summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xAPI.md109
-rw-r--r--README.md2
-rw-r--r--cmd/podman/attach.go48
-rw-r--r--cmd/podman/checkpoint.go22
-rw-r--r--cmd/podman/cliconfig/commands.go4
-rw-r--r--cmd/podman/cliconfig/config.go13
-rw-r--r--cmd/podman/commands.go14
-rw-r--r--cmd/podman/commands_remoteclient.go2
-rw-r--r--cmd/podman/commit.go17
-rw-r--r--cmd/podman/container.go1
-rw-r--r--cmd/podman/create.go2
-rw-r--r--cmd/podman/generate.go7
-rw-r--r--cmd/podman/generate_kube.go40
-rw-r--r--cmd/podman/healthcheck.go2
-rw-r--r--cmd/podman/imagefilters/filters.go7
-rw-r--r--cmd/podman/images.go17
-rw-r--r--cmd/podman/kill.go21
-rw-r--r--cmd/podman/main.go132
-rw-r--r--cmd/podman/main_local.go155
-rw-r--r--cmd/podman/main_remote.go43
-rw-r--r--cmd/podman/ps.go187
-rw-r--r--cmd/podman/pull.go19
-rw-r--r--cmd/podman/push.go12
-rw-r--r--cmd/podman/restore.go23
-rw-r--r--cmd/podman/rm.go72
-rw-r--r--cmd/podman/run.go2
-rw-r--r--cmd/podman/run_test.go2
-rw-r--r--cmd/podman/shared/container.go206
-rw-r--r--cmd/podman/shared/intermediate.go8
-rw-r--r--cmd/podman/shared/workers.go133
-rw-r--r--cmd/podman/stop.go21
-rw-r--r--cmd/podman/umount.go47
-rw-r--r--cmd/podman/utils.go49
-rw-r--r--cmd/podman/varlink/io.podman.varlink64
-rw-r--r--cmd/podman/wait.go20
-rw-r--r--commands.md6
-rw-r--r--completions/bash/podman2
-rw-r--r--docs/podman-commit.1.md4
-rw-r--r--docs/podman-healthcheck-run.1.md2
-rw-r--r--install.md8
-rw-r--r--libpod/container.go27
-rw-r--r--libpod/container_api.go4
-rw-r--r--libpod/container_commit.go17
-rw-r--r--libpod/container_internal.go16
-rw-r--r--libpod/container_internal_linux.go35
-rw-r--r--libpod/healthcheck.go2
-rw-r--r--libpod/kube.go2
-rw-r--r--libpod/oci.go1
-rw-r--r--libpod/oci_linux.go53
-rw-r--r--libpod/options.go9
-rw-r--r--libpod/runtime.go14
-rw-r--r--libpod/runtime_ctr.go17
-rw-r--r--pkg/adapter/containers.go246
-rw-r--r--pkg/adapter/containers_remote.go349
-rw-r--r--pkg/adapter/runtime.go46
-rw-r--r--pkg/adapter/runtime_remote.go19
-rw-r--r--pkg/adapter/shortcuts/shortcuts.go39
-rw-r--r--pkg/rootless/rootless_linux.c7
-rw-r--r--pkg/rootless/rootless_linux.go14
-rw-r--r--pkg/spec/spec.go3
-rw-r--r--pkg/varlinkapi/attach.go103
-rw-r--r--pkg/varlinkapi/containers.go65
-rw-r--r--pkg/varlinkapi/generate.go30
-rw-r--r--pkg/varlinkapi/util.go33
-rw-r--r--pkg/varlinkapi/virtwriter/virtwriter.go155
-rw-r--r--test/e2e/commit_test.go19
-rw-r--r--test/e2e/common_test.go30
-rw-r--r--test/e2e/create_test.go11
-rw-r--r--test/e2e/images_test.go11
-rw-r--r--test/e2e/libpod_suite_test.go21
-rw-r--r--test/e2e/prune_test.go4
-rw-r--r--test/e2e/pull_test.go6
-rw-r--r--test/e2e/rmi_test.go2
-rw-r--r--test/e2e/search_test.go145
-rw-r--r--test/system/005-info.bats4
-rw-r--r--test/system/010-images.bats3
-rw-r--r--test/system/015-help.bats2
-rw-r--r--test/system/030-run.bats14
-rw-r--r--test/system/035-logs.bats2
-rw-r--r--test/system/060-mount.bats1
-rw-r--r--test/system/070-build.bats2
-rw-r--r--test/system/075-exec.bats2
-rw-r--r--test/system/110-history.bats2
-rw-r--r--test/system/400-unprivileged-access.bats1
-rw-r--r--test/system/helpers.bash10
-rw-r--r--test/utils/utils.go2
86 files changed, 2334 insertions, 811 deletions
diff --git a/API.md b/API.md
index 219e061d7..738449f43 100755
--- a/API.md
+++ b/API.md
@@ -3,6 +3,10 @@ Podman Service Interface and API description. The master version of this docume
in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in the upstream libpod repository.
## Index
+[func Attach(name: string, detachKeys: string, start: bool) ](#Attach)
+
+[func AttachControl(name: string) ](#AttachControl)
+
[func BuildImage(build: BuildInfo) MoreResponse](#BuildImage)
[func BuildImageHierarchyMap(name: string) string](#BuildImageHierarchyMap)
@@ -115,6 +119,8 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in
[func PodStateData(name: string) string](#PodStateData)
+[func Ps(opts: PsOpts) PsContainer](#Ps)
+
[func PullImage(name: string, certDir: string, creds: string, signaturePolicy: string, tlsVerify: ) MoreResponse](#PullImage)
[func PushImage(name: string, tag: string, tlsverify: , signaturePolicy: string, creds: string, certDir: string, compress: bool, format: string, removeSignatures: bool, signBy: string) MoreResponse](#PushImage)
@@ -135,6 +141,8 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in
[func SendFile(type: string, length: int) string](#SendFile)
+[func Spec(name: string) string](#Spec)
+
[func StartContainer(name: string) string](#StartContainer)
[func StartPod(name: string) string](#StartPod)
@@ -219,6 +227,10 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in
[type PodmanInfo](#PodmanInfo)
+[type PsContainer](#PsContainer)
+
+[type PsOpts](#PsOpts)
+
[type Runlabel](#Runlabel)
[type Sockets](#Sockets)
@@ -252,6 +264,17 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in
[error WantsMoreRequired](#WantsMoreRequired)
## Methods
+### <a name="Attach"></a>func Attach
+<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;">
+
+method Attach(name: [string](https://godoc.org/builtin#string), detachKeys: [string](https://godoc.org/builtin#string), start: [bool](https://godoc.org/builtin#bool)) </div>
+Attach takes the name or ID of a container and sets up a the ability to remotely attach to its console. The start
+bool is whether you wish to start the container in question first.
+### <a name="AttachControl"></a>func AttachControl
+<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;">
+
+method AttachControl(name: [string](https://godoc.org/builtin#string)) </div>
+
### <a name="BuildImage"></a>func BuildImage
<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;">
@@ -841,6 +864,11 @@ $ varlink call -m unix:/run/podman/io.podman/io.podman.PausePod '{"name": "fooba
method PodStateData(name: [string](https://godoc.org/builtin#string)) [string](https://godoc.org/builtin#string)</div>
PodStateData returns inspectr level information of a given pod in string form. This call is for
development of Podman only and generally should not be used.
+### <a name="Ps"></a>func Ps
+<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;">
+
+method Ps(opts: [PsOpts](#PsOpts)) [PsContainer](#PsContainer)</div>
+
### <a name="PullImage"></a>func PullImage
<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;">
@@ -945,6 +973,11 @@ search results per registry.
method SendFile(type: [string](https://godoc.org/builtin#string), length: [int](https://godoc.org/builtin#int)) [string](https://godoc.org/builtin#string)</div>
Sendfile allows a remote client to send a file to the host
+### <a name="Spec"></a>func Spec
+<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;">
+
+method Spec(name: [string](https://godoc.org/builtin#string)) [string](https://godoc.org/builtin#string)</div>
+Spec returns the oci spec for a container. This call is for development of Podman only and generally should not be used.
### <a name="StartContainer"></a>func StartContainer
<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;">
@@ -1728,6 +1761,82 @@ insecure_registries [[]string](#[]string)
store [InfoStore](#InfoStore)
podman [InfoPodmanBinary](#InfoPodmanBinary)
+### <a name="PsContainer"></a>type PsContainer
+
+
+
+id [string](https://godoc.org/builtin#string)
+
+image [string](https://godoc.org/builtin#string)
+
+command [string](https://godoc.org/builtin#string)
+
+created [string](https://godoc.org/builtin#string)
+
+ports [string](https://godoc.org/builtin#string)
+
+names [string](https://godoc.org/builtin#string)
+
+isInfra [bool](https://godoc.org/builtin#bool)
+
+status [string](https://godoc.org/builtin#string)
+
+state [string](https://godoc.org/builtin#string)
+
+pidNum [int](https://godoc.org/builtin#int)
+
+rootFsSize [int](https://godoc.org/builtin#int)
+
+rwSize [int](https://godoc.org/builtin#int)
+
+pod [string](https://godoc.org/builtin#string)
+
+createdAt [string](https://godoc.org/builtin#string)
+
+exitedAt [string](https://godoc.org/builtin#string)
+
+startedAt [string](https://godoc.org/builtin#string)
+
+labels [map[string]](#map[string])
+
+nsPid [string](https://godoc.org/builtin#string)
+
+cgroup [string](https://godoc.org/builtin#string)
+
+ipc [string](https://godoc.org/builtin#string)
+
+mnt [string](https://godoc.org/builtin#string)
+
+net [string](https://godoc.org/builtin#string)
+
+pidNs [string](https://godoc.org/builtin#string)
+
+user [string](https://godoc.org/builtin#string)
+
+uts [string](https://godoc.org/builtin#string)
+
+mounts [string](https://godoc.org/builtin#string)
+### <a name="PsOpts"></a>type PsOpts
+
+
+
+all [bool](https://godoc.org/builtin#bool)
+
+filters [](#)
+
+last [](#)
+
+latest [](#)
+
+noTrunc [](#)
+
+pod [](#)
+
+quiet [](#)
+
+sort [](#)
+
+sync [](#)
### <a name="Runlabel"></a>type Runlabel
Runlabel describes the required input for container runlabel
diff --git a/README.md b/README.md
index 742c6238c..73a7057ea 100644
--- a/README.md
+++ b/README.md
@@ -29,7 +29,7 @@ This project tests all builds against each supported version of Fedora, the late
1. Further work on the podman pod command
1. Further improvements on rootless containers
-## [Shortcomings of Rootless Podman](https://github.com/containers/libpod/blob/master/docs/rootless.md)
+## [Shortcomings of Rootless Podman](https://github.com/containers/libpod/blob/master/rootless.md)
## Out of scope
diff --git a/cmd/podman/attach.go b/cmd/podman/attach.go
index f326f53c3..2fa05a3b1 100644
--- a/cmd/podman/attach.go
+++ b/cmd/podman/attach.go
@@ -1,11 +1,7 @@
package main
import (
- "os"
-
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/libpodruntime"
- "github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/adapter"
"github.com/pkg/errors"
"github.com/spf13/cobra"
@@ -39,49 +35,21 @@ func init() {
flags.BoolVar(&attachCommand.SigProxy, "sig-proxy", true, "Proxy received signals to the process")
flags.BoolVarP(&attachCommand.Latest, "latest", "l", false, "Act on the latest container podman is aware of")
markFlagHiddenForRemoteClient("latest", flags)
+ // TODO allow for passing of a new deatch keys
+ markFlagHiddenForRemoteClient("detach-keys", flags)
}
func attachCmd(c *cliconfig.AttachValues) error {
- args := c.InputArgs
- var ctr *libpod.Container
-
if len(c.InputArgs) > 1 || (len(c.InputArgs) == 0 && !c.Latest) {
return errors.Errorf("attach requires the name or id of one running container or the latest flag")
}
-
- runtime, err := libpodruntime.GetRuntime(&c.PodmanCommand)
- if err != nil {
- return errors.Wrapf(err, "error creating libpod runtime")
- }
- defer runtime.Shutdown(false)
-
- if c.Latest {
- ctr, err = runtime.GetLatestContainer()
- } else {
- ctr, err = runtime.LookupContainer(args[0])
- }
-
- if err != nil {
- return errors.Wrapf(err, "unable to exec into %s", args[0])
+ if remoteclient && len(c.InputArgs) != 1 {
+ return errors.Errorf("attach requires the name or id of one running container")
}
-
- conState, err := ctr.State()
+ runtime, err := adapter.GetRuntime(&c.PodmanCommand)
if err != nil {
- return errors.Wrapf(err, "unable to determine state of %s", args[0])
- }
- if conState != libpod.ContainerStateRunning {
- return errors.Errorf("you can only attach to running containers")
- }
-
- inputStream := os.Stdin
- if c.NoStdin {
- inputStream = nil
+ return errors.Wrapf(err, "error creating runtime")
}
-
- // If the container is in a pod, also set to recursively start dependencies
- if err := adapter.StartAttachCtr(getContext(), ctr, os.Stdout, os.Stderr, inputStream, c.DetachKeys, c.SigProxy, false, ctr.PodID() != ""); err != nil && errors.Cause(err) != libpod.ErrDetach {
- return errors.Wrapf(err, "error attaching to container %s", ctr.ID())
- }
-
- return nil
+ defer runtime.Shutdown(false)
+ return runtime.Attach(getContext(), c)
}
diff --git a/cmd/podman/checkpoint.go b/cmd/podman/checkpoint.go
index dbf72c2cd..5b8d00ff9 100644
--- a/cmd/podman/checkpoint.go
+++ b/cmd/podman/checkpoint.go
@@ -1,13 +1,9 @@
package main
import (
- "context"
- "fmt"
- "os"
-
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/libpod"
+ "github.com/containers/libpod/pkg/adapter"
"github.com/containers/libpod/pkg/rootless"
"github.com/pkg/errors"
"github.com/spf13/cobra"
@@ -57,7 +53,7 @@ func checkpointCmd(c *cliconfig.CheckpointValues) error {
return errors.New("checkpointing a container requires root")
}
- runtime, err := libpodruntime.GetRuntime(&c.PodmanCommand)
+ runtime, err := adapter.GetRuntime(&c.PodmanCommand)
if err != nil {
return errors.Wrapf(err, "could not get runtime")
}
@@ -68,17 +64,5 @@ func checkpointCmd(c *cliconfig.CheckpointValues) error {
KeepRunning: c.LeaveRunning,
TCPEstablished: c.TcpEstablished,
}
- containers, lastError := getAllOrLatestContainers(&c.PodmanCommand, runtime, libpod.ContainerStateRunning, "running")
-
- for _, ctr := range containers {
- if err = ctr.Checkpoint(context.TODO(), options); err != nil {
- if lastError != nil {
- fmt.Fprintln(os.Stderr, lastError)
- }
- lastError = errors.Wrapf(err, "failed to checkpoint container %v", ctr.ID())
- } else {
- fmt.Println(ctr.ID())
- }
- }
- return lastError
+ return runtime.Checkpoint(c, options)
}
diff --git a/cmd/podman/cliconfig/commands.go b/cmd/podman/cliconfig/commands.go
index 3361c14b8..00b66e32a 100644
--- a/cmd/podman/cliconfig/commands.go
+++ b/cmd/podman/cliconfig/commands.go
@@ -1,6 +1,8 @@
package cliconfig
-import "github.com/sirupsen/logrus"
+import (
+ "github.com/sirupsen/logrus"
+)
// GlobalIsSet is a compatibility method for urfave
func (p *PodmanCommand) GlobalIsSet(opt string) bool {
diff --git a/cmd/podman/cliconfig/config.go b/cmd/podman/cliconfig/config.go
index f7ac0de6c..2692ace36 100644
--- a/cmd/podman/cliconfig/config.go
+++ b/cmd/podman/cliconfig/config.go
@@ -88,12 +88,13 @@ type CheckpointValues struct {
type CommitValues struct {
PodmanCommand
- Change []string
- Format string
- Message string
- Author string
- Pause bool
- Quiet bool
+ Change []string
+ Format string
+ Message string
+ Author string
+ Pause bool
+ Quiet bool
+ IncludeVolumes bool
}
type ContainersPrune struct {
diff --git a/cmd/podman/commands.go b/cmd/podman/commands.go
index e9afcbc06..6156fc2f8 100644
--- a/cmd/podman/commands.go
+++ b/cmd/podman/commands.go
@@ -11,12 +11,9 @@ const remoteclient = false
// Commands that the local client implements
func getMainCommands() []*cobra.Command {
rootCommands := []*cobra.Command{
- _attachCommand,
_commitCommand,
_execCommand,
- _generateCommand,
_playCommand,
- &_psCommand,
_loginCommand,
_logoutCommand,
_mountCommand,
@@ -24,12 +21,10 @@ func getMainCommands() []*cobra.Command {
_portCommand,
_refreshCommand,
_restartCommand,
- _rmCommand,
_searchCommand,
_startCommand,
_statsCommand,
_topCommand,
- _umountCommand,
_unpauseCommand,
}
@@ -50,7 +45,6 @@ func getImageSubCommands() []*cobra.Command {
func getContainerSubCommands() []*cobra.Command {
return []*cobra.Command{
- _attachCommand,
_checkpointCommand,
_cleanupCommand,
_commitCommand,
@@ -76,12 +70,6 @@ func getContainerSubCommands() []*cobra.Command {
}
}
-func getGenerateSubCommands() []*cobra.Command {
- return []*cobra.Command{
- _containerKubeCommand,
- }
-}
-
// Commands that the local client implements
func getPlaySubCommands() []*cobra.Command {
return []*cobra.Command{
@@ -107,7 +95,7 @@ func getSystemSubCommands() []*cobra.Command {
}
// Commands that the local client implements
-func getHealtcheckSubCommands() []*cobra.Command {
+func getHealthcheckSubCommands() []*cobra.Command {
return []*cobra.Command{
_healthcheckrunCommand,
}
diff --git a/cmd/podman/commands_remoteclient.go b/cmd/podman/commands_remoteclient.go
index 9b09e7dbc..278fe229c 100644
--- a/cmd/podman/commands_remoteclient.go
+++ b/cmd/podman/commands_remoteclient.go
@@ -49,6 +49,6 @@ func getSystemSubCommands() []*cobra.Command {
}
// Commands that the remoteclient implements
-func getHealtcheckSubCommands() []*cobra.Command {
+func getHealthcheckSubCommands() []*cobra.Command {
return []*cobra.Command{}
}
diff --git a/cmd/podman/commit.go b/cmd/podman/commit.go
index f7e206856..0077ff297 100644
--- a/cmd/podman/commit.go
+++ b/cmd/podman/commit.go
@@ -2,19 +2,19 @@ package main
import (
"fmt"
- "github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/spf13/cobra"
"io"
"os"
"strings"
"github.com/containers/buildah"
"github.com/containers/image/manifest"
+ "github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/pkg/util"
"github.com/pkg/errors"
+ "github.com/spf13/cobra"
)
var (
@@ -47,7 +47,7 @@ func init() {
flags.StringVarP(&commitCommand.Author, "author", "a", "", "Set the author for the image committed")
flags.BoolVarP(&commitCommand.Pause, "pause", "p", false, "Pause container during commit")
flags.BoolVarP(&commitCommand.Quiet, "quiet", "q", false, "Suppress output")
-
+ flags.BoolVar(&commitCommand.IncludeVolumes, "include-volumes", false, "Include container volumes as image volumes")
}
func commitCmd(c *cliconfig.CommitValues) error {
@@ -109,11 +109,12 @@ func commitCmd(c *cliconfig.CommitValues) error {
PreferredManifestType: mimeType,
}
options := libpod.ContainerCommitOptions{
- CommitOptions: coptions,
- Pause: c.Pause,
- Message: c.Message,
- Changes: c.Change,
- Author: c.Author,
+ CommitOptions: coptions,
+ Pause: c.Pause,
+ IncludeVolumes: c.IncludeVolumes,
+ Message: c.Message,
+ Changes: c.Change,
+ Author: c.Author,
}
newImage, err := ctr.Commit(getContext(), reference, options)
if err != nil {
diff --git a/cmd/podman/container.go b/cmd/podman/container.go
index d1c42f673..380d1f250 100644
--- a/cmd/podman/container.go
+++ b/cmd/podman/container.go
@@ -50,6 +50,7 @@ var (
// Commands that are universally implemented.
containerCommands = []*cobra.Command{
+ _attachCommand,
_containerExistsCommand,
_contInspectSubCommand,
_diffCommand,
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 1af3920dd..3267e5b7b 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -66,7 +66,7 @@ func createCmd(c *cliconfig.CreateValues) error {
}
func createInit(c *cliconfig.PodmanCommand) error {
- if c.Bool("trace") {
+ if !remote && c.Bool("trace") {
span, _ := opentracing.StartSpanFromContext(Ctx, "createInit")
defer span.Finish()
}
diff --git a/cmd/podman/generate.go b/cmd/podman/generate.go
index 197fd26a6..a0637ecb2 100644
--- a/cmd/podman/generate.go
+++ b/cmd/podman/generate.go
@@ -14,10 +14,15 @@ var (
Long: generateDescription,
RunE: commandRunE(),
}
+
+ // Commands that are universally implemented
+ generateCommands = []*cobra.Command{
+ _containerKubeCommand,
+ }
)
func init() {
generateCommand.Command = _generateCommand
- generateCommand.AddCommand(getGenerateSubCommands()...)
+ generateCommand.AddCommand(generateCommands...)
generateCommand.SetUsageTemplate(UsageTemplate())
}
diff --git a/cmd/podman/generate_kube.go b/cmd/podman/generate_kube.go
index c58372899..30818403b 100644
--- a/cmd/podman/generate_kube.go
+++ b/cmd/podman/generate_kube.go
@@ -3,13 +3,11 @@ package main
import (
"fmt"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/libpodruntime"
- "github.com/containers/libpod/libpod"
+ "github.com/containers/libpod/pkg/adapter"
podmanVersion "github.com/containers/libpod/version"
"github.com/ghodss/yaml"
"github.com/pkg/errors"
"github.com/spf13/cobra"
- "k8s.io/api/core/v1"
)
var (
@@ -42,14 +40,12 @@ func init() {
func generateKubeYAMLCmd(c *cliconfig.GenerateKubeValues) error {
var (
- podYAML *v1.Pod
- container *libpod.Container
- err error
- output []byte
- pod *libpod.Pod
+ //podYAML *v1.Pod
+ err error
+ output []byte
+ //pod *libpod.Pod
marshalledPod []byte
marshalledService []byte
- servicePorts []v1.ServicePort
)
args := c.InputArgs
@@ -57,43 +53,27 @@ func generateKubeYAMLCmd(c *cliconfig.GenerateKubeValues) error {
return errors.Errorf("you must provide exactly one container|pod ID or name")
}
- runtime, err := libpodruntime.GetRuntime(&c.PodmanCommand)
+ runtime, err := adapter.GetRuntime(&c.PodmanCommand)
if err != nil {
return errors.Wrapf(err, "could not get runtime")
}
defer runtime.Shutdown(false)
- // Get the container in question
- container, err = runtime.LookupContainer(args[0])
+ podYAML, serviceYAML, err := runtime.GenerateKube(c)
if err != nil {
- pod, err = runtime.LookupPod(args[0])
- if err != nil {
- return err
- }
- podYAML, servicePorts, err = pod.GenerateForKube()
- } else {
- if len(container.Dependencies()) > 0 {
- return errors.Wrapf(libpod.ErrNotImplemented, "containers with dependencies")
- }
- podYAML, err = container.GenerateForKube()
+ return err
}
+ // Marshall the results
+ marshalledPod, err = yaml.Marshal(podYAML)
if err != nil {
return err
}
-
if c.Service {
- serviceYAML := libpod.GenerateKubeServiceFromV1Pod(podYAML, servicePorts)
marshalledService, err = yaml.Marshal(serviceYAML)
if err != nil {
return err
}
}
- // Marshall the results
- marshalledPod, err = yaml.Marshal(podYAML)
- if err != nil {
- return err
- }
-
header := `# Generation of Kubernetes YAML is still under development!
