diff options
48 files changed, 820 insertions, 259 deletions
@@ -123,6 +123,8 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in [func ListImages() Image](#ListImages) +[func ListImagesWithFilters(filters: []string) Image](#ListImagesWithFilters) + [func ListPods() ListPodData](#ListPods) [func LoadImage(name: string, inputFile: string, quiet: bool, deleteFile: bool) MoreResponse](#LoadImage) @@ -892,6 +894,13 @@ See also [GetContainer](#GetContainer). method ListImages() [Image](#Image)</div> ListImages returns information about the images that are currently in storage. See also [InspectImage](#InspectImage). +### <a name="ListImagesWithFilters"></a>func ListImagesWithFilters +<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;"> + +method ListImagesWithFilters(filters: [[]string](#[]string)) [Image](#Image)</div> +ListImagesWithFilters returns information about the images that are currently in storage +after one or more filters has been applied. +See also [InspectImage](#InspectImage). ### <a name="ListPods"></a>func ListPods <div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;"> @@ -3,7 +3,7 @@ export GOPROXY=https://proxy.golang.org GO ?= go DESTDIR ?= -EPOCH_TEST_COMMIT ?= ac73fd3fe5dcbf2647d589f9c9f37fe9531ed663 +EPOCH_TEST_COMMIT ?= 11541aec80c0fc588f675decd0ce759a4e353684 HEAD ?= HEAD CHANGELOG_BASE ?= HEAD~ CHANGELOG_TARGET ?= HEAD @@ -73,11 +73,12 @@ endif LIBPOD := ${PROJECT}/libpod GCFLAGS ?= all=-trimpath=${PWD} ASMFLAGS ?= all=-trimpath=${PWD} -LDFLAGS_PODMAN ?= $(LDFLAGS) \ +LDFLAGS_PODMAN ?= \ -X $(LIBPOD)/define.gitCommit=$(GIT_COMMIT) \ -X $(LIBPOD)/define.buildInfo=$(BUILD_INFO) \ -X $(LIBPOD)/config._installPrefix=$(PREFIX) \ - -X $(LIBPOD)/config._etcDir=$(ETCDIR) + -X $(LIBPOD)/config._etcDir=$(ETCDIR) \ + -extldflags "$(LDFLAGS)" #Update to LIBSECCOMP_COMMIT should reflect in Dockerfile too. LIBSECCOMP_COMMIT := release-2.3 # Rarely if ever should integration tests take more than 50min, @@ -158,10 +159,10 @@ gofmt: ## Verify the source code gofmt git diff --exit-code test/checkseccomp/checkseccomp: .gopathok $(wildcard test/checkseccomp/*.go) - $(GO_BUILD) -ldflags '$(LDFLAGS)' -tags "$(BUILDTAGS)" -o $@ $(PROJECT)/test/checkseccomp + $(GO_BUILD) -ldflags '$(LDFLAGS_PODMAN)' -tags "$(BUILDTAGS)" -o $@ $(PROJECT)/test/checkseccomp test/goecho/goecho: .gopathok $(wildcard test/goecho/*.go) - $(GO_BUILD) -ldflags '$(LDFLAGS)' -o $@ $(PROJECT)/test/goecho + $(GO_BUILD) -ldflags '$(LDFLAGS_PODMAN)' -o $@ $(PROJECT)/test/goecho podman: .gopathok $(PODMAN_VARLINK_DEPENDENCIES) ## Build with podman $(GO_BUILD) $(BUILDFLAGS) -gcflags '$(GCFLAGS)' -asmflags '$(ASMFLAGS)' -ldflags '$(LDFLAGS_PODMAN)' -tags "$(BUILDTAGS)" -o bin/$@ $(PROJECT)/cmd/podman diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index c16be818a..c8dac9ee0 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,5 +1,61 @@ # Release Notes +## 1.7.0 +### Features +- Added support for setting a static MAC address for containers +- Added support for creating `macvlan` networks with `podman network create`, allowing Podman containers to be attached directly to networks the host is connected to +- The `podman image prune` and `podman container prune` commands now support the `--filter` flag to filter what will be pruned, and now prompts for confirmation when run without `--force` ([#4410](https://github.com/containers/libpod/issues/4410) and [#4411](https://github.com/containers/libpod/issues/4411)) +- Podman now creates CGroup namespaces by default on systems using CGroups v2 ([#4363](https://github.com/containers/libpod/issues/4363)) +- Added the `podman system reset` command to remove all Podman files and perform a factory reset of the Podman installation +- Added the `--history` flag to `podman images` to display previous names used by images ([#4566](https://github.com/containers/libpod/issues/4566)) +- Added the `--ignore` flag to `podman rm` and `podman stop` to not error when requested containers no longer exist +- Added the `--cidfile` flag to `podman rm` and `podman stop` to read the IDs of containers to be removed or stopped from a file +- The `podman play kube` command now honors Seccomp annotations ([#3111](https://github.com/containers/libpod/issues/3111)) +- The `podman play kube` command now honors `RunAsUser`, `RunAsGroup`, and `selinuxOptions` +- The output format of the `podman version` command has been changed to better match `docker version` when using the `--format` flag +- Rootless Podman will no longer initialize containers/storage twice, removing a potential deadlock preventing Podman commands from running while an image was being pulled ([#4591](https://github.com/containers/libpod/issues/4591)) +- Added `tmpcopyup` and `notmpcopyup` options to the `--tmpfs` and `--mount type=tmpfs` flags to `podman create` and `podman run` to control whether the content of directories are copied into tmpfs filesystems mounted over them +- Added support for disabling detaching from containers by setting empty detach keys via `--detach-keys=""` +- The `podman build` command now supports the `--pull` and `--pull-never` flags to control when images are pulled during a build + +### Bugfixes +- Fixed a bug where Podman would use an incorrect runtime directory as root, causing state to be deleted after root logged out and making Podman in systemd services not function properly +- Fixed a bug where the `--change` flag to `podman import` and `podman commit` was not being parsed properly in many cases +- Fixed a bug where detach keys specified in `libpod.conf` were not used by the `podman attach` and `podman exec` commands, which always used the global default `ctrl-p,ctrl-q` key combination ([#4556](https://github.com/containers/libpod/issues/4556)) +- Fixed a bug where rootless Podman was not able to run `podman pod stats` even on CGroups v2 enabled systems ([#4634](https://github.com/containers/libpod/issues/4634)) +- Fixed a bug where rootless Podman would fail on kernels without the `renameat2` syscall ([#4570](https://github.com/containers/libpod/issues/4570)) +- Fixed a bug where containers with chained network namespace dependencies (IE, container A using `--net container=B` and container B using `--net