diff options
46 files changed, 1195 insertions, 944 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index 0122b6b55..5898fa160 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -39,7 +39,7 @@ env: UBUNTU_NAME: "ubuntu-19" PRIOR_UBUNTU_NAME: "ubuntu-18" - _BUILT_IMAGE_SUFFIX: "libpod-6301182083727360" + _BUILT_IMAGE_SUFFIX: "libpod-6220812239765504" FEDORA_CACHE_IMAGE_NAME: "${FEDORA_NAME}-${_BUILT_IMAGE_SUFFIX}" PRIOR_FEDORA_CACHE_IMAGE_NAME: "${PRIOR_FEDORA_NAME}-${_BUILT_IMAGE_SUFFIX}" UBUNTU_CACHE_IMAGE_NAME: "${UBUNTU_NAME}-${_BUILT_IMAGE_SUFFIX}" @@ -156,6 +156,32 @@ gating_task: failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh' +# Ensure these container images can build +container_image_build_task: + alias: 'container_image_build' + depends_on: + - "gating" + + # Only run for PRs, quay.io will automatically build after bramch-push + only_if: $CIRRUS_BRANCH != $DEST_BRANCH + + matrix: + - name: "build in_podman image ${FEDORA_NAME} " + container: + dockerfile: Dockerfile + - name: "build in_podman image ${UBUNTU_NAME}" + container: + dockerfile: Dockerfile.ubuntu + - name: "build gate image $DEST_BRANCH branch" + container: + dockerfile: contrib/gate/Dockerfile + + container: + dockerfile: Dockerfile + + script: make install.remote + + # This task checks to make sure that we can still build an rpm from the # source code using contrib/rpm/podman.spec.in rpmbuild_task: @@ -389,6 +415,7 @@ testing_task: - "varlink_api" - "build_each_commit" - "build_without_cgo" + - "container_image_build" # Only test build cache-images, if that's what's requested only_if: >- @@ -679,6 +706,7 @@ test_build_cache_images_task: depends_on: - "gating" + - 'container_image_build' # VMs created by packer are not cleaned up by cirrus, must allow task to complete auto_cancellation: $CI != "true" @@ -780,6 +808,7 @@ success_task: - "varlink_api" - "build_each_commit" - "build_without_cgo" + - "container_image_build" - "meta" - "image_prune" - "testing" diff --git a/Dockerfile b/Dockerfile index f85c47937..623747295 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,117 +1,26 @@ -FROM golang:1.12 - -RUN apt-get update && apt-get install -y \ - apparmor \ - autoconf \ - automake \ - bison \ - build-essential \ - curl \ - e2fslibs-dev \ - file \ - gawk \ - gettext \ - go-md2man \ - iptables \ - pkg-config \ - libaio-dev \ - libcap-dev \ - libfuse-dev \ - libnet-dev \ - libnl-3-dev \ - libprotobuf-dev \ - libprotobuf-c-dev \ - libseccomp2 \ - libseccomp-dev \ - libtool \ - libudev-dev \ - protobuf-c-compiler \ - protobuf-compiler \ - libglib2.0-dev \ - libapparmor-dev \ - btrfs-tools \ - libdevmapper1.02.1 \ - libdevmapper-dev \ - libgpgme11-dev \ - liblzma-dev \ - netcat \ - socat \ - lsof \ - xz-utils \ - unzip \ - python3-yaml \ - --no-install-recommends \ - && apt-get clean - -# Install runc -ENV RUNC_COMMIT 029124da7af7360afa781a0234d1b083550f797c -RUN set -x \ - && export GOPATH="$(mktemp -d)" \ - && git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ - && cd "$GOPATH/src/github.com/opencontainers/runc" \ - && git fetch origin --tags \ - && git checkout --detach -q "$RUNC_COMMIT" \ - && make static BUILDTAGS="seccomp selinux" \ - && cp runc /usr/bin/runc \ - && rm -rf "$GOPATH" - -# Install conmon -ENV CONMON_COMMIT 65fe0226d85b69fc9e527e376795c9791199153d -RUN set -x \ - && export GOPATH="$(mktemp -d)" \ - && git clone https://github.com/containers/conmon.git "$GOPATH/src/github.com/containers/conmon.git" \ - && cd "$GOPATH/src/github.com/containers/conmon.git" \ - && git fetch origin --tags \ - && git checkout --detach -q "$CONMON_COMMIT" \ - && make \ - && install -D -m 755 bin/conmon /usr/libexec/podman/conmon \ - && rm -rf "$GOPATH" - -# Install CNI plugins -ENV CNI_COMMIT 485be65581341430f9106a194a98f0f2412245fb -RUN set -x \ - && export GOPATH="$(mktemp -d)" GOCACHE="$(mktemp -d)" \ - && git clone https://github.com/containernetworking/plugins.git "$GOPATH/src/github.com/containernetworking/plugins" \ - && cd "$GOPATH/src/github.com/containernetworking/plugins" \ - && git checkout --detach -q "$CNI_COMMIT" \ - && ./build_linux.sh \ - && mkdir -p /usr/libexec/cni \ - && cp bin/* /usr/libexec/cni \ - && rm -rf "$GOPATH" - -# Install ginkgo -RUN set -x \ - && export GOPATH=/go \ - && go get -u github.com/onsi/ginkgo/ginkgo \ - && install -D -m 755 "$GOPATH"/bin/ginkgo /usr/bin/ - -# Install gomega -RUN set -x \ - && export GOPATH=/go \ - && go get github.com/onsi/gomega/... - -# Install latest stable criu version -RUN set -x \ - && cd /tmp \ - && git clone https://github.com/checkpoint-restore/criu.git \ - && cd criu \ - && make \ - && install -D -m 755 criu/criu /usr/sbin/ \ - && rm -rf /tmp/criu - -# Install cni config -#RUN make install.cni -RUN mkdir -p /etc/cni/net.d/ -COPY cni/87-podman-bridge.conflist /etc/cni/net.d/87-podman-bridge.conflist - -# Make sure we have some policy for pulling images -RUN mkdir -p /etc/containers && curl https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora -o /etc/containers/registries.conf - -COPY test/policy.json /etc/containers/policy.json -COPY test/redhat_sigstore.yaml /etc/containers/registries.d/registry.access.redhat.com.yaml - -ADD . /go/src/github.com/containers/libpod - -RUN set -x && cd /go/src/github.com/containers/libpod - -WORKDIR /go/src/github.com/containers/libpod +FROM registry.fedoraproject.org/fedora:latest + +# This container image is utilized by the containers CI automation system +# for building and testing libpod inside a container environment. +# It is assumed that the source to be tested will overwrite $GOSRC (below) +# at runtime. +ENV GOPATH=/var/tmp/go +ENV GOSRC=$GOPATH/src/github.com/containers/libpod +ENV SCRIPT_BASE=./contrib/cirrus +ENV PACKER_BASE=$SCRIPT_BASE/packer + +# Only add minimal tooling necessary to complete setup. +ADD /$SCRIPT_BASE $GOSRC/$SCRIPT_BASE +ADD /hack/install_catatonit.sh $GOSRC/hack/ +ADD /cni/*.conflist $GOSRC/cni/ +ADD /test/*.json $GOSRC/test/ +ADD /test/*.conf $GOSRC/test/ +WORKDIR $GOSRC + +# Re-use repositories and package setup as in VMs under CI +RUN bash $PACKER_BASE/fedora_packaging.sh && \ + dnf clean all && \ + rm -rf /var/cache/dnf + +# Mirror steps taken under CI +RUN bash -c 'source $GOSRC/$SCRIPT_BASE/lib.sh && install_test_configs' diff --git a/Dockerfile.centos b/Dockerfile.centos deleted file mode 100644 index f5a2b891c..000000000 --- a/Dockerfile.centos +++ /dev/null @@ -1,77 +0,0 @@ -FROM registry.centos.org/centos/centos:7 - -RUN yum -y install btrfs-progs-devel \ - atomic-registries \ - autoconf \ - automake \ - bzip2 \ - device-mapper-devel \ - findutils \ - file \ - git \ - glibc-static \ - glib2-devel \ - gnupg \ - golang \ - golang-github-cpuguy83-go-md2man \ - gpgme-devel \ - libassuan-devel \ - libseccomp-devel \ - libselinux-devel \ - libtool \ - containers-common \ - runc \ - make \ - lsof \ - which\ - golang-github-cpuguy83-go-md2man \ - nmap-ncat \ - xz \ - iptables && yum clean all - -# Install CNI plugins -ENV CNI_COMMIT 485be65581341430f9106a194a98f0f2412245fb -RUN set -x \ - && export GOPATH="$(mktemp -d)" GOCACHE="$(mktemp -d)" \ - && git clone https://github.com/containernetworking/plugins.git "$GOPATH/src/github.com/containernetworking/plugins" \ - && cd "$GOPATH/src/github.com/containernetworking/plugins" \ - && git checkout --detach -q "$CNI_COMMIT" \ - && ./build_linux.sh \ - && mkdir -p /usr/libexec/cni \ - && cp bin/* /usr/libexec/cni \ - && rm -rf "$GOPATH" - -# Install ginkgo -RUN set -x \ - && export GOPATH=/go \ - && go get -u github.com/onsi/ginkgo/ginkgo \ - && install -D -m 755 "$GOPATH"/bin/ginkgo /usr/bin/ - -# Install gomega -RUN set -x \ - && export GOPATH=/go \ - && go get github.com/onsi/gomega/... - -# Install conmon -ENV CONMON_COMMIT 6f3572558b97bc60dd8f8c7f0807748e6ce2c440 -RUN set -x \ - && export GOPATH="$(mktemp -d)" \ - && git clone https://github.com/containers/conmon.git "$GOPATH/src/github.com/containers/conmon.git" \ - && cd "$GOPATH/src/github.com/containers/conmon.git" \ - && git fetch origin --tags \ - && git checkout --detach -q "$CONMON_COMMIT" \ - && make \ - && install -D -m 755 bin/conmon /usr/libexec/podman/conmon \ - && rm -rf "$GOPATH" - -# Install cni config -#RUN make install.cni -RUN mkdir -p /etc/cni/net.d/ -COPY cni/87-podman-bridge.conflist /etc/cni/net.d/87-podman-bridge.conflist - -# Make sure we have some policy for pulling images -RUN mkdir -p /etc/containers -COPY test/policy.json /etc/containers/policy.json -COPY test/redhat_sigstore.yaml /etc/containers/registries.d/registry.access.redhat.com.yaml - -WORKDIR /go/src/github.com/containers/libpod diff --git a/Dockerfile.fedora b/Dockerfile.fedora deleted file mode 100644 index 45b2c3670..000000000 --- a/Dockerfile.fedora +++ /dev/null @@ -1,73 +0,0 @@ -FROM registry.fedoraproject.org/fedora:30 - -RUN dnf -y install btrfs-progs-devel \ - atomic-registries \ - autoconf \ - automake \ - bzip2 \ - device-mapper-devel \ - file \ - findutils \ - git \ - glib2-devel \ - glibc-static \ - gnupg \ - golang \ - golang-github-cpuguy83-go-md2man \ - gpgme-devel \ - libassuan-devel \ - libseccomp-devel \ - libselinux-devel \ - libtool \ - containers-common \ - runc \ - make \ - lsof \ - which\ - golang-github-cpuguy83-go-md2man \ - procps-ng \ - nmap-ncat \ - xz \ - slirp4netns \ - container-selinux \ - containernetworking-plugins \ - iproute \ - iptables && dnf clean all - -# Install ginkgo -RUN set -x \ - && export GOPATH=/go GOCACHE="$(mktemp -d)" \ - && go get -u github.com/onsi/ginkgo/ginkgo \ - && install -D -m 755 "$GOPATH"/bin/ginkgo /usr/bin/ - -# Install gomega -RUN set -x \ - && export GOPATH=/go GOCACHE="$(mktemp -d)" \ - && go get github.com/onsi/gomega/... - -# Install conmon -ENV CONMON_COMMIT 6f3572558b97bc60dd8f8c7f0807748e6ce2c440 -RUN set -x \ - && export GOPATH="$(mktemp -d)" GOCACHE="$(mktemp -d)" \ - && git clone https://github.com/containers/conmon.git "$GOPATH/src/github.com/containers/conmon.git" \ - && cd "$GOPATH/src/github.com/containers/conmon.git" \ - && git fetch origin --tags \ - && git checkout --detach -q "$CONMON_COMMIT" \ - && make \ - && install -D -m 755 bin/conmon /usr/libexec/podman/conmon \ - && rm -rf "$GOPATH" - -# Install cni config -#RUN make install.cni -RUN mkdir -p /etc/cni/net.d/ -COPY cni/87-podman-bridge.conflist /etc/cni/net.d/87-podman-bridge.conflist - -# Make sure we have some policy for pulling images -RUN mkdir -p /etc/containers -COPY test/policy.json /etc/containers/policy.json -COPY test/redhat_sigstore.yaml /etc/containers/registries.d/registry.access.redhat.com.yaml - -# Install varlink stuff -RUN pip3 install varlink - -WORKDIR /go/src/github.com/containers/libpod diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu new file mode 100644 index 000000000..3a8f837b9 --- /dev/null +++ b/Dockerfile.ubuntu @@ -0,0 +1,29 @@ +# Must resemble $UBUNTU_BASE_IMAGE in ./contrib/cirrus/lib.sh +FROM ubuntu:latest + +# This container image is intended for building and testing libpod +# from inside a container environment. It is assumed that the source +# to be tested will overwrite $GOSRC (below) at runtime. +ENV GOPATH=/var/tmp/go +ENV GOSRC=$GOPATH/src/github.com/containers/libpod +ENV SCRIPT_BASE=./contrib/cirrus +ENV PACKER_BASE=$SCRIPT_BASE/packer + +RUN export DEBIAN_FRONTEND="noninteractive" && \ + apt-get -qq update --yes && \ + apt-get -qq upgrade --yes && \ + apt-get -qq install curl git && \ + apt-get -qq autoremove --yes && \ + rm -rf /var/cache/apt + +# Only add minimal tooling necessary to complete setup. +ADD / $GOSRC +WORKDIR $GOSRC + +# Re-use repositories and package setup as in VMs under CI +RUN bash $PACKER_BASE/ubuntu_packaging.sh && \ + apt-get -qq autoremove --yes && \ + rm -rf /var/cache/apt + +# Mirror steps taken under CI +RUN bash -c 'source $GOSRC/$SCRIPT_BASE/lib.sh && install_test_configs' @@ -5,7 +5,7 @@ Libpod provides a library for applications looking to use the Container Pod concept, popularized by Kubernetes. Libpod also contains the Pod Manager tool `(Podman)`. Podman manages pods, containers, container images, and container volumes. -* [Latest Version: 1.9.0](https://github.com/containers/libpod/releases/latest) +* [Latest Version: 1.9.1](https://github.com/containers/libpod/releases/latest) * [Continuous Integration:](contrib/cirrus/README.md) [](https://cirrus-ci.com/github/containers/libpod/master) * [GoDoc: ](https://godoc.org/github.com/containers/libpod/libpod) * Automated continuous release downloads (including remote-client): diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index aef66545f..6657529b9 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,5 +1,14 @@ # Release Notes +## 1.9.1 +### Bugfixes +- Fixed a bug where healthchecks could become nonfunctional if container log paths were manually set with `--log-path` and multiple container logs were placed in the same directory ([#5915](https://github.com/containers/libpod/issues/5915)) +- Fixed a bug where rootless Podman could, when using an older `libpod.conf`, print numerous warning messages about an invalid CGroup manager config +- Fixed a bug where rootless Podman would sometimes fail to close the rootless user namespace when joining it ([#5873](https://github.com/containers/libpod/issues/5873)) + +### Misc +- Updated containers/common to v0.8.2 + ## 1.9.0 ### Features - Experimental support has been added for `podman run --userns=auto`, which automatically allocates a unique UID and GID range for the new container's user namespace diff --git a/cmd/podman/common/inspect.go b/cmd/podman/common/inspect.go deleted file mode 100644 index dfc6fe679..000000000 --- a/cmd/podman/common/inspect.go +++ /dev/null @@ -1,18 +0,0 @@ -package common - -import ( - "github.com/containers/libpod/pkg/domain/entities" - "github.com/spf13/cobra" -) - -// AddInspectFlagSet takes a command and adds the inspect flags and returns an InspectOptions object -// Since this cannot live in `package main` it lives here until a better home is found -func AddInspectFlagSet(cmd *cobra.Command) *entities.InspectOptions { - opts := entities.InspectOptions{} - - flags := cmd.Flags() - flags.BoolVarP(&opts.Size, "size", "s", false, "Display total file size") - flags.StringVarP(&opts.Format, "format", "f", "", "Change the output format to a Go template") - - return &opts -} diff --git a/cmd/podman/containers/inspect.go b/cmd/podman/containers/inspect.go index f9ef1ddbd..4549a4ef6 100644 --- a/cmd/podman/containers/inspect.go +++ b/cmd/podman/containers/inspect.go @@ -1,15 +1,8 @@ package containers import ( - "context" - "fmt" - "os" - "strings" - "text/template" - - "github.com/containers/libpod/cmd/podman/common" + "github.com/containers/libpod/cmd/podman/inspect" "github.com/containers/libpod/cmd/podman/registry" - "github.com/containers/libpod/pkg/domain/entities" "github.com/spf13/cobra" ) @@ -20,7 +13,7 @@ var ( Use: "inspect [flags] CONTAINER", Short: "Display the configuration of a container", Long: `Displays the low-level information on a container identified by name or ID.`, - RunE: inspect, + RunE: inspectExec, Example: `podman container inspect myCtr podman container inspect -l --format '{{.Id}} {{.Config.Labels}}'`, } @@ -33,45 +26,9 @@ func init() { Command: inspectCmd, Parent: containerCmd, }) - inspectOpts = common.AddInspectFlagSet(inspectCmd) - flags := inspectCmd.Flags() - - if !registry.IsRemote() { - flags.BoolVarP(&inspectOpts.Latest, "latest", "l", false, "Act on the latest container podman is aware of") - } - -} - -func inspect(cmd *cobra.Command, args []string) error { - responses, err := registry.ContainerEngine().ContainerInspect(context.Background(), args, *inspectOpts) - if err != nil { - return err - } - if inspectOpts.Format == "" { - b, err := json.MarshalIndent(responses, "", " ") - if err != nil { - return err - } - fmt.Println(string(b)) - return nil - } - format := inspectOpts.Format - if !strings.HasSuffix(format, "\n") { - format += "\n" - } - tmpl, err := template.New("inspect").Parse(format) - if err != nil { - return err - } - for _, i := range responses { - if err := tmpl.Execute(os.Stdout, i); err != nil { - return err - } - } - return nil + inspectOpts = inspect.AddInspectFlagSet(inspectCmd) } -func Inspect(cmd *cobra.Command, args []string, options *entities.InspectOptions) error { - inspectOpts = options - return inspect(cmd, args) +func inspectExec(cmd *cobra.Command, args []string) error { + return inspect.Inspect(args, *inspectOpts) } diff --git a/cmd/podman/generate/generate.go b/cmd/podman/generate/generate.go new file mode 100644 index 000000000..f04ef58a5 --- /dev/null +++ b/cmd/podman/generate/generate.go @@ -0,0 +1,27 @@ +package pods + +import ( + "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/containers/libpod/pkg/util" + "github.com/spf13/cobra" +) + +var ( + // Command: podman _generate_ + generateCmd = &cobra.Command{ + Use: "generate", + Short: "Generate structured data based on containers and pods.", + Long: "Generate structured data (e.g., Kubernetes yaml or systemd units) based on containers and pods.", + TraverseChildren: true, + RunE: registry.SubCommandExists, + } + containerConfig = util.DefaultContainerConfig() +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode}, + Command: generateCmd, + }) +} diff --git a/cmd/podman/generate/systemd.go b/cmd/podman/generate/systemd.go new file mode 100644 index 000000000..55d770249 --- /dev/null +++ b/cmd/podman/generate/systemd.go @@ -0,0 +1,57 @@ +package pods + +import ( + "fmt" + + "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/cmd/podman/utils" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/spf13/cobra" +) + +var ( + systemdTimeout uint + systemdOptions = entities.GenerateSystemdOptions{} + systemdDescription = `Generate systemd units for a pod or container. + The generated units can later be controlled via systemctl(1).` + + systemdCmd = &cobra.Command{ + Use: "systemd [flags] CTR|POD", + Short: "Generate systemd units.", + Long: systemdDescription, + RunE: systemd, + Args: cobra.MinimumNArgs(1), + Example: `podman generate systemd CTR + podman generate systemd --new --time 10 CTR + podman generate systemd --files --name POD`, + } +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode}, + Command: systemdCmd, + Parent: generateCmd, + }) + flags := systemdCmd.Flags() + flags.BoolVarP(&systemdOptions.Name, "name", "n", false, "Use container/pod names instead of IDs") + flags.BoolVarP(&systemdOptions.Files, "files", "f", false, "Generate .service files instead of printing to stdout") + flags.UintVarP(&systemdTimeout, "time", "t", containerConfig.Engine.StopTimeout, "Stop timeout override") + flags.StringVar(&systemdOptions.RestartPolicy, "restart-policy", "on-failure", "Systemd restart-policy") + flags.BoolVarP(&systemdOptions.New, "new", "", false, "Create a new container instead of starting an existing one") + flags.SetNormalizeFunc(utils.AliasFlags) +} + +func systemd(cmd *cobra.Command, args []string) error { + if cmd.Flags().Changed("time") { + systemdOptions.StopTimeout = &systemdTimeout + } + + report, err := registry.ContainerEngine().GenerateSystemd(registry.GetContext(), args[0], systemdOptions) + if err != nil { + return err + } + + fmt.Println(report.Output) + return nil +} diff --git a/cmd/podman/images/inspect.go b/cmd/podman/images/inspect.go index 91c9445eb..8c727eb07 100644 --- a/cmd/podman/images/inspect.go +++ b/cmd/podman/images/inspect.go @@ -1,18 +1,9 @@ package images import ( - "context" - "fmt" - "os" - "strings" - "text/tabwriter" - "text/template" - - "github.com/containers/buildah/pkg/formats" - "github.com/containers/libpod/cmd/podman/common" + "github.com/containers/libpod/cmd/podman/inspect" "github.com/containers/libpod/cmd/podman/registry" "github.com/containers/libpod/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -21,8 +12,8 @@ var ( inspectCmd = &cobra.Command{ Use: "inspect [flags] IMAGE", Short: "Display the configuration of an image", - Long: `Displays the low-level information on an image identified by name or ID.`, - RunE: inspect, + Long: `Displays the low-level information of an image identified by name or ID.