a/test/e2e/search_test.go +++ b/test/e2e/search_test.go @@ -3,47 +3,79 @@ package integration import ( + "bytes" + "fmt" + "io/ioutil" "os" "strconv" + "text/template" . "github.com/containers/libpod/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" ) +type endpoint struct { + Host string + Port string +} + +func (e *endpoint) Address() string { + return fmt.Sprintf("%s:%s", e.Host, e.Port) +} + var _ = Describe("Podman search", func() { var ( tempdir string err error podmanTest *PodmanTestIntegration ) + + var registryEndpoints = []endpoint{ + {"localhost", "5001"}, + {"localhost", "5002"}, + {"localhost", "5003"}, + {"localhost", "5004"}, + {"localhost", "5005"}, + {"localhost", "5006"}, + {"localhost", "5007"}, + {"localhost", "5008"}, + {"localhost", "5009"}, + } + const regFileContents = ` - [registries.search] - registries = ['localhost:5000'] +[registries.search] +registries = ['{{.Host}}:{{.Port}}'] - [registries.insecure] - registries = ['localhost:5000']` +[registries.insecure] +registries = ['{{.Host}}:{{.Port}}']` + registryFileTmpl := template.Must(template.New("registryFile").Parse(regFileContents)) const badRegFileContents = ` - [registries.search] - registries = ['localhost:5000'] - # empty - [registries.insecure] - registries = []` +[registries.search] +registries = ['{{.Host}}:{{.Port}}'] +# empty +[registries.insecure] +registries = []` + registryFileBadTmpl := template.Must(template.New("registryFileBad").Parse(badRegFileContents)) const regFileContents2 = ` - [registries.search] - registries = ['localhost:5000', 'localhost:6000'] +[registries.search] +registries = ['{{.Host}}:{{.Port}}', '{{.Host}}:6000'] + +[registries.insecure] +registries = ['{{.Host}}:{{.Port}}']` + registryFileTwoTmpl := template.Must(template.New("registryFileTwo").Parse(regFileContents2)) - [registries.insecure] - registries = ['localhost:5000']` BeforeEach(func() { tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) } + podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() + podmanTest.RestoreAllArtifacts() }) @@ -51,7 +83,6 @@ var _ = Describe("Podman search", func() { podmanTest.Cleanup() f := CurrentGinkgoTestDescription() processTestResult(f) - }) It("podman search", func() { @@ -134,11 +165,13 @@ var _ = Describe("Podman search", func() { if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } - lock := GetPortLock("5000") + lock := GetPortLock(registryEndpoints[0].Port) defer lock.Unlock() podmanTest.RestoreArtifact(registry) - fakereg := podmanTest.Podman([]string{"run", "-d", "--name", "registry", "-p", "5000:5000", registry, "/entrypoint.sh", "/etc/docker/registry/config.yml"}) + fakereg := podmanTest.Podman([]string{"run", "-d", "--name", "registry", + "-p", fmt.Sprintf("%s:5000", registryEndpoints[0].Port), + registry, "/entrypoint.sh", "/etc/docker/registry/config.yml"}) fakereg.WaitWithDefaultTimeout() Expect(fakereg.ExitCode()).To(Equal(0)) @@ -146,7 +179,8 @@ var _ = Describe("Podman search", func() { Skip("Can not start docker registry.") } - search := podmanTest.Podman([]string{"search", "localhost:5000/fake/image:andtag", "--tls-verify=false"}) + search := podmanTest.Podman([]string{"search", + fmt.Sprintf("%s/fake/image:andtag", registryEndpoints[0].Address()), "--tls-verify=false"}) search.WaitWithDefaultTimeout() // if this test succeeded, there will be no output (there is no entry named fake/image:andtag in an empty registry) @@ -160,10 +194,12 @@ var _ = Describe("Podman search", func() { if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } - lock := GetPortLock("5000") + lock := GetPortLock(registryEndpoints[3].Port) defer lock.Unlock() podmanTest.RestoreArtifact(registry) - registry := podmanTest.Podman([]string{"run", "-d", "--name", "registry3", "-p", "5000:5000", registry, "/entrypoint.sh", "/etc/docker/registry/config.yml"}) + registry := podmanTest.Podman([]string{"run", "-d", "--name", "registry3", + "-p", fmt.Sprintf("%s:5000", registryEndpoints[3].Port), registry, + "/entrypoint.sh", "/etc/docker/registry/config.yml"}) registry.WaitWithDefaultTimeout() Expect(registry.ExitCode()).To(Equal(0)) @@ -171,10 +207,11 @@ var _ = Describe("Podman search", func() { Skip("Can not start docker registry.") } - push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"}) + image := fmt.Sprintf("%s/my-alpine", registryEndpoints[3].Address()) + push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, image}) push.WaitWithDefaultTimeout() Expect(push.ExitCode()).To(Equal(0)) - search := podmanTest.Podman([]string{"search", "localhost:5000/my-alpine", "--tls-verify=false"}) + search := podmanTest.Podman([]string{"search", image, "--tls-verify=false"}) search.WaitWithDefaultTimeout() Expect(search.ExitCode()).To(Equal(0)) @@ -185,10 +222,12 @@ var _ = Describe("Podman search", func() { if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } - lock := GetPortLock("5000") + + lock := GetPortLock(registryEndpoints[4].Port) defer lock.Unlock() podmanTest.RestoreArtifact(registry) - registry := podmanTest.Podman([]string{"run", "-d", "--name", "registry4", "-p", "5000:5000", registry, "/entrypoint.sh", "/etc/docker/registry/config.yml"}) + registry := podmanTest.Podman([]string{"run", "-d", "-p", fmt.Sprintf("%s:5000", registryEndpoints[4].Port), + "--name", "registry4", registry, "/entrypoint.sh", "/etc/docker/registry/config.yml"}) registry.WaitWithDefaultTimeout() Expect(registry.ExitCode()).To(Equal(0)) @@ -196,14 +235,18 @@ var _ = Describe("Podman search", func() { Skip("Can not start docker registry.") } - push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"}) + image := fmt.Sprintf("%s/my-alpine", registryEndpoints[4].Address()) + push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, image}) push.WaitWithDefaultTimeout() Expect(push.ExitCode()).To(Equal(0)) // registries.conf set up - podmanTest.setRegistriesConfigEnv([]byte(regFileContents)) + var buffer bytes.Buffer + registryFileTmpl.Execute(&buffer, registryEndpoints[4]) + podmanTest.setRegistriesConfigEnv(buffer.Bytes()) + ioutil.WriteFile(fmt.Sprintf("%s/registry4.conf", tempdir), buffer.Bytes(), 0644) - search := podmanTest.Podman([]string{"search", "localhost:5000/my-alpine"}) + search := podmanTest.Podman([]string{"search", image}) search.WaitWithDefaultTimeout() Expect(search.ExitCode()).To(Equal(0)) @@ -219,24 +262,29 @@ var _ = Describe("Podman search", func() { if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } - lock := GetPortLock("5000") + lock := GetPortLock(registryEndpoints[5].Port) defer lock.Unlock() podmanTest.RestoreArtifact(registry) - registry := podmanTest.Podman([]string{"run", "-d", "-p", "5000:5000", "--name", "registry5", registry}) + registry := podmanTest.Podman([]string{"run", "-d", "-p", fmt.Sprintf("%s:5000", registryEndpoints[5].Port), + "--name", "registry5", registry}) registry.WaitWithDefaultTimeout() Expect(registry.ExitCode()).To(Equal(0)) if !WaitContainerReady(podmanTest, "registry5", "listening on", 20, 1) { Skip("Can not start docker registry.") } - push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"}) + + image := fmt.Sprintf("%s/my-alpine", registryEndpoints[5].Address()) + push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, image}) push.WaitWithDefaultTimeout() Expect(push.ExitCode()).To(Equal(0)) - // registries.conf set up - podmanTest.setRegistriesConfigEnv([]byte(regFileContents)) + var buffer bytes.Buffer + registryFileTmpl.Execute(&buffer, registryEndpoints[5]) + podmanTest.setRegistriesConfigEnv(buffer.Bytes()) + ioutil.WriteFile(fmt.Sprintf("%s/registry5.conf", tempdir), buffer.Bytes(), 0644) - search := podmanTest.Podman([]string{"search", "localhost:5000/my-alpine", "--tls-verify=true"}) + search := podmanTest.Podman([]string{"search", image, "--tls-verify=true"}) search.WaitWithDefaultTimeout() Expect(search.ExitCode()).To(Equal(0)) @@ -252,24 +300,29 @@ var _ = Describe("Podman search", func() { if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } - lock := GetPortLock("5000") + lock := GetPortLock(registryEndpoints[6].Port) defer