container=C`) would not properly mount `/etc/hosts` and `/etc/resolv.conf` into the container ([#4626](https://github.com/containers/libpod/issues/4626)) +- Fixed a bug where `podman run` with the `--rm` flag and without `-d` could, when run in the background, throw a 'container does not exist' error when attempting to remove the container after it exited +- Fixed a bug where named volume locks were not properly reacquired after a reboot, potentially leading to deadlocks when trying to start containers using the volume ([#4605](https://github.com/containers/libpod/issues/4605) and [#4621](https://github.com/containers/libpod/issues/4621)) +- Fixed a bug where Podman could not completely remove containers if sent SIGKILL during removal, leaving the container name unusable without the `podman rm --storage` command to complete removal ([#3906](https://github.com/containers/libpod/issues/3906)) +- Fixed a bug where checkpointing containers started with `--rm` was allowed when `--export` was not specified (the container, and checkpoint, would be removed after checkpointing was complete by `--rm`) ([#3774](https://github.com/containers/libpod/issues/3774)) +- Fixed a bug where the `podman pod prune` command would fail if containers were present in the pods and the `--force` flag was not passed ([#4346](https://github.com/containers/libpod/issues/4346)) +- Fixed a bug where containers could not set a static IP or static MAC address if they joined a non-default CNI network ([#4500](https://github.com/containers/libpod/issues/4500)) +- Fixed a bug where `podman system renumber` would always throw an error if a container was mounted when it was run +- Fixed a bug where `podman container restore` would fail with containers using a user namespace +- Fixed a bug where rootless Podman would attempt to use the journald events backend even on systems without systemd installed +- Fixed a bug where `podman history` would sometimes not properly identify the IDs of layers in an image ([#3359](https://github.com/containers/libpod/issues/3359)) +- Fixed a bug where containers could not be restarted when Conmon v2.0.3 or later was used +- Fixed a bug where Podman did not check image OS and Architecture against the host when starting a container +- Fixed a bug where containers in pods did not function properly with the Kata OCI runtime ([#4353](https://github.com/containers/libpod/issues/4353)) +- Fixed a bug where `podman info --format '{{ json . }}' would not produce JSON output ([#4391](https://github.com/containers/libpod/issues/4391)) +- Fixed a bug where Podman would not verify if files passed to `--authfile` existed ([#4328](https://github.com/containers/libpod/issues/4328)) +- Fixed a bug where `podman images --digest` would not always print digests when they were available +- Fixed a bug where rootless `podman run` could hang due to a race with reading and writing events +- Fixed a bug where rootless Podman would print warning-level logs despite not be instructed to do so ([#4456](https://github.com/containers/libpod/issues/4456)) +- Fixed a bug where `podman pull` would attempt to fetch from remote registries when pulling an unqualified image using the `docker-daemon` transport ([#4434](https://github.com/containers/libpod/issues/4434)) +- Fixed a bug where `podman cp` would not work if STDIN was a pipe +- Fixed a bug where `podman exec` could stop accepting input if anything was typed between the command being run and the exec session starting ([#4397](https://github.com/containers/libpod/issues/4397)) +- Fixed a bug where `podman logs --tail 0` would print all lines of a container's logs, instead of no lines ([#4396](https://github.com/containers/libpod/issues/4396)) +- Fixed a bug where the timeout for `slirp4netns` was incorrectly set, resulting in an extremely long timeout ([#4344](https://github.com/containers/libpod/issues/4344)) +- Fixed a bug where the `podman stats` command would print CPU utilizations figures incorrectly ([#4409](https://github.com/containers/libpod/issues/4409)) + +### Misc +- The fixes to runtime directory path as root can cause strange behavior if an upgrade is performed while containers are running +- Updated vendored Buildah to v1.11.6 +- Updated vendored containers/storage library to v1.15.3 +- Kata Containers runtimes (`kata-runtime`, `kata-qemu`, and `kata-fc`) are now present in the default libpod.conf, but will not be available unless Kata containers is installed on the system + ## 1.6.3 ### Features - Handling of the `libpod.conf` configuration file has seen major changes. Most significantly, rootless users will no longer automatically receive a complete configuration file when they first use Podman, and will instead only receive differences from the global configuration. diff --git a/changelog.txt b/changelog.txt index 615e2a135..a19c23934 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,3 +1,196 @@ +- Changelog for v1.7.0-rc1 (2019-12-11) + * Update release notes for 1.7.0 + * docs: update podman-{pod-,}top man pages + * build(deps): bump github.com/containers/psgo from 1.3.2 to 1.4.0 + * Update containers/storage to v1.15.3 + * move image filters under libpod/images + * Re-add Fedora 31 migration code. + * macvlan networks + * Return empty runtime directory if we're not rootless + * build(deps): bump github.com/containers/storage from 1.15.0 to 1.15.2 + * Use terminal detach keys sequence specified in the config file + * Add ONBUILD support to --change + * Move Commit() to new parsing for --change + * test for #3920 (improper caching of tarballs in build) + * Enable multi-platform rpm building + * Completely rework --change parsing + * Avoid git warnings by using detach on checkout + * Improve hack/get_release_info.sh + * Bump Buildah to v1.11.6 + * rootless: enable stats test on cgroup v2 + * Improve dnf tests inside build_rpm.sh + * libpod: fix stats for rootless pods + * rootless: add fallback for renameat2 at runtime + * Attempt to install go-md2man only if missing + * Quick grammar touchup in rootless.md + * Allow chained network namespace containers + * Ensure volumes reacquire locks on state refresh + * Ignore ErrCtrRemoved when removing a container + * Add comment on