#
# Save the output of this file and use kubectl create -f to import
diff --git a/cmd/podman/healthcheck.go b/cmd/podman/healthcheck.go
index 48d6b6bbf..9fb099ffa 100644
--- a/cmd/podman/healthcheck.go
+++ b/cmd/podman/healthcheck.go
@@ -20,7 +20,7 @@ var healthcheckCommands []*cobra.Command
func init() {
healthcheckCommand.AddCommand(healthcheckCommands...)
- healthcheckCommand.AddCommand(getHealtcheckSubCommands()...)
+ healthcheckCommand.AddCommand(getHealthcheckSubCommands()...)
healthcheckCommand.SetUsageTemplate(UsageTemplate())
rootCmd.AddCommand(healthcheckCommand.Command)
}
diff --git a/cmd/podman/imagefilters/filters.go b/cmd/podman/imagefilters/filters.go
index 2932d61c0..aa5776599 100644
--- a/cmd/podman/imagefilters/filters.go
+++ b/cmd/podman/imagefilters/filters.go
@@ -37,9 +37,12 @@ func CreatedAfterFilter(createTime time.Time) ResultFilter {
}
// DanglingFilter allows you to filter images for dangling images
-func DanglingFilter() ResultFilter {
+func DanglingFilter(danglingImages bool) ResultFilter {
return func(i *adapter.ContainerImage) bool {
- return i.Dangling()
+ if danglingImages {
+ return i.Dangling()
+ }
+ return !i.Dangling()
}
}
diff --git a/cmd/podman/images.go b/cmd/podman/images.go
index 6133450be..c38d7035d 100644
--- a/cmd/podman/images.go
+++ b/cmd/podman/images.go
@@ -5,6 +5,7 @@ import (
"fmt"
"reflect"
"sort"
+ "strconv"
"strings"
"time"
"unicode"
@@ -318,13 +319,14 @@ func getImagesJSONOutput(ctx context.Context, images []*adapter.ContainerImage)
func generateImagesOutput(ctx context.Context, images []*adapter.ContainerImage, opts imagesOptions) error {
templateMap := GenImageOutputMap()
- if len(images) == 0 {
- return nil
- }
var out formats.Writer
switch opts.format {
case formats.JSONString:
+ // If 0 images are present, print nothing for JSON
+ if len(images) == 0 {
+ return nil
+ }
imagesOutput := getImagesJSONOutput(ctx, images)
out = formats.JSONStructArray{Output: imagesToGeneric([]imagesTemplateParams{}, imagesOutput)}
default:
@@ -359,6 +361,9 @@ func CreateFilterFuncs(ctx context.Context, r *adapter.LocalRuntime, filters []s
var filterFuncs []imagefilters.ResultFilter
for _, filter := range filters {
splitFilter := strings.Split(filter, "=")
+ if len(splitFilter) != 2 {
+ return nil, errors.Errorf("invalid filter syntax %s", filter)
+ }
switch splitFilter[0] {
case "before":
before, err := r.NewImageFromLocal(splitFilter[1])
@@ -373,7 +378,11 @@ func CreateFilterFuncs(ctx context.Context, r *adapter.LocalRuntime, filters []s
}
filterFuncs = append(filterFuncs, imagefilters.CreatedAfterFilter(after.Created()))
case "dangling":
- filterFuncs = append(filterFuncs, imagefilters.DanglingFilter())
+ danglingImages, err := strconv.ParseBool(splitFilter[1])
+ if err != nil {
+ return nil, errors.Wrapf(err, "invalid filter dangling=%s", splitFilter[1])
+ }
+ filterFuncs = append(filterFuncs, imagefilters.DanglingFilter(danglingImages))
case "label":
labelFilter := strings.Join(splitFilter[1:], "=")
filterFuncs = append(filterFuncs, imagefilters.LabelFilter(ctx, labelFilter))
diff --git a/cmd/podman/kill.go b/cmd/podman/kill.go
index 6019fbfec..20142e0bf 100644
--- a/cmd/podman/kill.go
+++ b/cmd/podman/kill.go
@@ -1,9 +1,6 @@
package main
import (
- "fmt"
- "reflect"
-
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/pkg/adapter"
"github.com/docker/docker/pkg/signal"
@@ -71,21 +68,5 @@ func killCmd(c *cliconfig.KillValues) error {
if err != nil {
return err
}
-
- for _, id := range ok {
- fmt.Println(id)
- }
-
- if len(failures) > 0 {
- keys := reflect.ValueOf(failures).MapKeys()
- lastKey := keys[len(keys)-1].String()
- lastErr := failures[lastKey]
- delete(failures, lastKey)
-
- for _, err := range failures {
- outputError(err)
- }
- return lastErr
- }
- return nil
+ return printCmdResults(ok, failures)
}
diff --git a/cmd/podman/main.go b/cmd/podman/main.go
index b44cf9f0a..e8c3e14ea 100644
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@@ -3,26 +3,18 @@ package main
import (
"context"
"io"
- "io/ioutil"
- "log/syslog"
"os"
- "runtime/pprof"
- "strconv"
- "strings"
"syscall"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/libpod"
_ "github.com/containers/libpod/pkg/hooks/0.1.0"
"github.com/containers/libpod/pkg/rootless"
- "github.com/containers/libpod/pkg/tracing"
"github.com/containers/libpod/version"
"github.com/containers/storage/pkg/reexec"
"github.com/opentracing/opentracing-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
- lsyslog "github.com/sirupsen/logrus/hooks/syslog"
"github.com/spf13/cobra"
)
@@ -38,11 +30,13 @@ var (
// Commands that the remote and local client have
// implemented.
var mainCommands = []*cobra.Command{
+ _attachCommand,
_buildCommand,
_diffCommand,
_createCommand,
_eventsCommand,
_exportCommand,
+ _generateCommand,
_historyCommand,
&_imagesCommand,
_importCommand,
@@ -52,13 +46,16 @@ var mainCommands = []*cobra.Command{
_loadCommand,
_logsCommand,
podCommand.Command,
+ &_psCommand,
_pullCommand,
_pushCommand,
+ _rmCommand,
&_rmiCommand,
_runCommand,
_saveCommand,
_stopCommand,
_tagCommand,
+ _umountCommand,
_versionCommand,
_waitCommand,
imageCommand.Command,
@@ -85,40 +82,13 @@ func init() {
cobra.OnInitialize(initConfig)
rootCmd.TraverseChildren = true
rootCmd.Version = version.Version
- rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.CGroupManager, "cgroup-manager", "", "Cgroup manager to use (cgroupfs or systemd, default systemd)")
- // -c is deprecated due to conflict with -c on subcommands
- rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.CpuProfile, "cpu-profile", "", "Path for the cpu profiling results")
- rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Config, "config", "", "Path of a libpod config file detailing container server configuration options")
- rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.ConmonPath, "conmon", "", "Path of the conmon binary")
- rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.NetworkCmdPath, "network-cmd-path", "", "Path to the command for configuring the network")
- rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.CniConfigDir, "cni-config-dir", "", "Path of the configuration directory for CNI networks")
- rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.DefaultMountsFile, "default-mounts-file", "", "Path to default mounts file")
- rootCmd.PersistentFlags().MarkHidden("defaults-mount-file")
- // Override default --help information of `--help` global flag
- var dummyHelp bool
- rootCmd.PersistentFlags().BoolVar(&dummyHelp, "help", false, "Help for podman")
- rootCmd.PersistentFlags().StringSliceVar(&MainGlobalOpts.HooksDir, "hooks-dir", []string{}, "Set the OCI hooks directory path (may be set multiple times)")
- rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.LogLevel, "log-level", "error", "Log messages above specified level: debug, info, warn, error, fatal or panic")
- rootCmd.PersistentFlags().IntVar(&MainGlobalOpts.MaxWorks, "max-workers", 0, "The maximum number of workers for parallel operations")
- rootCmd.PersistentFlags().MarkHidden("max-workers")
- rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Namespace, "namespace", "", "Set the libpod namespace, used to create separate views of the containers and pods on the system")
- rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Root, "root", "", "Path to the root directory in which data, including images, is stored")
- rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Runroot, "runroot", "", "Path to the 'run directory' where all state information is stored")
- rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Runtime, "runtime", "", "Path to the OCI-compatible binary used to run containers, default is /usr/bin/runc")
- // -s is depracated due to conflict with -s on subcommands
- rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.StorageDriver, "storage-driver", "", "Select which storage driver is used to manage storage of images and containers (default is overlay)")
- rootCmd.PersistentFlags().StringSliceVar(&MainGlobalOpts.StorageOpts, "storage-opt", []string{}, "Used to pass an option to the storage driver")
- rootCmd.PersistentFlags().BoolVar(&MainGlobalOpts.Syslog, "syslog", false, "Output logging information to syslog as well as the console")
-
- rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.TmpDir, "tmpdir", "", "Path to the tmp directory")
- rootCmd.PersistentFlags().BoolVar(&MainGlobalOpts.Trace, "trace", false, "Enable opentracing output")
// Override default --help information of `--version` global flag
var dummyVersion bool
rootCmd.PersistentFlags().BoolVar(&dummyVersion, "version", false, "Version for podman")
rootCmd.AddCommand(mainCommands...)
rootCmd.AddCommand(getMainCommands()...)
-
}
+
func initConfig() {
// we can do more stuff in here.
}
@@ -128,63 +98,16 @@ func before(cmd *cobra.Command, args []string) error {
logrus.Errorf(err.Error())
os.Exit(1)
}
- if os.Geteuid() != 0 && cmd != _searchCommand && cmd != _versionCommand && !strings.HasPrefix(cmd.Use, "help") {
- podmanCmd := cliconfig.PodmanCommand{
- cmd,
- args,
- MainGlobalOpts,
- }
- runtime, err := libpodruntime.GetRuntime(&podmanCmd)
- if err != nil {
- return errors.Wrapf(err, "could not get runtime")
- }
- defer runtime.Shutdown(false)
-
- ctrs, err := runtime.GetRunningContainers()
- if err != nil {
- logrus.Errorf(err.Error())
- os.Exit(1)
- }
- var became bool
- var ret int
- if len(ctrs) == 0 {
- became, ret, err = rootless.BecomeRootInUserNS()
- } else {
- for _, ctr := range ctrs {
- data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile)
- if err != nil {
- logrus.Errorf(err.Error())
- os.Exit(1)
- }
- conmonPid, err := strconv.Atoi(string(data))
- if err != nil {
- logrus.Errorf(err.Error())
- os.Exit(1)
- }
- became, ret, err = rootless.JoinUserAndMountNS(uint(conmonPid))
- if err == nil {
- break
- }
- }
- }
- if err != nil {
- logrus.Errorf(err.Error())
- os.Exit(1)
- }
- if became {
- os.Exit(ret)
- }
+ if err := setupRootless(cmd, args); err != nil {
+ return err
}
- if MainGlobalOpts.Syslog {
- hook, err := lsyslog.NewSyslogHook("", "", syslog.LOG_INFO, "")
- if err == nil {
- logrus.AddHook(hook)
- }
+ // Set log level; if not log-level is provided, default to error
+ logLevel := MainGlobalOpts.LogLevel
+ if logLevel == "" {
+ logLevel = "error"
}
-
- // Set log level
- level, err := logrus.ParseLevel(MainGlobalOpts.LogLevel)
+ level, err := logrus.ParseLevel(logLevel)
if err != nil {
return err
}
@@ -209,36 +132,11 @@ func before(cmd *cobra.Command, args []string) error {
// Be sure we can create directories with 0755 mode.
syscall.Umask(0022)
-
- if cmd.Flag("cpu-profile").Changed {
- f, err := os.Create(MainGlobalOpts.CpuProfile)
- if err != nil {
- return errors.Wrapf(err, "unable to create cpu profiling file %s",
- MainGlobalOpts.CpuProfile)
- }
- pprof.StartCPUProfile(f)
- }
- if cmd.Flag("trace").Changed {
- var tracer opentracing.Tracer
- tracer, closer = tracing.Init("podman")
- opentracing.SetGlobalTracer(tracer)
-
- span = tracer.StartSpan("before-context")
-
- Ctx = opentracing.ContextWithSpan(context.Background(), span)
- }
- return nil
+ return profileOn(cmd)
}
func after(cmd *cobra.Command, args []string) error {
- if cmd.Flag("cpu-profile").Changed {
- pprof.StopCPUProfile()
- }
- if cmd.Flag("trace").Changed {
- span.Finish()
- closer.Close()
- }
- return nil
+ return profileOff(cmd)
}
func main() {
diff --git a/cmd/podman/main_local.go b/cmd/podman/main_local.go
new file mode 100644
index 000000000..e008a4617
--- /dev/null
+++ b/cmd/podman/main_local.go
@@ -0,0 +1,155 @@
+// +build !remoteclient
+
+package main
+
+import (
+ "context"
+ "github.com/containers/libpod/cmd/podman/cliconfig"
+ "github.com/containers/libpod/cmd/podman/libpodruntime"
+ "github.com/containers/libpod/pkg/rootless"
+ "io/ioutil"
+ "log/syslog"
+ "os"
+ "runtime/pprof"
+ "strconv"
+ "strings"
+
+ "github.com/containers/libpod/pkg/tracing"
+ "github.com/opentracing/opentracing-go"
+ "github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
+ lsyslog "github.com/sirupsen/logrus/hooks/syslog"
+ "github.com/spf13/cobra"
+)
+
+const remote = false
+
+func init() {
+
+ rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.CGroupManager, "cgroup-manager", "", "Cgroup manager to use (cgroupfs or systemd, default systemd)")
+ // -c is deprecated due to conflict with -c on subcommands
+ rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.CpuProfile, "cpu-profile", "", "Path for the cpu profiling results")
+ rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Config, "config", "", "Path of a libpod config file detailing container server configuration options")
+ rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.ConmonPath, "conmon", "", "Path of the conmon binary")
+ rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.NetworkCmdPath, "network-cmd-path", "", "Path to the command for configuring the network")
+ rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.CniConfigDir, "cni-config-dir", "", "Path of the configuration directory for CNI networks")
+ rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.DefaultMountsFile, "default-mounts-file", "", "Path to default mounts file")
+ rootCmd.PersistentFlags().MarkHidden("defaults-mount-file")
+ // Override default --help information of `--help` global flag
+ var dummyHelp bool
+ rootCmd.PersistentFlags().BoolVar(&dummyHelp, "help", false, "Help for podman")
+ rootCmd.PersistentFlags().StringSliceVar(&MainGlobalOpts.HooksDir, "hooks-dir", []string{}, "Set the OCI hooks directory path (may be set multiple times)")
+ rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.LogLevel, "log-level", "error", "Log messages above specified level: debug, info, warn, error, fatal or panic")
+ rootCmd.PersistentFlags().IntVar(&MainGlobalOpts.MaxWorks, "max-workers", 0, "The maximum number of workers for parallel operations")
+ rootCmd.PersistentFlags().MarkHidden("max-workers")
+ rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Namespace, "namespace", "", "Set the libpod namespace, used to create separate views of the containers and pods on the system")
+ rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Root, "root", "", "Path to the root directory in which data, including images, is stored")
+ rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Runroot, "runroot", "", "Path to the 'run directory' where all state information is stored")
+ rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.Runtime, "runtime", "", "Path to the OCI-compatible binary used to run containers, default is /usr/bin/runc")
+ // -s is depracated due to conflict with -s on subcommands
+ rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.StorageDriver, "storage-driver", "", "Select which storage driver is used to manage storage of images and containers (default is overlay)")
+ rootCmd.PersistentFlags().StringSliceVar(&MainGlobalOpts.StorageOpts, "storage-opt", []string{}, "Used to pass an option to the storage driver")
+ rootCmd.PersistentFlags().BoolVar(&MainGlobalOpts.Syslog, "syslog", false, "Output logging information to syslog as well as the console")
+
+ rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.TmpDir, "tmpdir", "", "Path to the tmp directory")
+ rootCmd.PersistentFlags().BoolVar(&MainGlobalOpts.Trace, "trace", false, "Enable opentracing output")
+}
+
+func setSyslog() error {
+ if MainGlobalOpts.Syslog {
+ hook, err := lsyslog.NewSyslogHook("", "", syslog.LOG_INFO, "")
+ if err == nil {
+ logrus.AddHook(hook)
+ return nil
+ }
+ return err
+ }
+ return nil
+}
+
+func profileOn(cmd *cobra.Command) error {
+ if cmd.Flag("cpu-profile").Changed {
+ f, err := os.Create(MainGlobalOpts.CpuProfile)
+ if err != nil {
+ return errors.Wrapf(err, "unable to create cpu profiling file %s",
+ MainGlobalOpts.CpuProfile)
+ }
+ if err := pprof.StartCPUProfile(f); err != nil {
+ return err
+ }
+ }
+
+ if cmd.Flag("trace").Changed {
+ var tracer opentracing.Tracer
+ tracer, closer = tracing.Init("podman")
+ opentracing.SetGlobalTracer(tracer)
+
+ span = tracer.StartSpan("before-context")
+
+ Ctx = opentracing.ContextWithSpan(context.Background(), span)
+ }
+ return nil
+}
+
+func profileOff(cmd *cobra.Command) error {
+ if cmd.Flag("cpu-profile").Changed {
+ pprof.StopCPUProfile()
+ }
+ if cmd.Flag("trace").Changed {
+ span.Finish()
+ closer.Close()
+ }
+ return nil
+}
+
+func setupRootless(cmd *cobra.Command, args []string) error {
+ if os.Geteuid() == 0 || cmd == _searchCommand || cmd == _versionCommand || strings.HasPrefix(cmd.Use, "help") {
+ return nil
+ }
+ podmanCmd := cliconfig.PodmanCommand{
+ cmd,
+ args,
+ MainGlobalOpts,
+ }
+ runtime, err := libpodruntime.GetRuntime(&podmanCmd)
+ if err != nil {
+ return errors.Wrapf(err, "could not get runtime")
+ }
+ defer runtime.Shutdown(false)
+
+ ctrs, err := runtime.GetRunningContainers()
+ if err != nil {
+ logrus.Errorf(err.Error())
+ os.Exit(1)
+ }
+ var became bool
+ var ret int
+ if len(ctrs) == 0 {
+ became, ret, err = rootless.BecomeRootInUserNS()
+ } else {
+ for _, ctr := range ctrs {
+ data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile)
+ if err != nil {
+ logrus.Errorf(err.Error())
+ os.Exit(1)
+ }
+ conmonPid, err := strconv.Atoi(string(data))
+ if err != nil {
+ logrus.Errorf(err.Error())
+ os.Exit(1)
+ }
+ became, ret, err = rootless.JoinUserAndMountNS(uint(conmonPid))
+ if err == nil {
+ break
+ }
+ }
+ }
+ if err != nil {
+ logrus.Errorf(err.Error())
+ os.Exit(1)
+ }
+ if became {
+ os.Exit(ret)
+ }
+ return nil
+}
diff --git a/cmd/podman/main_remote.go b/cmd/podman/main_remote.go
new file mode 100644
index 000000000..2a7d184cd
--- /dev/null
+++ b/cmd/podman/main_remote.go
@@ -0,0 +1,43 @@
+// +build remoteclient
+
+package main
+
+import (
+ "os"
+
+ "github.com/containers/libpod/pkg/rootless"
+ "github.com/sirupsen/logrus"
+ "github.com/spf13/cobra"
+)
+
+const remote = true
+
+func init() {
+ // remote client specific flags can go here.
+}
+
+func setSyslog() error {
+ return nil
+}
+
+func profileOn(cmd *cobra.Command) error {
+ return nil
+}
+
+func profileOff(cmd *cobra.Command) error {
+ return nil
+}
+
+func setupRootless(cmd *cobra.Command, args []string) error {
+ if rootless.IsRootless() {
+ became, ret, err := rootless.BecomeRootInUserNS()
+ if err != nil {
+ logrus.Errorf(err.Error())
+ os.Exit(1)
+ }
+ if became {
+ os.Exit(ret)
+ }
+ }
+ return nil
+}
diff --git a/cmd/podman/ps.go b/cmd/podman/ps.go
index 759a03b86..5bb88f227 100644
--- a/cmd/podman/ps.go
+++ b/cmd/podman/ps.go
@@ -6,7 +6,6 @@ import (
"os"
"reflect"
"sort"
- "strconv"
"strings"
"text/tabwriter"
"time"
@@ -14,15 +13,12 @@ import (
tm "github.com/buger/goterm"
"github.com/containers/buildah/pkg/formats"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/cmd/podman/shared"
- "github.com/containers/libpod/libpod"
- "github.com/containers/libpod/pkg/util"
+ "github.com/containers/libpod/pkg/adapter"
"github.com/cri-o/ocicni/pkg/ocicni"
"github.com/docker/go-units"
"github.com/opentracing/opentracing-go"
"github.com/pkg/errors"
- "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
"k8s.io/apimachinery/pkg/fields"
)
@@ -205,10 +201,6 @@ func psCmd(c *cliconfig.PsValues) error {
span, _ := opentracing.StartSpanFromContext(Ctx, "psCmd")
defer span.Finish()
}
- // TODO disable when single rootless userns merges
- if c.Bool("size") && os.Geteuid() != 0 {
- return errors.New("the --size option is not presently supported without root")
- }
var watch bool
@@ -224,7 +216,7 @@ func psCmd(c *cliconfig.PsValues) error {
return errors.Wrapf(err, "error with flags passed")
}
- runtime, err := libpodruntime.GetRuntime(&c.PodmanCommand)
+ runtime, err := adapter.GetRuntime(&c.PodmanCommand)
if err != nil {
return errors.Wrapf(err, "error creating libpod runtime")
}
@@ -279,128 +271,6 @@ func checkFlagsPassed(c *cliconfig.PsValues) error {
return nil
}
-func generateContainerFilterFuncs(filter, filterValue string, runtime *libpod.Runtime) (func(container *libpod.Container) bool, error) {
- switch filter {
- case "id":
- return func(c *libpod.Container) bool {
- return strings.Contains(c.ID(), filterValue)
- }, nil
- case "label":
- var filterArray []string = strings.SplitN(filterValue, "=", 2)
- var filterKey string = filterArray[0]
- if len(filterArray) > 1 {
- filterValue = filterArray[1]
- } else {
- filterValue = ""
- }
- return func(c *libpod.Container) bool {
- for labelKey, labelValue := range c.Labels() {
- if labelKey == filterKey && ("" == filterValue || labelValue == filterValue) {
- return true
- }
- }
- return false
- }, nil
- case "name":
- return func(c *libpod.Container) bool {
- return strings.Contains(c.Name(), filterValue)
- }, nil
- case "exited":
- exitCode, err := strconv.ParseInt(filterValue, 10, 32)
- if err != nil {
- return nil, errors.Wrapf(err, "exited code out of range %q", filterValue)
- }
- return func(c *libpod.Container) bool {
- ec, exited, err := c.ExitCode()
- if ec == int32(exitCode) && err == nil && exited == true {
- return true
- }
- return false
- }, nil
- case "status":
- if !util.StringInSlice(filterValue, []string{"created", "running", "paused", "stopped", "exited", "unknown"}) {
- return nil, errors.Errorf("%s is not a valid status", filterValue)
- }
- return func(c *libpod.Container) bool {
- status, err := c.State()
- if err != nil {
- return false
- }
- if filterValue == "stopped" {
- filterValue = "exited"
- }
- state := status.String()
- if status == libpod.ContainerStateConfigured {
- state = "created"
- } else if status == libpod.ContainerStateStopped {
- state = "exited"
- }
- return state == filterValue
- }, nil
- case "ancestor":
- // This needs to refine to match docker
- // - ancestor=(<image-name>[:tag]|<image-id>| ⟨image@digest⟩) - containers created from an image or a descendant.