lock.Unlock() podmanTest.RestoreArtifact(registry) - registry := podmanTest.Podman([]string{"run", "-d", "-p", "5000:5000", "--name", "registry6", registry}) + registry := podmanTest.Podman([]string{"run", "-d", "-p", fmt.Sprintf("%s:5000", registryEndpoints[6].Port), + "--name", "registry6", registry}) registry.WaitWithDefaultTimeout() Expect(registry.ExitCode()).To(Equal(0)) if !WaitContainerReady(podmanTest, "registry6", "listening on", 20, 1) { Skip("Can not start docker registry.") } - push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"}) + + image := fmt.Sprintf("%s/my-alpine", registryEndpoints[6].Address()) + push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, image}) push.WaitWithDefaultTimeout() Expect(push.ExitCode()).To(Equal(0)) - // registries.conf set up - podmanTest.setRegistriesConfigEnv([]byte(badRegFileContents)) + var buffer bytes.Buffer + registryFileBadTmpl.Execute(&buffer, registryEndpoints[6]) + podmanTest.setRegistriesConfigEnv(buffer.Bytes()) + ioutil.WriteFile(fmt.Sprintf("%s/registry6.conf", tempdir), buffer.Bytes(), 0644) - search := podmanTest.Podman([]string{"search", "localhost:5000/my-alpine"}) + search := podmanTest.Podman([]string{"search", image}) search.WaitWithDefaultTimeout() Expect(search.ExitCode()).To(Equal(0)) @@ -285,10 +338,14 @@ var _ = Describe("Podman search", func() { if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } - lock := GetPortLock("5000") - defer lock.Unlock() + lock7 := GetPortLock(registryEndpoints[7].Port) + defer lock7.Unlock() + lock8 := GetPortLock("6000") + defer lock8.Unlock() + podmanTest.RestoreArtifact(registry) - registryLocal := podmanTest.Podman([]string{"run", "-d", "-p", "5000:5000", "--name", "registry7", registry}) + registryLocal := podmanTest.Podman([]string{"run", "-d", "-p", fmt.Sprintf("%s:5000", registryEndpoints[7].Port), + "--name", "registry7", registry}) registryLocal.WaitWithDefaultTimeout() Expect(registryLocal.ExitCode()).To(Equal(0)) @@ -303,12 +360,16 @@ var _ = Describe("Podman search", func() { if !WaitContainerReady(podmanTest, "registry8", "listening on", 20, 1) { Skip("Can not start docker registry.") } + push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:6000/my-alpine"}) push.WaitWithDefaultTimeout() Expect(push.ExitCode()).To(Equal(0)) // registries.conf set up - podmanTest.setRegistriesConfigEnv([]byte(regFileContents2)) + var buffer bytes.Buffer + registryFileTwoTmpl.Execute(&buffer, registryEndpoints[8]) + podmanTest.setRegistriesConfigEnv(buffer.Bytes()) + ioutil.WriteFile(fmt.Sprintf("%s/registry8.conf", tempdir), buffer.Bytes(), 0644) search := podmanTest.Podman([]string{"search", "my-alpine"}) search.WaitWithDefaultTimeout() diff --git a/test/system/005-info.bats b/test/system/005-info.bats index 7dcc78838..c64b011bd 100644 --- a/test/system/005-info.bats +++ b/test/system/005-info.bats @@ -3,6 +3,8 @@ load helpers @test "podman info - basic test" { + skip_if_remote + run_podman info expected_keys=" @@ -26,6 +28,8 @@ RunRoot: } @test "podman info - json" { + skip_if_remote + run_podman info --format=json expr_nvr="[a-z0-9-]\\\+-[a-z0-9.]\\\+-[a-z0-9]\\\+\." diff --git a/test/system/010-images.bats b/test/system/010-images.bats index 1c9577e34..380623078 100644 --- a/test/system/010-images.bats +++ b/test/system/010-images.bats @@ -25,11 +25,12 @@ load helpers @test "podman images - json" { + # 'created': podman includes fractional seconds, podman-remote does not tests=" names[0] | $PODMAN_TEST_IMAGE_FQN id | [0-9a-f]\\\{64\\\} digest | sha256:[0-9a-f]\\\{64\\\} -created | [0-9-]\\\+T[0-9:]\\\+\\\.[0-9]\\\+Z +created | [0-9-]\\\+T[0-9:.]