rootless containers creating device nodes + * Updates on making doc building and debug optional + * troubleshooting: warn about secure boot + * libpod: fix case for executable file not found errors + * build: improved main makefile + * build: improved prepare.sh + * Fix podman-remote version to print client and server + * man page updated with examples of filter option + * install.md: added slirp4netns dependency to ubuntu + * Add podman system reset command + * fix commands.go to get links from correct directory + * Do not initialize store on rootless podman + * filter added to container prune command + * Disable checkpointing of containers started with --rm + * Make doc building in spec optional + * Donot install btrfs in RHEL/CentOS-8 + * oci: print only matching part for the errors + * command output fixed as per docker equivalent + * Detect Python executable in Makefile + * Improved build_rpm.sh + * Add support for image name history + * Remove containers when pruning a stopped pod. + * Allow --ip and --mac to be set when joining a CNI net + * Document other bind options on --volumes flag + * podman {pod,} rm/stop: add --ignore flag + * Discard errors from Shutdown in `system renumber` + * e2e/prune: run two top containers + * build(deps): bump github.com/containers/storage from 1.13.5 to 1.14.0 + * build(deps): bump gopkg.in/yaml.v2 from 2.2.5 to 2.2.7 + * build(deps): bump github.com/pkg/profile from 1.3.0 to 1.4.0 + * document updated for filter and until options + * filter added to image pruge command. + * config: use EventsLogger=file without systemd + * Error on netns not exist only when ctr is running + * Add ContainerStateRemoving + * play kube: handle seccomp labels + * podman rm/stop --cidfile + * container-restore: Fix restore with user namespace + * Add new test suite for build + * Also delete winsz fifo + * use pause image for check all + * timestamp related functions added + * Bump to Buildah v1.11.5 + * container create: os/arch check + * history: rewrite mappings + * codespell: spelling corrections + * Cirrus: Use branch-specific container tags + * warning added before image prune command + * create a separate install target for seccomp + * Add annotations in play kube + * Add pod annotations to container + * Add missing information to podman.1 man page + * Add support for make vendor-in-container + * Split up create config handling of namespaces and security + * test: add tests for --mac-address + * mount: add new options nocopyup|copyup for tmpfs + * Bump github.com/uber/jaeger-client-go + * libpod/config: default: use `crun` on Cgroups v2 + * podman images --digest: always list a digest + * events: make sure the write channel is always closed + * Add support for RunAsUser and RunAsGroup + * cni: enable tuning plugin + * podman: add support for specifying MAC + * vendor: updated ocicni for MAC address + * Makefile: add vendor-in-container + * rootless: provide workaround for missing renameat2 + * rootless: use SYS_renameat2 instead of __NR_renameat2 + * Add Kata Containers runtimes to libpod.conf + * help message: don't parse the config for cgroup-manager default + * fix bug check nonexist authfile + * Allow users to disable detach keys + * namespaces: by default create cgroupns on cgroups v2 + * Update installation - Ubuntu. [skip ci] + * pulling unqualified reference: make sure it's a docker reference + * Bump gopkg.in/yaml.v2 from 2.2.4 to 2.2.5 + * Set SELinux labels based on the security context in the kube.yaml + * Add links to readthedocs on docs/readme + * Bump development version to 1.6.4-dev + * Bump version in README to v1.6.3 + * Add release notes for v1.6.3 + * slirp4netns: fix timeout + * docs: Update "podman container rm -v" description + * logo: correct light source reflection + * stats: fix calculation for the CPU time + * [docs] Ensure we include section 5 documentation + * [Makefile] Fix docker documentation install and generation + * Fixed the JSON go template format for the 'info' action + * runtime: Fix typo + * Update link to Commands documentation + * cgroups: read correctly the CPU stats + * [CI:DOCS] make docs only prs + * Update rootless shortcomings with cgroup V2 information + * Bump github.com/onsi/gomega from 1.7.0 to 1.7.1 + * Validate contextdir on build + * Vendor in latest containers/buildah + * Bump github.com/onsi/ginkgo from 1.10.1 to 1.10.3 + * Refactor test to prevent panic + * logs: support --tail 0 + * Update document formatting and packaging code + * Restructure documentation dir + * add libpod/config + * Switch to bufio Reader for exec streams + * container start: fix regression when using name + * Fix selinux test for exec + * Cirrus: Disable F29 testing + * Wait for `mount` command to finish when mounting volume + * Cirrus: Fix upload_release_archive on branch or tag + * Fix cp from pipe + * libpod, rootless: create cgroup for conmon + * Bump github.com/json-iterator/go from 1.1.7 to 1.1.8 + * seccomp: use github.com/seccomp/containers-golang + * build: drop support for ostree + * stale action: add exempt-issue-label + * Processes execed into container should match container label + * Set default seccomp.json file for podman play kube + * images: distinguish between tags and digests + * API: report multiple digests for images + * pull/create: add --override-arch/--override-os flags + * image: don't get confused by lists + * Add e2e tests for manifest list support + * bump containers/image to v5.0.0, buildah to v1.11.4 + * goland autocorrections + * Makefile: fix embedding gitCommit + * Cirrus: Fix minor python deprecation warning + * Cirrus: Only upload tagged releases + * Fix spelling mistakes + * libpod: if slirp4netns fails, return its output + * update conmon to v2.0.2 in in_podman image + * bump cirrus images + * require conmon v2.0.1 + * require conmon v2.0.0 + * GitHub stale action + * enable dnsplugin for network create + * Add ensureState helper for checking container state + * Cleanup man pages + * Log warn instead of error for removing nonexistant container + * systemd: mask /sys/fs/cgroup/systemd/release_agent + * Add multiple networks explanation to docs + * rootless: raise an error with --network= + * Initial dump of man pages and