diff options
| -rw-r--r-- | RELEASE_NOTES.md | 11 | ||||
| -rw-r--r-- | changelog.txt | 32 | ||||
| -rw-r--r-- | cmd/podman/commands.go | 11 | ||||
| -rw-r--r-- | cmd/podman/shared/create.go | 10 | ||||
| -rw-r--r-- | completions/bash/podman | 26 | ||||
| -rw-r--r-- | contrib/spec/podman.spec.in | 2 | ||||
| -rw-r--r-- | contrib/systemd/README.md | 78 | ||||
| -rw-r--r-- | contrib/systemd/system/podman.service | 2 | ||||
| -rw-r--r-- | contrib/systemd/user/podman.service | 2 | ||||
| -rw-r--r-- | docs/source/markdown/podman-system-service.1.md (renamed from docs/source/markdown/podman-service.1.md) | 6 | ||||
| -rw-r--r-- | docs/source/markdown/podman-system.1.md | 2 | ||||
| -rw-r--r-- | docs/source/markdown/podman.1.md | 1 | ||||
| -rw-r--r-- | install.md | 529 | ||||
| -rw-r--r-- | libpod/runtime_pod_linux.go | 12 | ||||
| -rw-r--r-- | pkg/varlinkapi/images.go | 10 | ||||
| -rw-r--r-- | version/version.go | 2 |
16 files changed, 91 insertions, 645 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index d961b713e..fc528d70f 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -2,7 +2,7 @@ ## 1.8.0 ### Features -- The `podman service` command has been added, providing a preview of Podman's new Docker-compatible API. This API is still very new, and not yet ready for production use, but is available for early testing +- The `podman system service` command has been added, providing a preview of Podman's new Docker-compatible API. This API is still very new, and not yet ready for production use, but is available for early testing - Rootless Podman now uses Rootlesskit for port forwarding, which should greatly improve performance and capabilities - The `podman untag` command has been added to remove tags from images without deleting them - The `podman inspect` command on images now displays previous names they used @@ -29,13 +29,20 @@ - Fixed a bug where `podman history` was not computing image sizes correctly ([#4916](https://github.com/containers/libpod/issues/4916)) - Fixed a bug where Podman would not error on invalid values to the `--sort` flag to `podman images` - Fixed a bug where providing a name for the image made by `podman commit` was mandatory, not optional as it should be ([#5027](https://github.com/containers/libpod/issues/5027)) +- Fixed a bug where the remote Podman client would append an extra `"` to `%PATH` ([#4335](https://github.com/containers/libpod/issues/4335)) +- Fixed a bug where the `podman build` command would sometimes ignore the `-f` option and build the wrong Containerfile +- Fixed a bug where the `podman ps --filter` command would only filter running containers, instead of all containers, if `--all` was not passed ([#5050](https://github.com/containers/libpod/issues/5050)) +- Fixed a bug where the `podman load` command on compressed images would leave an extra copy on disk +- Fixed a bug where the `podman restart` command would not properly clean up the network, causing it to function differently from `podman stop; podman start` ([#5051](https://github.com/containers/libpod/issues/5051)) +- Fixed a bug where setting the `--memory-swap` flag to `podman create` and `podman run` to `-1` (to indicate unlimited) was not supported ([#5091](https://github.com/containers/libpod/issues/5091)) ### Misc - Initial work on version 2 of the Podman remote API has been merged, but is still in an alpha state and not ready for use. Read more [here](https://podman.io/releases/2020/01/17/podman-new-api.html) - Many formatting corrections have been made to the manpages - The changes to address ([#5009](https://github.com/containers/libpod/issues/5009)) may cause anonymous volumes created by Podman versions 1.6.3 to 1.7.0 to not be removed when their container is removed - Updated vendored Buildah to v1.13.1 -- Updated vendored containers/storage to v1.15.7 +- Updated vendored containers/storage to v1.15.8 +- Updated vendored containers/image to v5.2.0 ## 1.7.0 ### Features diff --git a/changelog.txt b/changelog.txt index 996c87441..320526596 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,3 +1,35 @@ +- Changelog for v1.8.0 (2020-02-06) + * [CI:DOCS]update contrib systemd user + * [CI:DOCS]fix systemd files for apiv2 + * Update release notes for final release of v1.8.0 + * Move podman-service to podman-system-service + * Only modify conmon cgroup if we have running containers + * fix swagger docs and make sure docs validation runs + * Special