- return func(c *libpod.Container) bool {
- containerConfig := c.Config()
- if strings.Contains(containerConfig.RootfsImageID, filterValue) || strings.Contains(containerConfig.RootfsImageName, filterValue) {
- return true
- }
- return false
- }, nil
- case "before":
- ctr, err := runtime.LookupContainer(filterValue)
- if err != nil {
- return nil, errors.Errorf("unable to find container by name or id of %s", filterValue)
- }
- containerConfig := ctr.Config()
- createTime := containerConfig.CreatedTime
- return func(c *libpod.Container) bool {
- cc := c.Config()
- return createTime.After(cc.CreatedTime)
- }, nil
- case "since":
- ctr, err := runtime.LookupContainer(filterValue)
- if err != nil {
- return nil, errors.Errorf("unable to find container by name or id of %s", filterValue)
- }
- containerConfig := ctr.Config()
- createTime := containerConfig.CreatedTime
- return func(c *libpod.Container) bool {
- cc := c.Config()
- return createTime.Before(cc.CreatedTime)
- }, nil
- case "volume":
- //- volume=(<volume-name>|<mount-point-destination>)
- return func(c *libpod.Container) bool {
- containerConfig := c.Config()
- var dest string
- arr := strings.Split(filterValue, ":")
- source := arr[0]
- if len(arr) == 2 {
- dest = arr[1]
- }
- for _, mount := range containerConfig.Spec.Mounts {
- if dest != "" && (mount.Source == source && mount.Destination == dest) {
- return true
- }
- if dest == "" && mount.Source == source {
- return true
- }
- }
- return false
- }, nil
- case "health":
- return func(c *libpod.Container) bool {
- hcStatus, err := c.HealthCheckStatus()
- if err != nil {
- return false
- }
- return hcStatus == filterValue
- }, nil
- }
- return nil, errors.Errorf("%s is an invalid filter", filter)
-}
-
// generate the accurate header based on template given
func (p *psTemplateParams) headerMap() map[string]string {
v := reflect.Indirect(reflect.ValueOf(p))
@@ -550,11 +420,9 @@ func dumpJSON(containers []shared.PsContainerOutput) error {
return nil
}
-func psDisplay(c *cliconfig.PsValues, runtime *libpod.Runtime) error {
+func psDisplay(c *cliconfig.PsValues, runtime *adapter.LocalRuntime) error {
var (
- filterFuncs []libpod.ContainerFilter
- outputContainers []*libpod.Container
- err error
+ err error
)
opts := shared.PsOptions{
All: c.All,
@@ -570,51 +438,8 @@ func psDisplay(c *cliconfig.PsValues, runtime *libpod.Runtime) error {
Sync: c.Sync,
}
- maxWorkers := shared.Parallelize("ps")
- if c.GlobalIsSet("max-workers") {
- maxWorkers = c.GlobalFlags.MaxWorks
- }
- logrus.Debugf("Setting maximum workers to %d", maxWorkers)
-
- filters := c.Filter
- if len(filters) > 0 {
- for _, f := range filters {
- filterSplit := strings.SplitN(f, "=", 2)
- if len(filterSplit) < 2 {
- return errors.Errorf("filter input must be in the form of filter=value: %s is invalid", f)
- }
- generatedFunc, err := generateContainerFilterFuncs(filterSplit[0], filterSplit[1], runtime)
- if err != nil {
- return errors.Wrapf(err, "invalid filter")
- }
- filterFuncs = append(filterFuncs, generatedFunc)
- }
- }
- if !opts.Latest {
- // Get all containers
- containers, err := runtime.GetContainers(filterFuncs...)
- if err != nil {
- return err
- }
-
- // We only want the last few containers
- if opts.Last > 0 && opts.Last <= len(containers) {
- return errors.Errorf("--last not yet supported")
- } else {
- outputContainers = containers
- }
- } else {
- // Get just the latest container
- // Ignore filters
- latestCtr, err := runtime.GetLatestContainer()
- if err != nil {
- return err
- }
-
- outputContainers = []*libpod.Container{latestCtr}
- }
-
- pss := shared.PBatch(outputContainers, maxWorkers, opts)
+ pss, err := runtime.Ps(c, opts)
+ // Here and down
if opts.Sort != "" {
pss, err = sortPsOutput(opts.Sort, pss)
if err != nil {
diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go
index 2aac28642..7cc7b65b3 100644
--- a/cmd/podman/pull.go
+++ b/cmd/podman/pull.go
@@ -46,18 +46,27 @@ func init() {
pullCommand.SetUsageTemplate(UsageTemplate())
flags := pullCommand.Flags()
flags.BoolVar(&pullCommand.AllTags, "all-tags", false, "All tagged images inthe repository will be pulled")
- flags.StringVar(&pullCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
flags.StringVar(&pullCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
flags.StringVar(&pullCommand.Creds, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
flags.BoolVarP(&pullCommand.Quiet, "quiet", "q", false, "Suppress output information when pulling images")
- flags.StringVar(&pullCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
- flags.BoolVar(&pullCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+
+ // Disabled flags for the remote client
+ if !remote {
+ flags.StringVar(&pullCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
+ flags.StringVar(&pullCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
+ flags.BoolVar(&pullCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+ }
}
// pullCmd gets the data from the command line and calls pullImage
// to copy an image from a registry to a local machine
-func pullCmd(c *cliconfig.PullValues) error {
+func pullCmd(c *cliconfig.PullValues) (retError error) {
+ defer func() {
+ if retError != nil && exitCode == 0 {
+ exitCode = 1
+ }
+ }()
if c.Bool("trace") {
span, _ := opentracing.StartSpanFromContext(Ctx, "pullCmd")
defer span.Finish()
@@ -159,7 +168,7 @@ func pullCmd(c *cliconfig.PullValues) error {
for _, name := range names {
newImage, err := runtime.New(getContext(), name, c.String("signature-policy"), authfile, writer, &dockerRegistryOptions, image.SigningOptions{}, true, nil)
if err != nil {
- println(errors.Wrapf(err, "error pulling image %q", name))
+ logrus.Errorf("error pulling image %q", name)
foundImage = false
continue
}
diff --git a/cmd/podman/push.go b/cmd/podman/push.go
index a1dac24ae..a5638a698 100644
--- a/cmd/podman/push.go
+++ b/cmd/podman/push.go
@@ -45,16 +45,20 @@ func init() {
pushCommand.SetUsageTemplate(UsageTemplate())
flags := pushCommand.Flags()
flags.MarkHidden("signature-policy")
- flags.StringVar(&pushCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
flags.StringVar(&pushCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
- flags.BoolVar(&pushCommand.Compress, "compress", false, "Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type as source)")
flags.StringVar(&pushCommand.Creds, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
flags.StringVarP(&pushCommand.Format, "format", "f", "", "Manifest type (oci, v2s1, or v2s2) to use when pushing an image using the 'dir:' transport (default is manifest type of source)")
flags.BoolVarP(&pushCommand.Quiet, "quiet", "q", false, "Don't output progress information when pushing images")
flags.BoolVar(&pushCommand.RemoveSignatures, "remove-signatures", false, "Discard any pre-existing signatures in the image")
- flags.StringVar(&pushCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
flags.StringVar(&pushCommand.SignBy, "sign-by", "", "Add a signature at the destination using the specified key")
- flags.BoolVar(&pushCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+
+ // Disabled flags for the remote client
+ if !remote {
+ flags.StringVar(&pushCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
+ flags.BoolVar(&pushCommand.Compress, "compress", false, "Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type as source)")
+ flags.StringVar(&pushCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
+ flags.BoolVar(&pushCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+ }
}
func pushCmd(c *cliconfig.PushValues) error {
diff --git a/cmd/podman/restore.go b/cmd/podman/restore.go
index 0f6828432..0f0150644 100644
--- a/cmd/podman/restore.go
+++ b/cmd/podman/restore.go
@@ -1,13 +1,9 @@
package main
import (
- "context"
- "fmt"
- "os"
-
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/libpod"
+ "github.com/containers/libpod/pkg/adapter"
"github.com/containers/libpod/pkg/rootless"
"github.com/pkg/errors"
"github.com/spf13/cobra"
@@ -57,7 +53,7 @@ func restoreCmd(c *cliconfig.RestoreValues) error {
return errors.New("restoring a container requires root")
}
- runtime, err := libpodruntime.GetRuntime(&c.PodmanCommand)
+ runtime, err := adapter.GetRuntime(&c.PodmanCommand)
if err != nil {
return errors.Wrapf(err, "could not get runtime")
}
@@ -67,18 +63,5 @@ func restoreCmd(c *cliconfig.RestoreValues) error {
Keep: c.Keep,
TCPEstablished: c.TcpEstablished,
}
-
- containers, lastError := getAllOrLatestContainers(&c.PodmanCommand, runtime, libpod.ContainerStateExited, "checkpointed")
-
- for _, ctr := range containers {
- if err = ctr.Restore(context.TODO(), options); err != nil {
- if lastError != nil {
- fmt.Fprintln(os.Stderr, lastError)
- }
- lastError = errors.Wrapf(err, "failed to restore container %v", ctr.ID())
- } else {
- fmt.Println(ctr.ID())
- }
- }
- return lastError
+ return runtime.Restore(c, options)
}
diff --git a/cmd/podman/rm.go b/cmd/podman/rm.go
index 52e281402..66f70a36f 100644
--- a/cmd/podman/rm.go
+++ b/cmd/podman/rm.go
@@ -4,12 +4,9 @@ import (
"fmt"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/libpodruntime"
- "github.com/containers/libpod/cmd/podman/shared"
"github.com/containers/libpod/libpod"
- "github.com/containers/libpod/libpod/image"
+ "github.com/containers/libpod/pkg/adapter"
"github.com/pkg/errors"
- "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
)
@@ -48,78 +45,29 @@ func init() {
markFlagHiddenForRemoteClient("latest", flags)
}
-// saveCmd saves the image to either docker-archive or oci
+// rmCmd removes one or more containers
func rmCmd(c *cliconfig.RmValues) error {
- var (
- deleteFuncs []shared.ParallelWorkerInput
- )
-
- ctx := getContext()
- runtime, err := libpodruntime.GetRuntime(&c.PodmanCommand)
+ runtime, err := adapter.GetRuntime(&c.PodmanCommand)
if err != nil {
return errors.Wrapf(err, "could not get runtime")
}
defer runtime.Shutdown(false)
- failureCnt := 0
- delContainers, err := getAllOrLatestContainers(&c.PodmanCommand, runtime, -1, "all")
+ ok, failures, err := runtime.RemoveContainers(getContext(), c)
if err != nil {
- if c.Force && len(c.InputArgs) > 0 {
- if errors.Cause(err) == libpod.ErrNoSuchCtr {
- err = nil
+ if errors.Cause(err) == libpod.ErrNoSuchCtr {
+ if len(c.InputArgs) > 1 {
+ exitCode = 125
} else {
- failureCnt++
- }
- runtime.RemoveContainersFromStorage(c.InputArgs)
- }
- if len(delContainers) == 0 {
- if err != nil && failureCnt == 0 {
exitCode = 1
}
- return err
- }
- if err != nil {
- if errors.Cause(err) == libpod.ErrNoSuchCtr {
- exitCode = 1
- }
- fmt.Println(err.Error())
- }
- }
-
- for _, container := range delContainers {
- con := container
- f := func() error {
- return runtime.RemoveContainer(ctx, con, c.Force, c.Volumes)
- }
-
- deleteFuncs = append(deleteFuncs, shared.ParallelWorkerInput{
- ContainerID: con.ID(),
- ParallelFunc: f,
- })
- }
- maxWorkers := shared.Parallelize("rm")
- if c.GlobalIsSet("max-workers") {
- maxWorkers = c.GlobalFlags.MaxWorks
- }
- logrus.Debugf("Setting maximum workers to %d", maxWorkers)
-
- // Run the parallel funcs
- deleteErrors, errCount := shared.ParallelExecuteWorkerPool(maxWorkers, deleteFuncs)
- err = printParallelOutput(deleteErrors, errCount)
- if err != nil {
- for _, result := range deleteErrors {
- if result != nil && errors.Cause(result) != image.ErrNoSuchCtr {
- failureCnt++
- }
- }
- if failureCnt == 0 {
- exitCode = 1
}
+ return err
}
- if failureCnt > 0 {
+ if len(failures) > 0 {
exitCode = 125
}
- return err
+ return printCmdResults(ok, failures)
}
diff --git a/cmd/podman/run.go b/cmd/podman/run.go
index bac5c3c18..d3158de6b 100644
--- a/cmd/podman/run.go
+++ b/cmd/podman/run.go
@@ -38,7 +38,7 @@ func init() {
}
func runCmd(c *cliconfig.RunValues) error {
- if c.Bool("trace") {
+ if !remote && c.Bool("trace") {
span, _ := opentracing.StartSpanFromContext(Ctx, "runCmd")
defer span.Finish()
}
diff --git a/cmd/podman/run_test.go b/cmd/podman/run_test.go
index 27b34c323..af9e6923c 100644
--- a/cmd/podman/run_test.go
+++ b/cmd/podman/run_test.go
@@ -83,7 +83,7 @@ func getRuntimeSpec(c *cliconfig.PodmanCommand) (*spec.Spec, error) {
createConfig, err := parseCreateOpts(c, runtime, "alpine", generateAlpineImageData())
*/
ctx := getContext()
- genericResults := shared.NewIntermediateLayer(c)
+ genericResults := shared.NewIntermediateLayer(c, false)
createConfig, err := shared.ParseCreateOpts(ctx, &genericResults, nil, "alpine", generateAlpineImageData())
if err != nil {
return nil, err
diff --git a/cmd/podman/shared/container.go b/cmd/podman/shared/container.go
index 6826191c5..e14276bdf 100644
--- a/cmd/podman/shared/container.go
+++ b/cmd/podman/shared/container.go
@@ -4,6 +4,7 @@ import (
"context"
"fmt"
"io"
+ v1 "k8s.io/api/core/v1"
"os"
"path/filepath"
"regexp"
@@ -44,7 +45,6 @@ type PsOptions struct {
Quiet bool
Size bool
Sort string
- Label string
Namespace bool
Sync bool
}
@@ -274,6 +274,176 @@ func worker(wg *sync.WaitGroup, jobs <-chan workerInput, results chan<- PsContai
}
}
+func generateContainerFilterFuncs(filter, filterValue string, r *libpod.Runtime) (func(container *libpod.Container) bool, error) {
+ switch filter {
+ case "id":
+ return func(c *libpod.Container) bool {
+ return strings.Contains(c.ID(), filterValue)
+ }, nil
+ case "label":
+ var filterArray []string = strings.SplitN(filterValue, "=", 2)
+ var filterKey string = filterArray[0]
+ if len(filterArray) > 1 {
+ filterValue = filterArray[1]
+ } else {
+ filterValue = ""
+ }
+ return func(c *libpod.Container) bool {
+ for labelKey, labelValue := range c.Labels() {
+ if labelKey == filterKey && ("" == filterValue || labelValue == filterValue) {
+ return true
+ }
+ }
+ return false
+ }, nil
+ case "name":
+ return func(c *libpod.Container) bool {
+ return strings.Contains(c.Name(), filterValue)
+ }, nil
+ case "exited":
+ exitCode, err := strconv.ParseInt(filterValue, 10, 32)
+ if err != nil {
+ return nil, errors.Wrapf(err, "exited code out of range %q", filterValue)
+ }
+ return func(c *libpod.Container) bool {
+ ec, exited, err := c.ExitCode()
+ if ec == int32(exitCode) && err == nil && exited == true {
+ return true
+ }
+ return false
+ }, nil
+ case "status":
+ if !util.StringInSlice(filterValue, []string{"created", "running", "paused", "stopped", "exited", "unknown"}) {
+ return nil, errors.Errorf("%s is not a valid status", filterValue)
+ }
+ return func(c *libpod.Container) bool {
+ status, err := c.State()
+ if err != nil {
+ return false
+ }
+ if filterValue == "stopped" {
+ filterValue = "exited"
+ }
+ state := status.String()
+ if status == libpod.ContainerStateConfigured {
+ state = "created"
+ } else if status == libpod.ContainerStateStopped {
+ state = "exited"
+ }
+ return state == filterValue
+ }, nil
+ case "ancestor":
+ // This needs to refine to match docker
+ // - ancestor=(<image-name>[:tag]|<image-id>| ⟨image@digest⟩) - containers created from an image or a descendant.
+ return func(c *libpod.Container) bool {
+ containerConfig := c.Config()
+ if strings.Contains(containerConfig.RootfsImageID, filterValue) || strings.Contains(containerConfig.RootfsImageName, filterValue) {
+ return true
+ }
+ return false
+ }, nil
+ case "before":
+ ctr, err := r.LookupContainer(filterValue)
+ if err != nil {
+ return nil, errors.Errorf("unable to find container by name or id of %s", filterValue)
+ }
+ containerConfig := ctr.Config()
+ createTime := containerConfig.CreatedTime
+ return func(c *libpod.Container) bool {
+ cc := c.Config()
+ return createTime.After(cc.CreatedTime)
+ }, nil
+ case "since":
+ ctr, err := r.LookupContainer(filterValue)
+ if err != nil {
+ return nil, errors.Errorf("unable to find container by name or id of %s", filterValue)
+ }
+ containerConfig := ctr.Config()
+ createTime := containerConfig.CreatedTime
+ return func(c *libpod.Container) bool {
+ cc := c.Config()
+ return createTime.Before(cc.CreatedTime)
+ }, nil
+ case "volume":
+ //- volume=(<volume-name>|<mount-point-destination>)
+ return func(c *libpod.Container) bool {
+ containerConfig := c.Config()
+ var dest string
+ arr := strings.Split(filterValue, ":")
+ source := arr[0]
+ if len(arr) == 2 {
+ dest = arr[1]
+ }
+ for _, mount := range containerConfig.Spec.Mounts {
+ if dest != "" && (mount.Source == source && mount.Destination == dest) {
+ return true
+ }
+ if dest == "" && mount.Source == source {
+ return true
+ }
+ }
+ return false
+ }, nil
+ case "health":
+ return func(c *libpod.Container) bool {
+ hcStatus, err := c.HealthCheckStatus()
+ if err != nil {
+ return false
+ }
+ return hcStatus == filterValue
+ }, nil
+ }
+ return nil, errors.Errorf("%s is an invalid filter", filter)
+}
+
+// GetPsContainerOutput returns a slice of containers specifically for ps output
+func GetPsContainerOutput(r *libpod.Runtime, opts PsOptions, filters []string, maxWorkers int) ([]PsContainerOutput, error) {
+ var (
+ filterFuncs []libpod.ContainerFilter
+ outputContainers []*libpod.Container
+ )
+
+ if len(filters) > 0 {
+ for _, f := range filters {
+ filterSplit := strings.SplitN(f, "=", 2)
+ if len(filterSplit) < 2 {
+ return nil, errors.Errorf("filter input must be in the form of filter=value: %s is invalid", f)
+ }
+ generatedFunc, err := generateContainerFilterFuncs(filterSplit[0], filterSplit[1], r)
+ if err != nil {
+ return nil, errors.Wrapf(err, "invalid filter")
+ }
+ filterFuncs = append(filterFuncs, generatedFunc)
+ }
+ }
+ if !opts.Latest {
+ // Get all containers
+ containers, err := r.GetContainers(filterFuncs...)
+ if err != nil {
+ return nil, err
+ }
+
+ // We only want the last few containers
+ if opts.Last > 0 && opts.Last <= len(containers) {
+ return nil, errors.Errorf("--last not yet supported")
+ } else {
+ outputContainers = containers
+ }
+ } else {
+ // Get just the latest container
+ // Ignore filters
+ latestCtr, err := r.GetLatestContainer()
+ if err != nil {
+ return nil, err
+ }
+
+ outputContainers = []*libpod.Container{latestCtr}
+ }
+
+ pss := PBatch(outputContainers, maxWorkers, opts)
+ return pss, nil
+}
+
// PBatch is performs batch operations on a container in parallel. It spawns the number of workers
// relative to the the number of parallel operations desired.
func PBatch(containers []*libpod.Container, workers int, opts PsOptions) []PsContainerOutput {
@@ -769,3 +939,37 @@ func envSliceToMap(env []string) map[string]string {
}
return m
}
+
+// GenerateKube generates kubernetes yaml based on a pod or container
+func GenerateKube(name string, service bool, r *libpod.Runtime) (*v1.Pod, *v1.Service, error) {
+ var (
+ pod *libpod.Pod
+ podYAML *v1.Pod
+ err error
+ container *libpod.Container
+ servicePorts []v1.ServicePort
+ serviceYAML v1.Service
+ )
+ // Get the container in question
+ container, err = r.LookupContainer(name)
+ if err != nil {
+ pod, err = r.LookupPod(name)
+ if err != nil {
+ return nil, nil, err
+ }
+ podYAML, servicePorts, err = pod.GenerateForKube()
+ } else {
+ if len(container.Dependencies()) > 0 {
+ return nil, nil, errors.Wrapf(libpod.ErrNotImplemented, "containers with dependencies")
+ }
+ podYAML, err = container.GenerateForKube()
+ }
+ if err != nil {
+ return nil, nil, err
+ }
+
+ if service {
+ serviceYAML = libpod.GenerateKubeServiceFromV1Pod(podYAML, servicePorts)
+ }
+ return podYAML, &serviceYAML, nil
+}
diff --git a/cmd/podman/shared/intermediate.go b/cmd/podman/shared/intermediate.go
index 9afbd68c8..2e1827561 100644
--- a/cmd/podman/shared/intermediate.go
+++ b/cmd/podman/shared/intermediate.go
@@ -360,7 +360,7 @@ func newCRStringArray(c *cliconfig.PodmanCommand, flag string) CRStringArray {
}
// NewIntermediateLayer creates a GenericCLIResults from a create or run cli-command
-func NewIntermediateLayer(c *cliconfig.PodmanCommand) GenericCLIResults {
+func NewIntermediateLayer(c *cliconfig.PodmanCommand, remote bool) GenericCLIResults {
m := make(map[string]GenericCLIResult)
m["add-host"] = newCRStringSlice(c, "add-host")
@@ -458,8 +458,10 @@ func NewIntermediateLayer(c *cliconfig.PodmanCommand) GenericCLIResults {
m["volumes-from"] = newCRStringSlice(c, "volumes-from")
m["workdir"] = newCRString(c, "workdir")
// global flag
- m["trace"] = newCRBool(c, "trace")
- m["syslog"] = newCRBool(c, "syslog")
+ if !remote {
+ m["trace"] = newCRBool(c, "trace")
+ m["syslog"] = newCRBool(c, "syslog")
+ }
return GenericCLIResults{m, c.InputArgs}
}
diff --git a/cmd/podman/shared/workers.go b/cmd/podman/shared/workers.go
new file mode 100644
index 000000000..112af89cc
--- /dev/null
+++ b/cmd/podman/shared/workers.go
@@ -0,0 +1,133 @@
+package shared
+
+import (
+ "reflect"
+ "runtime"
+ "strings"
+ "sync"
+
+ "github.com/sirupsen/logrus"
+)
+
+// JobFunc provides the function signature for the pool'ed functions
+type JobFunc func() error
+
+// Job defines the function to run
+type Job struct {
+ ID string
+ Fn JobFunc
+}
+
+// JobResult defines the results from the function ran
+type JobResult struct {
+ Job Job
+ Err error
+}
+
+// Pool defines the worker pool and queues
+type Pool struct {
+ id string
+ wg *sync.WaitGroup
+ jobs chan Job
+ results chan JobResult
+ size int
+ capacity int
+}
+
+// NewPool creates and initializes a new Pool
+func NewPool(id string, size int, capacity int) *Pool {
+ var wg sync.WaitGroup
+
+ // min for int...
