diff options
31 files changed, 726 insertions, 67 deletions
diff --git a/cmd/podman/networks/create.go b/cmd/podman/networks/create.go index 2bb75ea9e..10973e6bf 100644 --- a/cmd/podman/networks/create.go +++ b/cmd/podman/networks/create.go @@ -46,7 +46,7 @@ func networkCreateFlags(flags *pflag.FlagSet) { } func init() { registry.Commands = append(registry.Commands, registry.CliCommand{ - Mode: []entities.EngineMode{entities.ABIMode}, + Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode}, Command: networkCreateCommand, Parent: networkCmd, }) diff --git a/cmd/podman/networks/inspect.go b/cmd/podman/networks/inspect.go index 0bc73579a..60cede894 100644 --- a/cmd/podman/networks/inspect.go +++ b/cmd/podman/networks/inspect.go @@ -26,7 +26,7 @@ var ( func init() { registry.Commands = append(registry.Commands, registry.CliCommand{ - Mode: []entities.EngineMode{entities.ABIMode}, + Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode}, Command: networkinspectCommand, Parent: networkCmd, }) diff --git a/cmd/podman/networks/list.go b/cmd/podman/networks/list.go index e27062255..1c0528e5c 100644 --- a/cmd/podman/networks/list.go +++ b/cmd/podman/networks/list.go @@ -4,13 +4,12 @@ import ( "encoding/json" "fmt" "html/template" - "io" "os" "strings" - - "github.com/containers/libpod/cmd/podman/validate" + "text/tabwriter" "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/cmd/podman/validate" "github.com/containers/libpod/pkg/domain/entities" "github.com/containers/libpod/pkg/network" "github.com/spf13/cobra" @@ -47,7 +46,7 @@ func networkListFlags(flags *pflag.FlagSet) { func init() { registry.Commands = append(registry.Commands, registry.CliCommand{ - Mode: []entities.EngineMode{entities.ABIMode}, + Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode}, Command: networklistCommand, Parent: networkCmd, }) @@ -57,7 +56,6 @@ func init() { func networkList(cmd *cobra.Command, args []string) error { var ( - w io.Writer = os.Stdout nlprs []NetworkListPrintReports ) @@ -95,13 +93,11 @@ func networkList(cmd *cobra.Command, args []string) error { if err != nil { return err } + w := tabwriter.NewWriter(os.Stdout, 8, 2, 2, ' ', 0) if err := tmpl.Execute(w, nlprs); err != nil { return err } - if flusher, ok := w.(interface{ Flush() error }); ok { - return flusher.Flush() - } - return nil + return w.Flush() } func quietOut(responses []*entities.NetworkListReport) error { diff --git a/cmd/podman/networks/network.go b/cmd/podman/networks/network.go index 56dd390ea..7f38cd2cd 100644 --- a/cmd/podman/networks/network.go +++ b/cmd/podman/networks/network.go @@ -20,7 +20,7 @@ var ( func init() { registry.Commands = append(registry.Commands, registry.CliCommand{ - Mode: []entities.EngineMode{entities.ABIMode}, + Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode}, Command: networkCmd, }) } diff --git a/cmd/podman/networks/rm.go b/cmd/podman/networks/rm.go index dc1eb9909..34d57f6ef 100644 --- a/cmd/podman/networks/rm.go +++ b/cmd/podman/networks/rm.go @@ -35,7 +35,7 @@ func networkRmFlags(flags *pflag.FlagSet) { func init() { registry.Commands = append(registry.Commands, registry.CliCommand{ - Mode: []entities.EngineMode{entities.ABIMode}, + Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode}, Command: networkrmCommand, Parent: networkCmd, }) diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index ff948701b..8f2297a72 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -502,7 +502,6 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_datadir}/zsh/site-functions/* %{_libexecdir}/%{name}/conmon %config(noreplace) %{_sysconfdir}/cni/net.d/87-%{name}-bridge.conflist -%{_datadir}/containers/%{repo}.conf %{_unitdir}/io.podman.service %{_unitdir}/io.podman.socket %{_usr}/lib/systemd/user/io.podman.service @@ -61,7 +61,7 @@ require ( golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f - gopkg.in/yaml.v2 v2.2.8 + gopkg.in/yaml.v2 v2.3.0 k8s.io/api v0.18.2 k8s.io/apimachinery v0.18.2 k8s.io/client-go v0.0.0-20190620085101-78d2af792bab @@ -650,6 +650,8 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/libpod/container_api.go b/libpod/container_api.go index b31079b26..d366ffb84 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -285,6 +285,7 @@ func (c *Container) HTTPAttach(httpCon net.Conn, httpBuf *bufio.ReadWriter, stre logrus.Infof("Performing HTTP Hijack attach to container %s", c.ID()) + logSize := 0 if streamLogs { // Get all logs for the container logChan := make(chan *logs.LogLine) @@ -302,7 +303,7 @@ func (c *Container) HTTPAttach(httpCon net.Conn, httpBuf *bufio.ReadWriter, stre device := logLine.Device var header []byte headerLen := uint32(len(logLine.Msg)) - + logSize += len(logLine.Msg) switch strings.ToLower(device) { case "stdin": header = makeHTTPAttachHeader(0, headerLen) @@ -341,7 +342,7 @@ func (c *Container) HTTPAttach(httpCon net.Conn, httpBuf *bufio.ReadWriter, stre if err := c.ReadLog(logOpts, logChan); err != nil { return err } - logrus.Debugf("Done reading logs for container %s", c.ID()) + logrus.Debugf("Done reading logs for container %s, %d bytes", c.ID(), logSize) if err := <-errChan; err != nil { return err } diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index d59ff18ca..d1c1a1fc2 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -1704,6 +1704,8 @@ func httpAttachTerminalCopy(container *net.UnixConn, http *bufio.ReadWriter, cid buf := make([]byte, bufferSize) for { numR, err := container.Read(buf) + logrus.Debugf("Read fd(%d) %d/%d bytes for container %s", int(buf[0]), numR, len(buf), cid) + if numR > 0 { switch buf[0] { case AttachPipeStdout: diff --git a/libpod/util.go b/libpod/util.go index bdfd153ed..ba9f1fa05 100644 --- a/libpod/util.go +++ b/libpod/util.go @@ -249,9 +249,8 @@ func hijackWriteErrorAndClose(toWrite error, cid string, terminal bool, httpCon // length and stream. Accepts an integer indicating which stream we are sending // to (STDIN = 0, STDOUT = 1, STDERR = 2). func makeHTTPAttachHeader(stream byte, length uint32) []byte { - headerBuf := []byte{stream, 0, 0, 0} - lenBuf := []byte{0, 0, 0, 0} - binary.BigEndian.PutUint32(lenBuf, length) - headerBuf = append(headerBuf, lenBuf...) - return headerBuf + header := make([]byte, 8) + header[0] = stream + binary.BigEndian.PutUint32(header[4:], length) + return header } diff --git a/pkg/api/handlers/compat/containers_attach.go b/pkg/api/handlers/compat/containers_attach.go index 80ad52aee..52c851b8c 100644 --- a/pkg/api/handlers/compat/containers_attach.go +++ b/pkg/api/handlers/compat/containers_attach.go @@ -108,7 +108,7 @@ func AttachContainer(w http.ResponseWriter, r *http.Request) { // This header string sourced from Docker: // https://raw.githubusercontent.com/moby/moby/b95fad8e51bd064be4f4e58a996924f343846c85/api/server/router/container/container_routes.go - // Using literally to ensure compatability with existing clients. + // Using literally to ensure compatibility with existing clients. fmt.Fprintf(connection, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n\r\n") logrus.Debugf("Hijack for attach of container %s successful", ctr.ID()) diff --git a/pkg/api/handlers/libpod/containers_create.go b/pkg/api/handlers/libpod/containers_create.go index 40b6cacdb..71f440bce 100644 --- a/pkg/api/handlers/libpod/containers_create.go +++ b/pkg/api/handlers/libpod/containers_create.go @@ -5,10 +5,9 @@ import ( "encoding/json" "net/http" - "github.com/containers/libpod/pkg/domain/entities" - "github.com/containers/libpod/libpod" "github.com/containers/libpod/pkg/api/handlers/utils" + "github.com/containers/libpod/pkg/domain/entities" "github.com/containers/libpod/pkg/specgen" "github.com/containers/libpod/pkg/specgen/generate" "github.com/pkg/errors" diff --git a/pkg/api/handlers/libpod/networks.go b/pkg/api/handlers/libpod/networks.go index e8a92e93e..7de285e5e 100644 --- a/pkg/api/handlers/libpod/networks.go +++ b/pkg/api/handlers/libpod/networks.go @@ -1,39 +1,59 @@ package libpod import ( + "encoding/json" "net/http" "github.com/containers/libpod/libpod" "github.com/containers/libpod/pkg/api/handlers/utils" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/containers/libpod/pkg/domain/infra/abi" "github.com/containers/libpod/pkg/network" "github.com/gorilla/schema" "github.com/pkg/errors" ) -func CreateNetwork(w http.ResponseWriter, r *http.Request) {} -func ListNetworks(w http.ResponseWriter, r *http.Request) { +func CreateNetwork(w http.ResponseWriter, r *http.Request) { runtime := r.Context().Value("runtime").(*libpod.Runtime) - config, err := runtime.GetConfig() + decoder := r.Context().Value("decoder").(*schema.Decoder) + options := entities.NetworkCreateOptions{} + if err := json.NewDecoder(r.Body).Decode(&options); err != nil { + utils.Error(w, "unable to marshall input", http.StatusInternalServerError, errors.Wrap(err, "Decode()")) + return + } + query := struct { + Name string `schema:"name"` + }{ + // override any golang type defaults + } + if err := decoder.Decode(&query, r.URL.Query()); err != nil { + utils.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest, + errors.Wrapf(err, "Failed to parse parameters for %s", r.URL.String())) + return + } + ic := abi.ContainerEngine{Libpod: runtime} + report, err := ic.NetworkCreate(r.Context(), query.Name, options) if err != nil { utils.InternalServerError(w, err) return } - configDir := config.Network.NetworkConfigDir - if len(configDir) < 1 { - configDir = network.CNIConfigDir - } - networks, err := network.LoadCNIConfsFromDir(configDir) + utils.WriteResponse(w, http.StatusOK, report) + +} +func ListNetworks(w http.ResponseWriter, r *http.Request) { + runtime := r.Context().Value("runtime").