first menus + * Return a better error for volume name conflicts + * Add documentation on options to volume create manpage + * Image volumes should not be mounted noexec + * stats: list all running containers unless specified otherwise + * rootless: detect no system session with --cgroup-manager=systemd + * add pip requirements file for rtd + * Initial checking for readthedocs + * Fix sig-proxy=false test and use image cache + * Add parsing for UID, GID in volume "o" option + * exec: remove unused var + * Rewrite backend for remote 'volume inspect' + * rootless: write storage overrides to the conf file + * Markdown Formatting Fixes + * Show volume options in 'volume inspect' + * System tests: make sure exec pid hash w/o leaking + * Bump gitvalidation epoch + * Bump to v1.6.3-dev + * check existing bridge names when creating networks + * Add support for anonymous volumes to `podman run -v` + * troubleshooting.md: document lingering mode + * rootless: do not enable lingering mode + * Add ability to redirect bash for run -i + * play kube: Container->Ctr + * play kube: refactor test suite + - Changelog for v1.6.2 (2019-10-17) * Finalize release notes for v1.6.2 * rootless: drop dependency on docker diff --git a/cmd/podman/cliconfig/config.go b/cmd/podman/cliconfig/config.go index c15ce8829..e81756808 100644 --- a/cmd/podman/cliconfig/config.go +++ b/cmd/podman/cliconfig/config.go @@ -128,6 +128,7 @@ type ExecValues struct { PodmanCommand DetachKeys string Env []string + EnvFile []string Privileged bool Interactive bool Tty bool @@ -278,6 +279,7 @@ type NetworkCreateValues struct { IPRange net.IPNet IPV6 bool Network net.IPNet + MacVLAN string } type NetworkListValues struct { diff --git a/cmd/podman/exec.go b/cmd/podman/exec.go index 8dcec24ce..6e5799396 100644 --- a/cmd/podman/exec.go +++ b/cmd/podman/exec.go @@ -40,6 +40,7 @@ func init() { // priority execCommand.DetachKeys = "" flags.StringArrayVarP(&execCommand.Env, "env", "e", []string{}, "Set environment variables") + flags.StringSliceVar(&execCommand.EnvFile, "env-file", []string{}, "Read in a file of environment variables") flags.BoolVarP(&execCommand.Interactive, "interactive", "i", false, "Keep STDIN open even if not attached") flags.BoolVarP(&execCommand.Latest, "latest", "l", false, "Act on the latest container podman is aware of") flags.BoolVar(&execCommand.Privileged, "privileged", false, "Give the process extended Linux capabilities inside the container. The default is false") @@ -48,6 +49,7 @@ func init() { flags.IntVar(&execCommand.PreserveFDs, "preserve-fds", 0, "Pass N additional file descriptors to the container") flags.StringVarP(&execCommand.Workdir, "workdir", "w", "", "Working directory inside the container") + markFlagHiddenForRemoteClient("env-file", flags) markFlagHiddenForRemoteClient("latest", flags) markFlagHiddenForRemoteClient("preserve-fds", flags) } diff --git a/cmd/podman/images.go b/cmd/podman/images.go index 6b16272f4..e42546a55 100644 --- a/cmd/podman/images.go +++ b/cmd/podman/images.go @@ -5,14 +5,12 @@ import ( "fmt" "reflect" "sort" - "strconv" "strings" "time" "unicode" "github.com/containers/buildah/pkg/formats" "github.com/containers/libpod/cmd/podman/cliconfig" - "github.com/containers/libpod/cmd/podman/imagefilters" "github.com/containers/libpod/libpod/image" "github.com/containers/libpod/pkg/adapter" "github.com/docker/go-units" @@ -138,10 +136,10 @@ func init() { func imagesCmd(c *cliconfig.ImagesValues) error { var ( - filterFuncs []imagefilters.ResultFilter - image string + image string ) + ctx := getContext() runtime, err := adapter.GetRuntime(getContext(), &c.PodmanCommand) if err != nil { return errors.Wrapf(err, "Could not get runtime") @@ -156,15 +154,9 @@ func imagesCmd(c *cliconfig.ImagesValues) error { if len(c.Filter) > 0 && image != "" { return errors.New("can not specify an image and a filter") } - ctx := getContext() - - if len(c.Filter) > 0 { - filterFuncs, err = CreateFilterFuncs(ctx, runtime, c.Filter, nil) - } else { - filterFuncs, err = CreateFilterFuncs(ctx, runtime, []string{fmt.Sprintf("reference=%s", image)}, nil) - } - if err != nil { - return err + filters := c.Filter + if len(filters) < 1 { + filters = append(filters, fmt.Sprintf("reference=%s", image)) } opts := imagesOptions{ @@ -179,26 +171,17 @@ func imagesCmd(c *cliconfig.ImagesValues) error { } opts.outputformat = opts.setOutputFormat() - images, err := runtime.GetImages() + filteredImages, err := runtime.GetFilteredImages(filters, false) if err != nil { return errors.Wrapf(err, "unable to get images") } - for _, image := range images { + for _, image := range filteredImages { if image.IsReadOnly() { opts.outputformat += "{{.ReadOnly}}\t" break } } - - var filteredImages []*adapter.ContainerImage - //filter the images - if len(c.Filter) > 0 || len(c.InputArgs) == 1 { - filteredImages = imagefilters.FilterImages(images, filterFuncs) - } else { - filteredImages = images - } - return generateImagesOutput(ctx, filteredImages, opts) } @@ -392,53 +375,3 @@ func GenImageOutputMap() map[string]string { } return values } - -// CreateFilterFuncs returns an array of filter functions based on the user inputs -// and is later used to filter images for output -func CreateFilterFuncs(ctx context.Context, r *adapter.LocalRuntime, filters []string, img *adapter.ContainerImage) ([]imagefilters.ResultFilter, error) { - var filterFuncs []imagefilters.ResultFilter - for _, filter := range filters { - splitFilter := strings.Split(filter, "=") - if len(splitFilter) < 2 { - return nil, errors.Errorf("invalid filter syntax %s", filter) - } - switch splitFilter[0] { - case "before": - before, err := r.NewImageFromLocal(splitFilter[1]) - if err != nil { - return nil, errors.Wrapf(err, "unable to find image %s in local stores", splitFilter[1]) - } - filterFuncs = append(filterFuncs, imagefilters.CreatedBeforeFilter(before.Created())) - case "after": - after, err := r.NewImageFromLocal(splitFilter[1]) - if err != nil { - return nil, errors.Wrapf(err, "unable to find image %s in local stores", splitFilter[1]) - } - filterFuncs = append(filterFuncs, imagefilters.CreatedAfterFilter(after.Created())) - case "readonly": - readonly, err := strconv.ParseBool(splitFilter[1]) - if