`, + RunE: inspectExec, Example: `podman inspect alpine podman inspect --format "imageId: {{.Id}} size: {{.Size}}" alpine podman inspect --format "image: {{.ImageName}} driver: {{.Driver}}" myctr`, @@ -36,78 +27,11 @@ func init() { Command: inspectCmd, Parent: imageCmd, }) - inspectOpts = common.AddInspectFlagSet(inspectCmd) -} - -func inspect(cmd *cobra.Command, args []string) error { - if inspectOpts.Size { - return fmt.Errorf("--size can only be used for containers") - } - if inspectOpts.Latest { - return fmt.Errorf("--latest can only be used for containers") - } - if len(args) == 0 { - return errors.Errorf("image name must be specified: podman image inspect [options [...]] name") - } - - results, err := registry.ImageEngine().Inspect(context.Background(), args, *inspectOpts) - if err != nil { - return err - } - - if len(results.Images) > 0 { - if inspectOpts.Format == "" { - buf, err := json.MarshalIndent(results.Images, "", " ") - if err != nil { - return err - } - fmt.Println(string(buf)) - - for id, e := range results.Errors { - fmt.Fprintf(os.Stderr, "%s: %s\n", id, e.Error()) - } - return nil - } - row := inspectFormat(inspectOpts.Format) - format := "{{range . }}" + row + "{{end}}" - tmpl, err := template.New("inspect").Parse(format) - if err != nil { - return err - } - - w := tabwriter.NewWriter(os.Stdout, 8, 2, 2, ' ', 0) - defer func() { _ = w.Flush() }() - err = tmpl.Execute(w, results.Images) - if err != nil { - return err - } - } - - var lastErr error - for id, e := range results.Errors { - if lastErr != nil { - fmt.Fprintf(os.Stderr, "%s: %s\n", id, lastErr.Error()) - } - lastErr = e - } - return lastErr -} - -func inspectFormat(row string) string { - r := strings.NewReplacer("{{.Id}}", formats.IDString, - ".Src", ".Source", - ".Dst", ".Destination", - ".ImageID", ".Image", - ) - row = r.Replace(row) - - if !strings.HasSuffix(row, "\n") { - row += "\n" - } - return row + inspectOpts = inspect.AddInspectFlagSet(inspectCmd) + flags := inspectCmd.Flags() + _ = flags.MarkHidden("latest") // Shared with container-inspect but not wanted here. } -func Inspect(cmd *cobra.Command, args []string, options *entities.InspectOptions) error { - inspectOpts = options - return inspect(cmd, args) +func inspectExec(cmd *cobra.Command, args []string) error { + return inspect.Inspect(args, *inspectOpts) } diff --git a/cmd/podman/images/push.go b/cmd/podman/images/push.go index ef2ffd0d7..0b3502d61 100644 --- a/cmd/podman/images/push.go +++ b/cmd/podman/images/push.go @@ -98,6 +98,7 @@ func imagePush(cmd *cobra.Command, args []string) error { switch len(args) { case 1: source = args[0] + destination = args[0] case 2: source = args[0] destination = args[1] @@ -107,22 +108,21 @@ func imagePush(cmd *cobra.Command, args []string) error { return errors.New("push requires at least one image name, or optionally a second to specify a different destination") } - pushOptsAPI := pushOptions.ImagePushOptions // TLS verification in c/image is controlled via a `types.OptionalBool` // which allows for distinguishing among set-true, set-false, unspecified // which is important to implement a sane way of dealing with defaults of // boolean CLI flags. if cmd.Flags().Changed("tls-verify") { - pushOptsAPI.TLSVerify = types.NewOptionalBool(pushOptions.TLSVerifyCLI) + pushOptions.SkipTLSVerify = types.NewOptionalBool(!pushOptions.TLSVerifyCLI) } - if pushOptsAPI.Authfile != "" { - if _, err := os.Stat(pushOptsAPI.Authfile); err != nil { - return errors.Wrapf(err, "error getting authfile %s", pushOptsAPI.Authfile) + if pushOptions.Authfile != "" { + if _, err := os.Stat(pushOptions.Authfile); err != nil { + return errors.Wrapf(err, "error getting authfile %s", pushOptions.Authfile) } } // Let's do all the remaining Yoga in the API to prevent us from scattering // logic across (too) many parts of the code. - return registry.ImageEngine().Push(registry.GetContext(), source, destination, pushOptsAPI) + return registry.ImageEngine().Push(registry.GetContext(), source, destination, pushOptions.ImagePushOptions) } diff --git a/cmd/podman/inspect.go b/cmd/podman/inspect.go index 93bf58bdd..a5fdaedc2 100644 --- a/cmd/podman/inspect.go +++ b/cmd/podman/inspect.go @@ -1,31 +1,26 @@ package main import ( - "fmt" - - "github.com/containers/libpod/cmd/podman/common" - "github.com/containers/libpod/cmd/podman/containers" - "github.com/containers/libpod/cmd/podman/images" + "github.com/containers/libpod/cmd/podman/inspect" "github.com/containers/libpod/cmd/podman/registry" "github.com/containers/libpod/pkg/domain/entities" "github.com/spf13/cobra" ) -// Inspect is one of the outlier commands in that it operates on images/containers/... - var ( - inspectOpts *entities.InspectOptions - // Command: podman _inspect_ Object_ID inspectCmd = &cobra.Command{ Use: "inspect [flags] {CONTAINER_ID | IMAGE_ID}", Short: "Display the configuration of object denoted by ID", Long: "Displays the low-level information on an object identified by name or ID", TraverseChildren: true, - RunE: inspect, - Example: `podman inspect alpine - podman inspect --format "imageId: {{.Id}} size: {{.Size}}" alpine`, + RunE: inspectExec, + Example: `podman inspect fedora + podman inspect --type image fedora + podman inspect CtrID ImgID + podman inspect --format "imageId: {{.Id}} size: {{.Size}}" fedora`, } + inspectOpts *entities.InspectOptions ) func init() { @@ -33,26 +28,9 @@ func init() { Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode}, Command: inspectCmd, }) - inspectOpts = common.AddInspectFlagSet(inspectCmd) - flags := inspectCmd.Flags() - flags.StringVarP(&inspectOpts.Type, "type", "t", "", "Return JSON for specified type, (image or container) (default \"all\")") - if !registry.IsRemote() { - flags.BoolVarP(&inspectOpts.Latest, "latest", "l", false, "Act on the latest container podman is aware of (containers only)") - } + inspectOpts = inspect.AddInspectFlagSet(inspectCmd) } -func inspect(cmd *cobra.Command, args []string) error { - switch inspectOpts.Type { - case "image": - return images.Inspect(cmd, args, inspectOpts) - case "container": - return containers.Inspect(cmd, args, inspectOpts) - case "": - if err := images.Inspect(cmd, args, inspectOpts); err == nil { - return nil - } - return containers.Inspect(cmd, args, inspectOpts) - default: - return fmt.Errorf("invalid type %q is must be 'container' or 'image'", inspectOpts.Type) - } +func inspectExec(cmd *cobra.Command, args []string) error { + return inspect.Inspect(args, *inspectOpts) } diff --git a/cmd/podman/inspect/inspect.go b/cmd/podman/inspect/inspect.go new file mode 100644 index 000000000..223ce00f0 --- /dev/null +++ b/cmd/podman/inspect/inspect.go @@ -0,0 +1,159 @@ +package inspect + +import ( + "context" + "fmt" + "strings" + + "github.com/containers/buildah/pkg/formats" + "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/pkg/errors" + "github.com/spf13/cobra" +) + +const ( + // ImageType is the image type. + ImageType = "image" + // ContainerType is the container type. + ContainerType = "container" + // AllType can be of type ImageType or ContainerType. + AllType = "all" +) + +// AddInspectFlagSet takes a command and adds the inspect flags and returns an +// InspectOptions object. +func AddInspectFlagSet(cmd *cobra.Command) *entities.InspectOptions { + opts := entities.InspectOptions{} + + flags := cmd.Flags() + flags.BoolVarP(&opts.Size, "size", "s", false, "Display total file size") + flags.StringVarP(&opts.Format, "format", "f", "json", "Format the output to a Go template or json") + flags.StringVarP(&opts.Type, "type", "t", AllType, fmt.Sprintf("Specify inspect-oject type (%q, %q or %q)", ImageType, ContainerType, AllType)) + flags.BoolVarP(&opts.Latest, "latest", "l", false, "Act on the latest container Podman is aware of") + + return &opts +} + +// Inspect inspects the specified container/image names or IDs. +func Inspect(namesOrIDs []string, options entities.InspectOptions) error { + inspector, err := newInspector(options) + if err != nil { + return err + } + return inspector.inspect(namesOrIDs) +} + +// inspector allows for inspecting images and containers. +type inspector struct { + containerEngine entities.ContainerEngine + imageEngine entities.ImageEngine + options entities.InspectOptions +} + +// newInspector creates a new inspector based on the specified options. +func newInspector(options entities.InspectOptions) (*inspector, error) { + switch options.Type { + case ImageType, ContainerType, AllType: + // Valid types. + default: + return nil, errors.Errorf("invalid type %q: must be %q, %q or %q", options.Type, ImageType, ContainerType, AllType) + } + if options.Type == ImageType { + if options.Latest { + return nil, errors.Errorf("latest is not supported for type %q", ImageType) + } + if options.Size { + return nil, errors.Errorf("size is not supported for type %q", ImageType) + } + } + return &inspector{ + containerEngine: registry.ContainerEngine(), + imageEngine: registry.ImageEngine(), + options: options, + }, nil +} + +// inspect inspects the specified container/image names or IDs. +func (i *inspector) inspect(namesOrIDs []string) error { + // data - dumping place for inspection results. + var data []interface{} + ctx := context.Background() + + if len(namesOrIDs) == 0 { + if !i.options.Latest { + return errors.New("no containers or images specified") + } + } + + tmpType := i.options.Type + if i.options.Latest { + if len(namesOrIDs) > 0 { + return errors.New("latest and containers are not allowed") + } + tmpType = ContainerType // -l works with --type=all + } + + // Inspect - note that AllType requires us to expensively query one-by-one. + switch tmpType { + case AllType: + all, err := i.inspectAll(ctx, namesOrIDs) + if err != nil { + return err + } + data = all + case ImageType: + imgData, err := i.imageEngine.Inspect(ctx, namesOrIDs, i.options) + if err != nil { + return err + } + for i := range imgData { + data = append(data, imgData[i]) + } + case ContainerType: + ctrData, err := i.containerEngine.ContainerInspect(ctx, namesOrIDs, i.options) + if err != nil { + return err + } + for i := range ctrData { + data = append(data, ctrData[i]) + } + default: + return errors.Errorf("invalid type %q: must be %q, %q or %q", i.options.Type, ImageType, ContainerType, AllType) + } + + var out formats.Writer + if i.options.Format == "json" || i.options.Format == "" { // "" for backwards compat + out = formats.JSONStructArray{Output: data} + } else { + out = formats.StdoutTemplateArray{Output: data, Template: inspectFormat(i.options.Format)} + } + return out.Out() +} + +func (i *inspector) inspectAll(ctx context.Context, namesOrIDs []string) ([]interface{}, error) { + var data []interface{} + for _, name := range namesOrIDs { + imgData, err := i.imageEngine.Inspect(ctx, []string{name}, i.options) + if err == nil { + data = append(data, imgData[0]) + continue + } + ctrData, err := i.containerEngine.ContainerInspect(ctx, []string{name}, i.options) + if err != nil { + return nil, err + } + data = append(data, ctrData[0]) + } + return data, nil +} + +func inspectFormat(row string) string { + r := strings.NewReplacer( + "{{.Id}}", formats.IDString, + ".Src", ".Source", + ".Dst", ".Destination", + ".ImageID", ".Image", + ) + return r.Replace(row) +} diff --git a/cmd/podman/main.go b/cmd/podman/main.go index 4cd0beee8..481214a38 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -4,6 +4,7 @@ import ( "os" _ "github.com/containers/libpod/cmd/podman/containers" + _ "github.com/containers/libpod/cmd/podman/generate" _ "github.com/containers/libpod/cmd/podman/healthcheck" _ "github.com/containers/libpod/cmd/podman/images" _ "github.com/containers/libpod/cmd/podman/manifest" diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 04f14eeb3..dd4f66f56 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -6,6 +6,11 @@ # Global details persist here source /etc/environment # not always loaded under all circumstances +# Automation environment doesn't automatically load for Ubuntu 18 +if [[ -r '/usr/share/automation/environment' ]]; then + source '/usr/share/automation/environment' +fi + # Under some contexts these values are not set, make sure they are. export USER="$(whoami)" export HOME="$(getent passwd $USER | cut -d : -f 6)" @@ -72,10 +77,15 @@ IN_PODMAN_IMAGE="quay.io/libpod/in_podman:$DEST_BRANCH" # Image for uploading releases UPLDREL_IMAGE="quay.io/libpod/upldrel:master" +# This is needed under some environments/contexts +SUDO='' +[[ "$UID" -eq 0 ]] || \ + SUDO='sudo -E' + # Avoid getting stuck waiting for user input export DEBIAN_FRONTEND="noninteractive" -SUDOAPTGET="ooe.sh sudo -E apt-get -qq --yes" -SUDOAPTADD="ooe.sh sudo -E add-apt-repository --yes" +SUDOAPTGET="$SUDO apt-get -qq --yes" +SUDOAPTADD="$SUDO add-apt-repository --yes" # Regex that finds enabled periodic apt configuration items PERIODIC_APT_RE='^(APT::Periodic::.