+ s := size
+ if s > capacity {
+ s = capacity
+ }
+
+ return &Pool{
+ id,
+ &wg,
+ make(chan Job, capacity),
+ make(chan JobResult, capacity),
+ s,
+ capacity,
+ }
+}
+
+// Add Job to pool for parallel processing
+func (p *Pool) Add(job Job) {
+ p.wg.Add(1)
+ p.jobs <- job
+}
+
+// Run the Job's in the pool, gather and return results
+func (p *Pool) Run() ([]string, map[string]error, error) {
+ var (
+ ok = []string{}
+ failures = map[string]error{}
+ )
+
+ for w := 0; w < p.size; w++ {
+ w := w
+ go p.newWorker(w)
+ }
+ close(p.jobs)
+ p.wg.Wait()
+
+ close(p.results)
+ for r := range p.results {
+ if r.Err == nil {
+ ok = append(ok, r.Job.ID)
+ } else {
+ failures[r.Job.ID] = r.Err
+ }
+ }
+
+ if logrus.GetLevel() == logrus.DebugLevel {
+ for i, f := range failures {
+ logrus.Debugf("Pool[%s, %s: %s]", p.id, i, f.Error())
+ }
+ }
+
+ return ok, failures, nil
+}
+
+// newWorker creates new parallel workers to monitor jobs channel from Pool
+func (p *Pool) newWorker(slot int) {
+ for job := range p.jobs {
+ err := job.Fn()
+ p.results <- JobResult{job, err}
+ if logrus.GetLevel() == logrus.DebugLevel {
+ n := strings.Split(runtime.FuncForPC(reflect.ValueOf(job.Fn).Pointer()).Name(), ".")
+ logrus.Debugf("Worker#%d finished job %s/%s (%v)", slot, n[2:], job.ID, err)
+ }
+ p.wg.Done()
+ }
+}
+
+// DefaultPoolSize provides the maximum number of parallel workers (int) as calculated by a basic
+// heuristic. This can be overriden by the --max-workers primary switch to podman.
+func DefaultPoolSize(name string) int {
+ numCpus := runtime.NumCPU()
+ switch name {
+ case "kill":
+ case "pause":
+ case "rm":
+ case "unpause":
+ if numCpus <= 3 {
+ return numCpus * 3
+ }
+ return numCpus * 4
+ case "ps":
+ return 8
+ case "restart":
+ return numCpus * 2
+ case "stop":
+ if numCpus <= 2 {
+ return 4
+ } else {
+ return numCpus * 3
+ }
+ }
+ return 3
+}
diff --git a/cmd/podman/stop.go b/cmd/podman/stop.go
index e27be64f6..38d90fe81 100644
--- a/cmd/podman/stop.go
+++ b/cmd/podman/stop.go
@@ -1,9 +1,6 @@
package main
import (
- "fmt"
- "reflect"
-
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/adapter"
@@ -68,21 +65,5 @@ func stopCmd(c *cliconfig.StopValues) error {
if err != nil {
return err
}
-
- for _, id := range ok {
- fmt.Println(id)
- }
-
- if len(failures) > 0 {
- keys := reflect.ValueOf(failures).MapKeys()
- lastKey := keys[len(keys)-1].String()
- lastErr := failures[lastKey]
- delete(failures, lastKey)
-
- for _, err := range failures {
- outputError(err)
- }
- return lastErr
- }
- return nil
+ return printCmdResults(ok, failures)
}
diff --git a/cmd/podman/umount.go b/cmd/podman/umount.go
index a938c7c38..914e37cfa 100644
--- a/cmd/podman/umount.go
+++ b/cmd/podman/umount.go
@@ -1,20 +1,16 @@
package main
import (
- "fmt"
-
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/libpodruntime"
- "github.com/containers/libpod/libpod"
- "github.com/containers/storage"
+ "github.com/containers/libpod/pkg/adapter"
"github.com/pkg/errors"
- "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
)
var (
umountCommand cliconfig.UmountValues
- description = `Container storage increments a mount counter each time a container is mounted.
+
+ description = `Container storage increments a mount counter each time a container is mounted.
When a container is unmounted, the mount counter is decremented. The container's root filesystem is physically unmounted only when the mount counter reaches zero indicating no other processes are using the mount.
@@ -51,42 +47,15 @@ func init() {
}
func umountCmd(c *cliconfig.UmountValues) error {
- runtime, err := libpodruntime.GetRuntime(&c.PodmanCommand)
+ runtime, err := adapter.GetRuntime(&c.PodmanCommand)
if err != nil {
- return errors.Wrapf(err, "could not get runtime")
+ return errors.Wrapf(err, "error creating runtime")
}
defer runtime.Shutdown(false)
- force := c.Force
- umountAll := c.All
-
- containers, err := getAllOrLatestContainers(&c.PodmanCommand, runtime, -1, "all")
+ ok, failures, err := runtime.UmountRootFilesystems(getContext(), c)
if err != nil {
- if len(containers) == 0 {
- return err
- }
- fmt.Println(err.Error())
- }
-
- umountContainerErrStr := "error unmounting container"
- var lastError error
- for _, ctr := range containers {
- ctrState, err := ctr.State()
- if ctrState == libpod.ContainerStateRunning || err != nil {
- continue
- }
-
- if err = ctr.Unmount(force); err != nil {
- if umountAll && errors.Cause(err) == storage.ErrLayerNotMounted {
- continue
- }
- if lastError != nil {
- logrus.Error(lastError)
- }
- lastError = errors.Wrapf(err, "%s %s", umountContainerErrStr, ctr.ID())
- continue
- }
- fmt.Printf("%s\n", ctr.ID())
+ return err
}
- return lastError
+ return printCmdResults(ok, failures)
}
diff --git a/cmd/podman/utils.go b/cmd/podman/utils.go
index c763940db..81bd02faa 100644
--- a/cmd/podman/utils.go
+++ b/cmd/podman/utils.go
@@ -2,11 +2,12 @@ package main
import (
"fmt"
+ "reflect"
"github.com/spf13/pflag"
)
-//printParallelOutput takes the map of parallel worker results and outputs them
+// printParallelOutput takes the map of parallel worker results and outputs them
// to stdout
func printParallelOutput(m map[string]error, errCount int) error {
var lastError error
@@ -23,6 +24,26 @@ func printParallelOutput(m map[string]error, errCount int) error {
return lastError
}
+// print results from CLI command
+func printCmdResults(ok []string, failures map[string]error) error {
+ for _, id := range ok {
+ fmt.Println(id)
+ }
+
+ if len(failures) > 0 {
+ keys := reflect.ValueOf(failures).MapKeys()
+ lastKey := keys[len(keys)-1].String()
+ lastErr := failures[lastKey]
+ delete(failures, lastKey)
+
+ for _, err := range failures {
+ outputError(err)
+ }
+ return lastErr
+ }
+ return nil
+}
+
// markFlagHiddenForRemoteClient makes the flag not appear as part of the CLI
// on the remote-client
func markFlagHiddenForRemoteClient(flagName string, flags *pflag.FlagSet) {
@@ -30,3 +51,29 @@ func markFlagHiddenForRemoteClient(flagName string, flags *pflag.FlagSet) {
flags.MarkHidden(flagName)
}
}
+
+// TODO: remove when adapter package takes over this functionality
+// func joinContainerOrCreateRootlessUserNS(runtime *libpod.Runtime, ctr *libpod.Container) (bool, int, error) {
+// if os.Geteuid() == 0 {
+// return false, 0, nil
+// }
+// s, err := ctr.State()
+// if err != nil {
+// return false, -1, err
+// }
+// opts := rootless.Opts{
+// Argument: ctr.ID(),
+// }
+// if s == libpod.ContainerStateRunning || s == libpod.ContainerStatePaused {
+// data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile)
+// if err != nil {
+// return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile)
+// }
+// conmonPid, err := strconv.Atoi(string(data))
+// if err != nil {
+// return false, -1, errors.Wrapf(err, "cannot parse PID %q", data)
+// }
+// return rootless.JoinDirectUserAndMountNSWithOpts(uint(conmonPid), &opts)
+// }
+// return rootless.BecomeRootInUserNSWithOpts(&opts)
+// }
diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink
index 9098a9297..b5295273a 100644
--- a/cmd/podman/varlink/io.podman.varlink
+++ b/cmd/podman/varlink/io.podman.varlink
@@ -98,6 +98,11 @@ type ImageSearchFilter (
star_count: int
)
+type KubePodService (
+ pod: string,
+ service: string
+)
+
type Container (
id: string,
image: string,
@@ -133,6 +138,47 @@ type ContainerStats (
pids: int
)
+type PsOpts (
+ all: bool,
+ filters: ?[]string,
+ last: ?int,
+ latest: ?bool,
+ noTrunc: ?bool,
+ pod: ?bool,
+ quiet: ?bool,
+ sort: ?string,
+ sync: ?bool
+)
+
+type PsContainer (
+ id: string,
+ image: string,
+ command: string,
+ created: string,
+ ports: string,
+ names: string,
+ isInfra: bool,
+ status: string,
+ state: string,
+ pidNum: int,
+ rootFsSize: int,
+ rwSize: int,
+ pod: string,
+ createdAt: string,
+ exitedAt: string,
+ startedAt: string,
+ labels: [string]string,
+ nsPid: string,
+ cgroup: string,
+ ipc: string,
+ mnt: string,
+ net: string,
+ pidNs: string,
+ user: string,
+ uts: string,
+ mounts: string
+)
+
# ContainerMount describes the struct for mounts in a container
type ContainerMount (
destination: string,
@@ -474,6 +520,8 @@ method GetInfo() -> (info: PodmanInfo)
# See also [GetContainer](#GetContainer).
method ListContainers() -> (containers: []Container)
+method Ps(opts: PsOpts) -> (containers: []PsContainer)
+
# GetContainer returns information about a single container. If a container
# with the given id doesn't exist, a [ContainerNotFound](#ContainerNotFound)
# error will be returned. See also [ListContainers](ListContainers) and
@@ -615,8 +663,11 @@ method PauseContainer(name: string) -> (container: string)
# See also [PauseContainer](#PauseContainer).
method UnpauseContainer(name: string) -> (container: string)
-# This method has not be implemented yet.
-# method AttachToContainer() -> (notimplemented: NotImplemented)
+# Attach takes the name or ID of a container and sets up a the ability to remotely attach to its console. The start
+# bool is whether you wish to start the container in question first.
+method Attach(name: string, detachKeys: string, start: bool) -> ()
+
+method AttachControl(name: string) -> ()
# GetAttachSockets takes the name or ID of an existing container. It returns file paths for two sockets needed
# to properly communicate with a container. The first is the actual I/O socket that the container uses. The
@@ -1078,11 +1129,7 @@ method ImagesPrune(all: bool) -> (pruned: []string)
# GenerateKube generates a Kubernetes v1 Pod description of a Podman container or pod
# and its containers. The description is in YAML. See also [ReplayKube](ReplayKube).
-# method GenerateKube() -> (notimplemented: NotImplemented)
-
-# GenerateKubeService generates a Kubernetes v1 Service description of a Podman container or pod
-# and its containers. The description is in YAML. See also [GenerateKube](GenerateKube).
-# method GenerateKubeService() -> (notimplemented: NotImplemented)
+method GenerateKube(name: string, service: bool) -> (pod: KubePodService)
# ReplayKube recreates a pod and its containers based on a Kubernetes v1 Pod description (in YAML)
# like that created by GenerateKube. See also [GenerateKube](GenerateKube).
@@ -1111,6 +1158,9 @@ method PodStateData(name: string) -> (config: string)
# This call is for the development of Podman only and should not be used.
method CreateFromCC(in: []string) -> (id: string)
+# Spec returns the oci spec for a container. This call is for development of Podman only and generally should not be used.
+method Spec(name: string) -> (config: string)
+
# Sendfile allows a remote client to send a file to the host
method SendFile(type: string, length: int) -> (file_handle: string)
diff --git a/cmd/podman/wait.go b/cmd/podman/wait.go
index 4449898a0..827ac6826 100644
--- a/cmd/podman/wait.go
+++ b/cmd/podman/wait.go
@@ -1,8 +1,6 @@
package main
import (
- "fmt"
- "reflect"
"time"
"github.com/containers/libpod/cmd/podman/cliconfig"
@@ -62,21 +60,5 @@ func waitCmd(c *cliconfig.WaitValues) error {
if err != nil {
return err
}
-
- for _, id := range ok {
- fmt.Println(id)
- }
-
- if len(failures) > 0 {
- keys := reflect.ValueOf(failures).MapKeys()
- lastKey := keys[len(keys)-1].String()
- lastErr := failures[lastKey]
- delete(failures, lastKey)
-
- for _, err := range failures {
- outputError(err)
- }
- return lastErr
- }
- return nil
+ return printCmdResults(ok, failures)
}
diff --git a/commands.md b/commands.md
index 156a1cdf6..1c05640f2 100644
--- a/commands.md
+++ b/commands.md
@@ -4,8 +4,8 @@
## Podman Commands
-Command | Description | Demo
-:----------------------------------------------------------------------- | :------------------------------------------------------------------------- | :--------------------------------------------------------------------------
+Command | Description | Demo | Script
+:----------------------------------------------------------------------- | :------------------------------------------------------------------------- | :-------------------------------------------------------------------------- | :--------------------------------------------------------------------------
[podman(1)](/docs/podman.1.md) | Simple management tool for pods and images |
[podman-attach(1)](/docs/podman-attach.1.md) | Attach to a running container |
[podman-build(1)](/docs/podman-build.1.md) | Build an image using instructions from Dockerfiles |
@@ -31,7 +31,7 @@ Command | Descr
[podman-image-prune(1)](/docs/podman-image-prune.1.md) | Remove all unused images |
[podman-image-sign(1)](/docs/podman-image-sign.1.md) | Create a signature for an image |
[podman-image-trust(1)](/docs/podman-image-trust.1.md) | Manage container registry image trust policy |
-[podman-images(1)](/docs/podman-images.1.md) | List images in local storage | [![...](/docs/play.png)](https://asciinema.org/a/133649)
+[podman-images(1)](/docs/podman-images.1.md) | List images in local storage | [![...](/docs/play.png)](https://podman.io/asciinema/podman/images/) | [Here](https://github.com/containers/Demos/blob/master/podman_cli/podman_images.sh)
[podman-import(1)](/docs/podman-import.1.md) | Import a tarball and save it as a filesystem image |
[podman-info(1)](/docs/podman-info.1.md) | Display system information |
[podman-inspect(1)](/docs/podman-inspect.1.md) | Display the configuration of a container or image | [![...](/docs/play.png)](https://asciinema.org/a/133418)
diff --git a/completions/bash/podman b/completions/bash/podman
index a3f381962..3616c6ca1 100644
--- a/completions/bash/podman
+++ b/completions/bash/podman
@@ -2388,7 +2388,7 @@ _podman_logout() {
_complete_ "$options_with_args" "$boolean_options"
}
-_podman_healtcheck_run() {
+_podman_healthcheck_run() {
local options_with_args=""
local boolean_options="
diff --git a/docs/podman-commit.1.md b/docs/podman-commit.1.md
index acde51859..7c74d7a33 100644
--- a/docs/podman-commit.1.md
+++ b/docs/podman-commit.1.md
@@ -39,6 +39,10 @@ not specifically set, the default format used is _oci_.
Write the image ID to the file.
+**--include-volumes**
+
+Include in the committed image any volumes added to the container by the `--volume` or `--mount` options to the `podman create` and `podman run` commands.
+
**--message, -m**
Set commit message for committed image. The message field is not supported in _oci_ format.
diff --git a/docs/podman-healthcheck-run.1.md b/docs/podman-healthcheck-run.1.md
index e19c6250c..21f2d9b20 100644
--- a/docs/podman-healthcheck-run.1.md
+++ b/docs/podman-healthcheck-run.1.md
@@ -29,7 +29,7 @@ Print usage statement
## EXAMPLES
```
-$ podman healtcheck run mywebapp
+$ podman healthcheck run mywebapp
```
## SEE ALSO
diff --git a/install.md b/install.md
index 5fe150db2..548b38c1b 100644
--- a/install.md
+++ b/install.md
@@ -55,11 +55,14 @@ sudo yum module install -y container-tools:1.0
```bash
sudo apt-get update -qq
-sudo apt-get install -qq -y software-properties-common
+sudo apt-get install -qq -y software-properties-common uidmap
sudo add-apt-repository -y ppa:projectatomic/ppa
+sudo apt-get update -qq
sudo apt-get -qq -y install podman
```
+Take note of the [Build and Run Dependencies](#build-and-run-dependencies) listed below if you run into any issues.
+
## Building from scratch
### Prerequisites
@@ -129,7 +132,8 @@ apt-get install -y \
libprotobuf-c0-dev \
libseccomp-dev \
libselinux1-dev \
- pkg-config
+ pkg-config \
+ uidmap
```
Debian, Ubuntu, and related distributions will also need to do the following setup:
diff --git a/libpod/container.go b/libpod/container.go
index 6d5e063ab..4bf9a1ba9 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -363,7 +363,7 @@ type ContainerConfig struct {
// Systemd tells libpod to setup the container in systemd mode
Systemd bool `json:"systemd"`
- // HealtchCheckConfig has the health check command and related timings
+ // HealthCheckConfig has the health check command and related timings
HealthCheckConfig *manifest.Schema2HealthConfig `json:"healthcheck"`
}
@@ -401,6 +401,29 @@ func (t ContainerStatus) String() string {
return "bad state"
}
+// StringToContainerStatus converts a string representation of a containers
+// status into an actual container status type
+func StringToContainerStatus(status string) (ContainerStatus, error) {
+ switch status {
+ case ContainerStateUnknown.String():
+ return ContainerStateUnknown, nil
+ case ContainerStateConfigured.String():
+ return ContainerStateConfigured, nil
+ case ContainerStateCreated.String():
+ return ContainerStateCreated, nil
+ case ContainerStateRunning.String():
+ return ContainerStateRunning, nil
+ case ContainerStateStopped.String():
+ return ContainerStateStopped, nil
+ case ContainerStatePaused.String():
+ return ContainerStatePaused, nil
+ case ContainerStateExited.String():
+ return ContainerStateExited, nil
+ default:
+ return ContainerStateUnknown, errors.Wrapf(ErrInvalidArg, "unknown container state: %s", status)
+ }
+}
+
// Config accessors
// Unlocked
@@ -591,7 +614,7 @@ func (c *Container) NewNetNS() bool {
func (c *Container) PortMappings() ([]ocicni.PortMapping, error) {
// First check if the container belongs to a network namespace (like a pod)
if len(c.config.NetNsCtr) > 0 {
- netNsCtr, err := c.runtime.LookupContainer(c.config.NetNsCtr)
+ netNsCtr, err := c.runtime.GetContainer(c.config.NetNsCtr)
if err != nil {
return nil, errors.Wrapf(err, "unable to lookup network namespace for container %s", c.ID())
}
diff --git a/libpod/container_api.go b/libpod/container_api.go
index 2a2381923..465b23831 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -15,7 +15,7 @@ import (
"github.com/containers/libpod/pkg/lookup"
"github.com/containers/storage/pkg/stringid"
"github.com/docker/docker/oci/caps"
- opentracing "github.com/opentracing/opentracing-go"
+ "github.com/opentracing/opentracing-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"k8s.io/apimachinery/pkg/util/wait"
@@ -174,7 +174,7 @@ func (c *Container) StopWithTimeout(timeout uint) error {
if c.state.State == ContainerStateConfigured ||
c.state.State == ContainerStateUnknown ||
c.state.State == ContainerStatePaused {
- return errors.Wrapf(ErrCtrStateInvalid, "can only stop created, running, or stopped containers")
+ return errors.Wrapf(ErrCtrStateInvalid, "can only stop created, running, or stopped containers. %s in state %s", c.ID(), c.state.State.String())
}
if c.state.State == ContainerStateStopped ||
diff --git a/libpod/container_commit.go b/libpod/container_commit.go
index 0604a550b..db67f7a30 100644
--- a/libpod/container_commit.go
+++ b/libpod/container_commit.go
@@ -20,10 +20,11 @@ import (
//libpod
type ContainerCommitOptions struct {
buildah.CommitOptions
- Pause bool
- Author string
- Message string
- Changes []string
+ Pause bool
+ IncludeVolumes bool
+ Author string
+ Message string
+ Changes []string
}
// ChangeCmds is the list of valid Changes commands to passed to the Commit call
@@ -113,9 +114,11 @@ func (c *Container) Commit(ctx context.Context, destImage string, options Contai
// User
importBuilder.SetUser(c.User())
// Volumes
- for _, v := range c.config.UserVolumes {
- if v != "" {
- importBuilder.AddVolume(v)
+ if options.IncludeVolumes {
+ for _, v := range c.config.UserVolumes {
+ if v != "" {
+ importBuilder.AddVolume(v)
+ }
}
}
// Workdir
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 485b43f7d..927b71b2b 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -340,7 +340,7 @@ func (c *Container) teardownStorage() error {
artifacts := filepath.Join(c.config.StaticDir, artifactsDir)
if err := os.RemoveAll(artifacts); err != nil {
- return errors.Wrapf(err, "error removing artifacts %q", artifacts)
+ return errors.Wrapf(err, "error removing container %s artifacts %q", c.ID(), artifacts)
}
if err := c.cleanupStorage(); err != nil {
@@ -666,7 +666,7 @@ func (c *Container) getAllDependencies(visited map[string]*Container) error {
}
for _, depID := range depIDs {
if _, ok := visited[depID]; !ok {
- dep, err := c.runtime.state.LookupContainer(depID)
+ dep, err := c.runtime.state.Container(depID)
if err != nil {
return err
}
@@ -938,7 +938,7 @@ func (c *Container) start() error {
// Internal, non-locking function to stop container
func (c *Container) stop(timeout uint) error {
- logrus.Debugf("Stopping ctr %s with timeout %d", c.ID(), timeout)
+ logrus.Debugf("Stopping ctr %s (timeout %d)", c.ID(), timeout)
if err := c.runtime.ociRuntime.stopContainer(c, timeout); err != nil {
return err
@@ -1054,14 +1054,16 @@ func (c *Container) mountStorage() (string, error) {
func (c *Container) cleanupStorage() error {
if !c.state.Mounted {
// Already unmounted, do nothing
- logrus.Debugf("Storage is already unmounted, skipping...")