err != nil { - return nil, errors.Wrapf(err, "invalid filter readonly=%s", splitFilter[1]) - } - filterFuncs = append(filterFuncs, imagefilters.ReadOnlyFilter(readonly)) - case "dangling": - danglingImages, err := strconv.ParseBool(splitFilter[1]) - if err != nil { - return nil, errors.Wrapf(err, "invalid filter dangling=%s", splitFilter[1]) - } - filterFuncs = append(filterFuncs, imagefilters.DanglingFilter(danglingImages)) - case "label": - labelFilter := strings.Join(splitFilter[1:], "=") - filterFuncs = append(filterFuncs, imagefilters.LabelFilter(ctx, labelFilter)) - case "reference": - referenceFilter := strings.Join(splitFilter[1:], "=") - filterFuncs = append(filterFuncs, imagefilters.ReferenceFilter(ctx, referenceFilter)) - default: - return nil, errors.Errorf("invalid filter %s ", splitFilter[0]) - } - } - if img != nil { - filterFuncs = append(filterFuncs, imagefilters.OutputImageFilter(img)) - } - return filterFuncs, nil -} diff --git a/cmd/podman/network_create.go b/cmd/podman/network_create.go index 6710883ae..886607885 100644 --- a/cmd/podman/network_create.go +++ b/cmd/podman/network_create.go @@ -41,6 +41,7 @@ func init() { flags.IPVar(&networkCreateCommand.Gateway, "gateway", nil, "IPv4 or IPv6 gateway for the subnet") flags.BoolVar(&networkCreateCommand.Internal, "internal", false, "restrict external access from this network") flags.IPNetVar(&networkCreateCommand.IPRange, "ip-range", net.IPNet{}, "allocate container IP from range") + flags.StringVar(&networkCreateCommand.MacVLAN, "macvlan", "", "create a Macvlan connection based on this device") // TODO not supported yet //flags.StringVar(&networkCreateCommand.IPamDriver, "ipam-driver", "", "IP Address Management Driver") // TODO enable when IPv6 is working @@ -50,6 +51,10 @@ func init() { } func networkcreateCmd(c *cliconfig.NetworkCreateValues) error { + var ( + fileName string + err error + ) if err := network.IsSupportedDriver(c.Driver); err != nil { return err } @@ -66,7 +71,11 @@ func networkcreateCmd(c *cliconfig.NetworkCreateValues) error { if err != nil { return err } - fileName, err := runtime.NetworkCreate(c) + if len(c.MacVLAN) > 0 { + fileName, err = runtime.NetworkCreateMacVLAN(c) + } else { + fileName, err = runtime.NetworkCreateBridge(c) + } if err == nil { fmt.Println(fileName) } diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink index a3fd27ed6..2251050c3 100644 --- a/cmd/podman/varlink/io.podman.varlink +++ b/cmd/podman/varlink/io.podman.varlink @@ -784,6 +784,11 @@ method DeleteStoppedContainers() -> (containers: []string) # See also [InspectImage](#InspectImage). method ListImages() -> (images: []Image) +# ListImagesWithFilters returns information about the images that are currently in storage +# after one or more filters has been applied. +# See also [InspectImage](#InspectImage). +method ListImagesWithFilters(filters: []string) -> (images: []Image) + # GetImage returns information about a single image in storage. # If the image caGetImage returns be found, [ImageNotFound](#ImageNotFound) will be returned. method GetImage(id: string) -> (image: Image) diff --git a/completions/bash/podman b/completions/bash/podman index 18e2460ec..40be0018b 100644 --- a/completions/bash/podman +++ b/completions/bash/podman @@ -980,6 +980,7 @@ _podman_network_create() { --driver --gateway --ip-range + --macvlan --subnet " local boolean_options=" @@ -1358,6 +1359,7 @@ _podman_exec() { --detach-keys -e --env + --env-file --user -u --workdir diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index 4a3704811..9676a3fb4 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -22,6 +22,9 @@ %define gobuild(o:) go build -tags="$BUILDTAGS" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{?**}; #% endif +# libpod hack directory +%define hackdir %{_builddir}/%{repo}-%{shortcommit0} + %global provider github %global provider_tld com %global project containers @@ -40,7 +43,7 @@ %global shortcommit_conmon %(c=%{commit_conmon}; echo ${c:0:7}) Name: podman -Version: 1.6.4 +Version: 1.7.0 Release: #COMMITDATE#.git%{shortcommit0}%{?dist} Summary: Manage Pods, Containers and Container Images License: ASL 2.0 @@ -384,7 +387,7 @@ ln -s ../../../../ src/%{import_path} popd ln -s vendor src export GOPATH=$(pwd)/_build:$(pwd):$(pwd):%{gopath} -export BUILDTAGS="varlink selinux seccomp $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh) exclude_graphdriver_devicemapper" +export BUILDTAGS="varlink selinux seccomp $(%{hackdir}/hack/btrfs_installed_tag.sh) $(%{hackdir}/hack/btrfs_tag.sh) $(%{hackdir}/hack/libdm_tag.sh) exclude_graphdriver_devicemapper" GOPATH=$GOPATH go generate ./cmd/podman/varlink/... @@ -402,7 +405,7 @@ mkdir -p src/%{provider}.%{provider_tld}/{containers,opencontainers} ln -s $(dirs +1 -l) src/%{import_path_conmon} popd -export BUILDTAGS="selinux seccomp $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh)" +export BUILDTAGS="selinux seccomp $(%{hackdir}/hack/btrfs_installed_tag.sh) $(%{hackdir}/hack/btrfs_tag.sh)" BUILDTAGS=$BUILDTAGS make popd diff --git a/docs/source/markdown/podman-exec.1.md b/docs/source/markdown/podman-exec.1.md index 9624425dc..d46427c91 100644 --- a/docs/source/markdown/podman-exec.1.md +++ b/docs/source/markdown/podman-exec.1.md @@ -22,6 +22,10 @@ Specify the key sequence for detaching a container. Format is a single character You may specify arbitrary environment variables that are available for the command to be executed. +**--env-file**=*file* + +Read in a line delimited file of environment variables. + **--interactive**, **-i**=*true|false* When set to true, keep stdin open even if not attached. The default is *false*. diff --git a/docs/source/markdown/podman-network-create.1.md b/docs/source/markdown/podman-network-create.1.md index c281d50d9..2eca93adb 100644 --- a/docs/source/markdown/podman-network-create.1.md +++ b/docs/source/markdown/podman-network-create.1.md @@ -7,8 +7,10 @@ podman\-network-create - Create a Podman CNI network **podman network create** [*options*] name ## DESCRIPTION -Create a CNI-network configuration for use with Podman. At the time of this writing, the only network -type that can be created is a *bridge* network. +Create a CNI-network configuration for