case memory-swap=-1 + * vendor github.com/mtrmac/gpgme@v0.1.2 + * vendor github.com/containers/image/v5@v5.2.0 + * Add Containerfile location e2e test + * [CI:DOCS]addition of specgen package + * {CI:DOCS] run gofmt before lint + * build(deps): bump github.com/onsi/ginkgo from 1.11.0 to 1.12.0 + * Close tarSource when finished using it + * Force --all when --filter is passed to podman ps + * Initial implementation of a spec generator package + * Fix wrong Containerfile location on build + * Wrap error for failing ImageSize calls + * swagger: v2: libpod/images/{import,load,pull} + * seperate container create network options + * Cirrus: Fix gate task + make lint|validate + * Add a binding test to check image tag and list commands. + * Update /_ping support + * [CI:DOCS]add apiv2 endpoints for exec + * build(deps): bump github.com/containers/storage from 1.15.7 to 1.15.8 + * build(deps): bump github.com/onsi/gomega from 1.8.1 to 1.9.0 + * Tear down network when restarting containers + * Move install.md to podman.io, leave link page + * Update XML to not embed quote in PATH on windows + * Bump to v1.8.0-dev + - Changelog for v1.8.0-rc1 (2020-01-31) * Fix a syntax error in hack/release.sh * Minor update to release notes diff --git a/cmd/podman/commands.go b/cmd/podman/commands.go index ebd7aeb0c..d6018a6f4 100644 --- a/cmd/podman/commands.go +++ b/cmd/podman/commands.go @@ -26,9 +26,6 @@ func getMainCommands() []*cobra.Command { if len(_varlinkCommand.Use) > 0 { rootCommands = append(rootCommands, _varlinkCommand) } - if len(_serviceCommand.Use) > 0 { - rootCommands = append(rootCommands, _serviceCommand) - } return rootCommands } @@ -71,9 +68,15 @@ func getTrustSubCommands() []*cobra.Command { // Commands that the local client implements func getSystemSubCommands() []*cobra.Command { - return []*cobra.Command{ + systemCommands := []*cobra.Command{ _renumberCommand, _dfSystemCommand, _migrateCommand, } + + if len(_serviceCommand.Use) > 0 { + systemCommands = append(systemCommands, _serviceCommand) + } + + return systemCommands } diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go index 2f637694b..010c80373 100644 --- a/cmd/podman/shared/create.go +++ b/cmd/podman/shared/create.go @@ -309,9 +309,13 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod. } } if c.String("memory-swap") != "" { - memorySwap, err = units.RAMInBytes(c.String("memory-swap")) - if err != nil { - return nil, errors.Wrapf(err, "invalid value for memory-swap") + if c.String("memory-swap") == "-1" { + memorySwap = -1 + } else { + memorySwap, err = units.RAMInBytes(c.String("memory-swap")) + if err != nil { + return nil, errors.Wrapf(err, "invalid value for memory-swap") + } } } if c.String("kernel-memory") != "" { diff --git a/completions/bash/podman b/completions/bash/podman index 57b9547a7..56559c142 100644 --- a/completions/bash/podman +++ b/completions/bash/podman @@ -1200,6 +1200,19 @@ _podman_system_prune() { esac } +_podman_system_service() { + local options_with_args=" + -t + --timeout + " + local boolean_options=" + --help + -h + --varlink + " + _complete_ "$options_with_args" "$boolean_options" +} + _podman_system() { local boolean_options=" --help @@ -1755,19 +1768,6 @@ _podman_search() { _complete_ "$options_with_args" "$boolean_options" } -_podman_service() { - local options_with_args=" - -t - --timeout - " - local boolean_options=" - --help - -h - --varlink - " - _complete_ "$options_with_args" "$boolean_options" -} - _podman_unmount() { _podman_umount $@ } diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index a64f473f4..4e4dc5d21 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -43,7 +43,7 @@ %global shortcommit_conmon %(c=%{commit_conmon}; echo ${c:0:7}) Name: podman -Version: 1.8.0 +Version: 1.8.1 Release: #COMMITDATE#.git%{shortcommit0}%{?dist} Summary: Manage Pods, Containers and Container Images License: ASL 2.0 diff --git a/contrib/systemd/README.md b/contrib/systemd/README.md index ff266c6a5..9f1d37792 100644 --- a/contrib/systemd/README.md +++ b/contrib/systemd/README.md @@ -2,11 +2,6 @@ ## system-wide (podman service run as root) -The following unit file examples assume: - 1. copied the `service` executable into `/usr/local/bin` - 1. `chcon system_u:object_r:container_runtime_exec_t:s0 /usr/local/bin/service` - -then: 1. copy the `podman.service` and `podman.socket` files into `/etc/systemd/system` 1. `systemctl daemon-reload` 1. `systemctl enable