+")1"\;' # Short-cuts for retrying/timeout calls @@ -109,6 +119,9 @@ OS_REL_VER="${OS_RELEASE_ID}-${OS_RELEASE_VER}" # Type of filesystem used for cgroups CG_FS_TYPE="$(stat -f -c %T /sys/fs/cgroup)" +# When building images, the version of automation tooling to install +INSTALL_AUTOMATION_VERSION=1.1.3 + # Installed into cache-images, supports overrides # by user-data in case of breakage or for debugging. CUSTOM_CLOUD_CONFIG_DEFAULTS="$GOSRC/$PACKER_BASE/cloud-init/$OS_RELEASE_ID/cloud.cfg.d" @@ -354,25 +367,18 @@ setup_rootless() { die 11 "Timeout exceeded waiting for localhost ssh capability" } -# Helper/wrapper script to only show stderr/stdout on non-zero exit -install_ooe() { - req_env_var SCRIPT_BASE - echo "Installing script to mask stdout/stderr unless non-zero exit." - sudo install -D -m 755 "$GOSRC/$SCRIPT_BASE/ooe.sh" /usr/local/bin/ooe.sh -} - # Grab a newer version of git from software collections # https://www.softwarecollections.org/en/ # and use it with a wrapper install_scl_git() { echo "Installing SoftwareCollections updated 'git' version." - ooe.sh sudo yum -y install rh-git29 - cat << "EOF" | sudo tee /usr/bin/git + ooe.sh $SUDO yum -y install rh-git29 + cat << "EOF" | $SUDO tee /usr/bin/git #!/bin/bash scl enable rh-git29 -- git $@ EOF - sudo chmod 755 /usr/bin/git + $SUDO chmod 755 /usr/bin/git } install_test_configs() { @@ -414,9 +420,9 @@ remove_packaged_podman_files() { if [[ "$OS_RELEASE_ID" =~ "ubuntu" ]] then - LISTING_CMD="sudo -E dpkg-query -L podman" + LISTING_CMD="$SUDO dpkg-query -L podman" else - LISTING_CMD='sudo rpm -ql podman' + LISTING_CMD='$SUDO rpm -ql podman' fi # yum/dnf/dpkg may list system directories, only remove files @@ -424,7 +430,7 @@ remove_packaged_podman_files() { do # Sub-directories may contain unrelated/valuable stuff if [[ -d "$fullpath" ]]; then continue; fi - ooe.sh sudo rm -vf "$fullpath" + ooe.sh $SUDO rm -vf "$fullpath" done # Be super extra sure and careful vs performant and completely safe @@ -447,43 +453,60 @@ systemd_banish() { $GOSRC/$PACKER_BASE/systemd_banish.sh } +# This can be removed when the kernel bug fix is included in Fedora +workaround_bfq_bug() { + if [[ "$OS_RELEASE_ID" == "fedora" ]] && [[ $OS_RELEASE_VER -le 32 ]]; then + warn "Switching io scheduler to 'deadline' to avoid RHBZ 1767539" + warn "aka https://bugzilla.kernel.org/show_bug.cgi?id=205447" + echo "mq-deadline" | sudo tee /sys/block/sda/queue/scheduler > /dev/null + echo -n "IO Scheduler set to: " + $SUDO cat /sys/block/sda/queue/scheduler + fi +} + +# Warning: DO NOT USE. +# This is called by other functions as the very last step during the VM Image build +# process. It's purpose is to "reset" the image, so all the first-boot operations +# happen at test runtime (like generating new ssh host keys, resizing partitions, etc.) _finalize() { set +e # Don't fail at the very end if [[ -d "$CUSTOM_CLOUD_CONFIG_DEFAULTS" ]] then echo "Installing custom cloud-init defaults" - sudo cp -v "$CUSTOM_CLOUD_CONFIG_DEFAULTS"/* /etc/cloud/cloud.cfg.d/ + $SUDO cp -v "$CUSTOM_CLOUD_CONFIG_DEFAULTS"/* /etc/cloud/cloud.cfg.d/ else echo "Could not find any files in $CUSTOM_CLOUD_CONFIG_DEFAULTS" fi echo "Re-initializing so next boot does 'first-boot' setup again." cd / - sudo rm -rf /var/lib/cloud/instanc* - sudo rm -rf /root/.ssh/* - sudo rm -rf /etc/ssh/*key* - sudo rm -rf /etc/ssh/moduli - sudo rm -rf /home/* - sudo rm -rf /tmp/* - sudo rm -rf /tmp/.??* - sudo sync - sudo fstrim -av + $SUDO rm -rf /var/lib/cloud/instanc* + $SUDO rm -rf /root/.ssh/* + $SUDO rm -rf /etc/ssh/*key* + $SUDO rm -rf /etc/ssh/moduli + $SUDO rm -rf /home/* + $SUDO rm -rf /tmp/* + $SUDO rm -rf /tmp/.??* + $SUDO sync + $SUDO fstrim -av } +# Called during VM Image setup, not intended for general use. rh_finalize() { set +e # Don't fail at the very end echo "Resetting to fresh-state for usage as cloud-image." PKG=$(type -P dnf || type -P yum || echo "") - sudo $PKG clean all - sudo rm -rf /var/cache/{yum,dnf} - sudo rm -f /etc/udev/rules.d/*-persistent-*.rules - sudo touch /.unconfigured # force firstboot to run + $SUDO $PKG clean all + $SUDO rm -rf /var/cache/{yum,dnf} + $SUDO rm -f /etc/udev/rules.d/*-persistent-*.rules + $SUDO touch /.unconfigured # force firstboot to run _finalize } +# Called during VM Image setup, not intended for general use. ubuntu_finalize() { set +e # Don't fail at the very end echo "Resetting to fresh-state for usage as cloud-image." $LILTO $SUDOAPTGET autoremove - sudo rm -rf /var/cache/apt + $SUDO rm -rf /var/cache/apt _finalize } diff --git a/contrib/cirrus/packer/fedora_packaging.sh b/contrib/cirrus/packer/fedora_packaging.sh new file mode 100644 index 000000000..e80d48bc8 --- /dev/null +++ b/contrib/cirrus/packer/fedora_packaging.sh @@ -0,0 +1,141 @@ +#!/bin/bash + +# This script is called from fedora_setup.sh and various Dockerfiles. +# It's not intended to be used outside of those contexts. It assumes the lib.sh +# library has already been sourced, and that all "ground-up" package-related activity +# needs to be done, including repository setup and initial update. + +set -e + +echo "Updating/Installing repos and packages for $OS_REL_VER" + +source $GOSRC/$SCRIPT_BASE/lib.sh + +# Pre-req. to install automation tooing +$LILTO $SUDO dnf install -y git + +# Install common automation tooling (i.e. ooe.sh) +curl --silent --show-error --location \ + --url "https://raw.githubusercontent.com/containers/automation/master/bin/install_automation.sh" | \ + $SUDO env INSTALL_PREFIX=/usr/share /bin/bash -s - "$INSTALL_AUTOMATION_VERSION" +# Reload installed environment right now (happens automatically in a new process) +source /usr/share/automation/environment + +# Set this to 1 to NOT enable updates-testing repository +DISABLE_UPDATES_TESTING=${DISABLE_UPDATES_TESTING:0} + +# Do not enable update-stesting on the previous Fedora release +if ((DISABLE_UPDATES_TESTING!=0)); then + warn "Enabling updates-testing repository for image based on $FEDORA_BASE_IMAGE" + $LILTO $SUDO ooe.sh dnf install -y 'dnf-command(config-manager)' + $LILTO $SUDO ooe.sh dnf config-manager --set-enabled updates-testing +else + warn "NOT enabling updates-testing repository for image based on $PRIOR_FEDORA_BASE_IMAGE" +fi + +$BIGTO ooe.sh $SUDO dnf update -y + +REMOVE_PACKAGES=() +INSTALL_PACKAGES=(\ + autoconf + automake + bash-completion + bats + bridge-utils + btrfs-progs-devel + buildah + bzip2 + conmon + container-selinux + containernetworking-plugins + containers-common + criu + device-mapper-devel + dnsmasq + emacs-nox + file + findutils + fuse3 + fuse3-devel + gcc + git + glib2-devel + glibc-static + gnupg + go-md2man + golang + gpgme-devel + iproute + iptables + jq + libassuan-devel + libcap-devel + libmsi1 + libnet + libnet-devel + libnl3-devel + libseccomp + libseccomp-devel + libselinux-devel + libtool + libvarlink-util + lsof + make + msitools + nmap-ncat + ostree-devel + pandoc + podman + procps-ng + protobuf + protobuf-c + protobuf-c-devel + protobuf-devel + python + python3-dateutil + python3-psutil + python3-pytoml + rsync + selinux-policy-devel + skopeo + skopeo-containers + slirp4netns + unzip + vim + wget + which + xz + zip +) + +case "$OS_RELEASE_VER" in + 30) + INSTALL_PACKAGES+=(\ + atomic-registries + golang-github-cpuguy83-go-md2man + python2-future + runc + ) + REMOVE_PACKAGES+=(crun) + ;; + 31) + INSTALL_PACKAGES+=(crun) + REMOVE_PACKAGES+=(runc) + ;; + 32) + INSTALL_PACKAGES+=(crun) + REMOVE_PACKAGES+=(runc) + ;; + *) + bad_os_id_ver ;; +esac + +echo "Installing general build/test dependencies for Fedora '$OS_RELEASE_VER'" +$BIGTO ooe.sh $SUDO dnf install -y ${INSTALL_PACKAGES[@]} + +[[ ${#REMOVE_PACKAGES[@]} -eq 0 ]] || \ + $LILTO ooe.sh $SUDO dnf erase -y ${REMOVE_PACKAGES[@]} + +export GOPATH="$(mktemp -d)" +trap "$SUDO rm -rf $GOPATH" EXIT +ooe.sh $SUDO $GOSRC/hack/install_catatonit.sh diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh index fcef7360b..3830b3bc4 100644 --- a/contrib/cirrus/packer/fedora_setup.sh +++ b/contrib/cirrus/packer/fedora_setup.sh @@ -6,139 +6,26 @@ set -e # Load in library (copied by packer, before this script was run) -source /tmp/libpod/$SCRIPT_BASE/lib.sh +source $GOSRC/$SCRIPT_BASE/lib.sh -req_env_var SCRIPT_BASE PACKER_BUILDER_NAME GOSRC FEDORA_BASE_IMAGE OS_RELEASE_ID OS_RELEASE_VER +req_env_var SCRIPT_BASE PACKER_BASE INSTALL_AUTOMATION_VERSION PACKER_BUILDER_NAME GOSRC FEDORA_BASE_IMAGE OS_RELEASE_ID OS_RELEASE_VER -install_ooe - -if [[ $OS_RELEASE_VER -le 31 ]]; then - warn "Switching io scheduler to 'deadline' to avoid RHBZ 1767539" - warn "aka https://bugzilla.kernel.org/show_bug.cgi?id=205447" - echo "mq-deadline" | sudo tee /sys/block/sda/queue/scheduler > /dev/null - sudo cat /sys/block/sda/queue/scheduler -fi - -export GOPATH="$(mktemp -d)" -trap "sudo rm -rf $GOPATH" EXIT - -$BIGTO ooe.sh sudo dnf update -y +workaround_bfq_bug # Do not enable update-stesting on the previous Fedora release if [[ "$FEDORA_BASE_IMAGE" =~ "${OS_RELEASE_ID}-cloud-base-${OS_RELEASE_VER}" ]]; then - warn "Enabling updates-testing repository for image based on $FEDORA_BASE_IMAGE" - $LILTO ooe.sh sudo dnf install -y 'dnf-command(config-manager)' - $LILTO ooe.sh sudo dnf config-manager --set-enabled updates-testing + DISABLE_UPDATES_TESTING=0 else - warn "NOT enabling updates-testing repository for image based on $PRIOR_FEDORA_BASE_IMAGE" + DISABLE_UPDATES_TESTING=1 fi -REMOVE_PACKAGES=() -INSTALL_PACKAGES=(\ - autoconf - automake - bash-completion - bats - bridge-utils - btrfs-progs-devel - buildah - bzip2 - conmon - container-selinux - containernetworking-plugins - containers-common - criu - device-mapper-devel - dnsmasq - emacs-nox - file - findutils - fuse3 - fuse3-devel - gcc - git - glib2-devel - glibc-static - gnupg - go-md2man - golang - gpgme-devel - iproute - iptables - jq - libassuan-devel - libcap-devel - libmsi1 - libnet - libnet-devel - libnl3-devel - libseccomp - libseccomp-devel - libselinux-devel - libtool - libvarlink-util - lsof - make - msitools - nmap-ncat - ostree-devel - pandoc - podman - procps-ng - protobuf - protobuf-c - protobuf-c-devel - protobuf-devel - python - python3-dateutil - python3-psutil - python3-pytoml - rsync - selinux-policy-devel - skopeo - skopeo-containers - slirp4netns - unzip - vim - wget - which - xz - zip -) - -case "$OS_RELEASE_VER" in - 30) - INSTALL_PACKAGES+=(\ - atomic-registries - golang-github-cpuguy83-go-md2man - python2-future - runc - ) - REMOVE_PACKAGES+=(crun) - ;; - 31) - INSTALL_PACKAGES+=(crun) - REMOVE_PACKAGES+=(runc) - ;; - 32) - INSTALL_PACKAGES+=(crun) - REMOVE_PACKAGES+=(runc) - ;; - *) - bad_os_id_ver ;; -esac - -echo "Installing general build/test dependencies for Fedora '$OS_RELEASE_VER'" -$BIGTO ooe.sh sudo dnf install -y ${INSTALL_PACKAGES[@]} - -[[ "${#REMOVE_PACKAGES[@]}" -eq "0" ]] || \ - $LILTO ooe.sh sudo dnf erase -y ${REMOVE_PACKAGES[@]} +bash $PACKER_BASE/fedora_packaging.sh +# Load installed environment right now (happens automatically in a new process) +source /usr/share/automation/environment echo "Enabling cgroup management from containers" ooe.sh sudo setsebool container_manage_cgroup true -ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh - # Ensure there are no disruptive periodic services enabled by default in image systemd_banish diff --git a/contrib/cirrus/packer/libpod_images.yml b/contrib/cirrus/packer/libpod_images.yml index c23439201..e33ad775e 100644 --- a/contrib/cirrus/packer/libpod_images.yml +++ b/contrib/cirrus/packer/libpod_images.yml @@ -71,6 +71,7 @@ provisioners: environment_vars: - 'PACKER_BUILDER_NAME={{build_name}}' - 'GOSRC=/tmp/libpod' + - 'PACKER_BASE={{user `PACKER_BASE`}}' - 'SCRIPT_BASE={{user `SCRIPT_BASE`}}' post-processors: diff --git a/contrib/cirrus/packer/ubuntu_packaging.sh b/contrib/cirrus/packer/ubuntu_packaging.sh new file mode 100644 index 000000000..b57bc95e9 --- /dev/null +++ b/contrib/cirrus/packer/ubuntu_packaging.sh @@ -0,0 +1,168 @@ +#!