diff options
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | cmd/podman/create.go | 73 | ||||
| -rw-r--r-- | cmd/podman/libpodruntime/runtime.go | 16 | ||||
| -rw-r--r-- | cmd/podman/run.go | 116 | ||||
| -rw-r--r-- | cmd/podman/start.go | 2 | ||||
| -rw-r--r-- | cmd/podman/wait.go | 16 | ||||
| -rw-r--r-- | completions/bash/podman | 4 | ||||
| -rw-r--r-- | docs/podman-wait.1.md | 3 | ||||
| -rw-r--r-- | libpod.conf | 8 | ||||
| -rw-r--r-- | libpod/container.go | 2 | ||||
| -rw-r--r-- | libpod/container_api.go | 5 | ||||
| -rw-r--r-- | libpod/oci.go | 22 | ||||
| -rw-r--r-- | libpod/runtime.go | 32 | ||||
| -rw-r--r-- | pkg/varlinkapi/containers.go | 2 | ||||
| -rw-r--r-- | pkg/varlinkapi/system.go | 15 | ||||
| -rw-r--r-- | test/e2e/search_test.go | 4 |
16 files changed, 144 insertions, 178 deletions
@@ -286,7 +286,7 @@ install.tools: .install.gitvalidation .install.gometalinter .install.md2man .ins fi .install.easyjson: .gopathok - if [ ! -x "$(GOBIN)/ffjson" ]; then\ + if [ ! -x "$(GOBIN)/easyffjson" ]; then\ $(GO) get -u github.com/mailru/easyjson/...; \ fi diff --git a/cmd/podman/create.go b/cmd/podman/create.go index bc010d047..c246b7903 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -57,6 +57,26 @@ var createCommand = cli.Command{ } func createCmd(c *cli.Context) error { + if err := createInit(c); err != nil { + return err + } + + runtime, err := libpodruntime.GetContainerRuntime(c) + if err != nil { + return errors.Wrapf(err, "error creating libpod runtime") + } + defer runtime.Shutdown(false) + + ctr, _, err := createContainer(c, runtime) + if err != nil { + return err + } + + fmt.Printf("%s\n", ctr.ID()) + return nil +} + +func createInit(c *cli.Context) error { // TODO should allow user to create based off a directory on the host not just image // Need CLI support for this @@ -83,63 +103,46 @@ func createCmd(c *cli.Context) error { return errors.Errorf("image name or ID is required") } + return nil +} + +func createContainer(c *cli.Context, runtime *libpod.Runtime) (*libpod.Container, *cc.CreateConfig, error) { + rtc := runtime.GetConfig() + ctx := getContext() rootfs := "" if c.Bool("rootfs") { rootfs = c.Args()[0] } - mappings, err := util.ParseIDMapping(c.StringSlice("uidmap"), c.StringSlice("gidmap"), c.String("subuidmap"), c.String("subgidmap")) - if err != nil { - return err - } - storageOpts, err := libpodruntime.GetDefaultStoreOptions() - if err != nil { - return err - } - storageOpts.UIDMap = mappings.UIDMap - storageOpts.GIDMap = mappings.GIDMap - - if os.Geteuid() != 0 { - rootless.SetSkipStorageSetup(true) - } - - runtime, err := libpodruntime.GetRuntimeWithStorageOpts(c, &storageOpts) - if err != nil { - return errors.Wrapf(err, "error creating libpod runtime") - } - defer runtime.Shutdown(false) - - rtc := runtime.GetConfig() - ctx := getContext() - imageName := "" var data *inspect.ImageData = nil + if rootfs == "" && !rootless.SkipStorageSetup() { newImage, err := runtime.ImageRuntime().New(ctx, c.Args()[0], rtc.SignaturePolicyPath, "", os.Stderr, nil, image.SigningOptions{}, false, false) if err != nil { - return err + return nil, nil, err } data, err = newImage.Inspect(ctx) imageName = newImage.Names()[0] } createConfig, err := parseCreateOpts(ctx, c, runtime, imageName, data) if err != nil { - return err + return nil, nil, err } runtimeSpec, err := cc.CreateConfigToOCISpec(createConfig) if err != nil { - return err + return nil, nil, err } options, err := createConfig.GetContainerCreateOptions(runtime) if