podman.socket` @@ -16,47 +11,12 @@ then: Assuming the status messages show no errors, the libpod service is ready to respond to the APIv2 on the unix domain socket `/run/podman/podman.sock` ### podman.service -```toml -[Unit] -Description=Podman API Service -Requires=podman.socket -After=podman.socket -Documentation=man:podman-api(1) -StartLimitIntervalSec=0 - -[Service] -Type=oneshot -Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf -ExecStart=/usr/local/bin/service -TimeoutStopSec=30 -KillMode=process - -[Install] -WantedBy=multi-user.target -Also=podman.socket -``` +You can refer to [this example](https://github.com/containers/libpod/blob/master/contrib/systemd/system/podman.service) for a sample podman.service file. ### podman.socket +You can refer to [this example](https://github.com/containers/libpod/blob/master/contrib/systemd/system/podman.socket) for a sample podman.socket file. -```toml -[Unit] -Description=Podman API Socket -Documentation=man:podman-api(1) - -[Socket] -ListenStream=%t/podman/podman.sock -SocketMode=0660 - -[Install] -WantedBy=sockets.target -``` ## user (podman service run as given user aka "rootless") -The following unit file examples assume: - 1. you have a created a directory `~/bin` - 1. copied the `service` executable into `~/bin` - 1. `chcon system_u:object_r:container_runtime_exec_t:s0 ~/bin/service` - -then: 1. `mkdir -p ~/.config/systemd/user` 1. copy the `podman.service` and `podman.socket` files into `~/.config/systemd/user` 1. `systemctl --user enable podman.socket` @@ -66,37 +26,7 @@ then: Assuming the status messages show no errors, the libpod service is ready to respond to the APIv2 on the unix domain socket `/run/user/$(id -u)/podman/podman.sock` ### podman.service +You can refer to [this example](https://github.com/containers/libpod/blob/master/contrib/systemd/user/podman.service) for a rootless podman.service file. -```toml -[Unit] -Description=Podman API Service -Requires=podman.socket -After=podman.socket -Documentation=man:podman-api(1) -StartLimitIntervalSec=0 - -[Service] -Type=oneshot -Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf -ExecStart=%h/bin/service -TimeoutStopSec=30 -KillMode=process - -[Install] -WantedBy=multi-user.target -Also=podman.socket -``` ### podman.socket - -```toml -[Unit] -Description=Podman API Socket -Documentation=man:podman-api(1) - -[Socket] -ListenStream=%t/podman/podman.sock -SocketMode=0660 - -[Install] -WantedBy=sockets.target -``` +You can refer to [this example](https://github.com/containers/libpod/blob/master/contrib/systemd/user/podman.socket) for a rootless podman.socket file. diff --git a/contrib/systemd/system/podman.service b/contrib/systemd/system/podman.service index 13d858627..eaa2ec437 100644 --- a/contrib/systemd/system/podman.service +++ b/contrib/systemd/system/podman.service @@ -8,7 +8,7 @@ StartLimitIntervalSec=0 [Service] Type=oneshot Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf -ExecStart=/usr/local/bin/service +ExecStart=/usr/bin/podman system service TimeoutStopSec=30 KillMode=process diff --git a/contrib/systemd/user/podman.service b/contrib/systemd/user/podman.service index 81fa55cf8..eaa2ec437 100644 --- a/contrib/systemd/user/podman.service +++ b/contrib/systemd/user/podman.service @@ -8,7 +8,7 @@ StartLimitIntervalSec=0 [Service] Type=oneshot Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf -ExecStart=%h/bin/service +ExecStart=/usr/bin/podman system service TimeoutStopSec=30 KillMode=process diff --git a/docs/source/markdown/podman-service.1.md b/docs/source/markdown/podman-system-service.1.md index 5c55e20d3..a71ce9dc0 100644 --- a/docs/source/markdown/podman-service.1.md +++ b/docs/source/markdown/podman-system-service.1.md @@ -1,13 +1,13 @@ % podman-service(1) ## NAME -podman\-service - Run an API service +podman\-system\-service - Run an API service ## SYNOPSIS -**podman service** [*options*] +**podman system service** [*options*] ## DESCRIPTION -The **podman service** command creates a listening service that will answer API calls for Podman. You may +The **podman system service** command creates a listening service that will answer API calls for Podman. You may optionally provide an endpoint for the API in URI form. For example, *unix://tmp/foobar.sock* or *tcp:localhost:8080*. If no endpoint is provided, defaults will be used. The default endpoint for a rootfull service is *unix:/run/podman/podman.sock* and rootless