+ logrus.Debugf("Container %s storage is already unmounted, skipping...", c.ID())
return nil
}
+
for _, mount := range c.config.Mounts {
if err := c.unmountSHM(mount); err != nil {
return err
}
}
+
if c.config.Rootfs != "" {
return nil
}
@@ -1101,13 +1103,13 @@ func (c *Container) cleanup(ctx context.Context) error {
// Remove healthcheck unit/timer file if it execs
if c.config.HealthCheckConfig != nil {
if err := c.removeTimer(); err != nil {
- logrus.Error(err)
+ logrus.Errorf("Error removing timer for container %s healthcheck: %v", c.ID(), err)
}
}
// Clean up network namespace, if present
if err := c.cleanupNetwork(); err != nil {
- lastError = err
+ lastError = errors.Wrapf(err, "error removing container %s network", c.ID())
}
// Unmount storage
@@ -1115,7 +1117,7 @@ func (c *Container) cleanup(ctx context.Context) error {
if lastError != nil {
logrus.Errorf("Error unmounting container %s storage: %v", c.ID(), err)
} else {
- lastError = err
+ lastError = errors.Wrapf(err, "error unmounting container %s storage", c.ID())
}
}
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 4d6bf61a3..f352b188e 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -30,7 +30,7 @@ import (
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/opencontainers/selinux/go-selinux/label"
- opentracing "github.com/opentracing/opentracing-go"
+ "github.com/opentracing/opentracing-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
@@ -48,6 +48,8 @@ func (c *Container) unmountSHM(mount string) error {
if err := unix.Unmount(mount, unix.MNT_DETACH); err != nil {
if err != syscall.EINVAL {
logrus.Warnf("container %s failed to unmount %s : %v", c.ID(), mount, err)
+ } else {
+ logrus.Debugf("container %s failed to unmount %s : %v", c.ID(), mount, err)
}
}
return nil
@@ -502,17 +504,9 @@ func (c *Container) checkpointRestoreSupported() (err error) {
return nil
}
-func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointOptions) (err error) {
- if err := c.checkpointRestoreSupported(); err != nil {
- return err
- }
-
- if c.state.State != ContainerStateRunning {
- return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, cannot checkpoint", c.state.State)
- }
-
+func (c *Container) checkpointRestoreLabelLog(fileName string) (err error) {
// Create the CRIU log file and label it
- dumpLog := filepath.Join(c.bundlePath(), "dump.log")
+ dumpLog := filepath.Join(c.bundlePath(), fileName)
logFile, err := os.OpenFile(dumpLog, os.O_CREATE, 0600)
if err != nil {
@@ -522,6 +516,21 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO
if err = label.SetFileLabel(dumpLog, c.MountLabel()); err != nil {
return errors.Wrapf(err, "failed to label CRIU log file %q", dumpLog)
}
+ return nil
+}
+
+func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointOptions) (err error) {
+ if err := c.checkpointRestoreSupported(); err != nil {
+ return err
+ }
+
+ if c.state.State != ContainerStateRunning {
+ return errors.Wrapf(ErrCtrStateInvalid, "%q is not running, cannot checkpoint", c.state.State)
+ }
+
+ if err := c.checkpointRestoreLabelLog("dump.log"); err != nil {
+ return err
+ }
if err := c.runtime.ociRuntime.checkpointContainer(c, options); err != nil {
return err
@@ -575,6 +584,10 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
return errors.Wrapf(err, "A complete checkpoint for this container cannot be found, cannot restore")
}
+ if err := c.checkpointRestoreLabelLog("restore.log"); err != nil {
+ return err
+ }
+
// Read network configuration from checkpoint
// Currently only one interface with one IP is supported.
networkStatusFile, err := os.Open(filepath.Join(c.bundlePath(), "network.status"))
diff --git a/libpod/healthcheck.go b/libpod/healthcheck.go
index d8f56860b..3a6609740 100644
--- a/libpod/healthcheck.go
+++ b/libpod/healthcheck.go
@@ -41,7 +41,7 @@ const (
HealthCheckDefined HealthCheckStatus = iota
// MaxHealthCheckNumberLogs is the maximum number of attempts we keep
- // in the healtcheck history file
+ // in the healthcheck history file
MaxHealthCheckNumberLogs int = 5
// MaxHealthCheckLogLength in characters
MaxHealthCheckLogLength = 500
diff --git a/libpod/kube.go b/libpod/kube.go
index 484127870..260269b2e 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -69,7 +69,7 @@ func (p *Pod) getInfraContainer() (*Container, error) {
if err != nil {
return nil, err
}
- return p.runtime.LookupContainer(infraID)
+ return p.runtime.GetContainer(infraID)
}
// GenerateKubeServiceFromV1Pod creates a v1 service object from a v1 pod object
diff --git a/libpod/oci.go b/libpod/oci.go
index 62331b879..189359753 100644
--- a/libpod/oci.go
+++ b/libpod/oci.go
@@ -143,6 +143,7 @@ func waitContainerStop(ctr *Container, timeout time.Duration) error {
return nil
case <-time.After(timeout):
close(chControl)
+ logrus.Debugf("container %s did not die within timeout %d", ctr.ID(), timeout)
return errors.Errorf("container %s did not die within timeout", ctr.ID())
}
}
diff --git a/libpod/oci_linux.go b/libpod/oci_linux.go
index 8c0abad80..01f7c3649 100644
--- a/libpod/oci_linux.go
+++ b/libpod/oci_linux.go
@@ -3,15 +3,20 @@
package libpod
import (
+ "fmt"
"os"
"os/exec"
"path/filepath"
+ "runtime"
"strings"
"syscall"
"github.com/containerd/cgroups"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/utils"
+ pmount "github.com/containers/storage/pkg/mount"
spec "github.com/opencontainers/runtime-spec/specs-go"
+ "github.com/pkg/errors"
"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
)
@@ -91,6 +96,54 @@ func (r *OCIRuntime) createContainer(ctr *Container, cgroupParent string, restor
return err
}
}
+
+ // if we are running a non privileged container, be sure to umount some kernel paths so they are not
+ // bind mounted inside the container at all.
+ if !ctr.config.Privileged && !rootless.IsRootless() {
+ ch := make(chan error)
+ go func() {
+ runtime.LockOSThread()
+ err := func() error {
+ fd, err := os.Open(fmt.Sprintf("/proc/%d/task/%d/ns/mnt", os.Getpid(), unix.Gettid()))
+ if err != nil {
+ return err
+ }
+ defer fd.Close()
+
+ // create a new mountns on the current thread
+ if err = unix.Unshare(unix.CLONE_NEWNS); err != nil {
+ return err
+ }
+ defer unix.Setns(int(fd.Fd()), unix.CLONE_NEWNS)
+
+ // don't spread our mounts around. We are setting only /sys to be slave
+ // so that the cleanup process is still able to umount the storage and the
+ // changes are propagated to the host.
+ err = unix.Mount("/sys", "/sys", "none", unix.MS_REC|unix.MS_SLAVE, "")
+ if err != nil {
+ return errors.Wrapf(err, "cannot make /sys slave")
+ }
+
+ mounts, err := pmount.GetMounts()
+ if err != nil {
+ return err
+ }
+ for _, m := range mounts {
+ if !strings.HasPrefix(m.Mountpoint, "/sys/kernel") {
+ continue
+ }
+ err = unix.Unmount(m.Mountpoint, 0)
+ if err != nil {
+ return errors.Wrapf(err, "cannot unmount %s", m.Mountpoint)
+ }
+ }
+ return r.createOCIContainer(ctr, cgroupParent, restoreOptions)
+ }()
+ ch <- err
+ }()
+ err := <-ch
+ return err
+ }
}
return r.createOCIContainer(ctr, cgroupParent, restoreOptions)
}
diff --git a/libpod/options.go b/libpod/options.go
index 9326e54e4..8038f1935 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -17,7 +17,8 @@ import (
)
var (
- nameRegex = regexp.MustCompile("^[a-zA-Z0-9][a-zA-Z0-9_.-]*$")
+ nameRegex = regexp.MustCompile("^[a-zA-Z0-9][a-zA-Z0-9_.-]*$")
+ regexError = errors.Wrapf(ErrInvalidArg, "names must match [a-zA-Z0-9][a-zA-Z0-9_.-]*")
)
// Runtime Creation Options
@@ -593,7 +594,7 @@ func WithName(name string) CtrCreateOption {
// Check the name against a regex
if !nameRegex.MatchString(name) {
- return errors.Wrapf(ErrInvalidArg, "name must match regex [a-zA-Z0-9_-]+")
+ return regexError
}
ctr.config.Name = name
@@ -1276,7 +1277,7 @@ func WithVolumeName(name string) VolumeCreateOption {
// Check the name against a regex
if !nameRegex.MatchString(name) {
- return errors.Wrapf(ErrInvalidArg, "name must match regex [a-zA-Z0-9_-]+")
+ return regexError
}
volume.config.Name = name
@@ -1382,7 +1383,7 @@ func WithPodName(name string) PodCreateOption {
// Check the name against a regex
if !nameRegex.MatchString(name) {
- return errors.Wrapf(ErrInvalidArg, "name must match regex [a-zA-Z0-9_-]+")
+ return regexError
}
pod.config.Name = name
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 4dd2707e8..3b1c2be98 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -870,6 +870,20 @@ func makeRuntime(runtime *Runtime) (err error) {
_, err = os.Stat(runtimeAliveFile)
if err != nil {
+ // If we need to refresh, then it is safe to assume there are
+ // no containers running. Create immediately a namespace, as
+ // we will need to access the storage.
+ if os.Geteuid() != 0 {
+ aliveLock.Unlock()
+ became, ret, err := rootless.BecomeRootInUserNS()
+ if err != nil {
+ return err
+ }
+ if became {
+ os.Exit(ret)
+ }
+
+ }
// If the file doesn't exist, we need to refresh the state
// This will trigger on first use as well, but refreshing an
// empty state only creates a single file
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 800b42851..48c254c0f 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -372,7 +372,7 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool,
// Clean up network namespace, cgroups, mounts
if err := c.cleanup(ctx); err != nil {
if cleanupErr == nil {
- cleanupErr = err
+ cleanupErr = errors.Wrapf(err, "error cleaning up container %s", c.ID())
} else {
logrus.Errorf("cleanup network, cgroups, mounts: %v", err)
}
@@ -404,12 +404,14 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool,
// Deallocate the container's lock
if err := c.lock.Free(); err != nil {
if cleanupErr == nil {
- cleanupErr = err
+ cleanupErr = errors.Wrapf(err, "error freeing lock for container %s", c.ID())
} else {
logrus.Errorf("free container lock: %v", err)
}
}
+ c.newContainerEvent(events.Remove)
+
if !removeVolume {
return cleanupErr
}
@@ -425,7 +427,6 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool,
}
}
- c.newContainerEvent(events.Remove)
return cleanupErr
}
@@ -547,16 +548,6 @@ func (r *Runtime) GetLatestContainer() (*Container, error) {
return ctrs[lastCreatedIndex], nil
}
-// Export is the libpod portion of exporting a container to a tar file
-func (r *Runtime) Export(name string, path string) error {
- ctr, err := r.LookupContainer(name)
- if err != nil {
- return err
- }
- return ctr.Export(path)
-
-}
-
// RemoveContainersFromStorage attempt to remove containers from storage that do not exist in libpod database
func (r *Runtime) RemoveContainersFromStorage(ctrs []string) {
for _, i := range ctrs {
diff --git a/pkg/adapter/containers.go b/pkg/adapter/containers.go
index 1bca99cec..931c55a57 100644
--- a/pkg/adapter/containers.go
+++ b/pkg/adapter/containers.go
@@ -18,6 +18,7 @@ import (
"github.com/containers/libpod/cmd/podman/shared"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/adapter/shortcuts"
+ "github.com/containers/storage"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@@ -62,52 +63,144 @@ func (r *LocalRuntime) StopContainers(ctx context.Context, cli *cliconfig.StopVa
timeout = &t
}
- var (
- ok = []string{}
- failures = map[string]error{}
- )
+ maxWorkers := shared.DefaultPoolSize("stop")
+ if cli.GlobalIsSet("max-workers") {
+ maxWorkers = cli.GlobalFlags.MaxWorks
+ }
+ logrus.Debugf("Setting maximum stop workers to %d", maxWorkers)
ctrs, err := shortcuts.GetContainersByContext(cli.All, cli.Latest, cli.InputArgs, r.Runtime)
if err != nil {
- return ok, failures, err
+ return nil, nil, err
}
+ pool := shared.NewPool("stop", maxWorkers, len(ctrs))
for _, c := range ctrs {
+ c := c
+
if timeout == nil {
t := c.StopTimeout()
timeout = &t
logrus.Debugf("Set timeout to container %s default (%d)", c.ID(), *timeout)
}
- if err := c.StopWithTimeout(*timeout); err == nil {
- ok = append(ok, c.ID())
- } else if errors.Cause(err) == libpod.ErrCtrStopped {
- ok = append(ok, c.ID())
- logrus.Debugf("Container %s is already stopped", c.ID())
- } else {
- failures[c.ID()] = err
- }
+
+ pool.Add(shared.Job{
+ c.ID(),
+ func() error {
+ err := c.StopWithTimeout(*timeout)
+ if err != nil {
+ if errors.Cause(err) == libpod.ErrCtrStopped {
+ logrus.Debugf("Container %s is already stopped", c.ID())
+ return nil
+ }
+ logrus.Debugf("Failed to stop container %s: %s", c.ID(), err.Error())
+ }
+ return err
+ },
+ })
}
- return ok, failures, nil
+ return pool.Run()
}
// KillContainers sends signal to container(s) based on CLI inputs.
// Returns list of successful id(s), map of failed id(s) + error, or error not from container
func (r *LocalRuntime) KillContainers(ctx context.Context, cli *cliconfig.KillValues, signal syscall.Signal) ([]string, map[string]error, error) {
+ maxWorkers := shared.DefaultPoolSize("kill")
+ if cli.GlobalIsSet("max-workers") {
+ maxWorkers = cli.GlobalFlags.MaxWorks
+ }
+ logrus.Debugf("Setting maximum kill workers to %d", maxWorkers)
+
+ ctrs, err := shortcuts.GetContainersByContext(cli.All, cli.Latest, cli.InputArgs, r.Runtime)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ pool := shared.NewPool("kill", maxWorkers, len(ctrs))
+ for _, c := range ctrs {
+ c := c
+
+ pool.Add(shared.Job{
+ c.ID(),
+ func() error {
+ return c.Kill(uint(signal))
+ },
+ })
+ }
+ return pool.Run()
+}
+
+// RemoveContainers removes container(s) based on CLI inputs.
+func (r *LocalRuntime) RemoveContainers(ctx context.Context, cli *cliconfig.RmValues) ([]string, map[string]error, error) {
var (
ok = []string{}
failures = map[string]error{}
)
+ maxWorkers := shared.DefaultPoolSize("rm")
+ if cli.GlobalIsSet("max-workers") {
+ maxWorkers = cli.GlobalFlags.MaxWorks
+ }
+ logrus.Debugf("Setting maximum rm workers to %d", maxWorkers)
+
ctrs, err := shortcuts.GetContainersByContext(cli.All, cli.Latest, cli.InputArgs, r.Runtime)
if err != nil {
+ // Force may be used to remove containers no longer found in the database
+ if cli.Force && len(cli.InputArgs) > 0 && errors.Cause(err) == libpod.ErrNoSuchCtr {
+ r.RemoveContainersFromStorage(cli.InputArgs)
+ }
return ok, failures, err
}
+ pool := shared.NewPool("rm", maxWorkers, len(ctrs))
for _, c := range ctrs {
- if err := c.Kill(uint(signal)); err == nil {
- ok = append(ok, c.ID())
+ c := c
+
+ pool.Add(shared.Job{
+ c.ID(),
+ func() error {
+ err := r.RemoveContainer(ctx, c, cli.Force, cli.Volumes)
+ if err != nil {
+ logrus.Debugf("Failed to remove container %s: %s", c.ID(), err.Error())
+ }
+ return err
+ },
+ })
+ }
+ return pool.Run()
+}
+
+// UmountRootFilesystems removes container(s) based on CLI inputs.
+func (r *LocalRuntime) UmountRootFilesystems(ctx context.Context, cli *cliconfig.UmountValues) ([]string, map[string]error, error) {
+ var (
+ ok = []string{}
+ failures = map[string]error{}
+ )
+
+ ctrs, err := shortcuts.GetContainersByContext(cli.All, cli.Latest, cli.InputArgs, r.Runtime)
+ if err != nil {
+ return ok, failures, err
+ }
+
+ for _, ctr := range ctrs {
+ state, err := ctr.State()
+ if err != nil {
+ logrus.Debugf("Error umounting container %s state: %s", ctr.ID(), err.Error())
+ continue
+ }
+ if state == libpod.ContainerStateRunning {
+ logrus.Debugf("Error umounting container %s, is running", ctr.ID())
+ continue
+ }
+
+ if err := ctr.Unmount(cli.Force); err != nil {
+ if cli.All && errors.Cause(err) == storage.ErrLayerNotMounted {
+ logrus.Debugf("Error umounting container %s, storage.ErrLayerNotMounted", ctr.ID())
+ continue
+ }
+ failures[ctr.ID()] = errors.Wrapf(err, "error unmounting continaner %s", ctr.ID())
} else {
- failures[c.ID()] = err
+ ok = append(ok, ctr.ID())
}
}
return ok, failures, nil
@@ -162,14 +255,17 @@ func (r *LocalRuntime) Log(c *cliconfig.LogsValues, options *libpod.LogOptions)
// CreateContainer creates a libpod container
func (r *LocalRuntime) CreateContainer(ctx context.Context, c *cliconfig.CreateValues) (string, error) {
- results := shared.NewIntermediateLayer(&c.PodmanCommand)
+ results := shared.NewIntermediateLayer(&c.PodmanCommand, false)
ctr, _, err := shared.CreateContainer(ctx, &results, r.Runtime)
- return ctr.ID(), err
+ if err != nil {
+ return "", err
+ }
+ return ctr.ID(), nil
}
// Run a libpod container
func (r *LocalRuntime) Run(ctx context.Context, c *cliconfig.RunValues, exitCode int) (int, error) {
- results := shared.NewIntermediateLayer(&c.PodmanCommand)
+ results := shared.NewIntermediateLayer(&c.PodmanCommand, false)
ctr, createConfig, err := shared.CreateContainer(ctx, &results, r.Runtime)
if err != nil {
@@ -304,3 +400,113 @@ func ReadExitFile(runtimeTmp, ctrID string) (int, error) {
return exitCode, nil
}
+
+// Ps ...
+func (r *LocalRuntime) Ps(c *cliconfig.PsValues, opts shared.PsOptions) ([]shared.PsContainerOutput, error) {
+ maxWorkers := shared.Parallelize("ps")
+ if c.GlobalIsSet("max-workers") {
+ maxWorkers = c.GlobalFlags.MaxWorks
+ }
+ logrus.Debugf("Setting maximum workers to %d", maxWorkers)
+ return shared.GetPsContainerOutput(r.Runtime, opts, c.Filter, maxWorkers)
+}
+
+// Attach ...
+func (r *LocalRuntime) Attach(ctx context.Context, c *cliconfig.AttachValues) error {
+ var (
+ ctr *libpod.Container
+ err error
+ )
+
+ if c.Latest {
+ ctr, err = r.Runtime.GetLatestContainer()
+ } else {
+ ctr, err = r.Runtime.LookupContainer(c.InputArgs[0])
+ }
+
+ if err != nil {
+ return errors.Wrapf(err, "unable to exec into %s", c.InputArgs[0])
+ }
+
+ conState, err := ctr.State()
+ if err != nil {
+ return errors.Wrapf(err, "unable to determine state of %s", ctr.ID())
+ }
+ if conState != libpod.ContainerStateRunning {
+ return errors.Errorf("you can only attach to running containers")
+ }
+
+ inputStream := os.Stdin
+ if c.NoStdin {
+ inputStream = nil
+ }
+ // If the container is in a pod, also set to recursively start dependencies
+ if err := StartAttachCtr(ctx, ctr, os.Stdout, os.Stderr, inputStream, c.DetachKeys, c.SigProxy, false, ctr.PodID() != ""); err != nil && errors.Cause(err) != libpod.ErrDetach {
+ return errors.Wrapf(err, "error attaching to container %s", ctr.ID())
+ }
+ return nil
+}
+
+// Checkpoint one or more containers
+func (r *LocalRuntime) Checkpoint(c *cliconfig.CheckpointValues, options libpod.ContainerCheckpointOptions) error {
+ var (
+ containers []*libpod.Container
+ err, lastError error
+ )
+
+ if c.All {
+ containers, err = r.Runtime.GetRunningContainers()
+ } else {
+ containers, err = shortcuts.GetContainersByContext(false, c.Latest, c.InputArgs, r.Runtime)
+ }
+ if err != nil {
+ return err
+ }
+
+ for _, ctr := range containers {
+ if err = ctr.Checkpoint(context.TODO(), options); err != nil {
+ if lastError != nil {
+ fmt.Fprintln(os.Stderr, lastError)
+ }
+ lastError = errors.Wrapf(err, "failed to checkpoint container %v", ctr.ID())
+ } else {
+ fmt.Println(ctr.ID())
+ }
+ }
+ return lastError
+}
+
+// Restore one or more containers
+func (r *LocalRuntime) Restore(c *cliconfig.RestoreValues, options libpod.ContainerCheckpointOptions) error {
+ var (
+ containers []*libpod.Container
+ err, lastError error
+ filterFuncs []libpod.ContainerFilter
+ )
+
+ filterFuncs = append(filterFuncs, func(c *libpod.Container) bool {
+ state, _ := c.State()
+ return state == libpod.ContainerStateExited
+ })
+
+ if c.All {
+ containers, err = r.GetContainers(filterFuncs...)