(*libpod.Runtime) + options := entities.NetworkListOptions{} + ic := abi.ContainerEngine{Libpod: runtime} + reports, err := ic.NetworkList(r.Context(), options) if err != nil { utils.InternalServerError(w, err) return } - utils.WriteResponse(w, http.StatusOK, networks) + utils.WriteResponse(w, http.StatusOK, reports) } func RemoveNetwork(w http.ResponseWriter, r *http.Request) { - // 200 ok - // 404 no such - // 500 internal + runtime := r.Context().Value("runtime").(*libpod.Runtime) decoder := r.Context().Value("decoder").(*schema.Decoder) query := struct { Force bool `schema:"force"` @@ -46,22 +66,30 @@ func RemoveNetwork(w http.ResponseWriter, r *http.Request) { return } name := utils.GetName(r) - if err := network.RemoveNetwork(name); err != nil { + + options := entities.NetworkRmOptions{ + Force: query.Force, + } + ic := abi.ContainerEngine{Libpod: runtime} + reports, err := ic.NetworkRm(r.Context(), []string{name}, options) + if err != nil { + utils.InternalServerError(w, err) + return + } + if reports[0].Err != nil { // If the network cannot be found, we return a 404. if errors.Cause(err) == network.ErrNetworkNotFound { utils.Error(w, "Something went wrong", http.StatusNotFound, err) return } - utils.InternalServerError(w, err) - return } - utils.WriteResponse(w, http.StatusOK, "") + utils.WriteResponse(w, http.StatusOK, reports) } func InspectNetwork(w http.ResponseWriter, r *http.Request) { + runtime := r.Context().Value("runtime").(*libpod.Runtime) decoder := r.Context().Value("decoder").(*schema.Decoder) query := struct { - Force bool `schema:"force"` }{ // override any golang type defaults } @@ -71,7 +99,9 @@ func InspectNetwork(w http.ResponseWriter, r *http.Request) { return } name := utils.GetName(r) - n, err := network.InspectNetwork(name) + options := entities.NetworkInspectOptions{} + ic := abi.ContainerEngine{Libpod: runtime} + reports, err := ic.NetworkInspect(r.Context(), []string{name}, options) if err != nil { // If the network cannot be found, we return a 404. if errors.Cause(err) == network.ErrNetworkNotFound { @@ -81,5 +111,5 @@ func InspectNetwork(w http.ResponseWriter, r *http.Request) { utils.InternalServerError(w, err) return } - utils.WriteResponse(w, http.StatusOK, n) + utils.WriteResponse(w, http.StatusOK, reports) } diff --git a/pkg/api/handlers/libpod/swagger.go b/pkg/api/handlers/libpod/swagger.go index 46426eb6b..057fbfb41 100644 --- a/pkg/api/handlers/libpod/swagger.go +++ b/pkg/api/handlers/libpod/swagger.go @@ -91,6 +91,34 @@ type swagInfoResponse struct { Body define.Info } +// Network rm +// swagger:response NetworkRmReport +type swagNetworkRmReport struct { + // in:body + Body entities.NetworkRmReport +} + +// Network inspect +// swagger:response NetworkInspectReport +type swagNetworkInspectReport struct { + // in:body + Body []entities.NetworkInspectReport +} + +// Network list +// swagger:response NetworkListReport +type swagNetworkListReport struct { + // in:body + Body []entities.NetworkListReport +} + +// Network create +// swagger:response NetworkCreateReport +type swagNetworkCreateReport struct { + // in:body + Body entities.NetworkCreateReport +} + func ServeSwagger(w http.ResponseWriter, r *http.Request) { path := DefaultPodmanSwaggerSpec if p, found := os.LookupEnv("PODMAN_SWAGGER_SPEC"); found { diff --git a/pkg/api/server/register_networks.go b/pkg/api/server/register_networks.go new file mode 100644 index 000000000..b1189c1f4 --- /dev/null +++ b/pkg/api/server/register_networks.go @@ -0,0 +1,100 @@ +package server + +import ( + "net/http" + + "github.com/containers/libpod/pkg/api/handlers/libpod" + "github.com/gorilla/mux" +) + +func (s *APIServer) registerNetworkHandlers(r *mux.Router) error { + // swagger:operation DELETE /libpod/networks/{name} libpod libpodRemoveNetwork + // --- + // tags: + // - networks + // summary: Remove a network + // description: Remove a CNI configured network + // parameters: + // - in: path + // name: name + // type: string + // required: true + // description: the name of the network + // - in: query + // name: Force + // type: boolean + // description: remove containers associated with network + // produces: + // - application/json + // responses: + // 200: + // $ref: "#/responses/NetworkRmReport" + // 404: + // $ref: "#/responses/NoSuchNetwork" + // 500: + // $ref: "#/responses/InternalError" + r.HandleFunc(VersionedPath("/libpod/networks/{name}"), s.APIHandler(libpod.RemoveNetwork)).Methods(http.MethodDelete) + // swagger:operation GET /libpod/networks/{name}/json libpod libpodInspectNetwork + // --- + // tags: + // - networks + // summary: Inspect a network + // description: Display low level configuration for a CNI network + // parameters: + // - in: path + // name: name + // type: string + // required: true + // description: the name of the network + // produces: + // - application/json + // responses: + // 200: + // $ref: "#/responses/NetworkInspectReport" + // 404: + // $ref: "#/responses/NoSuchNetwork" + // 500: + // $ref: "#/responses/InternalError" + r.HandleFunc(VersionedPath("/libpod/networks/{name}/json"), s.APIHandler(libpod.InspectNetwork)).Methods(http.MethodGet) + // swagger:operation GET /libpod/networks/json libpod libpodListNetwork + // --- + // tags: + // - networks + // summary: List networks + // description: Display summary of network configurations + // produces: + // - application/json + // responses: + // 200: + // $ref: "#/responses/NetworkListReport" + // 500: + // $ref: "#/responses/InternalError" + r.HandleFunc(VersionedPath("/libpod/networks/json"), s.APIHandler(libpod.ListNetworks)).Methods(http.MethodGet) + // swagger:operation POST /libpod/networks/create libpod libpodCreateNetwork + // --- + // tags: + // - networks + // summary: Create network + // description: Create a new CNI network configuration + // produces: + // - application/json + // parameters: + // - in: query + // name: name + // type: string + // description: optional name for new network + // - in: body + // name: create + // description: attributes for creating a container + // schema: + // $ref: "#/definitions/NetworkCreateOptions" + // responses: + // 200: + // $ref: "#/responses/NetworkCreateReport" + // 400: + // $ref: "#/responses/BadParamError" + // 500: + // $ref: "#/responses/InternalError" + r.HandleFunc(VersionedPath("/libpod/networks/create"), s.APIHandler(libpod.CreateNetwork)).Methods(http.MethodPost) + return nil +} diff --git a/pkg/api/server/server.go b/pkg/api/server/server.go index a6c5d8e1e..d39528f45 100644 --- a/pkg/api/server/server.go +++ b/pkg/api/server/server.go @@ -104,6 +104,7 @@ func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Li server.registerInfoHandlers, server.registerManifestHandlers, server.registerMonitorHandlers, + server.registerNetworkHandlers, server.registerPingHandlers, server.registerPlayHandlers, server.registerPluginsHandlers, diff --git a/pkg/api/server/swagger.go b/pkg/api/server/swagger.go index 7776d0e79..ebd99ba27 100644 --- a/pkg/api/server/swagger.go +++ b/pkg/api/server/swagger.go @@ -24,6 +24,15 @@ type swagErrNoSuchContainer struct { } } +// No such network +// swagger:response NoSuchNetwork +type swagErrNoSuchNetwork struct { + // in:body + Body struct { + entities.ErrorModel + } +} + // No such exec instance // swagger:response NoSuchExecInstance type swagErrNoSuchExecInstance struct { diff --git a/pkg/api/tags.yaml b/pkg/api/tags.yaml index 5b5d9f5bb..1ffb5e940 100644 --- a/pkg/api/tags.yaml +++ b/pkg/api/tags.yaml @@ -5,9 +5,11 @@ tags: description: Actions related to exec - name: images description: Actions related to images - - name: pods - description: Actions related to manifests - name: manifests + description: Actions related to manifests + - name: networks + description: Actions related to networks + - name: pods description: Actions related to pods - name: volumes description: Actions related to volumes diff --git a/pkg/bindings/containers/containers.go b/pkg/bindings/containers/containers.go index e74a256c7..de7b792b4 100644 --- a/pkg/bindings/containers/containers.go +++ b/pkg/bindings/containers/containers.go @@ -2,6 +2,8 @@ package containers import ( "context" + "encoding/binary" + "fmt" "io" "net/http" "net/url" @@ -15,6 +17,10 @@ import ( "github.com/pkg/errors" ) +var ( + ErrLostSync = errors.New("lost synchronization with attach multiplexed result") +) + // List obtains a list of containers in local storage. All parameters to this method are optional. // The filters are used to determine which containers are listed. The last parameter indicates to only return // the most recent number of containers. The pod and size booleans indicate that pod information and rootfs @@ -247,7 +253,7 @@ func Unpause(ctx context.Context, nameOrID string) error { // Wait blocks until the given container reaches a condition. If not provided, the condition will // default to stopped. If the condition is stopped, an exit code for the container will be provided. The // nameOrID can be a container name or a partial/full ID. -func Wait(ctx context.Context, nameOrID string, condition *define.ContainerStatus) (int32, error) { //nolint +func Wait(ctx context.Context, nameOrID string, condition *define.ContainerStatus) (int32, error) { // nolint var exitCode int32 conn, err := bindings.GetClient(ctx) if err != nil { @@ -333,3 +339,125 @@ func ContainerInit(ctx context.Context, nameOrID string) error { } return response.Process(nil) } + +// Attach attaches to a running container +func Attach(ctx context.Context, nameOrId string, detachKeys *string, logs, stream *bool, stdin *bool, stdout io.Writer, stderr io.Writer) error { + conn, err := bindings.GetClient(ctx) + if err != nil { + return err + } + + params := url.Values{} + if detachKeys != nil { + params.Add("detachKeys", *detachKeys) + } + if logs != nil { + params.Add("logs", fmt.Sprintf("%t", *logs)) + } + if stream != nil { + params.Add("stream", fmt.Sprintf("%t", *stream)) + } + if