is *unix:/$XDG_RUNTIME_DIR/podman/podman.sock* (for diff --git a/docs/source/markdown/podman-system.1.md b/docs/source/markdown/podman-system.1.md index 1af97290d..5f163c6f0 100644 --- a/docs/source/markdown/podman-system.1.md +++ b/docs/source/markdown/podman-system.1.md @@ -19,6 +19,8 @@ The system command allows you to manage the podman systems | prune | [podman-system-prune(1)](podman-system-prune.1.md) | Remove all unused container, image and volume data. | | renumber | [podman-system-renumber(1)](podman-system-renumber.1.md)| Migrate lock numbers to handle a change in maximum number of locks. | | reset | [podman-system-reset(1)](podman-system-reset.1.md) | Reset storage back to initial state. | +| service | [podman-service(1)](podman-system-service.1.md) | Run an API service | + ## SEE ALSO podman(1) diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md index af0e55925..853b5ecec 100644 --- a/docs/source/markdown/podman.1.md +++ b/docs/source/markdown/podman.1.md @@ -191,7 +191,6 @@ the exit codes follow the `chroot` standard, see below: | [podman-rmi(1)](podman-rmi.1.md) | Removes one or more locally stored images. | | [podman-run(1)](podman-run.1.md) | Run a command in a new container. | | [podman-save(1)](podman-save.1.md) | Save an image to a container archive. | -| [podman-service(1)](podman-service.1.md) | Run an API service | | [podman-search(1)](podman-search.1.md) | Search a registry for an image. | | [podman-start(1)](podman-start.1.md) | Start one or more containers. | | [podman-stats(1)](podman-stats.1.md) | Display a live stream of one or more container's resource usage statistics. | diff --git a/install.md b/install.md index b143c7f7a..12dc62b32 100644 --- a/install.md +++ b/install.md @@ -1,530 +1,5 @@ # libpod Installation Instructions -## Installing packaged versions of Podman +The installation instructions for Podman and libpod now reside **[here](https://podman.io/getting-started/installation)** in the **[podman.io](https://podman.io)** site. From the hompage, the installation instructions can be found under "Get Started->Installing Podman". -#### [Arch Linux](https://www.archlinux.org) & [Manjaro Linux](https://manjaro.org) - -```bash -sudo pacman -S podman -``` - -If you have problems when running Podman in [rootless](README.md#rootless) mode follow the instructions [here](https://wiki.archlinux.org/index.php/Linux_Containers#Enable_support_to_run_unprivileged_containers_(optional)) - -#### [Debian](https://debian.org) - -The libpod package is [being worked on](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930440) -for inclusion in the default Debian repos. Relevant status updates can also be -found [here](https://github.com/containers/libpod/issues/1742). - -Alternatively, the [Kubic project](https://build.opensuse.org/project/show/devel:kubic:libcontainers:stable) -provides packages for Debian 10, testing and unstable. - -```bash -# Debian Unstable/Sid -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_Unstable/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Debian_Unstable/Release.key -O Release.key - -# Debian Testing -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_Testing/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Debian_Testing/Release.key -O Release.key - -# Debian 10 -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Debian_10/Release.key -O Release.key - -sudo apt-key add - < Release.key -sudo apt-get update -qq -sudo apt-get -qq -y install podman -``` - -There are many [packages](https://packages.debian.org/search?keywords=libpod&searchon=names&suite=stable§ion=all) -with the libpod prefix available already on Debian. However, those are -unrelated to this project. - - -#### [Fedora](https://www.fedoraproject.org), [CentOS](https://www.centos.org) - -```bash -sudo yum -y install podman -``` - -#### [Fedora-CoreOS](https://coreos.fedoraproject.org), [Fedora SilverBlue](https://silverblue.fedoraproject.org) - -Built-in, no need to install - -#### [Gentoo](https://www.gentoo.org) - -```bash -sudo emerge app-emulation/libpod -``` - -#### [MacOS](https://www.apple.com/macos) - -Using [Homebrew](https://brew.sh/): - -```bash -brew cask install podman -``` - -#### [OpenEmbedded](https://www.openembedded.org) - -Bitbake recipes for podman and its dependencies are available in the -[meta-virtualization layer](https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/). -Add the layer to