use with Podman. By default, Podman creates a bridge connection. A +*Macvlan* connection can be created with the *macvlan* option. In the case of *Macvlan* connections, the +CNI *dhcp* plugin needs to be activated or the container image must have a DHCP client to interact +with the host network's DHCP server. If no options are provided, Podman will assign a free subnet and name for your network. @@ -38,6 +40,11 @@ Restrict external access of this network Allocate container IP from a range. The range must be a complete subnet and in CIDR notation. The *ip-range* option must be used with a *subnet* option. +**--macvlan** + +Create a *Macvlan* based connection rather than a classic bridge. You must pass an interface name from the host for the +Macvlan connection. + **--subnet** The subnet in CIDR notation. @@ -68,6 +75,12 @@ Create a network that uses a *192.168.55.0/24** subnet and has an IP address ran /etc/cni/net.d/cni-podman-5.conflist ``` +Create a Macvlan based network using the host interface eth0 +``` +# podman network create --macvlan eth0 newnet +/etc/cni/net.d/newnet.conflist +``` + ## SEE ALSO podman(1), podman-network(1), podman-network-inspect(1) diff --git a/docs/source/markdown/podman-pod-top.1.md b/docs/source/markdown/podman-pod-top.1.md index 48f10055a..6a1fa8c42 100644 --- a/docs/source/markdown/podman-pod-top.1.md +++ b/docs/source/markdown/podman-pod-top.1.md @@ -23,53 +23,11 @@ The latest option is not supported on the remote client. ## FORMAT DESCRIPTORS -The following descriptors are supported in addition to the AIX format descriptors mentioned in ps (1): - -**args**, **capbnd**, **capeff**, **capinh**, **capprm**, **comm**, **etime**, **group**, **hgroup**, **hpid**, **huser**, **label**, **nice**, **pcpu**, **pgid**, **pid**, **ppid**, **rgroup**, **ruser**, **seccomp**, **state**, **time**, **tty**, **user**, **vsz** - -**capbnd** - - Set of bounding capabilities. See capabilities (7) for more information. - -**capeff** - - Set of effective capabilities. See capabilities (7) for more information. - -**capinh** - - Set of inheritable capabilities. See capabilities (7) for more information. - -**capprm** - - Set of permitted capabilities. See capabilities (7) for more information. - -**hgroup** - - The corresponding effective group of a container process on the host. - -**hpid** - - The corresponding host PID of a container process. - -**huser** - - The corresponding effective user of a container process on the host. - -**label** - - Current security attributes of the process. - -**seccomp** - - Seccomp mode of the process (i.e., disabled, strict or filter). See seccomp (2) for more information. - -**state** - - Process state codes (e.g, **R** for *running*, **S** for *sleeping*). See proc(5) for more information. +Please refer to podman-top(1) for a full list of available descriptors. ## EXAMPLES -By default, `podman-top` prints data similar to `ps -ef`: +By default, `podman-pod-top` prints data similar to `ps -ef`: ``` $ podman pod top b031293491cc @@ -88,7 +46,7 @@ PID SECCOMP COMMAND %CPU ``` ## SEE ALSO -podman-pod(1), ps(1), seccomp(2), proc(5), capabilities(7) +podman-pod(1), podman-top(1), ps(1), seccomp(2), proc(5), capabilities(7) ## HISTORY August 2018, Originally compiled by Peter Hunt <pehunt@redhat.com> diff --git a/docs/source/markdown/podman-top.1.md b/docs/source/markdown/podman-top.1.md index 1410aa651..6a04ab91a 100644 --- a/docs/source/markdown/podman-top.1.md +++ b/docs/source/markdown/podman-top.1.md @@ -70,6 +70,10 @@ The following descriptors are supported in addition to the AIX format descriptor Process state codes (e.g, **R** for *running*, **S** for *sleeping*). See proc(5) for more information. +**stime** + + Process start time (e.g, "2019-12-09 10:50:36 +0100 CET). + ## EXAMPLES By default, `podman-top` prints data similar to `ps -ef`: @@ -13,8 +13,8 @@ require ( github.com/containers/buildah v1.11.6 github.com/containers/conmon v2.0.2+incompatible // indirect github.com/containers/image/v5 v5.0.0 - github.com/containers/psgo v1.3.2 - github.com/containers/storage v1.15.2 + github.com/containers/psgo v1.4.0 + github.com/containers/storage v1.15.3 github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f // indirect github.com/cri-o/ocicni v0.1.1-0.20190920040751-deac903fd99b @@ -59,7 +59,7 @@ require ( github.com/stretchr/testify v1.4.0 github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 github.com/uber-go/atomic v1.4.0 // indirect - github.com/uber/jaeger-client-go v2.20.0+incompatible + github.com/uber/jaeger-client-go v2.20.1+incompatible github.com/uber/jaeger-lib v0.0.0-20190122222657-d036253de8f5 // indirect github.com/varlink/go v0.0.0-20190502142041-0f1d566d194b github.com/vishvananda/netlink v1.0.0 @@ -88,6 +88,8 @@ github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDpl github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/psgo v1.3.2 h1:jYfppPih3S/j2Yi5O14AXjd8GfCx1ph9L3YsoK3adko= github.com/containers/psgo v1.3.2/go.mod h1:ENXXLQ5E1At4K0EUsGogXBJi/C28gwqkONWeLPI9fJ8= +github.com/containers/psgo v1.4.0 h1:D8B4fZCCZhYgc8hDyMPCiShOinmOB1TP1qe46sSC19k= +github.com/containers/psgo v1.4.0/go.mod h1:ENXXLQ5E1At4K0EUsGogXBJi/C28gwqkONWeLPI9fJ8= github.com/containers/storage v1.13.4 h1:j0bBaJDKbUHtAW1MXPFnwXJtqcH+foWeuXK1YaBV5GA= github.com/containers/storage v1.13.4/go.mod h1:6D8nK2sU9V7nEmAraINRs88ZEscM5C5DK+8Npp27GeA= github.com/containers/storage v1.13.5 h1:/SUzGeOP2HDijpF7Yur21Ch6WTZC1BNeZF917CWcp5c= @@ -98,6 +100,8 @@ github.com/containers/storage v1.15.0 h1:QNW7jJ94ccGcAbFIOSMHUAsUxvHceb71ecLye9E github.com/containers/storage v1.15.0/go.mod h1:qGPsti/qC1xxX+xcpHfiTMT+8ThVE2Jf83wFHHqkDAY= github.com/containers/storage v1.15.2 h1:hLgafU4tuyQk/smMkXZfHTS8FtAQsqQvfWCp4bsgjuw= github.com/containers/storage v1.15.2/go.mod h1:v0lq/3f+cXH3Y/HiDaFYRR0zilwDve7I4W7U5xQxvF8= +github.com/containers/storage v1.15.3 h1:+lFSQZnnKUFyUEtguIgdoQLJfWSuYz+j/wg5GxLtsN4= +github.com/containers/storage v1.15.3/go.mod h1:v0lq/3f+cXH3Y/HiDaFYRR0zilwDve7I4W7U5xQxvF8= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-iptables v0.4.2 h1:KH0EwId05JwWIfb96gWvkiT2cbuOu8ygqUaB+yPAwIg= @@ -462,6 +466,8 @@ github.com/uber/jaeger-client-go v2.19.0+incompatible h1:pbwbYfHUoaase0oPQOdZ1Gc github.com/uber/jaeger-client-go v2.19.