/bin/bash + +# This script is called from ubuntu_setup.sh and various Dockerfiles. +# It's not intended to be used outside of those contexts. It assumes the lib.sh +# library has already been sourced, and that all "ground-up" package-related activity +# needs to be done, including repository setup and initial update. + +set -e + +echo "Updating/Installing repos and packages for $OS_REL_VER" + +source $GOSRC/$SCRIPT_BASE/lib.sh + +echo "Updating/configuring package repositories." +$BIGTO $SUDOAPTGET update + +echo "Installing deps to add third-party repositories and automation tooling" +$LILTO $SUDOAPTGET install software-properties-common git curl + +# Install common automation tooling (i.e. ooe.sh) +curl --silent --show-error --location \ + --url "https://raw.githubusercontent.com/containers/automation/master/bin/install_automation.sh" | \ + $SUDO env INSTALL_PREFIX=/usr/share /bin/bash -s - "$INSTALL_AUTOMATION_VERSION" +# Reload installed environment right now (happens automatically in a new process) +source /usr/share/automation/environment + +$LILTO ooe.sh $SUDOAPTADD ppa:criu/ppa + +# Install newer version of golang +if [[ "$OS_RELEASE_VER" -eq "18" ]] +then + $LILTO ooe.sh $SUDOAPTADD ppa:longsleep/golang-backports +fi + +echo "Configuring/Instaling deps from Open build server" +VERSION_ID=$(source /etc/os-release; echo $VERSION_ID) +echo "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_$VERSION_ID/ /" \ + | ooe.sh $SUDO tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list +ooe.sh curl -L -o /tmp/Release.key "https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key" +ooe.sh $SUDO apt-key add - < /tmp/Release.key + +INSTALL_PACKAGES=(\ + apparmor + aufs-tools + autoconf + automake + bash-completion + bison + build-essential + buildah + bzip2 + conmon + containernetworking-plugins + containers-common + coreutils + cri-o-runc + criu + curl + dnsmasq + e2fslibs-dev + emacs-nox + file + gawk + gcc + gettext + git + go-md2man + golang + iproute2 + iptables + jq + libaio-dev + libapparmor-dev + libcap-dev + libdevmapper-dev + libdevmapper1.02.1 + libfuse-dev + libfuse2 + libglib2.0-dev + libgpgme11-dev + liblzma-dev + libnet1 + libnet1-dev + libnl-3-dev + libprotobuf-c-dev + libprotobuf-dev + libseccomp-dev + libseccomp2 + libselinux-dev + libsystemd-dev + libtool + libudev-dev + libvarlink + lsof + make + netcat + openssl + pkg-config + podman + protobuf-c-compiler + protobuf-compiler + python-future + python-minimal + python-protobuf + python3-dateutil + python3-pip + python3-psutil + python3-pytoml + python3-setuptools + rsync + runc + scons + skopeo + slirp4netns + socat + sudo + unzip + vim + wget + xz-utils + yum-utils + zip + zlib1g-dev +) + +if [[ $OS_RELEASE_VER -ge 19 ]] +then + INSTALL_PACKAGES+=(\ + bats + btrfs-progs + fuse3 + libbtrfs-dev + libfuse3-dev + ) +else + echo "Downloading version of bats with fix for a \$IFS related bug in 'run' command" + cd /tmp + BATS_URL='http://launchpadlibrarian.net/438140887/bats_1.1.0+git104-g1c83a1b-1_all.deb' + curl -L -O "$BATS_URL" + cd - + INSTALL_PACKAGES+=(\ + /tmp/$(basename $BATS_URL) + btrfs-tools + ) +fi + +# Do this at the last possible moment to avoid dpkg lock conflicts +echo "Upgrading all packages" +$BIGTO ooe.sh $SUDOAPTGET upgrade + +echo "Installing general testing and system dependencies" +# Necessary to update cache of newly added repos +$LILTO ooe.sh $SUDOAPTGET update +$BIGTO ooe.sh $SUDOAPTGET install ${INSTALL_PACKAGES[@]} + +export GOPATH="$(mktemp -d)" +trap "$SUDO rm -rf $GOPATH" EXIT +echo "Installing cataonit and libseccomp.sudo" +cd $GOSRC +ooe.sh $SUDO hack/install_catatonit.sh +ooe.sh $SUDO make install.libseccomp.sudo + +CRIO_RUNC_PATH="/usr/lib/cri-o-runc/sbin/runc" +if $SUDO dpkg -L cri-o-runc | grep -m 1 -q "$CRIO_RUNC_PATH" +then + echo "Linking $CRIO_RUNC_PATH to /usr/bin/runc for ease of testing." + $SUDO ln -f "$CRIO_RUNC_PATH" "/usr/bin/runc" +fi diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh index 4b6e99358..2febbd265 100644 --- a/contrib/cirrus/packer/ubuntu_setup.sh +++ b/contrib/cirrus/packer/ubuntu_setup.sh @@ -8,164 +8,21 @@ set -e # Load in library (copied by packer, before this script was run) source $GOSRC/$SCRIPT_BASE/lib.sh -req_env_var SCRIPT_BASE +req_env_var SCRIPT_BASE PACKER_BASE INSTALL_AUTOMATION_VERSION PACKER_BUILDER_NAME GOSRC UBUNTU_BASE_IMAGE OS_RELEASE_ID OS_RELEASE_VER -install_ooe - -export GOPATH="$(mktemp -d)" -trap "sudo rm -rf $GOPATH" EXIT +# Ensure there are no disruptive periodic services enabled by default in image +systemd_banish # Stop disruption upon boot ASAP after booting echo "Disabling all packaging activity on boot" -# Don't let sed process sed's temporary files -_FILEPATHS=$(sudo ls -1 /etc/apt/apt.conf.d) -for filename in $_FILEPATHS; do \ +for filename in $(sudo ls -1 /etc/apt/apt.conf.d); do \ echo "Checking/Patching $filename" sudo sed -i -r -e "s/$PERIODIC_APT_RE/"'\10"\;/' "/etc/apt/apt.conf.d/$filename"; done -echo "Updating/configuring package repositories." -$BIGTO $SUDOAPTGET update - -echo "Upgrading all packages" -$BIGTO $SUDOAPTGET upgrade - -echo "Adding third-party repositories and PPAs" -$LILTO $SUDOAPTGET install software-properties-common -$LILTO $SUDOAPTADD ppa:criu/ppa -if [[ "$OS_RELEASE_VER" -eq "18" ]] -then - $LILTO $SUDOAPTADD ppa:longsleep/golang-backports -fi - -echo "Configuring/Instaling deps from Open build server" -VERSION_ID=$(source /etc/os-release; echo $VERSION_ID) -echo "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_$VERSION_ID/ /" \ - | ooe.sh sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list -ooe.sh curl -L -o /tmp/Release.key "https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key" -ooe.sh sudo apt-key add - < /tmp/Release.key - -INSTALL_PACKAGES=(\ - apparmor - aufs-tools - autoconf - automake - bash-completion - bison - build-essential - buildah - bzip2 - conmon - containernetworking-plugins - containers-common - coreutils - cri-o-runc - criu - curl - dnsmasq - e2fslibs-dev - emacs-nox - file - gawk - gcc - gettext - git - go-md2man - golang - iproute2 - iptables - jq - libaio-dev - libapparmor-dev - libcap-dev - libdevmapper-dev - libdevmapper1.02.1 - libfuse-dev - libfuse2 - libglib2.0-dev - libgpgme11-dev - liblzma-dev - libnet1 - libnet1-dev - libnl-3-dev - libprotobuf-c-dev - libprotobuf-dev - libseccomp-dev - libseccomp2 - libselinux-dev - libsystemd-dev - libtool - libudev-dev - libvarlink - lsof - make - netcat - openssl - pkg-config - podman - protobuf-c-compiler - protobuf-compiler - python-future - python-minimal - python-protobuf - python3-dateutil - python3-pip - python3-psutil - python3-pytoml - python3-setuptools - rsync - runc - scons - skopeo - slirp4netns - socat - unzip - vim - wget - xz-utils - yum-utils - zip - zlib1g-dev -) - -if [[ "$OS_RELEASE_VER" -ge "19" ]] -then - INSTALL_PACKAGES+=(\ - bats - btrfs-progs - fuse3 - libbtrfs-dev - libfuse3-dev - ) -else - echo "Downloading version of bats with fix for a \$IFS related bug in 'run' command" - cd /tmp - BATS_URL='http://launchpadlibrarian.net/438140887/bats_1.1.0+git104-g1c83a1b-1_all.deb' - curl -L -O "$BATS_URL" - cd - - INSTALL_PACKAGES+=(\ - /tmp/$(basename $BATS_URL) - btrfs-tools - ) -fi - -echo "Installing general testing and system dependencies" -# Necessary to update cache of newly added repos -$LILTO $SUDOAPTGET update -$BIGTO $SUDOAPTGET install ${INSTALL_PACKAGES[@]} - -echo "Installing cataonit and libseccomp.sudo" -ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh -ooe.sh sudo make -C /tmp/libpod install.libseccomp.sudo - -# Ensure there are no disruptive periodic services enabled by default in image -systemd_banish +bash $PACKER_BASE/ubuntu_packaging.sh -CRIO_RUNC_PATH="/usr/lib/cri-o-runc/sbin/runc" -if sudo dpkg -L cri-o-runc | grep -m 1 -q "$CRIO_RUNC_PATH" -then - echo "Linking $CRIO_RUNC_PATH to /usr/bin/runc for ease of testing." - sudo ln -f "$CRIO_RUNC_PATH" "/usr/bin/runc" -fi +# Load installed environment right now (happens automatically in a new process) +source /usr/share/automation/environment echo "Making Ubuntu kernel to enable cgroup swap accounting as it is not the default." SEDCMD='s/^GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 cgroup_enable=memory swapaccount=1"/g' diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index 57c9ec52a..6bec9625e 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -43,16 +43,8 @@ case "${OS_RELEASE_ID}" in fedora) # All SELinux distros need this for systemd-in-a-container setsebool container_manage_cgroup true - if [[ "$ADD_SECOND_PARTITION" == "true" ]]; then - bash "$SCRIPT_BASE/add_second_partition.sh" - fi - if [[ $OS_RELEASE_VER -le 31 ]]; then - warn "Switching io scheduler to 'deadline' to avoid RHBZ 1767539" - warn "aka https://bugzilla.kernel.org/show_bug.cgi?id=205447" - echo "mq-deadline" > /sys/block/sda/queue/scheduler - cat /sys/block/sda/queue/scheduler - fi + workaround_bfq_bug if [[ "$ADD_SECOND_PARTITION" == "true" ]]; then bash "$SCRIPT_BASE/add_second_partition.sh" diff --git a/pkg/bindings/images/images.go b/pkg/bindings/images/images.go index 06f01c7a0..63fe2556b 100644 --- a/pkg/bindings/images/images.go +++ b/pkg/bindings/images/images.go @@ -57,7 +57,7 @@ func List(ctx context.Context, all *bool, filters