your OpenEmbedded build environment and build podman using: - -```bash -bitbake podman -``` - -#### [openSUSE](https://www.opensuse.org) - -```bash -sudo zypper install podman -``` - -#### [openSUSE Kubic](https://kubic.opensuse.org) - -Built-in, no need to install - - -#### [Raspbian](https://raspbian.org) - -The Kubic project provides packages for Raspbian 10. - -```bash -# Raspbian 10 -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Raspbian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Raspbian_10/Release.key -O Release.key -sudo apt-key add - < Release.key -sudo apt-get update -qq -sudo apt-get -qq -y install podman -``` - - -#### [RHEL7](https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux) - -Subscribe, then enable Extras channel and install Podman. - -```bash -sudo subscription-manager repos --enable=rhel-7-server-extras-rpms -sudo yum -y install podman -``` - -#### [RHEL8 Beta](https://www.redhat.com/en/blog/powering-its-future-while-preserving-present-introducing-red-hat-enterprise-linux-8-beta?intcmp=701f2000001Cz6OAAS) - -```bash -sudo yum module enable -y container-tools:1.0 -sudo yum module install -y container-tools:1.0 -``` - - -#### [Ubuntu](https://www.ubuntu.com) - -The Kubic project provides packages for Ubuntu 18.04, 19.04 and 19.10. - -```bash -. /etc/os-release -sudo sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list" -wget -q https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key -O- | sudo apt-key add - -sudo apt-get update -qq -sudo apt-get -qq -y install podman -``` - -There are many [packages](https://packages.ubuntu.com/search?keywords=libpod&searchon=names&suite=eoan§ion=all) -with the libpod prefix available already on Ubuntu. However, those are -unrelated to this project. - - -### Installing development versions of Podman - -#### Debian - -The Kubic project provides RC/testing packages for Debian 10, testing and -unstable. - -```bash -# Debian Unstable/Sid -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/testing/Debian_Unstable/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:testing.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:testing/Debian_Unstable/Release.key -O Release.key - -# Debian Testing -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/testing/Debian_Testing/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:testing.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:testing/Debian_Testing/Release.key -O Release.key - -# Debian 10 -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/testing/Debian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:testing.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:testing/Debian_10/Release.key -O Release.key - -# Raspbian 10 -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/testing/Raspbian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:testing.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:testing/Raspbian_10/Release.key -O Release.key - -sudo apt-key add - < Release.key -sudo apt-get update -qq -sudo apt-get -qq -y install podman -``` - - -#### Fedora - -You can test the very latest Podman in Fedora's `updates-testing` -repository before it goes out to all Fedora users. - -```console -sudo yum distro-sync --enablerepo=updates-testing podman -``` - -If you use a newer Podman package from Fedora's `updates-testing`, we would -appreciate your `+1` feedback in [Bodhi, Fedora's update management -system](https://bodhi.fedoraproject.org/updates/?packages=podman). - -If you are running a non-rawhide Fedora distribution, you can also test the latest packages -with our [COPR repository](https://copr.fedorainfracloud.org/coprs/baude/Upstream_CRIO_Family/). - -#### [Raspbian](https://raspbian.org) - -The Kubic project provides RC/testing packages for Raspbian 10. - -```bash -# Raspbian 10 -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/testing/Raspbian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:testing.