\\\+Z size | [0-9]\\\+ " diff --git a/test/system/015-help.bats b/test/system/015-help.bats index 8e07b8822..a987f04bc 100644 --- a/test/system/015-help.bats +++ b/test/system/015-help.bats @@ -87,6 +87,8 @@ function check_help() { @test "podman help - basic tests" { + skip_if_remote + # Called with no args -- start with 'podman --help'. check_help() will # recurse for any subcommands. check_help diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 8ae68f33d..bdbe724ef 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -3,6 +3,8 @@ load helpers @test "podman run - basic tests" { + skip_if_remote + rand=$(random_string 30) tests=" true | 0 | @@ -31,4 +33,16 @@ echo $rand | 0 | $rand done < <(parse_table "$tests") } +@test "podman run - uidmapping has no /sys/kernel mounts" { + skip_if_rootless "cannot umount as rootless" + + run_podman run --rm --uidmap 0:100:10000 $IMAGE mount + run grep /sys/kernel <(echo "$output") + is "$output" "" "unwanted /sys/kernel in 'mount' output" + + run_podman run --rm --net host --uidmap 0:100:10000 $IMAGE mount + run grep /sys/kernel <(echo "$output") + is "$output" "" "unwanted /sys/kernel in 'mount' output (with --net=host)" +} + # vim: filetype=sh diff --git a/test/system/035-logs.bats b/test/system/035-logs.bats index 055865c8d..5736e0939 100644 --- a/test/system/035-logs.bats +++ b/test/system/035-logs.bats @@ -6,6 +6,8 @@ load helpers @test "podman logs - basic test" { + skip_if_remote + rand_string=$(random_string 40) run_podman create $IMAGE echo $rand_string diff --git a/test/system/060-mount.bats b/test/system/060-mount.bats index e249b2883..7570f3ac4 100644 --- a/test/system/060-mount.bats +++ b/test/system/060-mount.bats @@ -6,6 +6,7 @@ load helpers @test "podman mount - basic test" { # Only works with root (FIXME: does it work with rootless + vfs?) skip_if_rootless "mount does not work rootless" + skip_if_remote f_path=/tmp/tmpfile_$(random_string 8) f_content=$(random_string 30) diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 25eb36c58..c6a25093f 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -6,6 +6,8 @@ load helpers @test "podman build - basic test" { + skip_if_remote + rand_filename=$(random_string 20) rand_content=$(random_string 50) diff --git a/test/system/075-exec.bats b/test/system/075-exec.bats index a12d28b32..11cb98269 100644 --- a/test/system/075-exec.bats +++ b/test/system/075-exec.bats @@ -6,6 +6,8 @@ load helpers @test "podman exec - basic test" { + skip_if_remote + rand_filename=$(random_string 20) rand_content=$(random_string 50) diff --git a/test/system/110-history.bats b/test/system/110-history.bats index 84a1e42b4..5dc221d61 100644 --- a/test/system/110-history.bats +++ b/test/system/110-history.bats @@ -24,7 +24,7 @@ load helpers @test "podman history - json" { tests=" id | [0-9a-f]\\\{64\\\} -created | [0-9-]\\\+T[0-9:]\\\+\\\.[0-9]\\\+Z +created | [0-9-]\\\+T[0-9:.]\\\+Z size | -\\\?[0-9]\\\+ " diff --git a/test/system/400-unprivileged-access.bats b/test/system/400-unprivileged-access.bats index c195d71eb..0358b3beb 100644 --- a/test/system/400-unprivileged-access.bats +++ b/test/system/400-unprivileged-access.bats @@ -7,6 +7,7 @@ load helpers @test "podman container storage is not accessible by unprivileged users" { skip_if_rootless "test meaningless without suid" + skip_if_remote run_podman run --name c_uidmap --uidmap 0:10000:10000 $IMAGE true run_podman run --name c_uidmap_v --uidmap 0:10000:10000 -v foo:/foo $IMAGE true diff --git a/test/system/helpers.bash b/test/system/helpers.bash index 431228498..29ef19ecc 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -225,6 +225,16 @@ function skip_if_rootless() { skip "${1:-not applicable under rootless podman}" } +#################### +# skip_if_remote # ...with an optional message +#################### +function skip_if_remote() { + if [[ ! "$PODMAN" =~ -remote ]]; then + return + fi + + skip "${1:-test does not work with podman-remote}" +} ######### # die # Abort with helpful message diff --git a/test/utils/utils.go b/test/utils/utils.go index 499466f5a..6308197b8 100644 --- a/test/utils/utils.go +++ b/test/utils/utils.go @@ -311,6 +311,8 @@ func (s *PodmanSession) IsJSONOutputValid() bool { // WaitWithDefaultTimeout waits for process finished with defaultWaitTimeout func (s *PodmanSession) WaitWithDefaultTimeout() { s.Wait(defaultWaitTimeout) + os.Stdout.Sync() + os.Stderr.Sync() fmt.Println("output:", s.OutputToString()) } |