err != nil { - return err + return nil, nil, err } became, ret, err := joinOrCreateRootlessUserNamespace(createConfig, runtime) if err != nil { - return err + return nil, nil, err } if became { os.Exit(ret) @@ -147,27 +150,25 @@ func createCmd(c *cli.Context) error { ctr, err := runtime.NewContainer(ctx, runtimeSpec, options...) if err != nil { - return err + return nil, nil, err } createConfigJSON, err := json.Marshal(createConfig) if err != nil { - return err + return nil, nil, err } if err := ctr.AddArtifact("create-config", createConfigJSON); err != nil { - return err + return nil, nil, err } - logrus.Debug("new container created ", ctr.ID()) - if c.String("cidfile") != "" { err := libpod.WriteFile(ctr.ID(), c.String("cidfile")) if err != nil { logrus.Error(err) } } - fmt.Printf("%s\n", ctr.ID()) - return nil + logrus.Debugf("New container created %q", ctr.ID()) + return ctr, createConfig, nil } // Checks if a user-specified AppArmor profile is loaded, or loads the default profile if diff --git a/cmd/podman/libpodruntime/runtime.go b/cmd/podman/libpodruntime/runtime.go index b7281ed8c..be15d138d 100644 --- a/cmd/podman/libpodruntime/runtime.go +++ b/cmd/podman/libpodruntime/runtime.go @@ -7,6 +7,7 @@ import ( "github.com/containers/libpod/libpod" "github.com/containers/libpod/pkg/rootless" + "github.com/containers/libpod/pkg/util" "github.com/containers/storage" "github.com/pkg/errors" "github.com/urfave/cli" @@ -21,6 +22,21 @@ func GetRuntime(c *cli.Context) (*libpod.Runtime, error) { return GetRuntimeWithStorageOpts(c, &storageOpts) } +// GetContainerRuntime generates a new libpod runtime configured by command line options for containers +func GetContainerRuntime(c *cli.Context) (*libpod.Runtime, error) { + mappings, err := util.ParseIDMapping(c.StringSlice("uidmap"), c.StringSlice("gidmap"), c.String("subuidmap"), c.String("subgidmap")) + if err != nil { + return nil, err + } + storageOpts, err := GetDefaultStoreOptions() + if err != nil { + return nil, err + } + storageOpts.UIDMap = mappings.UIDMap + storageOpts.GIDMap = mappings.GIDMap + return GetRuntimeWithStorageOpts(c, &storageOpts) +} + func GetRootlessStorageOpts() (storage.StoreOptions, error) { var opts storage.StoreOptions diff --git a/cmd/podman/run.go b/cmd/podman/run.go index 3445daef5..2a031de05 100644 --- a/cmd/podman/run.go +++ b/cmd/podman/run.go @@ -1,7 +1,6 @@ package main import ( - "encoding/json" "fmt" "io/ioutil" "os" @@ -11,11 +10,6 @@ import ( "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/libpod" - "github.com/containers/libpod/libpod/image" - "github.com/containers/libpod/pkg/inspect" - "github.com/containers/libpod/pkg/rootless" - cc "github.com/containers/libpod/pkg/spec" - "github.com/containers/libpod/pkg/util" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/urfave/cli" @@ -42,108 +36,21 @@ var runCommand = cli.Command{ } func runCmd(c *cli.Context) error { - var imageName string - - // Docker-compatibility: the "-h" flag for run/create is reserved for - // the hostname (see https://github.com/containers/libpod/issues/1367). - if c.Bool("help") { - cli.ShowCommandHelpAndExit(c, "run", 0) - } - - if err := validateFlags(c, createFlags); err != nil { - return err - } - - if c.String("cidfile") != "" { - if _, err := os.Stat(c.String("cidfile")); err == nil { - return errors.Errorf("container id file exists. ensure another container is not using it or delete %s", c.String("cidfile")) - } - if err := libpod.WriteFile("", c.String("cidfile")); err != nil { - return errors.Wrapf(err, "unable to write cidfile %s", c.String("cidfile")) - } - } - - storageOpts, err := libpodruntime.GetDefaultStoreOptions() - if err != nil { - return err - } - mappings, err := util.ParseIDMapping(c.StringSlice("uidmap"), c.StringSlice("gidmap"), c.String("subuidmap"), c.String("subgidmap")) - if err != nil { + if err := createInit(c); err != nil { return err } - storageOpts.UIDMap = mappings.UIDMap - storageOpts.GIDMap = mappings.GIDMap - if os.Geteuid() != 0 { - rootless.SetSkipStorageSetup(true) - } - - runtime, err := libpodruntime.GetRuntimeWithStorageOpts(c, &storageOpts) + runtime, err := libpodruntime.GetContainerRuntime(c) if err != nil { return errors.Wrapf(err, "error creating libpod runtime") } defer runtime.Shutdown(false) - if len(c.Args()) < 1 { - return errors.Errorf("image name or ID is required") - } - - rootfs := "" - if c.Bool("rootfs") { - rootfs = c.Args()[0] - } - - ctx := getContext() - rtc := runtime.GetConfig() - - var newImage *image.Image = nil - var data *inspect.ImageData = nil - if rootfs == "" && !rootless.SkipStorageSetup() { - newImage, err = runtime.ImageRuntime().New(ctx, c.Args()[0], rtc.SignaturePolicyPath, "", os.Stderr, nil, image.SigningOptions{}, false, false) - if err != nil { - return errors.Wrapf(err, "unable to find image") - } - - data, err = newImage.Inspect(ctx) - if err != nil { - return err - } - if len(newImage.Names()) < 1 { - imageName = newImage.ID() - } else { - imageName = newImage.Names()[0] - } - } - createConfig, err := parseCreateOpts(ctx, c, runtime, imageName, data) - if err != nil { - return err - } - - runtimeSpec, err := cc.CreateConfigToOCISpec(createConfig) - if err != nil { - return err - } - - options, err := createConfig.GetContainerCreateOptions(runtime) - if err != nil { - return err - } - - became, ret, err := joinOrCreateRootlessUserNamespace(createConfig, runtime) - if err != nil { - return err - } - if became { - os.Exit(ret) - } - - ctr, err := runtime.NewContainer(ctx, runtimeSpec, options...) + ctr, createConfig, err := createContainer(c, runtime) if err != nil { return err } - logrus.Debugf("New container created %q", ctr.ID()) - if logrus.GetLevel() == logrus.DebugLevel { cgroupPath, err := ctr.CGroupPath() if err == nil { @@ -151,20 +58,7 @@ func runCmd(c *cli.Context) error { } } - createConfigJSON, err := json.Marshal(createConfig) - if err != nil { - return err - } - if err := ctr.AddArtifact("create-config", createConfigJSON); err != nil { - return err - } - - if c.String("cidfile") != "" { - if err := libpod.WriteFile(ctr.ID(), c.String("cidfile")); err != nil { - logrus.Error(err) - } - } - + ctx := getContext() // Handle detached start if createConfig.Detach { if err := ctr.Start(ctx); err != nil { @@ -223,7 +117,7 @@ func runCmd(c *cli.Context) error { return err } - if ecode, err := ctr.Wait(); err != nil { + if ecode, err := ctr.Wait(libpod.WaitTimeout); err != nil { if errors.Cause(err) == libpod.ErrNoSuchCtr { // The container may have been removed // Go looking for an exit file diff --git a/cmd/podman/start.go b/cmd/podman/start.go index cb65ec6d4..a80d0e1e8 100644 --- a/cmd/podman/start.go +++ b/cmd/podman/start.go @@ -115,7 +115,7 @@ func startCmd(c *cli.Context) error { return errors.Wrapf(err, "unable to start container %s", ctr.ID()) } - if ecode, err := ctr.Wait(); err != nil { + if ecode, err := ctr.Wait(libpod.WaitTimeout); err != nil { logrus.Errorf("unable to get exit code of container %s: %q", ctr.ID(), err) } else { exitCode = int(ecode) diff --git a/cmd/podman/wait.go b/cmd/podman/wait.go index e919ab3ca..48d3885e7 100644 --- a/cmd/podman/wait.go +++ b/cmd/podman/wait.go @@ -3,8 +3,10 @@ package main import ( "fmt" "os" + "time" "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" "github.com/pkg/errors" "github.com/urfave/cli" ) @@ -15,7 +17,14 @@ var ( Block until one or more containers stop and then print their exit codes ` - waitFlags = []cli.Flag{LatestFlag} + waitFlags = []cli.Flag{ + cli.UintFlag{ + Name: "interval, i", + Usage: "Milliseconds to wait before polling for completion", + Value: uint(libpod.WaitTimeout), + }, + LatestFlag, + } waitCommand = cli.Command{ Name: "wait", Usage: "Block on one or more containers", @@ -57,7 +66,10 @@ func waitCmd(c *cli.Context) error { if err != nil { return errors.Wrapf(err, "unable to find container %s", container) } - returnCode, err := ctr.Wait() + if c.Uint("interval") == 0 { + return errors.Errorf("interval must be greater then 0") + } + returnCode, err := ctr.Wait(time.Duration(c.Uint("interval"))) if err != nil { if lastError != nil { fmt.Fprintln(os.Stderr, lastError) diff --git a/completions/bash/podman b/completions/bash/podman index d9af43d37..de535512f 100644 --- a/completions/bash/podman +++ b/completions/bash/podman @@ -2012,7 +2012,9 @@ _podman_wait() { local boolean_options=" --help -h - -l + -i + -l + --interval --latest" case "$cur" in -*) diff --git a/docs/podman-wait.1.md b/docs/podman-wait.1.md index 74ccdbe0c..dd5dc7907 100644 --- a/docs/podman-wait.1.md +++ b/docs/podman-wait.1.md @@ -17,6 +17,9 @@ After the container stops, the container's return code is printed. Print usage statement +**--interval, i**" + Microseconds to wait before polling for completion + **--latest, -l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman diff --git a/libpod.conf b/libpod.conf index cc4a10cff..dcfeb67cc 100644 --- a/libpod.conf +++ b/libpod.conf @@ -80,3 +80,11 @@ pause_image = "k8s.gcr.io/pause:3.1" # Default command to run the pause container pause_command = "/pause" + +# Determines whether libpod will reserve ports on the host when they are +# forwarded to containers. When enabled, when ports are forwarded to containers, +# they are held open by conmon as long as the container is running, ensuring that +# they cannot be reused by other programs on the host. However, this can cause +# significant memory usage if a container has many ports forwarded to it. +# Disabling this can save memory. +#enable_port_reservation = true diff --git a/libpod/container.go b/libpod/container.go index e748cb84d..f68a3535e 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -36,6 +36,8 @@ const ( ContainerStateStopped ContainerStatus = iota // ContainerStatePaused indicates that the container has been paused ContainerStatePaused ContainerStatus = iota + // WaitTimeout is the wait timeout before checking for container exit + WaitTimeout = time.Second / time.Millisecond ) // CgroupfsDefaultCgroupParent is the cgroup parent for CGroupFS in libpod diff --git a/libpod/container_api.go b/libpod/container_api.go index 86e2370ea..437699bae 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -592,12 +592,11 @@ func (c *Container) Inspect(size bool) (*inspect.ContainerInspectData, error) { } // Wait blocks on a container to exit and returns its exit code -func (c *Container) Wait() (int32, error) { +func (c *Container) Wait(waitTimeout time.Duration) (int32, error) { if !c.valid { return -1, ErrCtrRemoved } - - err := wait.PollImmediateInfinite(100*time.Millisecond, + err := wait.PollImmediateInfinite(waitTimeout*time.Millisecond, func() (bool, error) { stopped, err := c.isStopped() if err != nil { diff --git a/libpod/oci.go b/libpod/oci.go index e1c0d1261..3838394cb 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -66,6 +66,7 @@ type OCIRuntime struct { socketsDir string logSizeMax int64 noPivot bool + reservePorts bool } // syncInfo is used to return data from monitor process to daemon @@ -75,7 +76,7 @@ type syncInfo struct { } // Make a new OCI runtime with provided options -func newOCIRuntime(name string, path string, conmonPath string, conmonEnv []string, cgroupManager string, tmpDir string, logSizeMax int64, noPivotRoot bool) (*OCIRuntime, error) { +func newOCIRuntime(name string, path string, conmonPath string, conmonEnv []string, cgroupManager string, tmpDir string, logSizeMax int64, noPivotRoot bool, reservePorts bool) (*OCIRuntime, error) { runtime := new(OCIRuntime) runtime.name = name runtime.path = path @@ -85,6 +86,7 @@ func newOCIRuntime(name string, path string, conmonPath string, conmonEnv []stri runtime.tmpDir = tmpDir runtime.logSizeMax = logSizeMax runtime.noPivot = noPivotRoot + runtime.reservePorts = reservePorts runtime.exitsDir = filepath.Join(runtime.tmpDir, "exits") runtime.socketsDir = filepath.Join(runtime.tmpDir, "socket") @@ -311,15 +313,17 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string) (er cmd.Env = append(cmd.Env, fmt.Sprintf("_OCI_STARTPIPE=%d", 4)) cmd.Env = append(cmd.Env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)) - ports, err := bindPorts(ctr.config.PortMappings) - if err != nil { - return err - } + if r.reservePorts { + ports, err := bindPorts(ctr.config.PortMappings) + if err != nil { + return err + } - // Leak the port we bound in the conmon process. These fd's won't be used - // by the container and conmon will keep the ports busy so that another - // process cannot use them. - cmd.ExtraFiles = append(cmd.ExtraFiles, ports...) + // Leak the port we bound in the conmon process. These fd's won't be used + // by the container and conmon will keep the ports busy so that another + // process cannot use them. + cmd.ExtraFiles = append(cmd.ExtraFiles, ports...) + } if rootless.IsRootless() { ctr.rootlessSlirpSyncR, ctr.rootlessSlirpSyncW, err = os.Pipe() diff --git a/libpod/runtime.go b/libpod/runtime.go index 63b8c971e..736169932 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -164,6 +164,14 @@ type RuntimeConfig struct { InfraImage string `toml:"infra_image"` // InfraCommand is the command run to start up a pod infra container InfraCommand string `toml:"infra_command"` + // EnablePortReservation determines whether libpod will reserve ports on + // the host when they are forwarded to containers. + // When enabled, when ports are forwarded to containers, they are + // held open by conmon as long as the container is running, ensuring + // that they cannot be reused by other programs on the host. + // However, this can cause significant memory usage if a container has + // many ports forwarded to it. Disabling this can save memory. + EnablePortReservation bool `toml:"enable_port_reservation"` } var ( @@ -190,16 +198,17 @@ var ( ConmonEnvVars: []string{ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", }, - CgroupManager: SystemdCgroupsManager, - HooksDir: hooks.DefaultDir, - StaticDir: filepath.Join(storage.DefaultStoreOptions.GraphRoot, "libpod"), - TmpDir: "", - MaxLogSize: -1, - NoPivotRoot: false, - CNIConfigDir: "/etc/cni/net.d/", - CNIPluginDir: []string{"/usr/libexec/cni", "/usr/lib/cni", "/opt/cni/bin"}, - InfraCommand: DefaultInfraCommand, - InfraImage: DefaultInfraImage, + CgroupManager: SystemdCgroupsManager, + HooksDir: hooks.DefaultDir, + StaticDir: filepath.Join(storage.DefaultStoreOptions.GraphRoot, "libpod"), + TmpDir: "", + MaxLogSize: -1, + NoPivotRoot: false, + CNIConfigDir: "/etc/cni/net.d/", + CNIPluginDir: []string{"/usr/libexec/cni", "/usr/lib/cni", "/opt/cni/bin"}, + InfraCommand: DefaultInfraCommand, + InfraImage: DefaultInfraImage, + EnablePortReservation: true, } ) @@ -467,7 +476,8 @@ func makeRuntime(runtime *Runtime) (err error) { ociRuntime, err := newOCIRuntime("runc", runtime.ociRuntimePath, runtime.conmonPath, runtime.config.ConmonEnvVars, runtime.config.CgroupManager, runtime.config.TmpDir, - runtime.config.MaxLogSize, runtime.config.NoPivotRoot) + runtime.config.MaxLogSize, runtime.config.NoPivotRoot, + runtime.config.EnablePortReservation) if err != nil { return err } diff --git a/pkg/varlinkapi/containers.go b/pkg/varlinkapi/containers.go index f517e9b6e..de9c23034 100644 --- a/pkg/varlinkapi/containers.go +++ b/pkg/varlinkapi/containers.go @@ -341,7 +341,7 @@ func (i *LibpodAPI) WaitContainer(call iopodman.VarlinkCall, name string) error if err != nil { return call.ReplyContainerNotFound(name) } - exitCode, err := ctr.Wait() + exitCode, err := ctr.Wait(libpod.WaitTimeout) if err != nil { return call.ReplyErrorOccurred(err.Error()) } diff --git a/pkg/varlinkapi/system.go b/pkg/varlinkapi/system.go index a90b72a6d..54bce3d35 100644 --- a/pkg/varlinkapi/system.go +++ b/pkg/varlinkapi/system.go @@ -34,6 +34,9 @@ func (i *LibpodAPI) Ping(call iopodman.VarlinkCall) error { // GetInfo returns details about the podman host and its stores func (i *LibpodAPI) GetInfo(call iopodman.VarlinkCall) error { + var ( + registries, insecureRegistries []string + ) podmanInfo := iopodman.PodmanInfo{} info, err := i.Runtime.Info() if err != nil { @@ -76,7 +79,19 @@ func (i *LibpodAPI) GetInfo(call iopodman.VarlinkCall) error { Graph_status: graphStatus, } + registriesInterface := info[2].Data["registries"] + insecureRegistriesInterface := info[3].Data["registries"] + if registriesInterface != nil { + registries = registriesInterface.([]string) + } + if insecureRegistriesInterface != nil { + insecureRegistries = insecureRegistriesInterface.([]string) + } + podmanInfo.Store = infoStore podmanInfo.Podman = pmaninfo + podmanInfo.Registries = registries + podmanInfo.Insecure_registries = insecureRegistries + return call.ReplyGetInfo(podmanInfo) } diff --git a/test/e2e/search_test.go b/test/e2e/search_test.go index 2c85ca765..1f06bf4a1 100644 --- a/test/e2e/search_test.go +++ b/test/e2e/search_test.go @@ -60,10 +60,10 @@ var _ = Describe("Podman search", func() { }) It("podman search single registry flag", func() { - search := podmanTest.Podman([]string{"search", "registry.fedoraproject.org/fedora-minimal"}) + search := podmanTest.Podman([]string{"search", "registry.fedoraproject.org/fedora"}) search.WaitWithDefaultTimeout() Expect(search.ExitCode()).To(Equal(0)) - Expect(search.LineInOutputContains("fedoraproject.org/fedora-minimal")).To(BeTrue()) + Expect(search.LineInOutputContains("fedoraproject.org/fedora")).To(BeTrue()) }) It("podman search format flag", func() { |