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:testing/Raspbian_10/Release.key -O Release.key -sudo apt-key add - < Release.key -sudo apt-get update -qq -sudo apt-get -qq -y install podman -``` - - -#### Ubuntu - -The Kubic project provides RC/testing packages for Ubuntu 18.04, 19.04 and 19.10. - -```bash -. /etc/os-release -sudo sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/testing/x${NAME}_${VERSION_ID}/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:testing.list" -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:testing/x${NAME}_${VERSION_ID}/Release.key -O Release.key -sudo apt-key add - < Release.key -sudo apt-get update -qq -sudo apt-get -qq -y install podman -``` - - -## Building from scratch - -### Build and Run Dependencies - -**Required** - -Fedora, CentOS, RHEL, and related distributions you should try to run -`make package-install` which will install dependencies, build the source, -produce rpms for the current platform and install them in the end. - -```bash -sudo yum install -y \ - atomic-registries \ - btrfs-progs-devel \ - containernetworking-cni \ - device-mapper-devel \ - git \ - glib2-devel \ - glibc-devel \ - glibc-static \ - go \ - golang-github-cpuguy83-go-md2man \ - gpgme-devel \ - iptables \ - libassuan-devel \ - libgpg-error-devel \ - libseccomp-devel \ - libselinux-devel \ - make \ - pkgconfig \ - runc \ - containers-common -``` - -Debian, Ubuntu, and related distributions: - -```bash -sudo apt-get install \ - btrfs-tools \ - git \ - golang-go \ - go-md2man \ - iptables \ - libassuan-dev \ - libbtrfs-dev \ - libc6-dev \ - libdevmapper-dev \ - libglib2.0-dev \ - libgpgme-dev \ - libgpg-error-dev \ - libprotobuf-dev \ - libprotobuf-c0-dev \ - libseccomp-dev \ - libselinux1-dev \ - libsystemd-dev \ - pkg-config \ - runc \ - uidmap -``` - -On openSUSE Leap 15.x and Tumbleweed: - -```bash -sudo zypper -n in libseccomp-devel libgpgme-devel -``` - -On Manjaro (and maybe other Linux distributions): - -Make sure that the Linux kernel supports user namespaces: - -``` -> zgrep CONFIG_USER_NS /proc/config.gz -CONFIG_USER_NS=y - -``` - -If not, please update the kernel. -For Manjaro Linux the instructions can be found here: -https://wiki.manjaro.org/index.php/Manjaro_Kernels - -After that enable user namespaces: - -``` -sudo sysctl kernel.unprivileged_userns_clone=1 -``` - -To enable the user namespaces permanently: - -``` -echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/userns.conf -``` - -### Building missing dependencies - -If any dependencies cannot be installed or are not sufficiently current, they have to be built from source. -This will mainly affect Debian, Ubuntu, and related distributions, or RHEL where no subscription is active (e.g. Cloud VMs). - -#### golang - -Be careful to double-check that the version of golang is new enough (i.e. `go version`), version 1.10.x or higher is required. -If needed, golang kits are available at https://golang.org/dl/. Alternatively, go can be built from source as follows -(it's helpful to leave the system-go installed, to avoid having to [bootstrap go](https://golang.org/doc/install/source): - -```bash -export GOPATH=~/go -git clone https://go.googlesource.com/go $GOPATH -cd $GOPATH -git checkout tags/go1.10.8 # optional -cd src -./all.bash -export PATH=$GOPATH/bin:$PATH -``` - -#### conmon - -The latest version of `conmon` is expected to be installed on the system. Conmon is used to monitor OCI Runtimes. -To build from source, use the following: - -```bash -git clone https://github.com/containers/conmon -cd conmon -export GOCACHE="$(mktemp -d)" -make -sudo make podman -``` - -#### runc - -The latest version of `runc` is expected to be installed on the system. It is picked up as the default runtime by Podman. -Version 1.0.0-rc4 is the minimal requirement, which is available in Ubuntu 18.04 already. -To double-check, `runc --version` should produce at least `spec: 1.0.1`, otherwise build your own: - -```bash -git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc -cd $GOPATH/src/github.com/opencontainers/runc -make BUILDTAGS="selinux seccomp" -sudo cp runc /usr/bin/runc -``` - -#### CNI plugins - -#### Setup CNI networking - -A proper description of setting up CNI networking is given in the [`cni` README](cni/README.md). - -A basic setup for CNI networking is done by default during the installation or make processes and -no further configuration is needed to start using Podman. - -#### Add configuration - -```bash -sudo mkdir -p /etc/containers -sudo curl https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora -o /etc/containers/registries.conf -sudo curl https://raw.githubusercontent.com/containers/skopeo/master/default-policy.json -o /etc/containers/policy.json -``` - - -#### Optional packages - -Fedora, CentOS, RHEL, and related distributions: - -(no optional packages) - -Debian, Ubuntu, and related distributions: - -```bash -apt-get install -y \ - libapparmor-dev -``` - -### Get Source Code - -As with other Go projects, Podman must be cloned into a directory structure like: - -``` -GOPATH -└── src - └── github.com - └── containers - └── libpod -``` - -First, ensure that the go version that is found first on the $PATH (in case you built your own; see [above](#golang)) is sufficiently recent - -`go version` must be higher than 1.10.x). Then we can finally build Podman (assuming we already have a `$GOPATH` and the corresponding folder, -`export GOPATH=~/go && mkdir -p $GOPATH`): - -```bash -git clone https://github.com/containers/libpod/ $GOPATH/src/github.com/containers/libpod -cd $GOPATH/src/github.com/containers/libpod -make BUILDTAGS="selinux seccomp" -sudo make install PREFIX=/usr -``` - -#### Build Tags - -Otherwise, if you do not want to build Podman with seccomp or selinux support you can add `BUILDTAGS=""` when running make. - -```bash -make BUILDTAGS="" -sudo make install -``` - -Podman supports optional build tags for compiling support of various features. -To add build tags to the make option the `BUILDTAGS` variable must be set, for example: - -```bash -make BUILDTAGS='seccomp apparmor' -``` - -| Build Tag | Feature | Dependency | -|----------------------------------|------------------------------------|----------------------| -| apparmor | apparmor support | libapparmor | -| exclude_graphdriver_btrfs | exclude btrfs | libbtrfs | -| exclude_graphdriver_devicemapper | exclude device-mapper | libdm | -| libdm_no_deferred_remove | exclude deferred removal in libdm | libdm | -| seccomp | syscall filtering | libseccomp | -| selinux | selinux process and mount labeling | | -| systemd | journald logging | libsystemd | - -Note that Podman does not officially support device-mapper. Thus, the `exclude_graphdriver_devicemapper` tag is mandatory. - -### Vendoring - Dependency Management - -This project is using [go modules](https://github.com/golang/go/wiki/Modules) for dependency management. If the CI is complaining about a pull request leaving behind an unclean state, it is very likely right about it. After changing dependencies, make sure to run `make vendor` to synchronize the code with the go module and repopulate the `./vendor` directory. - -## Configuration files - -### [registries.conf](https://src.fedoraproject.org/rpms/skopeo/blob/master/f/registries.conf) - -#### Man Page: [registries.conf.5](https://github.com/containers/image/blob/master/docs/registries.conf.5.md) - -`/etc/containers/registries.conf` - -registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. - -#### Example from the Fedora `containers-common` package - -``` -cat /etc/containers/registries.conf -# This is a system-wide configuration file used to -# keep track of registries for various container backends. -# It adheres to TOML format and does not support recursive -# lists of registries. - -# The default location for this configuration file is /etc/containers/registries.conf. - -# The only valid categories are: 'registries.search', 'registries.insecure', -# and 'registries.block'. - -[registries.search] -registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org'] - -# If you need to access insecure registries, add the registry's fully-qualified name. -# An insecure registry is one that does not have a valid SSL certificate or only does HTTP. -[registries.insecure] -registries = [] - - -# If you need to block pull access from a registry, uncomment the section below -# and add the registries fully-qualified name. -# -[registries.block] -registries = [] -``` - -### [mounts.conf](https://src.fedoraproject.org/rpms/skopeo/blob/master/f/mounts.conf) - -`/usr/share/containers/mounts.conf` and optionally `/etc/containers/mounts.conf` - -The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the `podman run` or `podman build` commands. Container process can then use this content. The volume mount content does not get committed to the final image. - -Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories. - -For example, a mounts.conf with the line "`/usr/share/rhel/secrets:/run/secrets`", the content of `/usr/share/rhel/secrets` directory is mounted on `/run/secrets` inside the container. This mountpoint allows Red Hat Enterprise Linux subscriptions from the host to be used within the container. - -Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host. - -#### Example from the Fedora `containers-common` package: - -``` -cat /usr/share/containers/mounts.conf -/usr/share/rhel/secrets:/run/secrets -``` - -### [seccomp.json](https://src.fedoraproject.org/rpms/skopeo/blob/master/f/seccomp.json) - -`/usr/share/containers/seccomp.json` - -seccomp.json contains the whitelist of seccomp rules to be allowed inside of -containers. This file is usually provided by the containers-common package. - -The link above takes you to the seccomp.json - -### [policy.json](https://github.com/containers/skopeo/blob/master/default-policy.json) - -`/etc/containers/policy.json` - -#### Man Page: [policy.json.5](https://github.com/containers/image/blob/master/docs/policy.json.md) - - -#### Example from the Fedora `containers-common` package: - -``` -cat /etc/containers/policy.json -{ - "default": [ - { - "type": "insecureAcceptAnything" - } - ], - "transports": - { - "docker-daemon": - { - "": [{"type":"insecureAcceptAnything"}] - } - } -} -``` +The podman.io site resides in a GitHub under the Containers repository at [https://github.com/containers/podman.io](https://github.com/containers/podman.io). If you see a change that needs to happen to the installation instructions, please feel free to open a pull request there, we're always happy to have new contributors! diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go index 5b0111b85..4afd5760a 100644 --- a/libpod/runtime_pod_linux.go +++ b/libpod/runtime_pod_linux.go @@ -193,8 +193,6 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) } } - var removalErr error - // We're going to be removing containers. // If we are CGroupfs cgroup driver, to avoid races, we need to hit // the pod and conmon CGroups with a PID limit to prevent them from @@ -205,7 +203,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) conmonCgroupPath := filepath.Join(p.state.CgroupPath, "conmon") conmonCgroup, err := cgroups.Load(conmonCgroupPath) if err != nil && err != cgroups.ErrCgroupDeleted && err != cgroups.ErrCgroupV1Rootless { - removalErr = errors.Wrapf(err, "error retrieving pod %s conmon cgroup %s", p.ID(), conmonCgroupPath) + logrus.Errorf("Error retrieving pod %s conmon cgroup %s: %v", p.ID(), conmonCgroupPath, err) } // New resource limits @@ -216,15 +214,13 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) // Don't try if we failed to retrieve the cgroup if err == nil { if err := conmonCgroup.Update(resLimits); err != nil { - if removalErr == nil { - removalErr = errors.Wrapf(err, "error updating pod %s conmon group", p.ID()) - } else { - logrus.Errorf("Error updating pod %s conmon cgroup %s: %v", p.ID(), conmonCgroupPath, err) - } + logrus.Warnf("Error updating pod %s conmon cgroup %s PID limit: %v", p.ID(), conmonCgroupPath, err) } } } + var removalErr error + ctrNamedVolumes := make(map[string]*ContainerNamedVolume) // Second loop - all containers are good, so we should be clear to diff --git a/pkg/varlinkapi/images.go b/pkg/varlinkapi/images.go index 333595a96..b144bfa5e 100644 --- a/pkg/varlinkapi/images.go +++ b/pkg/varlinkapi/images.go @@ -143,6 +143,7 @@ func (i *LibpodAPI) GetImage(call iopodman.VarlinkCall, id string) error { func (i *LibpodAPI) BuildImage(call iopodman.VarlinkCall, config iopodman.BuildInfo) error { var ( namespace []buildah.NamespaceOption + imageID string err error ) @@ -249,7 +250,8 @@ func (i *LibpodAPI) BuildImage(call iopodman.VarlinkCall, config iopodman.BuildI c := make(chan error) go func() { - _, _, err := i.Runtime.Build(getContext(), options, newPathDockerFiles...) + iid, _, err := i.Runtime.Build(getContext(), options, newPathDockerFiles...) + imageID = iid c <- err close(c) }() @@ -291,13 +293,9 @@ func (i *LibpodAPI) BuildImage(call iopodman.VarlinkCall, config iopodman.BuildI } call.Continues = false - newImage, err := i.Runtime.ImageRuntime().NewFromLocal(config.Output) - if err != nil { - return call.ReplyErrorOccurred(err.Error()) - } br := iopodman.MoreResponse{ Logs: log, - Id: newImage.ID(), + Id: imageID, } return call.ReplyBuildImage(br) } diff --git a/version/version.go b/version/version.go index 4665023a4..d5926d744 100644 --- a/version/version.go +++ b/version/version.go @@ -4,7 +4,7 @@ package version // NOTE: remember to bump the version at the top // of the top-level README.md file when this is // bumped. -const Version = "1.8.0-dev" +const Version = "1.8.1-dev" // RemoteAPIVersion is the version for the remote // client API. It is used to determine compatibility |