map[string][]string) ([]*entit // Get performs an image inspect. To have the on-disk size of the image calculated, you can // use the optional size parameter. -func GetImage(ctx context.Context, nameOrID string, size *bool) (*entities.ImageData, error) { +func GetImage(ctx context.Context, nameOrID string, size *bool) (*entities.ImageInspectReport, error) { conn, err := bindings.GetClient(ctx) if err != nil { return nil, err @@ -66,7 +66,7 @@ func GetImage(ctx context.Context, nameOrID string, size *bool) (*entities.Image if size != nil { params.Set("size", strconv.FormatBool(*size)) } - inspectedData := entities.ImageData{} + inspectedData := entities.ImageInspectReport{} response, err := conn.DoRequest(nil, http.MethodGet, "/images/%s/json", params, nameOrID) if err != nil { return &inspectedData, err @@ -310,9 +310,10 @@ func Push(ctx context.Context, source string, destination string, options entiti params := url.Values{} params.Set("credentials", options.Credentials) params.Set("destination", destination) - if options.TLSVerify != types.OptionalBoolUndefined { - val := bool(options.TLSVerify == types.OptionalBoolTrue) - params.Set("tlsVerify", strconv.FormatBool(val)) + if options.SkipTLSVerify != types.OptionalBoolUndefined { + // Note: we have to verify if skipped is false. + verifyTLS := bool(options.SkipTLSVerify == types.OptionalBoolFalse) + params.Set("tlsVerify", strconv.FormatBool(verifyTLS)) } path := fmt.Sprintf("/images/%s/push", source) diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go index 502279bcf..eebf4c033 100644 --- a/pkg/domain/entities/engine_container.go +++ b/pkg/domain/entities/engine_container.go @@ -41,6 +41,7 @@ type ContainerEngine interface { ContainerUnpause(ctx context.Context, namesOrIds []string, options PauseUnPauseOptions) ([]*PauseUnpauseReport, error) ContainerWait(ctx context.Context, namesOrIds []string, options WaitOptions) ([]WaitReport, error) Events(ctx context.Context, opts EventsOptions) error + GenerateSystemd(ctx context.Context, nameOrID string, opts GenerateSystemdOptions) (*GenerateSystemdReport, error) HealthCheckRun(ctx context.Context, nameOrId string, options HealthCheckOptions) (*define.HealthCheckResults, error) Info(ctx context.Context) (*define.Info, error) PodCreate(ctx context.Context, opts PodCreateOptions) (*PodCreateReport, error) diff --git a/pkg/domain/entities/engine_image.go b/pkg/domain/entities/engine_image.go index b118a4104..46a96ca20 100644 --- a/pkg/domain/entities/engine_image.go +++ b/pkg/domain/entities/engine_image.go @@ -13,7 +13,7 @@ type ImageEngine interface { Exists(ctx context.Context, nameOrId string) (*BoolReport, error) History(ctx context.Context, nameOrId string, opts ImageHistoryOptions) (*ImageHistoryReport, error) Import(ctx context.Context, opts ImageImportOptions) (*ImageImportReport, error) - Inspect(ctx context.Context, names []string, opts InspectOptions) (*ImageInspectReport, error) + Inspect(ctx context.Context, namesOrIDs []string, opts InspectOptions) ([]*ImageInspectReport, error) List(ctx context.Context, opts ImageListOptions) ([]*ImageSummary, error) Load(ctx context.Context, opts ImageLoadOptions) (*ImageLoadReport, error) Prune(ctx context.Context, opts ImagePruneOptions) (*ImagePruneReport, error) diff --git a/pkg/domain/entities/generate.go b/pkg/domain/entities/generate.go new file mode 100644 index 000000000..6d65b52f8 --- /dev/null +++ b/pkg/domain/entities/generate.go @@ -0,0 +1,22 @@ +package entities + +// GenerateSystemdOptions control the generation of systemd unit files. +type GenerateSystemdOptions struct { + // Files - generate files instead of printing to stdout. + Files bool + // Name - use container/pod name instead of its ID. + Name bool + // New - create a new container instead of starting a new one. + New bool + // RestartPolicy - systemd restart policy. + RestartPolicy string + // StopTimeout - time when stopping the container. + StopTimeout *uint +} + +// GenerateSystemdReport +type GenerateSystemdReport struct { + // Output of the generate process. Either the generated files or their + // entire content. + Output string +} diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go index 460965b34..442b2cf3c 100644 --- a/pkg/domain/entities/images.go +++ b/pkg/domain/entities/images.go @@ -183,8 +183,8 @@ type ImagePushOptions struct { // SignBy adds a signature at the destination using the specified key. // Ignored for remote calls. SignBy string - // TLSVerify to enable/disable HTTPS and certificate verification. - TLSVerify types.OptionalBool + // SkipTLSVerify to skip HTTPS and certificate verification. + SkipTLSVerify types.OptionalBool } // ImageSearchOptions are the arguments for searching images. @@ -238,13 +238,9 @@ type ImagePruneReport struct { type ImageTagOptions struct{} type ImageUntagOptions struct{} -type ImageData struct { - *inspect.ImageData -} - +// ImageInspectReport is the data when inspecting an image. type ImageInspectReport struct { - Images []*ImageData - Errors map[string]error + *inspect.ImageData } type ImageLoadOptions struct { diff --git a/pkg/domain/entities/types.go b/pkg/domain/entities/types.go index d742cc53d..9fbe04c9a 100644 --- a/pkg/domain/entities/types.go +++ b/pkg/domain/entities/types.go @@ -47,10 +47,14 @@ type NetOptions struct { // All CLI inspect commands and inspect sub-commands use the same options type InspectOptions struct { + // Format - change the output to JSON or a Go template. Format string `json:",omitempty"` - Latest bool `json:",omitempty"` - Size bool `json:",omitempty"` - Type string `json:",omitempty"` + // Latest - inspect the latest container Podman is aware of. + Latest bool `json:",omitempty"` + // Size (containers only) - display total file size. + Size bool `json:",omitempty"` + // Type -- return JSON for specified type. + Type string `json:",omitempty"` } // All API and CLI diff commands and diff sub-commands use the same options diff --git a/pkg/domain/infra/abi/generate.go b/pkg/domain/infra/abi/generate.go new file mode 100644 index 000000000..f69ba560e --- /dev/null +++ b/pkg/domain/infra/abi/generate.go @@ -0,0 +1,174 @@ +package abi + +import ( + "context" + "fmt" + "strings" + + "github.com/containers/libpod/libpod" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/containers/libpod/pkg/systemd/generate" + "github.com/pkg/errors" +) + +func (ic *ContainerEngine) GenerateSystemd(ctx context.Context, nameOrID string, options entities.GenerateSystemdOptions) (*entities.GenerateSystemdReport, error) { + opts := generate.Options{ + Files: options.Files, + New: options.New, + } + + // First assume it's a container. + if info, found, err := ic.generateSystemdgenContainerInfo(nameOrID, nil, options); found && err != nil { + return nil, err + } else if found && err == nil { + output, err := generate.CreateContainerSystemdUnit(info, opts) + if err != nil { + return nil, err + } + return &entities.GenerateSystemdReport{Output: output}, nil + } + + // --new does not support pods. + if options.New { + return nil, errors.Errorf("error generating systemd unit files: cannot generate generic files for a pod") + } + + // We're either having a pod or garbage. + pod, err := ic.Libpod.LookupPod(nameOrID) + if err != nil { + return nil, err + } + + // Error out if the pod has no infra container, which we require to be the + // main service. + if !pod.HasInfraContainer() { + return nil, fmt.Errorf("error generating systemd unit files: Pod %q has no infra container", pod.Name()) + } + + // Generate a systemdgen.ContainerInfo for the infra container. This + // ContainerInfo acts as the main service of the pod. + infraID, err := pod.InfraContainerID() + if err != nil { + return nil, nil + } + podInfo, _, err := ic.generateSystemdgenContainerInfo(infraID, pod, options) + if err != nil { + return nil, err + } + + // Compute the container-dependency graph for the Pod. + containers, err := pod.AllContainers() + if err != nil { + return nil, err + } + if len(containers) == 0 { + return nil, fmt.Errorf("error generating systemd unit files: Pod %q has no containers", pod.Name()) + } + graph, err := libpod.BuildContainerGraph(containers) + if err != nil { + return nil, err + } + + // Traverse the dependency graph and create systemdgen.ContainerInfo's for + // each container. + containerInfos := []*generate.ContainerInfo{podInfo} + for ctr, dependencies := range graph.DependencyMap() { + // Skip the infra container as we already generated it. + if ctr.ID() == infraID { + continue + } + ctrInfo, _, err := ic.generateSystemdgenContainerInfo(ctr.ID(), nil, options) + if err != nil { + return nil, err + } + // Now add the container's dependencies and at the container as a + // required service of the infra container. + for _, dep := range dependencies { + if dep.ID() == infraID { + ctrInfo.BoundToServices = append(ctrInfo.BoundToServices, podInfo.ServiceName) + } else { + _, serviceName := generateServiceName(dep, nil, options) + ctrInfo.BoundToServices = append(ctrInfo.BoundToServices, serviceName) + } + } + podInfo.RequiredServices = append(podInfo.RequiredServices, ctrInfo.ServiceName) + containerInfos = append(containerInfos, ctrInfo) + } + + // Now generate the systemd service for all containers. + builder := strings.Builder{} + for i, info := range containerInfos { + if i > 0 { + builder.WriteByte('\n') + } + out, err := generate.CreateContainerSystemdUnit(info, opts) + if err != nil { + return nil, err + } + builder.WriteString(out) + } + + return &entities.GenerateSystemdReport{Output: builder.String()}, nil +} + +// generateSystemdgenContainerInfo is a helper to generate a +// systemdgen.ContainerInfo for `GenerateSystemd`. +func (ic *ContainerEngine) generateSystemdgenContainerInfo(nameOrID string, pod *libpod.Pod, options entities.GenerateSystemdOptions) (*generate.ContainerInfo, bool, error) { + ctr, err := ic.Libpod.LookupContainer(nameOrID) + if err != nil { + return nil, false, err + } + + timeout := ctr.StopTimeout() + if options.StopTimeout != nil { + timeout = *options.StopTimeout + } + + config := ctr.Config() + conmonPidFile := config.ConmonPidFile + if conmonPidFile == "" { + return nil, true, errors.Errorf("conmon PID file path is empty, try to recreate the container with --conmon-pidfile flag") + } + + createCommand := []string{} + if config.CreateCommand != nil { + createCommand = config.CreateCommand + } else if options.New { + return nil, true, errors.Errorf("cannot use --new on container %q: no create command found", nameOrID) + } + + name, serviceName := generateServiceName(ctr, pod, options) + info := &generate.ContainerInfo{ + ServiceName: serviceName, + ContainerName: name, + RestartPolicy: options.RestartPolicy, + PIDFile: conmonPidFile, + StopTimeout: timeout, + GenerateTimestamp: true, + CreateCommand: createCommand, + } + + return