+ } else {
+ containers, err = shortcuts.GetContainersByContext(false, c.Latest, c.InputArgs, r.Runtime)
+ }
+ if err != nil {
+ return err
+ }
+
+ for _, ctr := range containers {
+ if err = ctr.Restore(context.TODO(), options); err != nil {
+ if lastError != nil {
+ fmt.Fprintln(os.Stderr, lastError)
+ }
+ lastError = errors.Wrapf(err, "failed to restore container %v", ctr.ID())
+ } else {
+ fmt.Println(ctr.ID())
+ }
+ }
+ return lastError
+}
diff --git a/pkg/adapter/containers_remote.go b/pkg/adapter/containers_remote.go
index 3730827c7..50cff9fa0 100644
--- a/pkg/adapter/containers_remote.go
+++ b/pkg/adapter/containers_remote.go
@@ -6,18 +6,25 @@ import (
"context"
"encoding/json"
"fmt"
+ "io"
+ "os"
"strconv"
"syscall"
"time"
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/cmd/podman/shared"
- "github.com/containers/libpod/cmd/podman/varlink"
+ iopodman "github.com/containers/libpod/cmd/podman/varlink"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/inspect"
+ "github.com/containers/libpod/pkg/varlinkapi/virtwriter"
+ "github.com/docker/docker/pkg/term"
+ "github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/varlink/go/varlink"
+ "golang.org/x/crypto/ssh/terminal"
+ "k8s.io/client-go/tools/remotecommand"
)
// Inspect returns an inspect struct from varlink
@@ -70,6 +77,19 @@ func (r *LocalRuntime) ContainerState(name string) (*libpod.ContainerState, erro
}
+// Spec obtains the container spec.
+func (r *LocalRuntime) Spec(name string) (*specs.Spec, error) {
+ reply, err := iopodman.Spec().Call(r.Conn, name)
+ if err != nil {
+ return nil, err
+ }
+ data := specs.Spec{}
+ if err := json.Unmarshal([]byte(reply), &data); err != nil {
+ return nil, err
+ }
+ return &data, nil
+}
+
// LookupContainer gets basic information about container over a varlink
// connection and then translates it to a *Container
func (r *LocalRuntime) LookupContainer(idOrName string) (*Container, error) {
@@ -78,10 +98,6 @@ func (r *LocalRuntime) LookupContainer(idOrName string) (*Container, error) {
return nil, err
}
config := r.Config(idOrName)
- if err != nil {
- return nil, err
- }
-
return &Container{
remoteContainer{
r,
@@ -128,7 +144,7 @@ func (c *Container) Name() string {
return c.config.Name
}
-// StopContainers stops requested containers using CLI inputs.
+// StopContainers stops requested containers using varlink.
// Returns the list of stopped container ids, map of failed to stop container ids + errors, or any non-container error
func (r *LocalRuntime) StopContainers(ctx context.Context, cli *cliconfig.StopValues) ([]string, map[string]error, error) {
var (
@@ -152,7 +168,7 @@ func (r *LocalRuntime) StopContainers(ctx context.Context, cli *cliconfig.StopVa
return ok, failures, nil
}
-// KillContainers sends signal to container(s) based on CLI inputs.
+// KillContainers sends signal to container(s) based on varlink.
// Returns list of successful id(s), map of failed id(s) + error, or error not from container
func (r *LocalRuntime) KillContainers(ctx context.Context, cli *cliconfig.KillValues, signal syscall.Signal) ([]string, map[string]error, error) {
var (
@@ -176,6 +192,52 @@ func (r *LocalRuntime) KillContainers(ctx context.Context, cli *cliconfig.KillVa
return ok, failures, nil
}
+// RemoveContainer removes container(s) based on varlink inputs.
+func (r *LocalRuntime) RemoveContainers(ctx context.Context, cli *cliconfig.RmValues) ([]string, map[string]error, error) {
+ ids, err := iopodman.GetContainersByContext().Call(r.Conn, cli.All, cli.Latest, cli.InputArgs)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ var (
+ ok = []string{}
+ failures = map[string]error{}
+ )
+
+ for _, id := range ids {
+ _, err := iopodman.RemoveContainer().Call(r.Conn, id, cli.Force, cli.Volumes)
+ if err != nil {
+ failures[id] = err
+ } else {
+ ok = append(ok, id)
+ }
+ }
+ return ok, failures, nil
+}
+
+// UmountRootFilesystems umounts container(s) root filesystems based on varlink inputs
+func (r *LocalRuntime) UmountRootFilesystems(ctx context.Context, cli *cliconfig.UmountValues) ([]string, map[string]error, error) {
+ ids, err := iopodman.GetContainersByContext().Call(r.Conn, cli.All, cli.Latest, cli.InputArgs)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ var (
+ ok = []string{}
+ failures = map[string]error{}
+ )
+
+ for _, id := range ids {
+ err := iopodman.UnmountContainer().Call(r.Conn, id, cli.Force)
+ if err != nil {
+ failures[id] = err
+ } else {
+ ok = append(ok, id)
+ }
+ }
+ return ok, failures, nil
+}
+
// WaitOnContainers waits for all given container(s) to stop.
// interval is currently ignored.
func (r *LocalRuntime) WaitOnContainers(ctx context.Context, cli *cliconfig.WaitValues, interval time.Duration) ([]string, map[string]error, error) {
@@ -227,7 +289,7 @@ func BatchContainerOp(ctr *Container, opts shared.PsOptions) (shared.BatchContai
// Logs one or more containers over a varlink connection
func (r *LocalRuntime) Log(c *cliconfig.LogsValues, options *libpod.LogOptions) error {
- //GetContainersLogs
+ // GetContainersLogs
reply, err := iopodman.GetContainersLogs().Send(r.Conn, uint64(varlink.More), c.InputArgs, c.Follow, c.Latest, options.Since.Format(time.RFC3339Nano), int64(c.Tail), c.Timestamps)
if err != nil {
return errors.Wrapf(err, "failed to get container logs")
@@ -269,26 +331,281 @@ func (r *LocalRuntime) CreateContainer(ctx context.Context, c *cliconfig.CreateV
// TODO need to add attach when that function becomes available
return "", errors.New("the remote client only supports detached containers")
}
- results := shared.NewIntermediateLayer(&c.PodmanCommand)
+ results := shared.NewIntermediateLayer(&c.PodmanCommand, true)
return iopodman.CreateContainer().Call(r.Conn, results.MakeVarlink())
}
// Run creates a container overvarlink and then starts it
func (r *LocalRuntime) Run(ctx context.Context, c *cliconfig.RunValues, exitCode int) (int, error) {
+ // FIXME
+ // podman-remote run -it alpine ls DOES NOT WORK YET
+ // podman-remote run -it alpine /bin/sh does, i suspect there is some sort of
+ // timing issue between the socket availability and terminal setup and the command
+ // being run.
+
// TODO the exit codes for run need to be figured out for remote connections
- if !c.Bool("detach") {
- return 0, errors.New("the remote client only supports detached containers")
- }
- results := shared.NewIntermediateLayer(&c.PodmanCommand)
+ results := shared.NewIntermediateLayer(&c.PodmanCommand, true)
cid, err := iopodman.CreateContainer().Call(r.Conn, results.MakeVarlink())
if err != nil {
return 0, err
}
- fmt.Println(cid)
- _, err = iopodman.StartContainer().Call(r.Conn, cid)
- return 0, err
+ if c.Bool("detach") {
+ _, err := iopodman.StartContainer().Call(r.Conn, cid)
+ fmt.Println(cid)
+ return 0, err
+ }
+
+ errChan, err := r.attach(ctx, os.Stdin, os.Stdout, cid, true)
+ if err != nil {
+ return 0, err
+ }
+ finalError := <-errChan
+ return 0, finalError
}
func ReadExitFile(runtimeTmp, ctrID string) (int, error) {
return 0, libpod.ErrNotImplemented
}
+
+// Ps ...
+func (r *LocalRuntime) Ps(c *cliconfig.PsValues, opts shared.PsOptions) ([]shared.PsContainerOutput, error) {
+ var psContainers []shared.PsContainerOutput
+ last := int64(c.Last)
+ PsOpts := iopodman.PsOpts{
+ All: c.All,
+ Filters: &c.Filter,
+ Last: &last,
+ Latest: &c.Latest,
+ NoTrunc: &c.NoTrunct,
+ Pod: &c.Pod,
+ Quiet: &c.Quiet,
+ Sort: &c.Sort,
+ Sync: &c.Sync,
+ }
+ containers, err := iopodman.Ps().Call(r.Conn, PsOpts)
+ if err != nil {
+ return nil, err
+ }
+ for _, ctr := range containers {
+ createdAt, err := time.Parse(time.RFC3339Nano, ctr.CreatedAt)
+ if err != nil {
+ return nil, err
+ }
+ exitedAt, err := time.Parse(time.RFC3339Nano, ctr.ExitedAt)
+ if err != nil {
+ return nil, err
+ }
+ startedAt, err := time.Parse(time.RFC3339Nano, ctr.StartedAt)
+ if err != nil {
+ return nil, err
+ }
+ containerSize := shared.ContainerSize{
+ RootFsSize: ctr.RootFsSize,
+ RwSize: ctr.RwSize,
+ }
+ state, err := libpod.StringToContainerStatus(ctr.State)
+ if err != nil {
+ return nil, err
+ }
+ psc := shared.PsContainerOutput{
+ ID: ctr.Id,
+ Image: ctr.Image,
+ Command: ctr.Command,
+ Created: ctr.Created,
+ Ports: ctr.Ports,
+ Names: ctr.Names,
+ IsInfra: ctr.IsInfra,
+ Status: ctr.Status,
+ State: state,
+ Pid: int(ctr.PidNum),
+ Size: &containerSize,
+ Pod: ctr.Pod,
+ CreatedAt: createdAt,
+ ExitedAt: exitedAt,
+ StartedAt: startedAt,
+ Labels: ctr.Labels,
+ PID: ctr.NsPid,
+ Cgroup: ctr.Cgroup,
+ IPC: ctr.Ipc,
+ MNT: ctr.Mnt,
+ NET: ctr.Net,
+ PIDNS: ctr.PidNs,
+ User: ctr.User,
+ UTS: ctr.Uts,
+ Mounts: ctr.Mounts,
+ }
+ psContainers = append(psContainers, psc)
+ }
+ return psContainers, nil
+}
+
+func (r *LocalRuntime) attach(ctx context.Context, stdin, stdout *os.File, cid string, start bool) (chan error, error) {
+ var (
+ oldTermState *term.State
+ )
+ errChan := make(chan error)
+ spec, err := r.Spec(cid)
+ if err != nil {
+ return nil, err
+ }
+ resize := make(chan remotecommand.TerminalSize)
+ haveTerminal := terminal.IsTerminal(int(os.Stdin.Fd()))
+
+ // Check if we are attached to a terminal. If we are, generate resize
+ // events, and set the terminal to raw mode
+ if haveTerminal && spec.Process.Terminal {
+ logrus.Debugf("Handling terminal attach")
+
+ subCtx, cancel := context.WithCancel(ctx)
+ defer cancel()
+
+ resizeTty(subCtx, resize)
+ oldTermState, err = term.SaveState(os.Stdin.Fd())
+ if err != nil {
+ return nil, errors.Wrapf(err, "unable to save terminal state")
+ }
+
+ logrus.SetFormatter(&RawTtyFormatter{})
+ term.SetRawTerminal(os.Stdin.Fd())
+
+ }
+ // TODO add detach keys support
+ _, err = iopodman.Attach().Send(r.Conn, varlink.Upgrade, cid, "", start)
+ if err != nil {
+ restoreTerminal(oldTermState)
+ return nil, err
+ }
+
+ // These are the varlink sockets
+ reader := r.Conn.Reader
+ writer := r.Conn.Writer
+
+ // These are the special writers that encode input from the client.
+ varlinkStdinWriter := virtwriter.NewVirtWriteCloser(writer, virtwriter.ToStdin)
+ varlinkResizeWriter := virtwriter.NewVirtWriteCloser(writer, virtwriter.TerminalResize)
+
+ go func() {
+ // Read from the wire and direct to stdout or stderr
+ err := virtwriter.Reader(reader, stdout, os.Stderr, nil, nil)
+ defer restoreTerminal(oldTermState)
+ errChan <- err
+ }()
+
+ go func() {
+ for termResize := range resize {
+ b, err := json.Marshal(termResize)
+ if err != nil {
+ defer restoreTerminal(oldTermState)
+ errChan <- err
+ }
+ _, err = varlinkResizeWriter.Write(b)
+ if err != nil {
+ defer restoreTerminal(oldTermState)
+ errChan <- err
+ }
+ }
+ }()
+
+ // Takes stdinput and sends it over the wire after being encoded
+ go func() {
+ if _, err := io.Copy(varlinkStdinWriter, stdin); err != nil {
+ defer restoreTerminal(oldTermState)
+ errChan <- err
+ }
+
+ }()
+ return errChan, nil
+
+}
+
+// Attach to a remote terminal
+func (r *LocalRuntime) Attach(ctx context.Context, c *cliconfig.AttachValues) error {
+ ctr, err := r.LookupContainer(c.InputArgs[0])
+ if err != nil {
+ return nil
+ }
+ if ctr.state.State != libpod.ContainerStateRunning {
+ return errors.New("you can only attach to running containers")
+ }
+ inputStream := os.Stdin
+ if c.NoStdin {
+ inputStream = nil
+ }
+ errChan, err := r.attach(ctx, inputStream, os.Stdout, c.InputArgs[0], false)
+ if err != nil {
+ return err
+ }
+ return <-errChan
+}
+
+// Checkpoint one or more containers
+func (r *LocalRuntime) Checkpoint(c *cliconfig.CheckpointValues, options libpod.ContainerCheckpointOptions) error {
+ var lastError error
+ ids, err := iopodman.GetContainersByContext().Call(r.Conn, c.All, c.Latest, c.InputArgs)
+ if err != nil {
+ return err
+ }
+ if c.All {
+ // We dont have a great way to get all the running containers, so need to get all and then
+ // check status on them bc checkpoint considers checkpointing a stopped container an error
+ var runningIds []string
+ for _, id := range ids {
+ ctr, err := r.LookupContainer(id)
+ if err != nil {
+ return err
+ }
+ if ctr.state.State == libpod.ContainerStateRunning {
+ runningIds = append(runningIds, id)
+ }
+ }
+ ids = runningIds
+ }
+
+ for _, id := range ids {
+ if _, err := iopodman.ContainerCheckpoint().Call(r.Conn, id, options.Keep, options.KeepRunning, options.TCPEstablished); err != nil {
+ if lastError != nil {
+ fmt.Fprintln(os.Stderr, lastError)
+ }
+ lastError = errors.Wrapf(err, "failed to checkpoint container %v", id)
+ } else {
+ fmt.Println(id)
+ }
+ }
+ return lastError
+}
+
+// Restore one or more containers
+func (r *LocalRuntime) Restore(c *cliconfig.RestoreValues, options libpod.ContainerCheckpointOptions) error {
+ var lastError error
+ ids, err := iopodman.GetContainersByContext().Call(r.Conn, c.All, c.Latest, c.InputArgs)
+ if err != nil {
+ return err
+ }
+ if c.All {
+ // We dont have a great way to get all the exited containers, so need to get all and then
+ // check status on them bc checkpoint considers restoring a running container an error
+ var exitedIDs []string
+ for _, id := range ids {
+ ctr, err := r.LookupContainer(id)
+ if err != nil {
+ return err
+ }
+ if ctr.state.State != libpod.ContainerStateRunning {
+ exitedIDs = append(exitedIDs, id)
+ }
+ }
+ ids = exitedIDs
+ }
+
+ for _, id := range ids {
+ if _, err := iopodman.ContainerRestore().Call(r.Conn, id, options.Keep, options.TCPEstablished); err != nil {
+ if lastError != nil {
+ fmt.Fprintln(os.Stderr, lastError)
+ }
+ lastError = errors.Wrapf(err, "failed to restore container %v", id)
+ } else {
+ fmt.Println(id)
+ }
+ }
+ return lastError
+}
diff --git a/pkg/adapter/runtime.go b/pkg/adapter/runtime.go
index 182a04044..6aafed550 100644
--- a/pkg/adapter/runtime.go
+++ b/pkg/adapter/runtime.go
@@ -7,6 +7,7 @@ import (
"context"
"io"
"io/ioutil"
+ "k8s.io/api/core/v1"
"os"
"text/template"
@@ -310,6 +311,46 @@ func (r *LocalRuntime) HealthCheck(c *cliconfig.HealthCheckValues) (libpod.Healt
return r.Runtime.HealthCheck(c.InputArgs[0])
}
+// JoinOrCreateRootlessPod joins the specified pod if it is running or it creates a new user namespace
+// if the pod is stopped
+// func (r *LocalRuntime) JoinOrCreateRootlessPod(pod *Pod) (bool, int, error) {
+// if os.Geteuid() == 0 {
+// return false, 0, nil
+// }
+// opts := rootless.Opts{
+// Argument: pod.ID(),
+// }
+//
+// inspect, err := pod.Inspect()
+// if err != nil {
+// return false, 0, err
+// }
+// for _, ctr := range inspect.Containers {
+// prevCtr, err := r.LookupContainer(ctr.ID)
+// if err != nil {
+// return false, -1, err
+// }
+// s, err := prevCtr.State()
+// if err != nil {
+// return false, -1, err
+// }
+// if s != libpod.ContainerStateRunning && s != libpod.ContainerStatePaused {
+// continue
+// }
+// data, err := ioutil.ReadFile(prevCtr.Config().ConmonPidFile)
+// if err != nil {
+// return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", prevCtr.Config().ConmonPidFile)
+// }
+// conmonPid, err := strconv.Atoi(string(data))
+// if err != nil {
+// return false, -1, errors.Wrapf(err, "cannot parse PID %q", data)
+// }
+// return rootless.JoinDirectUserAndMountNSWithOpts(uint(conmonPid), &opts)
+// }
+//
+// return rootless.BecomeRootInUserNSWithOpts(&opts)
+// }
+
// Events is a wrapper to libpod to obtain libpod/podman events
func (r *LocalRuntime) Events(c *cliconfig.EventValues) error {
var (
@@ -363,3 +404,8 @@ func (r *LocalRuntime) Events(c *cliconfig.EventValues) error {
func (r *LocalRuntime) Diff(c *cliconfig.DiffValues, to string) ([]archive.Change, error) {
return r.Runtime.GetDiff("", to)
}
+
+// GenerateKube creates kubernetes email from containers and pods
+func (r *LocalRuntime) GenerateKube(c *cliconfig.GenerateKubeValues) (*v1.Pod, *v1.Service, error) {
+ return shared.GenerateKube(c.InputArgs[0], c.Service, r.Runtime)
+}
diff --git a/pkg/adapter/runtime_remote.go b/pkg/adapter/runtime_remote.go
index 807a9ad8f..71f7380db 100644
--- a/pkg/adapter/runtime_remote.go
+++ b/pkg/adapter/runtime_remote.go
@@ -5,9 +5,11 @@ package adapter
import (
"bufio"
"context"
+ "encoding/json"
"fmt"
"io"
"io/ioutil"
+ v1 "k8s.io/api/core/v1"
"os"
"strings"
"text/template"
@@ -858,3 +860,20 @@ func stringToChangeType(change string) archive.ChangeType {
return archive.ChangeModify
}
}
+
+// GenerateKube creates kubernetes email from containers and pods
+func (r *LocalRuntime) GenerateKube(c *cliconfig.GenerateKubeValues) (*v1.Pod, *v1.Service, error) {
+ var (
+ pod v1.Pod
+ service v1.Service
+ )
+ reply, err := iopodman.GenerateKube().Call(r.Conn, c.InputArgs[0], c.Service)
+ if err != nil {
+ return nil, nil, errors.Wrap(err, "unable to create kubernetes YAML")
+ }
+ if err := json.Unmarshal([]byte(reply.Pod), &pod); err != nil {
+ return nil, nil, err
+ }
+ err = json.Unmarshal([]byte(reply.Service), &service)
+ return &pod, &service, err
+}
diff --git a/pkg/adapter/shortcuts/shortcuts.go b/pkg/adapter/shortcuts/shortcuts.go
index 677d88457..3e4eff555 100644
--- a/pkg/adapter/shortcuts/shortcuts.go
+++ b/pkg/adapter/shortcuts/shortcuts.go
@@ -1,6 +1,8 @@
package shortcuts
-import "github.com/containers/libpod/libpod"
+import (
+ "github.com/containers/libpod/libpod"
+)
// GetPodsByContext gets pods whether all, latest, or a slice of names/ids
func GetPodsByContext(all, latest bool, pods []string, runtime *libpod.Runtime) ([]*libpod.Pod, error) {
@@ -27,28 +29,23 @@ func GetPodsByContext(all, latest bool, pods []string, runtime *libpod.Runtime)
}
// GetContainersByContext gets pods whether all, latest, or a slice of names/ids
-func GetContainersByContext(all, latest bool, names []string, runtime *libpod.Runtime) ([]*libpod.Container, error) {
- var ctrs = []*libpod.Container{}
+func GetContainersByContext(all, latest bool, names []string, runtime *libpod.Runtime) (ctrs []*libpod.Container, err error) {
+ var ctr *libpod.Container
+ ctrs = []*libpod.Container{}
if all {
- return runtime.GetAllContainers()
- }
-
- if latest {
- c, err := runtime.GetLatestContainer()
- if err != nil {
- return nil, err
- }
- ctrs = append(ctrs, c)
- return ctrs, nil
- }
-
- for _, c := range names {
- ctr, err := runtime.LookupContainer(c)
- if err != nil {
- return nil, err
- }
+ ctrs, err = runtime.GetAllContainers()
+ } else if latest {
+ ctr, err = runtime.GetLatestContainer()
ctrs = append(ctrs, ctr)
+ } else {
+ for _, n := range names {
+ ctr, e := runtime.LookupContainer(n)
+ if e != nil && err == nil {
+ err = e
+ }
+ ctrs = append(ctrs, ctr)
+ }
}
- return ctrs, nil
+ return
}
diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c
index 9cb79ed4d..d6a2793a7 100644
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@@ -16,6 +16,8 @@
#include <sys/types.h>
#include <sys/prctl.h>
#include <dirent.h>
+#include <termios.h>
+#include <sys/ioctl.h>
static const char *_max_user_namespaces = "/proc/sys/user/max_user_namespaces";
static const char *_unprivileged_user_namespaces = "/proc/sys/kernel/unprivileged_userns_clone";
@@ -178,6 +180,11 @@ reexec_userns_join (int userns, int mountns)
_exit (EXIT_FAILURE);
}
+ if (isatty (1) && ioctl (1, TIOCSCTTY, 0) == -1) {
+ fprintf (stderr, "cannot ioctl(TIOCSCTTY): %s\n", strerror (errno));
+ _exit (EXIT_FAILURE);
+ }
+
if (setns (userns, 0) < 0)
{
fprintf (stderr, "cannot setns: %s\n", strerror (errno));
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index 1d1b1713d..2c99f41a4 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -28,6 +28,10 @@ extern int reexec_userns_join(int userns, int mountns);
*/
import "C"
+const (
+ numSig = 65 // max number of signals
+)
+
func runInUser() error {
os.Setenv("_CONTAINERS_USERNS_CONFIGURED", "done")
return nil
@@ -283,7 +287,15 @@ func BecomeRootInUserNS() (bool, int, error) {
c := make(chan os.Signal, 1)
- gosignal.Notify(c)
+ signals := []os.Signal{}
+ for sig := 0; sig < numSig; sig++ {
+ if sig == int(syscall.SIGTSTP) {
+ continue
+ }
+ signals = append(signals, syscall.Signal(sig))
+ }
+
+ gosignal.Notify(c, signals...)