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-client-go v2.20.0+incompatible h1:ttG9wKdl2ikV/BGOtu+eb+VPp+R7jMeuM177Ihs5Fdc= github.com/uber/jaeger-client-go v2.20.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= +github.com/uber/jaeger-client-go v2.20.1+incompatible h1:HgqpYBng0n7tLJIlyT4kPCIv5XgCsF+kai1NnnrJzEU= +github.com/uber/jaeger-client-go v2.20.1+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v0.0.0-20190122222657-d036253de8f5 h1:CwmGyzHTzCqCdZJkWR0A7ucZXgrCY7spRcpvm7ci//s= github.com/uber/jaeger-lib v0.0.0-20190122222657-d036253de8f5/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= diff --git a/libpod/config/config.go b/libpod/config/config.go index f1fa70fbc..6240bccb0 100644 --- a/libpod/config/config.go +++ b/libpod/config/config.go @@ -12,6 +12,7 @@ import ( "github.com/BurntSushi/toml" "github.com/containers/libpod/libpod/define" + "github.com/containers/libpod/pkg/cgroups" "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/util" "github.com/containers/storage" @@ -137,11 +138,11 @@ type Config struct { // VolumePath is the default location that named volumes will be created // under. This convention is followed by the default volume driver, but // may not be by other drivers. - VolumePath string `toml:"volume_path"` + VolumePath string `toml:"volume_path,omitempty"` // ImageDefaultTransport is the default transport method used to fetch // images. - ImageDefaultTransport string `toml:"image_default_transport"` + ImageDefaultTransport string `toml:"image_default_transport,omitempty"` // SignaturePolicyPath is the path to a signature policy to use for // validating images. If left empty, the containers/image default signature @@ -149,61 +150,61 @@ type Config struct { SignaturePolicyPath string `toml:"signature_policy_path,omitempty"` // OCIRuntime is the OCI runtime to use. - OCIRuntime string `toml:"runtime"` + OCIRuntime string `toml:"runtime,omitempty"` // OCIRuntimes are the set of configured OCI runtimes (default is runc). - OCIRuntimes map[string][]string `toml:"runtimes"` + OCIRuntimes map[string][]string `toml:"runtimes,omitempty"` // RuntimeSupportsJSON is the list of the OCI runtimes that support // --format=json. - RuntimeSupportsJSON []string `toml:"runtime_supports_json"` + RuntimeSupportsJSON []string `toml:"runtime_supports_json,omitempty"` // RuntimeSupportsNoCgroups is a list of OCI runtimes that support // running containers without CGroups. - RuntimeSupportsNoCgroups []string `toml:"runtime_supports_nocgroups"` + RuntimeSupportsNoCgroups []string `toml:"runtime_supports_nocgroups,omitempty"` // RuntimePath is the path to OCI runtime binary for launching containers. // The first path pointing to a valid file will be used This is used only // when there are no OCIRuntime/OCIRuntimes defined. It is used only to be // backward compatible with older versions of Podman. - RuntimePath []string `toml:"runtime_path"` + RuntimePath []string `toml:"runtime_path,omitempty"` // ConmonPath is the path to the Conmon binary used for managing containers. // The first path pointing to a valid file will be used. - ConmonPath []string `toml:"conmon_path"` + ConmonPath []string `toml:"conmon_path,omitempty"` // ConmonEnvVars are environment variables to pass to the Conmon binary // when it is launched. - ConmonEnvVars []string `toml:"conmon_env_vars"` + ConmonEnvVars []string `toml:"conmon_env_vars,omitempty"` // CGroupManager is the CGroup Manager to use Valid values are "cgroupfs" // and "systemd". - CgroupManager string `toml:"cgroup_manager"` + CgroupManager string `toml:"cgroup_manager,omitempty"` // InitPath is the path to the container-init binary. - InitPath string `toml:"init_path"` + InitPath string `toml:"init_path,omitempty"` // StaticDir is the path to a persistent directory to store container // files. - StaticDir string `toml:"static_dir"` + StaticDir string `toml:"static_dir,omitempty"` // TmpDir is the path to a temporary directory to store per-boot container // files. Must be stored in a tmpfs. - TmpDir string `toml:"tmp_dir"` + TmpDir string `toml:"tmp_dir,omitempty"` // MaxLogSize is the maximum size of container logfiles. MaxLogSize int64 `toml:"max_log_size,omitempty"` // NoPivotRoot sets whether to set no-pivot-root in the OCI runtime. - NoPivotRoot bool `toml:"no_pivot_root"` + NoPivotRoot bool `toml:"no_pivot_root,omitempty"` // CNIConfigDir sets the directory where CNI configuration files are // stored. - CNIConfigDir string `toml:"cni_config_dir"` + CNIConfigDir string `toml:"cni_config_dir,omitempty"` // CNIPluginDir sets a number of directories where the CNI network // plugins can be located. - CNIPluginDir []string `toml:"cni_plugin_dir"` + CNIPluginDir []string `toml:"cni_plugin_dir,omitempty"` // CNIDefaultNetwork is the network name of the default CNI network // to attach pods to. @@ -213,7 +214,7 @@ type Config struct { // configuration files. When the same filename is present in in // multiple directories, the file in the directory listed last in // this slice takes precedence. - HooksDir []string `toml:"hooks_dir"` + HooksDir []string `toml:"hooks_dir,omitempty"` // DefaultMountsFile is the path to the default mounts file for testing // purposes only. @@ -229,10 +230,10 @@ type Config struct { // InfraImage is the image a pod infra container will use to manage // namespaces. - InfraImage string `toml:"infra_image"` + InfraImage string `toml:"infra_image,omitempty"` // InfraCommand is the command run to start up a pod infra container. - InfraCommand string `toml:"infra_command"` + InfraCommand string `toml:"infra_command,omitempty"` // EnablePortReservation determines whether libpod will reserve ports on the // host when they are forwarded to containers. When enabled, when ports are @@ -241,13 +242,13 @@ type Config struct { // programs on the host. However, this can cause significant memory usage if // a container has many ports forwarded to it. Disabling this can save // memory. - EnablePortReservation bool `toml:"enable_port_reservation"` + EnablePortReservation bool `toml:"enable_port_reservation,omitempty"` // EnableLabeling indicates whether libpod will