stdin != nil && *stdin { + params.Add("stdin", "true") + } + if stdout != nil { + params.Add("stdout", "true") + } + if stderr != nil { + params.Add("stderr", "true") + } + + response, err := conn.DoRequest(nil, http.MethodPost, "/containers/%s/attach", params, nameOrId) + if err != nil { + return err + } + defer response.Body.Close() + + ctype := response.Header.Get("Content-Type") + upgrade := response.Header.Get("Connection") + + buffer := make([]byte, 1024) + if ctype == "application/vnd.docker.raw-stream" && upgrade == "Upgrade" { + for { + // Read multiplexed channels and write to appropriate stream + fd, l, err := DemuxHeader(response.Body, buffer) + if err != nil { + switch { + case errors.Is(err, io.EOF): + return nil + case errors.Is(err, io.ErrUnexpectedEOF): + continue + } + return err + } + frame, err := DemuxFrame(response.Body, buffer, l) + if err != nil { + return err + } + + switch { + case fd == 0 && stdin != nil && *stdin: + stdout.Write(frame) + case fd == 1 && stdout != nil: + stdout.Write(frame) + case fd == 2 && stderr != nil: + stderr.Write(frame) + case fd == 3: + return fmt.Errorf("error from daemon in stream: %s", frame) + default: + return fmt.Errorf("unrecognized input header: %d", fd) + } + } + } else { + // If not multiplex'ed from server just dump stream to stdout + for { + _, err := response.Body.Read(buffer) + if err != nil { + if !errors.Is(err, io.EOF) { + return err + } + break + } + stdout.Write(buffer) + } + } + return err +} + +// DemuxHeader reads header for stream from server multiplexed stdin/stdout/stderr/2nd error channel +func DemuxHeader(r io.Reader, buffer []byte) (fd, sz int, err error) { + n, err := io.ReadFull(r, buffer[0:8]) + if err != nil { + return + } + if n < 8 { + err = io.ErrUnexpectedEOF + return + } + + fd = int(buffer[0]) + if fd < 0 || fd > 3 { + err = ErrLostSync + return + } + + sz = int(binary.BigEndian.Uint32(buffer[4:8])) + return +} + +// DemuxFrame reads contents for frame from server multiplexed stdin/stdout/stderr/2nd error channel +func DemuxFrame(r io.Reader, buffer []byte, length int) (frame []byte, err error) { + if len(buffer) < length { + buffer = append(buffer, make([]byte, length-len(buffer)+1)...) + } + n, err := io.ReadFull(r, buffer[0:length]) + if err != nil { + return nil, nil + } + if n < length { + err = io.ErrUnexpectedEOF + return + } + + return buffer[0:length], nil +} diff --git a/pkg/bindings/network/network.go b/pkg/bindings/network/network.go index c95b22953..7bba4f478 100644 --- a/pkg/bindings/network/network.go +++ b/pkg/bindings/network/network.go @@ -3,40 +3,76 @@ package network import ( "context" "net/http" + "net/url" + "strconv" + "strings" - "github.com/containernetworking/cni/libcni" "github.com/containers/libpod/pkg/bindings" + "github.com/containers/libpod/pkg/domain/entities" + jsoniter "github.com/json-iterator/go" ) -func Create() {} -func Inspect(ctx context.Context, nameOrID string) (map[string]interface{}, error) { +// Create makes a new CNI network configuration +func Create(ctx context.Context, options entities.NetworkCreateOptions, name *string) (*entities.NetworkCreateReport, error) { + var report entities.NetworkCreateReport + conn, err := bindings.GetClient(ctx) + if err != nil { + return nil, err + } + params := url.Values{} + if name != nil { + params.Set("name", *name) + } + networkConfig, err := jsoniter.MarshalToString(options) + if err != nil { + return nil, err + } + stringReader := strings.NewReader(networkConfig) + response, err := conn.DoRequest(stringReader, http.MethodPost, "/networks/create", params) + if err != nil { + return nil, err + } + return &report, response.Process(&report) +} + +// Inspect returns low level information about a CNI network configuration +func Inspect(ctx context.Context, nameOrID string) ([]entities.NetworkInspectReport, error) { + var reports []entities.NetworkInspectReport conn, err := bindings.GetClient(ctx) if err != nil { return nil, err } - n := make(map[string]interface{}) response, err := conn.DoRequest(nil, http.MethodGet, "/networks/%s/json", nil, nameOrID) if err != nil { - return n, err + return nil, err } - return n, response.Process(&n) + return reports, response.Process(&reports) } -func Remove(ctx context.Context, nameOrID string) error { +// Remove deletes a defined CNI network configuration by name. The optional force boolean +// will remove all containers associated with the network when set to true. A slice +// of NetworkRemoveReports are returned. +func Remove(ctx context.Context, nameOrID string, force *bool) ([]*entities.NetworkRmReport, error) { + var reports []*entities.NetworkRmReport conn, err := bindings.GetClient(ctx) if err != nil { - return err + return nil, err } - response, err := conn.DoRequest(nil, http.MethodDelete, "/networks/%s", nil, nameOrID) + params := url.Values{} + if force != nil { + params.Set("size", strconv.FormatBool(*force)) + } + response, err := conn.DoRequest(nil, http.MethodDelete, "/networks/%s", params, nameOrID) if err != nil { - return err + return nil, err } - return response.Process(nil) + return reports, response.Process(&reports) } -func List(ctx context.Context) ([]*libcni.NetworkConfigList, error) { +// List returns a summary of all CNI network configurations +func List(ctx context.Context) ([]*entities.NetworkListReport, error) { var ( - netList []*libcni.NetworkConfigList + netList []*entities.NetworkListReport ) conn, err := bindings.GetClient(ctx) if err != nil { diff --git a/pkg/bindings/test/attach_test.go b/pkg/bindings/test/attach_test.go new file mode 100644 index 000000000..8e89ff8ff --- /dev/null +++ b/pkg/bindings/test/attach_test.go @@ -0,0 +1,63 @@ +package test_bindings + +import ( + "bytes" + "time" + + "github.com/containers/libpod/pkg/bindings" + "github.com/containers/libpod/pkg/bindings/containers" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + "github.com/onsi/gomega/gexec" +) + +var _ = Describe("Podman containers attach", func() { + var ( + bt *bindingTest + s *gexec.Session + ) + + BeforeEach(func() { + bt = newBindingTest() + bt.RestoreImagesFromCache() + s = bt.startAPIService() + time.Sleep(1 * time.Second) + err := bt.NewConnection() + Expect(err).ShouldNot(HaveOccurred()) + }) + + AfterEach(func() { + s.Kill() + bt.cleanup() + }) + + It("attach", func() { + name := "TopAttachTest" + id, err := bt.RunTopContainer(&name, nil, nil) + Expect(err).ShouldNot(HaveOccurred()) + + tickTock := time.NewTimer(2 * time.Second) + go func() { + <-tickTock.C + timeout := uint(5) + err := containers.Stop(bt.conn, id, &timeout) + if err != nil { + GinkgoWriter.Write([]byte(err.Error())) + } + }() + + stdout := &bytes.Buffer{} + stderr := &bytes.Buffer{} + go func() { + defer GinkgoRecover() + + err := containers.Attach(bt.conn, id, nil, &bindings.PTrue, &bindings.PTrue, &bindings.PTrue, stdout, stderr) + Expect(err).ShouldNot(HaveOccurred()) + }() + + time.Sleep(5 * time.Second) + + // First character/First line of top output + Expect(stdout.String()).Should(ContainSubstring("Mem: ")) + }) +}) diff --git a/pkg/bindings/test/common_test.go b/pkg/bindings/test/common_test.go index f33e42440..a86e6f2e3 100644 --- a/pkg/bindings/test/common_test.go +++ b/pkg/bindings/test/common_test.go @@ -191,7 +191,7 @@ func (b *bindingTest) restoreImageFromCache(i testImage) { func (b *bindingTest) RunTopContainer(containerName *string, insidePod *bool, podName *string) (string, error) { s := specgen.NewSpecGenerator(alpine.name, false) s.Terminal = false - s.Command = []string{"top"} + s.Command = []string{"/usr/bin/top"} if containerName != nil { s.Name = *containerName } diff --git a/pkg/bindings/test/containers_test.go b/pkg/bindings/test/containers_test.go index 328691df2..d130c146a 100644 --- a/pkg/bindings/test/containers_test.go +++ b/pkg/bindings/test/containers_test.go @@ -302,6 +302,8 @@ var _ = Describe("Podman containers ", func() { errChan = make(chan error) go func() { + defer GinkgoRecover() + _, waitErr := containers.Wait(bt.conn, name, &running) errChan <- waitErr close(errChan) diff --git a/pkg/bindings/test/test_suite_test.go b/pkg/bindings/test/test_suite_test.go index dc2b49b88..d2c2c7838 100644 --- a/pkg/bindings/test/test_suite_test.go +++ b/pkg/bindings/test/test_suite_test.go @@ -5,9 +5,14 @@ import ( . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" + "github.com/sirupsen/logrus" ) func TestTest(t *testing.T) { + if testing.Verbose() { + logrus.SetLevel(logrus.DebugLevel) + } + RegisterFailHandler(Fail) RunSpecs(t, "Test Suite") } diff --git a/pkg/cgroups/cgroups.go b/pkg/cgroups/cgroups.go index d51905f4b..3b56f944f 100644 --- a/pkg/cgroups/cgroups.go +++ b/pkg/cgroups/cgroups.go @@ -517,6 +517,10 @@ func (c *CgroupControl) AddPid(pid int) error { } for _, n := range names { + // If we aren't using cgroup2, we won't write correctly to unified hierarchy + if !c.cgroup2 && n == "unified" { + continue + } p := filepath.Join(c.getCgroupv1Path(n), "tasks") if err := ioutil.WriteFile(p, pidString, 0644); err != nil { return errors.Wrapf(err, "write %s", p) diff --git a/pkg/domain/entities/network.go b/pkg/domain/entities/network.go index cffd40899..d001553e0 100644 --- a/pkg/domain/entities/network.go +++ b/pkg/domain/entities/network.go @@ -36,6 +36,7 @@ type NetworkRmReport struct { } // NetworkCreateOptions describes options to create a network +// swagger:model NetworkCreateOptions type NetworkCreateOptions struct { DisableDNS bool Driver string diff --git a/pkg/domain/infra/tunnel/network.go b/pkg/domain/infra/tunnel/network.go index 4ff72dcfc..7725d8257 100644 --- a/pkg/domain/infra/tunnel/network.go +++ b/pkg/domain/infra/tunnel/network.go @@ -2,22 +2,39 @@ package tunnel import ( "context" - "errors" + "github.com/containers/libpod/pkg/bindings/network" "github.com/containers/libpod/pkg/domain/entities" ) func (ic *ContainerEngine) NetworkList(ctx context.Context, options entities.NetworkListOptions) ([]*entities.NetworkListReport, error) { - return nil, errors.New("not implemented") + return network.List(ic.ClientCxt) } func (ic *ContainerEngine) NetworkInspect(ctx context.Context, namesOrIds []string, options entities.NetworkInspectOptions) ([]entities.NetworkInspectReport, error) { - return nil, errors.New("not implemented") + var reports []entities.NetworkInspectReport + for _, name := range namesOrIds { + report, err := network.Inspect(ic.ClientCxt, name) + if err != nil { + return nil, err + } + reports = append(reports, report...) + } + return reports, nil } + func (ic *ContainerEngine) NetworkRm(ctx context.Context, namesOrIds []string, options entities.NetworkRmOptions) ([]*entities.NetworkRmReport, error) { - return nil, errors.New("not implemented") + var reports []*entities.NetworkRmReport + for _, name := range namesOrIds { + report, err := network.Remove(ic.ClientCxt, name, &options.Force) + if err != nil { + report[0].Err = err + } + reports = append(reports, report...) + } + return reports, nil } func (ic *ContainerEngine) NetworkCreate(ctx context.Context, name string, options entities.NetworkCreateOptions) (*entities.NetworkCreateReport, error) { - return nil, errors.New("not implemented") + return network.Create(ic.ClientCxt, options, &name) } diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats new file mode 100644 index 000000000..cd9f3c8ad --- /dev/null +++ b/test/system/160-volumes.bats @@ -0,0 +1,234 @@ +#!/usr/bin/env bats -*- bats -*- +# +# podman volume-related tests +# + +load helpers + +function setup() { + basic_setup + + run_podman '?' volume rm -a +} + +function teardown() { + run_podman '?' rm -a --volumes + run_podman '?' volume rm -a -f + + basic_teardown +} + + +# Simple volume tests: share files between host and container +@test "podman run --volumes : basic" { + skip_if_remote "volumes cannot be shared across hosts" + + # Create three temporary directories + vol1=${PODMAN_TMPDIR}/v1_$(random_string) + vol2=${PODMAN_TMPDIR}/v2_$(random_string) + vol3=${PODMAN_TMPDIR}/v3_$(random_string) + mkdir $vol1 $vol2 $vol3 + + # In each directory, write a random string to a file + echo $(random_string) >$vol1/file1_in + echo $(random_string) >$vol2/file2_in + echo $(random_string) >$vol3/file3_in + + # Run 'cat' on each file, and compare against local files. Mix -v / --volume + # flags, and specify them out of order just for grins. The shell wildcard + # expansion must sort vol1/2/3 lexically regardless. + v_opts="-v $vol1:/vol1:z --volume $vol3:/vol3:z -v $vol2:/vol2:z" + run_podman run --rm $v_opts $IMAGE sh -c "cat /vol?/file?_in" + + for i in 1 2 3; do + eval voldir=\$vol${i} + is "${lines[$(($i - 1))]}" "$(< $voldir/file${i}_in)" \ + "contents of /vol${i}/file${i}_in" + done + + # Confirm that container sees vol1 as a mount point + run_podman run --rm $v_opts $IMAGE mount + is "$output" ".* on /vol1 type .*" "'mount' in container lists vol1" + + # Have the container do write operations, confirm them on host + out1=$(random_string) + run_podman run --rm $v_opts $IMAGE sh -c "echo $out1 >/vol1/file1_out; + cp /vol2/file2_in /vol3/file3_out" + is "$(<$vol1/file1_out)" "$out1" "contents of /vol1/file1_out" + is "$(<$vol3/file3_out)" "$(<$vol2/file2_in)" "contents of /vol3/file3_out" + + # Writing to read-only volumes: not allowed + run_podman 1 run --rm -v $vol1:/vol1ro:z,ro $IMAGE sh -c "touch /vol1ro/abc" + is "$output" ".*Read-only file system" "touch on read-only volume" +} + + +# Named volumes +@test "podman volume create / run" { + myvolume=myvol$(random_string) + mylabel=$(random_string) + + # Create a named volume + run_podman volume create --label l=$mylabel $myvolume + is "$output" "$myvolume" "output from volume create" + + # Confirm that it shows up in 'volume ls', and confirm values + run_podman volume ls --format json + tests=" +Name | $myvolume +Driver | local +Labels.l | $mylabel +" + parse_table "$tests" | while read field expect; do + actual=$(jq -r ".[0].$field" <<<"$output") + is "$actual" "$expect" "volume ls .$field" + done + + # Run a container that writes to a file in that volume + mountpoint=$(jq -r '.[0].Mountpoint' <<<"$output") + rand=$(random_string) + run_podman run --rm --volume $myvolume:/vol $IMAGE sh -c "echo $rand >/vol/myfile" + + # Confirm that the file is visible, with content, outside the container + is "$(<$mountpoint/myfile)" "$rand" "we see content created in container" + + # Clean up + run_podman volume rm $myvolume +} + + +# Running scripts (executables) from a volume +@test "podman volume: exec/noexec" { + myvolume=myvol$(random_string) + + run_podman volume create $myvolume + is "$output" "$myvolume" "output from volume create" + + run_podman volume inspect --format '{{.Mountpoint}}' $myvolume + mountpoint="$output" + + # Create a script, make it runnable + rand=$(random_string) + cat >$mountpoint/myscript <<EOF +#!