defer gosignal.Reset()
go func() {
for s := range c {
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 9b6bd089e..0371b6d4d 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -132,6 +132,9 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
Options: []string{"rprivate", "nosuid", "noexec", "nodev", r, "rbind"},
}
g.AddMount(sysMnt)
+ if !config.Privileged && isRootless {
+ g.AddLinuxMaskedPaths("/sys/kernel")
+ }
}
if isRootless {
nGids, err := getAvailableGids()
diff --git a/pkg/varlinkapi/attach.go b/pkg/varlinkapi/attach.go
new file mode 100644
index 000000000..9e2a265be
--- /dev/null
+++ b/pkg/varlinkapi/attach.go
@@ -0,0 +1,103 @@
+// +build varlink
+
+package varlinkapi
+
+import (
+ "bufio"
+ "io"
+
+ "github.com/containers/libpod/cmd/podman/varlink"
+ "github.com/containers/libpod/libpod"
+ "github.com/containers/libpod/pkg/varlinkapi/virtwriter"
+ "github.com/sirupsen/logrus"
+ "k8s.io/client-go/tools/remotecommand"
+)
+
+func setupStreams(call iopodman.VarlinkCall) (*bufio.Reader, *bufio.Writer, *io.PipeReader, *io.PipeWriter, *libpod.AttachStreams) {
+
+ // These are the varlink sockets
+ reader := call.Call.Reader
+ writer := call.Call.Writer
+
+ // This pipe is used to pass stdin from the client to the input stream
+ // once the msg has been "decoded"
+ pr, pw := io.Pipe()
+
+ stdoutWriter := virtwriter.NewVirtWriteCloser(writer, virtwriter.ToStdout)
+ // TODO if runc ever starts passing stderr, we can too
+ //stderrWriter := NewVirtWriteCloser(writer, ToStderr)
+
+ streams := libpod.AttachStreams{
+ OutputStream: stdoutWriter,
+ InputStream: pr,
+ // Runc eats the error stream
+ ErrorStream: stdoutWriter,
+ AttachInput: true,
+ AttachOutput: true,
+ // Runc eats the error stream
+ AttachError: true,
+ }
+ return reader, writer, pr, pw, &streams
+}
+
+// Attach connects to a containers console
+func (i *LibpodAPI) Attach(call iopodman.VarlinkCall, name string, detachKeys string, start bool) error {
+ var finalErr error
+ resize := make(chan remotecommand.TerminalSize)
+ errChan := make(chan error)
+
+ if !call.WantsUpgrade() {
+ return call.ReplyErrorOccurred("client must use upgraded connection to attach")
+ }
+ ctr, err := i.Runtime.LookupContainer(name)
+ if err != nil {
+ return call.ReplyErrorOccurred(err.Error())
+ }
+
+ reader, writer, _, pw, streams := setupStreams(call)
+
+ go func() {
+ if err := virtwriter.Reader(reader, nil, nil, pw, resize); err != nil {
+ errChan <- err
+ }
+ }()
+
+ if start {
+ finalErr = startAndAttach(ctr, streams, detachKeys, resize, errChan)
+ } else {
+ finalErr = attach(ctr, streams, detachKeys, resize, errChan)
+ }
+
+ if finalErr != libpod.ErrDetach && finalErr != nil {
+ logrus.Error(finalErr)
+ }
+ quitWriter := virtwriter.NewVirtWriteCloser(writer, virtwriter.Quit)
+ _, err = quitWriter.Write([]byte("HANG-UP"))
+ // TODO error handling is not quite right here yet
+ return call.Writer.Flush()
+}
+
+func attach(ctr *libpod.Container, streams *libpod.AttachStreams, detachKeys string, resize chan remotecommand.TerminalSize, errChan chan error) error {
+ go func() {
+ if err := ctr.Attach(streams, detachKeys, resize); err != nil {
+ errChan <- err
+ }
+ }()
+ attachError := <-errChan
+ return attachError
+}
+
+func startAndAttach(ctr *libpod.Container, streams *libpod.AttachStreams, detachKeys string, resize chan remotecommand.TerminalSize, errChan chan error) error {
+ var finalErr error
+ attachChan, err := ctr.StartAndAttach(getContext(), streams, detachKeys, resize, false)
+ if err != nil {
+ return err
+ }
+ select {
+ case attachChanErr := <-attachChan:
+ finalErr = attachChanErr
+ case chanError := <-errChan:
+ finalErr = chanError
+ }
+ return finalErr
+}
diff --git a/pkg/varlinkapi/containers.go b/pkg/varlinkapi/containers.go
index ac1352dac..17792ccfe 100644
--- a/pkg/varlinkapi/containers.go
+++ b/pkg/varlinkapi/containers.go
@@ -47,6 +47,55 @@ func (i *LibpodAPI) ListContainers(call iopodman.VarlinkCall) error {
return call.ReplyListContainers(listContainers)
}
+func (i *LibpodAPI) Ps(call iopodman.VarlinkCall, opts iopodman.PsOpts) error {
+ var (
+ containers []iopodman.PsContainer
+ )
+ maxWorkers := shared.Parallelize("ps")
+ psOpts := makePsOpts(opts)
+ filters := []string{}
+ if opts.Filters != nil {
+ filters = *opts.Filters
+ }
+ psContainerOutputs, err := shared.GetPsContainerOutput(i.Runtime, psOpts, filters, maxWorkers)
+ if err != nil {
+ return call.ReplyErrorOccurred(err.Error())
+ }
+
+ for _, ctr := range psContainerOutputs {
+ container := iopodman.PsContainer{
+ Id: ctr.ID,
+ Image: ctr.Image,
+ Command: ctr.Command,
+ Created: ctr.Created,
+ Ports: ctr.Ports,
+ Names: ctr.Names,
+ IsInfra: ctr.IsInfra,
+ Status: ctr.Status,
+ State: ctr.State.String(),
+ PidNum: int64(ctr.Pid),
+ RootFsSize: ctr.Size.RootFsSize,
+ RwSize: ctr.Size.RwSize,
+ Pod: ctr.Pod,
+ CreatedAt: ctr.CreatedAt.Format(time.RFC3339Nano),
+ ExitedAt: ctr.ExitedAt.Format(time.RFC3339Nano),
+ StartedAt: ctr.StartedAt.Format(time.RFC3339Nano),
+ Labels: ctr.Labels,
+ NsPid: ctr.PID,
+ Cgroup: ctr.Cgroup,
+ Ipc: ctr.Cgroup,
+ Mnt: ctr.MNT,
+ Net: ctr.NET,
+ PidNs: ctr.PIDNS,
+ User: ctr.User,
+ Uts: ctr.UTS,
+ Mounts: ctr.Mounts,
+ }
+ containers = append(containers, container)
+ }
+ return call.ReplyPs(containers)
+}
+
// GetContainer ...
func (i *LibpodAPI) GetContainer(call iopodman.VarlinkCall, id string) error {
ctr, err := i.Runtime.LookupContainer(id)
@@ -585,6 +634,22 @@ func (i *LibpodAPI) GetContainerStatsWithHistory(call iopodman.VarlinkCall, prev
return call.ReplyGetContainerStatsWithHistory(cStats)
}
+// Spec ...
+func (i *LibpodAPI) Spec(call iopodman.VarlinkCall, name string) error {
+ ctr, err := i.Runtime.LookupContainer(name)
+ if err != nil {
+ return call.ReplyErrorOccurred(err.Error())
+ }
+
+ spec := ctr.Spec()
+ b, err := json.Marshal(spec)
+ if err != nil {
+ return call.ReplyErrorOccurred(err.Error())
+ }
+
+ return call.ReplySpec(string(b))
+}
+
// GetContainersLogs is the varlink endpoint to obtain one or more container logs
func (i *LibpodAPI) GetContainersLogs(call iopodman.VarlinkCall, names []string, follow, latest bool, since string, tail int64, timestamps bool) error {
var wg sync.WaitGroup
diff --git a/pkg/varlinkapi/generate.go b/pkg/varlinkapi/generate.go
new file mode 100644
index 000000000..bc600c397
--- /dev/null
+++ b/pkg/varlinkapi/generate.go
@@ -0,0 +1,30 @@
+// +build varlink
+
+package varlinkapi
+
+import (
+ "encoding/json"
+ "github.com/containers/libpod/cmd/podman/shared"
+ iopodman "github.com/containers/libpod/cmd/podman/varlink"
+)
+
+// GenerateKube ...
+func (i *LibpodAPI) GenerateKube(call iopodman.VarlinkCall, name string, service bool) error {
+ pod, serv, err := shared.GenerateKube(name, service, i.Runtime)
+ if err != nil {
+ return call.ReplyErrorOccurred(err.Error())
+ }
+ podB, err := json.Marshal(pod)
+ if err != nil {
+ return call.ReplyErrorOccurred(err.Error())
+ }
+ servB, err := json.Marshal(serv)
+ if err != nil {
+ return call.ReplyErrorOccurred(err.Error())
+ }
+
+ return call.ReplyGenerateKube(iopodman.KubePodService{
+ Pod: string(podB),
+ Service: string(servB),
+ })
+}
diff --git a/pkg/varlinkapi/util.go b/pkg/varlinkapi/util.go
index 3c4b9b79a..8716c963a 100644
--- a/pkg/varlinkapi/util.go
+++ b/pkg/varlinkapi/util.go
@@ -162,3 +162,36 @@ func stringPullPolicyToType(s string) buildah.PullPolicy {
}
return buildah.PullIfMissing
}
+
+func derefBool(inBool *bool) bool {
+ if inBool == nil {
+ return false
+ }
+ return *inBool
+}
+
+func derefString(in *string) string {
+ if in == nil {
+ return ""
+ }
+ return *in
+}
+
+func makePsOpts(inOpts iopodman.PsOpts) shared.PsOptions {
+ last := 0
+ if inOpts.Last != nil {
+ lastT := *inOpts.Last
+ last = int(lastT)
+ }
+ return shared.PsOptions{
+ All: inOpts.All,
+ Last: last,
+ Latest: derefBool(inOpts.Latest),
+ NoTrunc: derefBool(inOpts.NoTrunc),
+ Pod: derefBool(inOpts.Pod),
+ Size: true,
+ Sort: derefString(inOpts.Sort),
+ Namespace: true,
+ Sync: derefBool(inOpts.Sync),
+ }
+}
diff --git a/pkg/varlinkapi/virtwriter/virtwriter.go b/pkg/varlinkapi/virtwriter/virtwriter.go
new file mode 100644
index 000000000..3adaf6e17
--- /dev/null
+++ b/pkg/varlinkapi/virtwriter/virtwriter.go
@@ -0,0 +1,155 @@
+package virtwriter
+
+import (
+ "bufio"
+ "encoding/binary"
+ "encoding/json"
+ "errors"
+ "io"
+ "os"
+
+ "k8s.io/client-go/tools/remotecommand"
+)
+
+// SocketDest is the "key" to where IO should go on the varlink
+// multiplexed socket
+type SocketDest int
+
+const (
+ // ToStdout indicates traffic should go stdout
+ ToStdout SocketDest = iota
+ // ToStdin indicates traffic came from stdin
+ ToStdin SocketDest = iota
+ // ToStderr indicates traffuc should go to stderr
+ ToStderr SocketDest = iota
+ // TerminalResize indicates a terminal resize event has occurred
+ // and data should be passed to resizer
+ TerminalResize SocketDest = iota
+ // Quit and detach
+ Quit SocketDest = iota
+)
+
+// IntToSocketDest returns a socketdest based on integer input
+func IntToSocketDest(i int) SocketDest {
+ switch i {
+ case ToStdout.Int():
+ return ToStdout
+ case ToStderr.Int():
+ return ToStderr
+ case ToStdin.Int():
+ return ToStdin
+ case TerminalResize.Int():
+ return TerminalResize
+ case Quit.Int():
+ return Quit
+ default:
+ return ToStderr
+ }
+}
+
+// Int returns the integer representation of the socket dest
+func (sd SocketDest) Int() int {
+ return int(sd)
+}
+
+// VirtWriteCloser are writers for attach which include the dest
+// of the data
+type VirtWriteCloser struct {
+ writer *bufio.Writer
+ dest SocketDest
+}
+
+// NewVirtWriteCloser is a constructor
+func NewVirtWriteCloser(w *bufio.Writer, dest SocketDest) VirtWriteCloser {
+ return VirtWriteCloser{w, dest}
+}
+
+// Close is a required method for a writecloser
+func (v VirtWriteCloser) Close() error {
+ return nil
+}
+
+// Write prepends a header to the input message. The header is
+// 8bytes. Position one contains the destination. Positions
+// 5,6,7,8 are a big-endian encoded uint32 for len of the message.
+func (v VirtWriteCloser) Write(input []byte) (int, error) {
+ header := []byte{byte(v.dest), 0, 0, 0}
+ // Go makes us define the byte for big endian
+ mlen := make([]byte, 4)
+ binary.BigEndian.PutUint32(mlen, uint32(len(input)))
+ // append the message len to the header
+ msg := append(header, mlen...)
+ // append the message to the header
+ msg = append(msg, input...)
+ _, err := v.writer.Write(msg)
+ if err != nil {
+ return 0, err
+ }
+ err = v.writer.Flush()
+ return len(input), err
+}
+
+// Reader decodes the content that comes over the wire and directs it to the proper destination.
+func Reader(r *bufio.Reader, output, errput *os.File, input *io.PipeWriter, resize chan remotecommand.TerminalSize) error {
+ var saveb []byte
+ var eom int
+ for {
+ readb := make([]byte, 32*1024)
+ n, err := r.Read(readb)
+ // TODO, later may be worth checking in len of the read is 0
+ if err != nil {
+ return err
+ }
+ b := append(saveb, readb[0:n]...)
+ // no sense in reading less than the header len
+ for len(b) > 7 {
+ eom = int(binary.BigEndian.Uint32(b[4:8])) + 8
+ // The message and header are togther
+ if len(b) >= eom {
+ out := append([]byte{}, b[8:eom]...)
+
+ switch IntToSocketDest(int(b[0])) {
+ case ToStdout:
+ n, err := output.Write(out)
+ if err != nil {
+ return err
+ }
+ if n < len(out) {
+ return errors.New("short write error occurred on stdout")
+ }
+ case ToStderr:
+ n, err := errput.Write(out)
+ if err != nil {
+ return err
+ }
+ if n < len(out) {
+ return errors.New("short write error occurred on stderr")
+ }
+ case ToStdin:
+ n, err := input.Write(out)
+ if err != nil {
+ return err
+ }
+ if n < len(out) {
+ return errors.New("short write error occurred on stdin")
+ }
+ case TerminalResize:
+ // Resize events come over in bytes, need to be reserialized
+ resizeEvent := remotecommand.TerminalSize{}
+ if err := json.Unmarshal(out, &resizeEvent); err != nil {
+ return err
+ }
+ resize <- resizeEvent
+ case Quit:
+ return nil
+ }
+ b = b[eom:]
+ } else {
+ // We do not have the header and full message, need to slurp again
+ saveb = b
+ break
+ }
+ }
+ }
+ return nil
+}
diff --git a/test/e2e/commit_test.go b/test/e2e/commit_test.go
index fe4ae64cf..93e1ea7af 100644
--- a/test/e2e/commit_test.go
+++ b/test/e2e/commit_test.go
@@ -131,7 +131,7 @@ var _ = Describe("Podman commit", func() {
Expect(check.ExitCode()).To(Equal(0))
})
- It("podman commit with volume mounts", func() {
+ It("podman commit with volumes mounts and no include-volumes", func() {
s := podmanTest.Podman([]string{"run", "--name", "test1", "-v", "/tmp:/foo", "alpine", "date"})
s.WaitWithDefaultTimeout()
Expect(s.ExitCode()).To(Equal(0))
@@ -145,6 +145,23 @@ var _ = Describe("Podman commit", func() {
Expect(inspect.ExitCode()).To(Equal(0))
image := inspect.InspectImageJSON()
_, ok := image[0].Config.Volumes["/foo"]
+ Expect(ok).To(BeFalse())
+ })
+
+ It("podman commit with volume mounts and --include-volumes", func() {
+ s := podmanTest.Podman([]string{"run", "--name", "test1", "-v", "/tmp:/foo", "alpine", "date"})
+ s.WaitWithDefaultTimeout()
+ Expect(s.ExitCode()).To(Equal(0))
+
+ c := podmanTest.Podman([]string{"commit", "--include-volumes", "test1", "newimage"})
+ c.WaitWithDefaultTimeout()
+ Expect(c.ExitCode()).To(Equal(0))
+
+ inspect := podmanTest.Podman([]string{"inspect", "newimage"})
+ inspect.WaitWithDefaultTimeout()
+ Expect(inspect.ExitCode()).To(Equal(0))
+ image := inspect.InspectImageJSON()
+ _, ok := image[0].Config.Volumes["/foo"]
Expect(ok).To(BeTrue())
r := podmanTest.Podman([]string{"run", "newimage"})
diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go
index b20b3b37e..58f94f27e 100644
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@@ -3,7 +3,6 @@ package integration
import (
"encoding/json"
"fmt"
- "github.com/containers/libpod/pkg/rootless"
"io/ioutil"
"os"
"os/exec"
@@ -12,6 +11,7 @@ import (
"strings"
"testing"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/containers/storage"
"github.com/containers/libpod/pkg/inspect"
@@ -86,7 +86,7 @@ func TestLibpod(t *testing.T) {
}
var _ = SynchronizedBeforeSuite(func() []byte {
- //Cache images
+ // Cache images
cwd, _ := os.Getwd()
INTEGRATION_ROOT = filepath.Join(cwd, "../../")
podman := PodmanTestCreate("/tmp")
@@ -134,18 +134,18 @@ func (p *PodmanTestIntegration) Setup() {
p.ArtifactPath = ARTIFACT_DIR
}
-//var _ = BeforeSuite(func() {
-// cwd, _ := os.Getwd()
-// INTEGRATION_ROOT = filepath.Join(cwd, "../../")
-// podman := PodmanTestCreate("/tmp")
-// podman.ArtifactPath = ARTIFACT_DIR
-// if _, err := os.Stat(ARTIFACT_DIR); os.IsNotExist(err) {
-// if err = os.Mkdir(ARTIFACT_DIR, 0777); err != nil {
-// fmt.Printf("%q\n", err)
-// os.Exit(1)
-// }
-// }
-//})
+// var _ = BeforeSuite(func() {
+// cwd, _ := os.Getwd()
+// INTEGRATION_ROOT = filepath.Join(cwd, "../../")
+// podman := PodmanTestCreate("/tmp")
+// podman.ArtifactPath = ARTIFACT_DIR
+// if _, err := os.Stat(ARTIFACT_DIR); os.IsNotExist(err) {
+// if err = os.Mkdir(ARTIFACT_DIR, 0777); err != nil {
+// fmt.Printf("%q\n", err)
+// os.Exit(1)
+// }
+// }
+// })
// for _, image := range CACHE_IMAGES {
// if err := podman.CreateArtifact(image); err != nil {
// fmt.Printf("%q\n", err)
@@ -172,7 +172,7 @@ func (p *PodmanTestIntegration) Setup() {
// os.Exit(1)
// }
// LockTmpDir = path
-//})
+// })
var _ = AfterSuite(func() {
sort.Sort(testResultsSortedLength{testResults})
diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go
index 6ed5ad2d8..105cba37c 100644
--- a/test/e2e/create_test.go
+++ b/test/e2e/create_test.go
@@ -70,6 +70,17 @@ var _ = Describe("Podman create", func() {
Expect(podmanTest.NumberOfContainers()).To(Equal(1))
})
+ It("podman create using existing name", func() {
+ session := podmanTest.Podman([]string{"create", "--name=foo", ALPINE, "ls"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(podmanTest.NumberOfContainers()).To(Equal(1))
+
+ session = podmanTest.Podman([]string{"create", "--name=foo", ALPINE, "ls"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(125))
+ })
+
It("podman create adds annotation", func() {
session := podmanTest.Podman([]string{"create", "--annotation", "HELLO=WORLD", ALPINE, "ls"})
session.WaitWithDefaultTimeout()
diff --git a/test/e2e/images_test.go b/test/e2e/images_test.go
index a253dff63..48a964db4 100644
--- a/test/e2e/images_test.go
+++ b/test/e2e/images_test.go
@@ -43,6 +43,17 @@ var _ = Describe("Podman images", func() {
Expect(session.LineInOuputStartsWith("docker.io/library/busybox")).To(BeTrue())
})
+ It("podman images with no images prints header", func() {
+ rmi := podmanTest.Podman([]string{"rmi", "-a"})
+ rmi.WaitWithDefaultTimeout()
+ Expect(rmi.ExitCode()).To(Equal(0))
+
+ session := podmanTest.Podman([]string{"images"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(len(session.OutputToStringArray())).To(Equal(1))
+ })
+
It("podman image List", func() {
session := podmanTest.Podman([]string{"image", "list"})
session.WaitWithDefaultTimeout()
diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go
index 685a08340..a69c1ba9a 100644
--- a/test/e2e/libpod_suite_test.go
+++ b/test/e2e/libpod_suite_test.go
@@ -61,9 +61,12 @@ func (p *PodmanTestIntegration) PodmanPID(args []string) (*PodmanSessionIntegrat
func (p *PodmanTestIntegration) Cleanup() {
// Remove all containers
stopall := p.Podman([]string{"stop", "-a", "--timeout", "0"})
- stopall.WaitWithDefaultTimeout()
+ // stopall.WaitWithDefaultTimeout()
+ stopall.Wait(90)
+
session := p.Podman([]string{"rm", "-fa"})
session.Wait(90)
+
// Nuke tempdir
if err := os.RemoveAll(p.TempDir); err != nil {
fmt.Printf("%q\n", err)
@@ -141,7 +144,7 @@ func (p *PodmanTestIntegration) CreatePod(name string) (*PodmanSessionIntegratio
return session, session.ExitCode(), session.OutputToString()
}
-//RunTopContainer runs a simple container in the background that
+// RunTopContainer runs a simple container in the background that
// runs top. If the name passed != "", it will have a name
func (p *PodmanTestIntegration) RunTopContainer(name string) *PodmanSessionIntegration {
var podmanArgs = []string{"run"}
@@ -161,7 +164,7 @@ func (p *PodmanTestIntegration) RunTopContainerInPod(name, pod string) *PodmanSe
return p.Podman(podmanArgs)
}
-//RunLsContainer runs a simple container in the background that
+// RunLsContainer runs a simple container in the background that
// simply runs ls. If the name passed != "", it will have a name
func (p *PodmanTestIntegration) RunLsContainer(name string) (*PodmanSessionIntegration, int, string) {
var podmanArgs = []string{"run"}
@@ -215,13 +218,19 @@ func PodmanTestCreate(tempDir string) *PodmanTestIntegration {
return PodmanTestCreateUtil(tempDir, false)
}
-//MakeOptions assembles all the podman main options
+// MakeOptions assembles all the podman main options
func (p *PodmanTestIntegration) makeOptions(args []string) []string {
- podmanOptions := strings.Split(fmt.Sprintf("--root %s --runroot %s --runtime %s --conmon %s --cni-config-dir %s --cgroup-manager %s --tmpdir %s",
- p.CrioRoot, p.RunRoot, p.OCIRuntime, p.ConmonBinary, p.CNIConfigDir, p.CgroupManager, p.TmpDir), " ")
+ var debug string
+ if _, ok := os.LookupEnv("DEBUG"); ok {
+ debug = "--log-level=debug --syslog=true "
+ }
+
+ podmanOptions := strings.Split(fmt.Sprintf("%s--root %s --runroot %s --runtime %s --conmon %s --cni-config-dir %s --cgroup-manager %s --tmpdir %s",
+ debug, p.CrioRoot, p.RunRoot, p.OCIRuntime, p.ConmonBinary, p.CNIConfigDir, p.CgroupManager, p.TmpDir), " ")
if os.Getenv("HOOK_OPTION") != "" {
podmanOptions = append(podmanOptions, os.Getenv("HOOK_OPTION"))
}
+
podmanOptions = append(podmanOptions, strings.Split(p.StorageOptions, " ")...)
podmanOptions = append(podmanOptions, args...)
return podmanOptions
diff --git a/test/e2e/prune_test.go b/test/e2e/prune_test.go
index 869ca3289..682f7ff2b 100644
--- a/test/e2e/prune_test.go
+++ b/test/e2e/prune_test.go
@@ -82,7 +82,7 @@ var _ = Describe("Podman rm", func() {
prune.WaitWithDefaultTimeout()
Expect(prune.ExitCode()).To(Equal(0))
- images := podmanTest.Podman([]string{"images", "-a"})
+ images := podmanTest.Podman([]string{"images", "-aq"})
images.WaitWithDefaultTimeout()
// all images are unused, so they all should be deleted!