info, true, nil +} + +// generateServiceName generates the container name and the service name for systemd service. +func generateServiceName(ctr *libpod.Container, pod *libpod.Pod, options entities.GenerateSystemdOptions) (string, string) { + var kind, name, ctrName string + if pod == nil { + kind = "container" + name = ctr.ID() + if options.Name { + name = ctr.Name() + } + ctrName = name + } else { + kind = "pod" + name = pod.ID() + ctrName = ctr.ID() + if options.Name { + name = pod.Name() + ctrName = ctr.Name() + } + } + return ctrName, fmt.Sprintf("%s-%s", kind, name) +} diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index 7ac111745..d1245a45c 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -170,29 +170,24 @@ func (ir *ImageEngine) Pull(ctx context.Context, rawImage string, options entiti return &entities.ImagePullReport{Images: foundIDs}, nil } -func (ir *ImageEngine) Inspect(ctx context.Context, names []string, opts entities.InspectOptions) (*entities.ImageInspectReport, error) { - report := entities.ImageInspectReport{ - Errors: make(map[string]error), - } - - for _, id := range names { - img, err := ir.Libpod.ImageRuntime().NewFromLocal(id) +func (ir *ImageEngine) Inspect(ctx context.Context, namesOrIDs []string, opts entities.InspectOptions) ([]*entities.ImageInspectReport, error) { + reports := []*entities.ImageInspectReport{} + for _, i := range namesOrIDs { + img, err := ir.Libpod.ImageRuntime().NewFromLocal(i) if err != nil { - report.Errors[id] = err - continue + return nil, err } - - results, err := img.Inspect(ctx) + result, err := img.Inspect(ctx) if err != nil { - report.Errors[id] = err - continue + return nil, err } - - cookedResults := entities.ImageData{} - _ = domainUtils.DeepCopy(&cookedResults, results) - report.Images = append(report.Images, &cookedResults) + report := entities.ImageInspectReport{} + if err := domainUtils.DeepCopy(&report, result); err != nil { + return nil, err + } + reports = append(reports, &report) } - return &report, nil + return reports, nil } func (ir *ImageEngine) Push(ctx context.Context, source string, destination string, options entities.ImagePushOptions) error { @@ -226,7 +221,7 @@ func (ir *ImageEngine) Push(ctx context.Context, source string, destination stri dockerRegistryOptions := image.DockerRegistryOptions{ DockerRegistryCreds: registryCreds, DockerCertPath: options.CertDir, - DockerInsecureSkipTLSVerify: options.TLSVerify, + DockerInsecureSkipTLSVerify: options.SkipTLSVerify, } signOptions := image.SigningOptions{ diff --git a/pkg/domain/infra/tunnel/generate.go b/pkg/domain/infra/tunnel/generate.go new file mode 100644 index 000000000..3cd483053 --- /dev/null +++ b/pkg/domain/infra/tunnel/generate.go @@ -0,0 +1,12 @@ +package tunnel + +import ( + "context" + + "github.com/containers/libpod/pkg/domain/entities" + "github.com/pkg/errors" +) + +func (ic *ContainerEngine) GenerateSystemd(ctx context.Context, nameOrID string, options entities.GenerateSystemdOptions) (*entities.GenerateSystemdReport, error) { + return nil, errors.New("not implemented for tunnel") +} diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go index 66e4e6e3f..dcc5fc3e7 100644 --- a/pkg/domain/infra/tunnel/images.go +++ b/pkg/domain/infra/tunnel/images.go @@ -143,16 +143,16 @@ func (ir *ImageEngine) Untag(ctx context.Context, nameOrId string, tags []string return nil } -func (ir *ImageEngine) Inspect(_ context.Context, names []string, opts entities.InspectOptions) (*entities.ImageInspectReport, error) { - report := entities.ImageInspectReport{} - for _, id := range names { - r, err := images.GetImage(ir.ClientCxt, id, &opts.Size) +func (ir *ImageEngine) Inspect(ctx context.Context, namesOrIDs []string, opts entities.InspectOptions) ([]*entities.ImageInspectReport, error) { + reports := []*entities.ImageInspectReport{} + for _, i := range namesOrIDs { + r, err := images.GetImage(ir.ClientCxt, i, &opts.Size) if err != nil { - report.Errors[id] = err + return nil, err } - report.Images = append(report.Images, r) + reports = append(reports, r) } - return &report, nil + return reports, nil } func (ir *ImageEngine) Load(ctx context.Context, opts entities.ImageLoadOptions) (*entities.ImageLoadReport, error) { diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c index 72d461cdc..716db81dc 100644 --- a/pkg/rootless/rootless_linux.c +++ b/pkg/rootless/rootless_linux.c @@ -535,32 +535,30 @@ create_pause_process (const char *pause_pid_file_path, char **argv) } } -static void -join_namespace_or_die (int pid_to_join, const char *ns_file) +static int +open_namespace (int pid_to_join, const char *ns_file) { char ns_path[PATH_MAX]; int ret; - int fd; ret = snprintf (ns_path, PATH_MAX, "/proc/%d/ns/%s", pid_to_join, ns_file); if (ret == PATH_MAX) { fprintf (stderr, "internal error: namespace path too long\n"); - _exit (EXIT_FAILURE); + return -1; } - fd = open (ns_path, O_CLOEXEC | O_RDONLY); - if (fd < 0) - { - fprintf (stderr, "cannot open: %s\n", ns_path); - _exit (EXIT_FAILURE); - } - if (setns (fd, 0) < 0) + return open (ns_path, O_CLOEXEC | O_RDONLY); +} + +static void +join_namespace_or_die (const char *name, int ns_fd) +{ + if (setns (ns_fd, 0) < 0) { - fprintf (stderr, "cannot set namespace to %s: %s\n", ns_path, strerror (errno)); + fprintf (stderr, "cannot set %s namespace\n", name); _exit (EXIT_FAILURE); } - close (fd); } int @@ -570,6 +568,8 @@ reexec_userns_join (int pid_to_join, char *pause_pid_file_path) char gid[16]; char **argv; int pid; + int mnt_ns = -1; + int user_ns = -1; char *cwd = getcwd (NULL, 0); sigset_t sigset, oldsigset; @@ -589,14 +589,28 @@ reexec_userns_join (int pid_to_join, char *pause_pid_file_path) _exit (EXIT_FAILURE); } + user_ns = open_namespace (pid_to_join, "user"); + if (user_ns < 0) + return user_ns; + mnt_ns = open_namespace (pid_to_join, "mnt"); + if (mnt_ns < 0) + { + close (user_ns); + return mnt_ns; + } + pid = fork (); if (pid < 0) fprintf (stderr, "cannot fork: %s\n", strerror (errno)); if (pid) { - /* We passed down these fds, close them. */ int f; + + /* We passed down these fds, close them. */ + close (user_ns); + close (mnt_ns); + for (f = 3; f < open_files_max_fd; f++) if (open_files_set == NULL || FD_ISSET (f % FD_SETSIZE, &(open_files_set[f / FD_SETSIZE]))) close (f); @@ -634,8 +648,10 @@ reexec_userns_join (int pid_to_join, char *pause_pid_file_path) _exit (EXIT_FAILURE); } - join_namespace_or_die (pid_to_join, "user"); - join_namespace_or_die (pid_to_join, "mnt"); + join_namespace_or_die ("user", user_ns); + join_namespace_or_die ("mnt", mnt_ns); + close (user_ns); + close (mnt_ns); if (syscall_setresgid (0, 0, 0) < 0) { diff --git a/pkg/rootlessport/rootlessport_linux.go b/pkg/rootlessport/rootlessport_linux.go index 1c1ed39df..c686d80fc 100644 --- a/pkg/rootlessport/rootlessport_linux.go +++ b/pkg/rootlessport/rootlessport_linux.go @@ -102,25 +102,27 @@ func parent() error { return err } - sigC := make(chan os.Signal, 1) - signal.Notify(sigC, unix.SIGPIPE) - defer func() { - // dummy signal to terminate the goroutine - sigC <- unix.SIGKILL - }() + exitC := make(chan os.Signal, 1) + defer close(exitC) + go func() { + sigC := make(chan os.Signal, 1) + signal.Notify(sigC, unix.SIGPIPE) defer func() { signal.Stop(sigC) close(sigC) }() - s := <-sigC - if s == unix.SIGPIPE { - if f, err := os.OpenFile("/dev/null", os.O_WRONLY, 0755); err == nil { - unix.Dup2(int(f.Fd()), 1) // nolint:errcheck - unix.Dup2(int(f.Fd()), 2) // nolint:errcheck - f.Close() + select { + case s := <-sigC: + if s == unix.SIGPIPE { + if f, err := os.OpenFile("/dev/null", os.O_WRONLY, 0755); err == nil { + unix.Dup2(int(f.Fd()), 1) // nolint:errcheck + unix.Dup2(int(f.Fd()), 2) // nolint:errcheck + f.Close() + } } + case <-exitC: } }() diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 7ee2df890..a62344640 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -326,10 +326,6 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM } defaultEnv = env.Join(env.DefaultEnvVariables, defaultEnv) } - config.Env = env.Join(defaultEnv, config.Env) - for name, val := range config.Env { - g.AddProcessEnv(name, val) - } if err := addRlimits(config, &g); err != nil { return nil, err @@ -360,6 +356,11 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM if err := config.Cgroup.ConfigureGenerator(&g); err != nil { return nil, err } + + config.Env = env.Join(defaultEnv, config.Env) + for name, val := range config.Env { + g.AddProcessEnv(name, val) + } configSpec := g.Config // If the container image specifies an label with a diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index bb84f0618..01ddcf9c8 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -76,6 +76,7 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener } options := []libpod.CtrCreateOption{} + options = append(options, libpod.WithCreateCommand()) var newImage *image.Image if s.Rootfs != "" { diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go index f0161a793..396563267 100644 --- a/pkg/specgen/namespaces.go +++ b/pkg/specgen/namespaces.go @@ -216,6 +216,8 @@ func ParseNetworkNamespace(ns string) (Namespace, []string, error) { toReturn := Namespace{} var cniNetworks []string switch { + case ns == "slirp4netns": + toReturn.NSMode = Slirp case ns == "pod": toReturn.NSMode = FromPod case ns == "bridge": diff --git a/test/e2e/cp_test.go b/test/e2e/cp_test.go index 2ff6fe65e..f95f8646c 100644 --- a/test/e2e/cp_test.go +++ b/test/e2e/cp_test.go @@ -22,7 +22,6 @@ var _ = Describe("Podman cp", func() { ) BeforeEach(func() { - Skip(v2fail) tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) @@ -96,7 +95,7 @@ var _ = Describe("Podman cp", func() { }) It("podman cp dir to dir", func() { - testDirPath := filepath.Join(podmanTest.RunRoot, "TestDir") + testDirPath := filepath.Join(podmanTest.RunRoot, "TestDir1") session := podmanTest.Podman([]string{"create", ALPINE, "ls", "/foodir"}) session.WaitWithDefaultTimeout() @@ -105,6 +104,7 @@ var _ = Describe("Podman cp", func() { err := os.Mkdir(testDirPath, 0755) Expect(err).To(BeNil()) + defer os.RemoveAll(testDirPath) session = podmanTest.Podman([]string{"cp", testDirPath, name + ":/foodir"}) session.WaitWithDefaultTimeout() @@ -138,8 +138,6 @@ var _ = Describe("Podman cp", func() { res, err := cmd.Output() Expect(err).To(BeNil()) Expect(len(res)).To(Equal(0)) - - os.RemoveAll(testDirPath) }) It("podman cp stdin/stdout", func() { @@ -148,9 +146,10 @@ var _ = Describe("Podman cp", func() { Expect(session.ExitCode()).To(Equal(0)) name := session.OutputToString() - testDirPath := filepath.Join(podmanTest.RunRoot, "TestDir") + testDirPath := filepath.Join(podmanTest.RunRoot, "TestDir2") err := os.Mkdir(testDirPath, 0755) Expect(err).To(BeNil()) + defer os.RemoveAll(testDirPath) cmd := exec.Command("tar", "-zcvf", "file.tar.gz", testDirPath) _, err = cmd.Output() Expect(err).To(BeNil()) @@ -169,7 +168,6 @@ var _ = Describe("Podman cp", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - os.RemoveAll(testDirPath) os.Remove("file.tar.gz") }) @@ -185,9 +183,10 @@ var _ = Describe("Podman cp", func() { path, err := os.Getwd() Expect(err).To(BeNil()) - testDirPath := filepath.Join(path, "TestDir") + testDirPath := filepath.Join(path, "TestDir3") err = os.Mkdir(testDirPath, 0777) Expect(err).To(BeNil()) + defer os.RemoveAll(testDirPath) cmd := exec.Command("tar", "-cvf", "file.tar", testDirPath) _, err = cmd.Output() Expect(err).To(BeNil()) @@ -202,7 +201,6 @@ var _ = Describe("Podman cp", func() { Expect(session.OutputToString()).To(ContainSubstring("file.tar")) os.Remove("file.tar") - os.RemoveAll(testDirPath) }) It("podman cp symlink", func() { diff --git a/test/e2e/generate_systemd_test.go b/test/e2e/generate_systemd_test.go index 2901e7ac6..abfca4db9 100644 --- a/test/e2e/generate_systemd_test.go +++ b/test/e2e/generate_systemd_test.go @@ -18,7 +18,6 @@ var _ = Describe("Podman generate systemd", func() { ) BeforeEach(func() { - Skip(v2fail) tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/inspect_test.go b/test/e2e/inspect_test.go index 5ec1b51bb..ebac087ac 100644 --- a/test/e2e/inspect_test.go +++ b/test/e2e/inspect_test.go @@ -17,7 +17,6 @@ var _ = Describe("Podman inspect", func() { ) BeforeEach(func() { - Skip(v2fail) tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/push_test.go b/test/e2e/push_test.go index 0991da867..0747257be 100644 --- a/test/e2e/push_test.go +++ b/test/e2e/push_test.go @@ -22,7 +22,6 @@ var _ = Describe("Podman push", func() { ) BeforeEach(func() { - Skip(v2fail) tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/run_env_test.go b/test/e2e/run_env_test.go new file mode 100644 index 000000000..867913a08 --- /dev/null +++ b/test/e2e/run_env_test.go @@ -0,0 +1,138 @@ +// +build !remoteclient + +package integration + +import ( + "os" + + . "github.com/containers/libpod/test/utils" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman run", func() { + var ( + tempdir string + err error + podmanTest *PodmanTestIntegration + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanTestCreate(tempdir) + podmanTest.Setup() + podmanTest.SeedImages() + }) + + AfterEach(func() { + podmanTest.Cleanup() + f := CurrentGinkgoTestDescription() + processTestResult(f) + + }) + + It("podman run environment test", func() { + session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "printenv", "HOME"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString("/root") + Expect(match).Should(BeTrue()) + + session = podmanTest.Podman([]string{"run", "--rm", "--user", "2", ALPINE, "printenv", "HOME"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ = session.GrepString("/sbin") + Expect(match).Should(BeTrue()) + + session = podmanTest.Podman([]string{"run", "--rm", "--env", "HOME=/foo", ALPINE, "printenv", "HOME"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ = session.GrepString("/foo") + Expect(match).Should(BeTrue()) + + session = podmanTest.Podman([]string{"run", "--rm", "--env", "FOO=BAR,BAZ", ALPINE, "printenv", "FOO"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ = session.GrepString("BAR,BAZ") + Expect(match).Should(BeTrue()) + + session = podmanTest.Podman([]string{"run", "--rm", "--env", "PATH=/bin", ALPINE, "printenv", "PATH"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ = session.GrepString("/bin") + Expect(match).Should(BeTrue()) + + os.Setenv("FOO", "BAR") + session = podmanTest.Podman([]string{"run", "--rm", "--env", "FOO", ALPINE, "printenv", "FOO"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ = session.GrepString("BAR") + Expect(match).Should(BeTrue()) + os.Unsetenv("FOO") + + session = podmanTest.Podman([]string{"run", "--rm", "--env", "FOO", ALPINE, "printenv", "FOO"}) + session.WaitWithDefaultTimeout() + Expect(len(session.OutputToString())).To(Equal(0)) + Expect(session.ExitCode()).To(Equal(1)) + + session = podmanTest.Podman([]string{"run", "--rm", ALPINE, "printenv"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + // This currently does not work + // Re-enable when hostname is an env variable + session = podmanTest.Podman([]string{"run", "--rm", ALPINE, "sh", "-c", "printenv"}) + session.Wait(10) + Expect(session.ExitCode()).To(Equal(0)) + match, _ = session.GrepString("HOSTNAME") + Expect(match).Should(BeTrue()) + }) + + It("podman run --host-env environment test", func() { + env := append(os.Environ(), "FOO=BAR") + session := podmanTest.PodmanAsUser([]string{"run", "--rm", "--env-host", ALPINE, "/bin/printenv", "FOO"}, 0, 0, "", env) + + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString("BAR") + Expect(match).Should(BeTrue()) + + session = podmanTest.PodmanAsUser([]string{"run", "--rm", "--env", "FOO=BAR1", "--env-host", ALPINE, "/bin/printenv", "FOO"}, 0, 0, "", env) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ = session.GrepString("BAR1") + Expect(match).Should(BeTrue()) + os.Unsetenv("FOO") + }) + + It("podman run --http-proxy test", func() { + os.Setenv("http_proxy", "1.2.3.4") + session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "printenv", "http_proxy"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString("1.2.3.4") + Expect(match).Should(BeTrue()) + + session = podmanTest.Podman([]string{"run", "--http-proxy=false", ALPINE, "printenv", "http_proxy"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(1)) + Expect(session.OutputToString()).To(Equal("")) + + session = podmanTest.Podman([]string{"run", "--env", "http_proxy=5.6.7.8", ALPINE, "printenv", "http_proxy"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ = session.GrepString("5.6.7.8") + Expect(match).Should(BeTrue()) + os.Unsetenv("http_proxy") + + session = podmanTest.Podman([]string{"run", "--http-proxy=false", "--env", "http_proxy=5.6.7.8", ALPINE, "printenv", "http_proxy"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ = session.GrepString("5.6.7.8") + Expect(match).Should(BeTrue()) + os.Unsetenv("http_proxy") + }) +}) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 7d4039819..d94c6c169 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -193,80 +193,6 @@ var _ = Describe("Podman run", func() { Expect(session.ExitCode()).To(Equal(0)) }) - It("podman run environment test", func() { - session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "printenv", "HOME"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - match, _ := session.GrepString("/root") - Expect(match).Should(BeTrue()) - - session = podmanTest.Podman([]string{"run", "--rm", "--user", "2", ALPINE, "printenv", "HOME"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - match, _ = session.GrepString("/sbin") - Expect(match).Should(BeTrue()) - - session = podmanTest.Podman([]string{"run", "--rm", "--env", "HOME=/foo", ALPINE, "printenv", "HOME"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - match, _ = session.GrepString("/foo") - Expect(match).Should(BeTrue()) - - session = podmanTest.Podman([]string{"run", "--rm", "--env", "FOO=BAR,BAZ", ALPINE, "printenv", "FOO"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - match, _ = session.GrepString("BAR,BAZ") - Expect(match).Should(BeTrue()) - - session = podmanTest.Podman([]string{"run", "--rm", "--env", "PATH=/bin", ALPINE, "printenv", "PATH"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - match, _ = session.GrepString("/bin") - Expect(match).Should(BeTrue()) - - os.Setenv("FOO", "BAR") - session = podmanTest.Podman([]string{"run", "--rm", "--env", "FOO", ALPINE, "printenv", "FOO"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - match, _ = session.GrepString("BAR") - Expect(match).Should(BeTrue()) - os.Unsetenv("FOO") - - session = podmanTest.Podman([]string{"run", "--rm", "--env", "FOO", ALPINE, "printenv", "FOO"}) - session.WaitWithDefaultTimeout() - Expect(len(session.OutputToString())).To(Equal(0)) - Expect(session.ExitCode()).To(Equal(1)) - - session = podmanTest.Podman([]string{"run", "--rm", ALPINE, "printenv"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - - // This currently does not work - // Re-enable when hostname is an env variable - session = podmanTest.Podman([]string{"run", "--rm", ALPINE, "sh", "-c", "printenv"}) - session.Wait(10) - Expect(session.ExitCode()).To(Equal(0)) - match, _ = session.GrepString("HOSTNAME") - Expect(match).Should(BeTrue()) - }) - - It("podman run --host-env environment test", func() { - env := append(os.Environ(), "FOO=BAR") - session := podmanTest.PodmanAsUser([]string{"run", "--rm", "--env-host", ALPINE, "/bin/printenv", "FOO"}, 0, 0, "", env) - - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - match, _ := session.GrepString("BAR") - Expect(match).Should(BeTrue()) - - session = podmanTest.PodmanAsUser([]string{"run", "--rm", "--env", "FOO=BAR1", "--env-host", ALPINE, "/bin/printenv", "FOO"}, 0, 0, "", env) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - match, _ = session.GrepString("BAR1") - Expect(match).Should(BeTrue()) - os.Unsetenv("FOO") - }) - It("podman run limits test", func() { SkipIfRootless() session := podmanTest.Podman([]string{"run", "--rm", "--ulimit", "rtprio=99", "--cap-add=sys_nice", fedoraMinimal, "cat", "/proc/self/sched"}) @@ -875,21 +801,6 @@ USER mail` Expect(session).To(ExitWithError()) }) - It("podman run --http-proxy test", func() { - os.Setenv("http_proxy", "1.2.3.4") - session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "printenv", "http_proxy"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - match, _ := session.GrepString("1.2.3.4") - Expect(match).Should(BeTrue()) - - session = podmanTest.Podman([]string{"run", "--http-proxy=false", ALPINE, "printenv", "http_proxy"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(1)) - Expect(session.OutputToString()).To(Equal("")) - os.Unsetenv("http_proxy") - }) - It("podman run with restart-policy always restarts containers", func() { testDir := filepath.Join(podmanTest.RunRoot, "restart-test") diff --git a/test/system/150-login.bats b/test/system/150-login.bats index 3edb11c2f..a6f9aab85 100644 --- a/test/system/150-login.bats +++ b/test/system/150-login.bats @@ -166,8 +166,6 @@ function setup() { # Some push tests @test "podman push fail" { - skip "Not working for v2 yet" - # Create an invalid authfile authfile=${PODMAN_LOGIN_WORKDIR}/auth-$(random_string 10).json rm -f $authfile diff --git a/test/system/250-generate-systemd.bats b/test/system/250-generate-systemd.bats index 80199af5f..6155d6ace 100644 --- a/test/system/250-generate-systemd.bats +++ b/test/system/250-generate-systemd.bats @@ -10,6 +10,8 @@ SERVICE_NAME="podman_test_$(random_string)" UNIT_DIR="$HOME/.config/systemd/user" UNIT_FILE="$UNIT_DIR/$SERVICE_NAME.service" +# FIXME: the must run as root (because of CI). It's also broken... + function setup() { skip_if_not_systemd skip_if_remote |