/bin/sh +echo "got here -$rand-" +EOF + chmod 755 $mountpoint/myscript + + # By default, volumes are mounted noexec. This should fail. + run_podman 126 run --rm --volume $myvolume:/vol:z $IMAGE /vol/myscript + is "$output" ".* OCI runtime permission denied.*" "run on volume, noexec" + + # With exec, it should pass + run_podman run --rm -v $myvolume:/vol:z,exec $IMAGE /vol/myscript + is "$output" "got here -$rand-" "script in volume is runnable with exec" + + # Clean up + run_podman volume rm $myvolume +} + + +# Anonymous temporary volumes, and persistent autocreated named ones +@test "podman volume, implicit creation with run" { + + # No hostdir arg: create anonymous container with random name + rand=$(random_string) + run_podman run -v /myvol $IMAGE sh -c "echo $rand >/myvol/myfile" + + run_podman volume ls -q + tempvolume="$output" + + # We should see the file created in the container + run_podman volume inspect --format '{{.Mountpoint}}' $tempvolume + mountpoint="$output" + test -e "$mountpoint/myfile" + is "$(< $mountpoint/myfile)" "$rand" "file contents, anonymous volume" + + # Remove the container, using rm --volumes. Volume should now be gone. + run_podman rm -a --volumes + run_podman volume ls -q + is "$output" "" "anonymous volume is removed after container is rm'ed" + + # Create a *named* container. This one should persist after container ends + myvol=myvol$(random_string) + rand=$(random_string) + + run_podman run --rm -v $myvol:/myvol:z $IMAGE \ + sh -c "echo $rand >/myvol/myfile" + run_podman volume ls -q + is "$output" "$myvol" "autocreated named container persists" + + # ...and should be usable, read/write, by a second container + run_podman run --rm -v $myvol:/myvol:z $IMAGE \ + sh -c "cp /myvol/myfile /myvol/myfile2" + + run_podman volume rm $myvol + + # Autocreated volumes should also work with keep-id + # All we do here is check status; podman 1.9.1 would fail with EPERM + myvol=myvol$(random_string) + run_podman run --rm -v $myvol:/myvol:z --userns=keep-id $IMAGE \ + touch /myvol/myfile + + run_podman volume rm $myvol +} + + +# Confirm that container sees the correct id +@test "podman volume with --userns=keep-id" { + is_rootless || skip "only meaningful when run rootless" + + myvoldir=${PODMAN_TMPDIR}/volume_$(random_string) + mkdir $myvoldir + touch $myvoldir/myfile + + # With keep-id + run_podman run --rm -v $myvoldir:/vol:z --userns=keep-id $IMAGE \ + stat -c "%u:%s" /vol/myfile + is "$output" "$(id -u):0" "with keep-id: stat(file in container) == my uid" + + # Without + run_podman run --rm -v $myvoldir:/vol:z $IMAGE \ + stat -c "%u:%s" /vol/myfile + is "$output" "0:0" "w/o keep-id: stat(file in container) == root" +} + + +# 'volume prune' identifies and cleans up unused volumes +@test "podman volume prune" { + # Create four named volumes + local -a v=() + for i in 1 2 3 4;do + vol=myvol${i}$(random_string) + v[$i]=$vol + run_podman volume create $vol + done + + # Run two containers: one mounting v1, one mounting v2 & v3 + run_podman run --name c1 --volume ${v[1]}:/vol1 $IMAGE date + run_podman run --name c2 --volume ${v[2]}:/vol2 -v ${v[3]}:/vol3 \ + $IMAGE date + + # prune should remove v4 + run_podman volume prune --force + is "$output" "${v[4]}" "volume prune, with 1, 2, 3 in use, deletes only 4" + + # Remove the container using v2 and v3. Prune should now remove those. + # The 'echo sort' is to get the output sorted and in one line. + run_podman rm c2 + run_podman volume prune --force + is "$(echo $(sort <<<$output))" "${v[2]} ${v[3]}" \ + "volume prune, after rm c2, deletes volumes 2 and 3" + + # Remove the final container. Prune should now remove v1. + run_podman rm c1 + run_podman volume prune --force + is "$output" "${v[1]}" "volume prune, after rm c2 & c1, deletes volume 1" + + # Further prunes are NOPs + run_podman volume prune --force + is "$output" "" "no more volumes to prune" +} + + +# vim: filetype=sh diff --git a/vendor/gopkg.in/yaml.v2/apic.go b/vendor/gopkg.in/yaml.v2/apic.go index 1f7e87e67..d2c2308f1 100644 --- a/vendor/gopkg.in/yaml.v2/apic.go +++ b/vendor/gopkg.in/yaml.v2/apic.go @@ -86,6 +86,7 @@ func yaml_emitter_initialize(emitter *yaml_emitter_t) { raw_buffer: make([]byte, 0, output_raw_buffer_size), states: make([]yaml_emitter_state_t, 0, initial_stack_size), events: make([]yaml_event_t, 0, initial_queue_size), + best_width: -1, } } diff --git a/vendor/modules.txt b/vendor/modules.txt index 3335b56a6..1bd87558c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -640,7 +640,7 @@ gopkg.in/square/go-jose.v2/cipher gopkg.in/square/go-jose.v2/json # gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 gopkg.in/tomb.v1 -# gopkg.in/yaml.v2 v2.2.8 +# gopkg.in/yaml.v2 v2.3.0 gopkg.in/yaml.v2 # k8s.io/api v0.18.2 k8s.io/api/core/v1 |