Expect(len(images.OutputToStringArray())).To(Equal(0))
@@ -95,7 +95,7 @@ var _ = Describe("Podman rm", func() {
prune.WaitWithDefaultTimeout()
Expect(prune.ExitCode()).To(Equal(0))
- images := podmanTest.Podman([]string{"images", "-a"})
+ images := podmanTest.Podman([]string{"images", "-aq"})
images.WaitWithDefaultTimeout()
// all images are unused, so they all should be deleted!
Expect(len(images.OutputToStringArray())).To(Equal(0))
diff --git a/test/e2e/pull_test.go b/test/e2e/pull_test.go
index de6d4ea09..4e4e80d56 100644
--- a/test/e2e/pull_test.go
+++ b/test/e2e/pull_test.go
@@ -38,6 +38,12 @@ var _ = Describe("Podman pull", func() {
})
+ It("podman pull from docker a not existing image", func() {
+ session := podmanTest.Podman([]string{"pull", "ibetthisdoesntexistthere:foo"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Not(Equal(0)))
+ })
+
It("podman pull from docker with tag", func() {
session := podmanTest.Podman([]string{"pull", "busybox:glibc"})
session.WaitWithDefaultTimeout()
diff --git a/test/e2e/rmi_test.go b/test/e2e/rmi_test.go
index 78d175637..e034f24cf 100644
--- a/test/e2e/rmi_test.go
+++ b/test/e2e/rmi_test.go
@@ -270,7 +270,7 @@ RUN find $LOCAL
fmt.Println(session.OutputToString())
Expect(session.ExitCode()).To(Equal(0))
- images := podmanTest.Podman([]string{"images", "--all"})
+ images := podmanTest.Podman([]string{"images", "-aq"})
images.WaitWithDefaultTimeout()
Expect(images.ExitCode()).To(Equal(0))
Expect(len(images.OutputToStringArray())).To(Equal(0))
diff --git a/test/e2e/search_test.go b/test/e2e/search_test.go
index 589389b3b..61d581c6d 100644
--- a/test/e2e/search_test.go
+++ b/test/e2e/search_test.go
@@ -3,47 +3,79 @@
package integration
import (
+ "bytes"
+ "fmt"
+ "io/ioutil"
"os"
"strconv"
+ "text/template"
. "github.com/containers/libpod/test/utils"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
)
+type endpoint struct {
+ Host string
+ Port string
+}
+
+func (e *endpoint) Address() string {
+ return fmt.Sprintf("%s:%s", e.Host, e.Port)
+}
+
var _ = Describe("Podman search", func() {
var (
tempdir string
err error
podmanTest *PodmanTestIntegration
)
+
+ var registryEndpoints = []endpoint{
+ {"localhost", "5001"},
+ {"localhost", "5002"},
+ {"localhost", "5003"},
+ {"localhost", "5004"},
+ {"localhost", "5005"},
+ {"localhost", "5006"},
+ {"localhost", "5007"},
+ {"localhost", "5008"},
+ {"localhost", "5009"},
+ }
+
const regFileContents = `
- [registries.search]
- registries = ['localhost:5000']
+[registries.search]
+registries = ['{{.Host}}:{{.Port}}']
- [registries.insecure]
- registries = ['localhost:5000']`
+[registries.insecure]
+registries = ['{{.Host}}:{{.Port}}']`
+ registryFileTmpl := template.Must(template.New("registryFile").Parse(regFileContents))
const badRegFileContents = `
- [registries.search]
- registries = ['localhost:5000']
- # empty
- [registries.insecure]
- registries = []`
+[registries.search]
+registries = ['{{.Host}}:{{.Port}}']
+# empty
+[registries.insecure]
+registries = []`
+ registryFileBadTmpl := template.Must(template.New("registryFileBad").Parse(badRegFileContents))
const regFileContents2 = `
- [registries.search]
- registries = ['localhost:5000', 'localhost:6000']
+[registries.search]
+registries = ['{{.Host}}:{{.Port}}', '{{.Host}}:6000']
+
+[registries.insecure]
+registries = ['{{.Host}}:{{.Port}}']`
+ registryFileTwoTmpl := template.Must(template.New("registryFileTwo").Parse(regFileContents2))
- [registries.insecure]
- registries = ['localhost:5000']`
BeforeEach(func() {
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
}
+
podmanTest = PodmanTestCreate(tempdir)
podmanTest.Setup()
+
podmanTest.RestoreAllArtifacts()
})
@@ -51,7 +83,6 @@ var _ = Describe("Podman search", func() {
podmanTest.Cleanup()
f := CurrentGinkgoTestDescription()
processTestResult(f)
-
})
It("podman search", func() {
@@ -134,11 +165,13 @@ var _ = Describe("Podman search", func() {
if podmanTest.Host.Arch == "ppc64le" {
Skip("No registry image for ppc64le")
}
- lock := GetPortLock("5000")
+ lock := GetPortLock(registryEndpoints[0].Port)
defer lock.Unlock()
podmanTest.RestoreArtifact(registry)
- fakereg := podmanTest.Podman([]string{"run", "-d", "--name", "registry", "-p", "5000:5000", registry, "/entrypoint.sh", "/etc/docker/registry/config.yml"})
+ fakereg := podmanTest.Podman([]string{"run", "-d", "--name", "registry",
+ "-p", fmt.Sprintf("%s:5000", registryEndpoints[0].Port),
+ registry, "/entrypoint.sh", "/etc/docker/registry/config.yml"})
fakereg.WaitWithDefaultTimeout()
Expect(fakereg.ExitCode()).To(Equal(0))
@@ -146,7 +179,8 @@ var _ = Describe("Podman search", func() {
Skip("Can not start docker registry.")
}
- search := podmanTest.Podman([]string{"search", "localhost:5000/fake/image:andtag", "--tls-verify=false"})
+ search := podmanTest.Podman([]string{"search",
+ fmt.Sprintf("%s/fake/image:andtag", registryEndpoints[0].Address()), "--tls-verify=false"})
search.WaitWithDefaultTimeout()
// if this test succeeded, there will be no output (there is no entry named fake/image:andtag in an empty registry)
@@ -160,10 +194,12 @@ var _ = Describe("Podman search", func() {
if podmanTest.Host.Arch == "ppc64le" {
Skip("No registry image for ppc64le")
}
- lock := GetPortLock("5000")
+ lock := GetPortLock(registryEndpoints[3].Port)
defer lock.Unlock()
podmanTest.RestoreArtifact(registry)
- registry := podmanTest.Podman([]string{"run", "-d", "--name", "registry3", "-p", "5000:5000", registry, "/entrypoint.sh", "/etc/docker/registry/config.yml"})
+ registry := podmanTest.Podman([]string{"run", "-d", "--name", "registry3",
+ "-p", fmt.Sprintf("%s:5000", registryEndpoints[3].Port), registry,
+ "/entrypoint.sh", "/etc/docker/registry/config.yml"})
registry.WaitWithDefaultTimeout()
Expect(registry.ExitCode()).To(Equal(0))
@@ -171,10 +207,11 @@ var _ = Describe("Podman search", func() {
Skip("Can not start docker registry.")
}
- push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"})
+ image := fmt.Sprintf("%s/my-alpine", registryEndpoints[3].Address())
+ push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, image})
push.WaitWithDefaultTimeout()
Expect(push.ExitCode()).To(Equal(0))
- search := podmanTest.Podman([]string{"search", "localhost:5000/my-alpine", "--tls-verify=false"})
+ search := podmanTest.Podman([]string{"search", image, "--tls-verify=false"})
search.WaitWithDefaultTimeout()
Expect(search.ExitCode()).To(Equal(0))
@@ -185,10 +222,12 @@ var _ = Describe("Podman search", func() {
if podmanTest.Host.Arch == "ppc64le" {
Skip("No registry image for ppc64le")
}
- lock := GetPortLock("5000")
+
+ lock := GetPortLock(registryEndpoints[4].Port)
defer lock.Unlock()
podmanTest.RestoreArtifact(registry)
- registry := podmanTest.Podman([]string{"run", "-d", "--name", "registry4", "-p", "5000:5000", registry, "/entrypoint.sh", "/etc/docker/registry/config.yml"})
+ registry := podmanTest.Podman([]string{"run", "-d", "-p", fmt.Sprintf("%s:5000", registryEndpoints[4].Port),
+ "--name", "registry4", registry, "/entrypoint.sh", "/etc/docker/registry/config.yml"})
registry.WaitWithDefaultTimeout()
Expect(registry.ExitCode()).To(Equal(0))
@@ -196,14 +235,18 @@ var _ = Describe("Podman search", func() {
Skip("Can not start docker registry.")
}
- push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"})
+ image := fmt.Sprintf("%s/my-alpine", registryEndpoints[4].Address())
+ push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, image})
push.WaitWithDefaultTimeout()
Expect(push.ExitCode()).To(Equal(0))
// registries.conf set up
- podmanTest.setRegistriesConfigEnv([]byte(regFileContents))
+ var buffer bytes.Buffer
+ registryFileTmpl.Execute(&buffer, registryEndpoints[4])
+ podmanTest.setRegistriesConfigEnv(buffer.Bytes())
+ ioutil.WriteFile(fmt.Sprintf("%s/registry4.conf", tempdir), buffer.Bytes(), 0644)
- search := podmanTest.Podman([]string{"search", "localhost:5000/my-alpine"})
+ search := podmanTest.Podman([]string{"search", image})
search.WaitWithDefaultTimeout()
Expect(search.ExitCode()).To(Equal(0))
@@ -219,24 +262,29 @@ var _ = Describe("Podman search", func() {
if podmanTest.Host.Arch == "ppc64le" {
Skip("No registry image for ppc64le")
}
- lock := GetPortLock("5000")
+ lock := GetPortLock(registryEndpoints[5].Port)
defer lock.Unlock()
podmanTest.RestoreArtifact(registry)
- registry := podmanTest.Podman([]string{"run", "-d", "-p", "5000:5000", "--name", "registry5", registry})
+ registry := podmanTest.Podman([]string{"run", "-d", "-p", fmt.Sprintf("%s:5000", registryEndpoints[5].Port),
+ "--name", "registry5", registry})
registry.WaitWithDefaultTimeout()
Expect(registry.ExitCode()).To(Equal(0))
if !WaitContainerReady(podmanTest, "registry5", "listening on", 20, 1) {
Skip("Can not start docker registry.")
}
- push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"})
+
+ image := fmt.Sprintf("%s/my-alpine", registryEndpoints[5].Address())
+ push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, image})
push.WaitWithDefaultTimeout()
Expect(push.ExitCode()).To(Equal(0))
- // registries.conf set up
- podmanTest.setRegistriesConfigEnv([]byte(regFileContents))
+ var buffer bytes.Buffer
+ registryFileTmpl.Execute(&buffer, registryEndpoints[5])
+ podmanTest.setRegistriesConfigEnv(buffer.Bytes())
+ ioutil.WriteFile(fmt.Sprintf("%s/registry5.conf", tempdir), buffer.Bytes(), 0644)
- search := podmanTest.Podman([]string{"search", "localhost:5000/my-alpine", "--tls-verify=true"})
+ search := podmanTest.Podman([]string{"search", image, "--tls-verify=true"})
search.WaitWithDefaultTimeout()
Expect(search.ExitCode()).To(Equal(0))
@@ -252,24 +300,29 @@ var _ = Describe("Podman search", func() {
if podmanTest.Host.Arch == "ppc64le" {
Skip("No registry image for ppc64le")
}
- lock := GetPortLock("5000")
+ lock := GetPortLock(registryEndpoints[6].Port)
defer lock.Unlock()
podmanTest.RestoreArtifact(registry)
- registry := podmanTest.Podman([]string{"run", "-d", "-p", "5000:5000", "--name", "registry6", registry})
+ registry := podmanTest.Podman([]string{"run", "-d", "-p", fmt.Sprintf("%s:5000", registryEndpoints[6].Port),
+ "--name", "registry6", registry})
registry.WaitWithDefaultTimeout()
Expect(registry.ExitCode()).To(Equal(0))
if !WaitContainerReady(podmanTest, "registry6", "listening on", 20, 1) {
Skip("Can not start docker registry.")
}
- push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"})
+
+ image := fmt.Sprintf("%s/my-alpine", registryEndpoints[6].Address())
+ push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, image})
push.WaitWithDefaultTimeout()
Expect(push.ExitCode()).To(Equal(0))
- // registries.conf set up
- podmanTest.setRegistriesConfigEnv([]byte(badRegFileContents))
+ var buffer bytes.Buffer
+ registryFileBadTmpl.Execute(&buffer, registryEndpoints[6])
+ podmanTest.setRegistriesConfigEnv(buffer.Bytes())
+ ioutil.WriteFile(fmt.Sprintf("%s/registry6.conf", tempdir), buffer.Bytes(), 0644)
- search := podmanTest.Podman([]string{"search", "localhost:5000/my-alpine"})
+ search := podmanTest.Podman([]string{"search", image})
search.WaitWithDefaultTimeout()
Expect(search.ExitCode()).To(Equal(0))
@@ -285,10 +338,14 @@ var _ = Describe("Podman search", func() {
if podmanTest.Host.Arch == "ppc64le" {
Skip("No registry image for ppc64le")
}
- lock := GetPortLock("5000")
- defer lock.Unlock()
+ lock7 := GetPortLock(registryEndpoints[7].Port)
+ defer lock7.Unlock()
+ lock8 := GetPortLock("6000")
+ defer lock8.Unlock()
+
podmanTest.RestoreArtifact(registry)
- registryLocal := podmanTest.Podman([]string{"run", "-d", "-p", "5000:5000", "--name", "registry7", registry})
+ registryLocal := podmanTest.Podman([]string{"run", "-d", "-p", fmt.Sprintf("%s:5000", registryEndpoints[7].Port),
+ "--name", "registry7", registry})
registryLocal.WaitWithDefaultTimeout()
Expect(registryLocal.ExitCode()).To(Equal(0))
@@ -303,12 +360,16 @@ var _ = Describe("Podman search", func() {
if !WaitContainerReady(podmanTest, "registry8", "listening on", 20, 1) {
Skip("Can not start docker registry.")
}
+
push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:6000/my-alpine"})
push.WaitWithDefaultTimeout()
Expect(push.ExitCode()).To(Equal(0))
// registries.conf set up
- podmanTest.setRegistriesConfigEnv([]byte(regFileContents2))
+ var buffer bytes.Buffer
+ registryFileTwoTmpl.Execute(&buffer, registryEndpoints[8])
+ podmanTest.setRegistriesConfigEnv(buffer.Bytes())
+ ioutil.WriteFile(fmt.Sprintf("%s/registry8.conf", tempdir), buffer.Bytes(), 0644)
search := podmanTest.Podman([]string{"search", "my-alpine"})
search.WaitWithDefaultTimeout()
diff --git a/test/system/005-info.bats b/test/system/005-info.bats
index 7dcc78838..c64b011bd 100644
--- a/test/system/005-info.bats
+++ b/test/system/005-info.bats
@@ -3,6 +3,8 @@
load helpers
@test "podman info - basic test" {
+ skip_if_remote
+
run_podman info
expected_keys="
@@ -26,6 +28,8 @@ RunRoot:
}
@test "podman info - json" {
+ skip_if_remote
+
run_podman info --format=json
expr_nvr="[a-z0-9-]\\\+-[a-z0-9.]\\\+-[a-z0-9]\\\+\."
diff --git a/test/system/010-images.bats b/test/system/010-images.bats
index 1c9577e34..380623078 100644
--- a/test/system/010-images.bats
+++ b/test/system/010-images.bats
@@ -25,11 +25,12 @@ load helpers
@test "podman images - json" {
+ # 'created': podman includes fractional seconds, podman-remote does not
tests="
names[0] | $PODMAN_TEST_IMAGE_FQN
id | [0-9a-f]\\\{64\\\}
digest | sha256:[0-9a-f]\\\{64\\\}
-created | [0-9-]\\\+T[0-9:]\\\+\\\.[0-9]\\\+Z
+created | [0-9-]\\\+T[0-9:.]\\\+Z
size | [0-9]\\\+
"
diff --git a/test/system/015-help.bats b/test/system/015-help.bats
index 8e07b8822..a987f04bc 100644
--- a/test/system/015-help.bats
+++ b/test/system/015-help.bats
@@ -87,6 +87,8 @@ function check_help() {
@test "podman help - basic tests" {
+ skip_if_remote
+
# Called with no args -- start with 'podman --help'. check_help() will
# recurse for any subcommands.
check_help
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 8ae68f33d..bdbe724ef 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -3,6 +3,8 @@
load helpers
@test "podman run - basic tests" {
+ skip_if_remote
+
rand=$(random_string 30)
tests="
true | 0 |
@@ -31,4 +33,16 @@ echo $rand | 0 | $rand
done < <(parse_table "$tests")
}
+@test "podman run - uidmapping has no /sys/kernel mounts" {
+ skip_if_rootless "cannot umount as rootless"
+
+ run_podman run --rm --uidmap 0:100:10000 $IMAGE mount
+ run grep /sys/kernel <(echo "$output")
+ is "$output" "" "unwanted /sys/kernel in 'mount' output"
+
+ run_podman run --rm --net host --uidmap 0:100:10000 $IMAGE mount
+ run grep /sys/kernel <(echo "$output")
+ is "$output" "" "unwanted /sys/kernel in 'mount' output (with --net=host)"
+}
+
# vim: filetype=sh
diff --git a/test/system/035-logs.bats b/test/system/035-logs.bats
index 055865c8d..5736e0939 100644
--- a/test/system/035-logs.bats
+++ b/test/system/035-logs.bats
@@ -6,6 +6,8 @@
load helpers
@test "podman logs - basic test" {
+ skip_if_remote
+
rand_string=$(random_string 40)
run_podman create $IMAGE echo $rand_string
diff --git a/test/system/060-mount.bats b/test/system/060-mount.bats
index e249b2883..7570f3ac4 100644
--- a/test/system/060-mount.bats
+++ b/test/system/060-mount.bats
@@ -6,6 +6,7 @@ load helpers
@test "podman mount - basic test" {
# Only works with root (FIXME: does it work with rootless + vfs?)
skip_if_rootless "mount does not work rootless"
+ skip_if_remote
f_path=/tmp/tmpfile_$(random_string 8)
f_content=$(random_string 30)
diff --git a/test/system/070-build.bats b/test/system/070-build.bats
index 25eb36c58..c6a25093f 100644
--- a/test/system/070-build.bats
+++ b/test/system/070-build.bats
@@ -6,6 +6,8 @@
load helpers
@test "podman build - basic test" {
+ skip_if_remote
+
rand_filename=$(random_string 20)
rand_content=$(random_string 50)
diff --git a/test/system/075-exec.bats b/test/system/075-exec.bats
index a12d28b32..11cb98269 100644
--- a/test/system/075-exec.bats
+++ b/test/system/075-exec.bats
@@ -6,6 +6,8 @@
load helpers
@test "podman exec - basic test" {
+ skip_if_remote
+
rand_filename=$(random_string 20)
rand_content=$(random_string 50)
diff --git a/test/system/110-history.bats b/test/system/110-history.bats
index 84a1e42b4..5dc221d61 100644
--- a/test/system/110-history.bats
+++ b/test/system/110-history.bats
@@ -24,7 +24,7 @@ load helpers
@test "podman history - json" {
tests="
id | [0-9a-f]\\\{64\\\}
-created | [0-9-]\\\+T[0-9:]\\\+\\\.[0-9]\\\+Z
+created | [0-9-]\\\+T[0-9:.]\\\+Z
size | -\\\?[0-9]\\\+
"
diff --git a/test/system/400-unprivileged-access.bats b/test/system/400-unprivileged-access.bats
index c195d71eb..0358b3beb 100644
--- a/test/system/400-unprivileged-access.bats
+++ b/test/system/400-unprivileged-access.bats
@@ -7,6 +7,7 @@ load helpers
@test "podman container storage is not accessible by unprivileged users" {
skip_if_rootless "test meaningless without suid"
+ skip_if_remote
run_podman run --name c_uidmap --uidmap 0:10000:10000 $IMAGE true
run_podman run --name c_uidmap_v --uidmap 0:10000:10000 -v foo:/foo $IMAGE true
diff --git a/test/system/helpers.bash b/test/system/helpers.bash
index 431228498..29ef19ecc 100644
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@@ -225,6 +225,16 @@ function skip_if_rootless() {
skip "${1:-not applicable under rootless podman}"
}
+####################
+# skip_if_remote # ...with an optional message
+####################
+function skip_if_remote() {
+ if [[ ! "$PODMAN" =~ -remote ]]; then
+ return
+ fi
+
+ skip "${1:-test does not work with podman-remote}"
+}
#########
# die # Abort with helpful message
diff --git a/test/utils/utils.go b/test/utils/utils.go
index 499466f5a..6308197b8 100644
--- a/test/utils/utils.go
+++ b/test/utils/utils.go
@@ -311,6 +311,8 @@ func (s *PodmanSession) IsJSONOutputValid() bool {
// WaitWithDefaultTimeout waits for process finished with defaultWaitTimeout
func (s *PodmanSession) WaitWithDefaultTimeout() {
s.Wait(defaultWaitTimeout)
+ os.Stdout.Sync()
+ os.Stderr.Sync()
fmt.Println("output:", s.OutputToString())
}