support container labeling. - EnableLabeling bool `toml:"label"` + EnableLabeling bool `toml:"label,omitempty"` // NetworkCmdPath is the path to the slirp4netns binary. - NetworkCmdPath string `toml:"network_cmd_path"` + NetworkCmdPath string `toml:"network_cmd_path,omitempty"` // NumLocks is the number of locks to make available for containers and // pods. @@ -257,17 +258,21 @@ type Config struct { LockType string `toml:"lock_type,omitempty"` // EventsLogger determines where events should be logged. - EventsLogger string `toml:"events_logger"` + EventsLogger string `toml:"events_logger,omitempty"` // EventsLogFilePath is where the events log is stored. - EventsLogFilePath string `toml:"events_logfile_path"` + EventsLogFilePath string `toml:"events_logfile_path,omitempty"` //DetachKeys is the sequence of keys used to detach a container. - DetachKeys string `toml:"detach_keys"` + DetachKeys string `toml:"detach_keys,omitempty"` // SDNotify tells Libpod to allow containers to notify the host systemd of // readiness using the SD_NOTIFY mechanism. - SDNotify bool + SDNotify bool `toml:",omitempty"` + + // CgroupCheck indicates the configuration has been rewritten after an + // upgrade to Fedora 31 to change the default OCI runtime for cgroupsv2. + CgroupCheck bool `toml:"cgroup_check,omitempty"` } // DBConfig is a set of Libpod runtime configuration settings that are saved in @@ -449,11 +454,21 @@ func NewConfig(userConfigPath string) (*Config, error) { if configs, err := systemConfigs(); err != nil { return nil, errors.Wrapf(err, "error finding config on system") } else { + migrated := false for _, path := range configs { systemConfig, err := readConfigFromFile(path) if err != nil { return nil, errors.Wrapf(err, "error reading system config %q", path) } + // Handle CGroups v2 configuration migration. + // Migrate only the first config, and do it before + // merging. + if !migrated { + if err := cgroupV2Check(path, systemConfig); err != nil { + return nil, errors.Wrapf(err, "error rewriting configuration file %s", userConfigPath) + } + migrated = true + } // Merge the it into the config. Any unset field in config will be // over-written by the systemConfig. if err := config.mergeConfig(systemConfig); err != nil { @@ -550,3 +565,30 @@ func (c *Config) checkCgroupsAndLogger() { c.EventsLogger = "file" } } + +// Since runc does not currently support cgroupV2 +// Change to default crun on first running of libpod.conf +// TODO Once runc has support for cgroups, this function should be removed. +func cgroupV2Check(configPath string, tmpConfig *Config) error { + if !tmpConfig.CgroupCheck && rootless.IsRootless() { + logrus.Debugf("Rewriting %s for CGroup v2 upgrade", configPath) + cgroupsV2, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + return err + } + if cgroupsV2 { + path, err := exec.LookPath("crun") + if err != nil { + logrus.Warnf("Can not find crun package on the host, containers might fail to run on cgroup V2 systems without crun: %q", err) + // Can't find crun path so do nothing + return nil + } + tmpConfig.CgroupCheck = true + tmpConfig.OCIRuntime = path + if err := tmpConfig.Write(configPath); err != nil { + return err + } + } + } + return nil +} diff --git a/libpod/container_api.go b/libpod/container_api.go index 153a1d628..5168dbc68 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -594,7 +594,12 @@ func (c *Container) Cleanup(ctx context.Context) error { // If we didn't restart, we perform a normal cleanup - // Check if we have active exec sessions + // Reap exec sessions first. + if err := c.reapExecSessions(); err != nil { + return err + } + + // Check if we have active exec sessions after reaping. if len(c.state.ExecSessions) != 0 { return errors.Wrapf(define.ErrCtrStateInvalid, "container %s has active exec sessions, refusing to clean up", c.ID()) } diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 1e8a8a580..37801162a 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1749,6 +1749,11 @@ func (c *Container) checkReadyForRemoval() error { return errors.Wrapf(define.ErrCtrStateInvalid, "cannot remove container %s as it is %s - running or paused containers cannot be removed without force", c.ID(), c.state.State.String()) } + // Reap exec sessions + if err := c.reapExecSessions(); err != nil { + return err + } + if len(c.state.ExecSessions) != 0 { return errors.Wrapf(define.ErrCtrStateInvalid, "cannot remove container %s as it has active exec sessions", c.ID()) } @@ -1855,3 +1860,38 @@ func (c *Container) checkExitFile() error { // Read the exit file to get our stopped time and exit code. return c.handleExitFile(exitFile, info) } + +// Reap dead exec sessions +func (c *Container) reapExecSessions() error { + // Instead of saving once per iteration, use a defer to do it once at + // the end. + var lastErr error + needSave := false + for id := range c.state.ExecSessions { + alive, err := c.ociRuntime.ExecUpdateStatus(c, id) + if err != nil { + if lastErr != nil { + logrus.Errorf("Error reaping exec sessions for container %s: %v", c.ID(), lastErr) + } + lastErr = err + continue + } + if !alive { + // Clean up lingering files and remove the exec session + if err := c.ociRuntime.ExecContainerCleanup(c, id); err != nil { + return errors.Wrapf(err, "error cleaning up container %s exec session %s files", c.ID(), id) + } + delete(c.state.ExecSessions, id) + needSave = true + } + } + if needSave { + if err := c.save(); err != nil { + if lastErr != nil { + logrus.Errorf("Error reaping exec sessions for container %s: %v", c.ID(), lastErr) + } + lastErr = err + } + } + return lastErr +} diff --git a/cmd/podman/imagefilters/filters.go b/libpod/image/filters.go index 0b08314ce..d545f1bfc 100644 --- a/cmd/podman/imagefilters/filters.go +++ b/libpod/image/filters.go @@ -1,29 +1,30 @@ -package imagefilters +package image import ( "context" "fmt" + "github.com/pkg/errors" "path/filepath" + "strconv" "strings" "time" - "github.com/containers/libpod/pkg/adapter" "github.com/containers/libpod/pkg/inspect" "github.com/sirupsen/logrus" ) // ResultFilter is a mock function for image filtering -type ResultFilter func(*adapter.ContainerImage) bool +type ResultFilter func(*Image) bool // Filter is a function to determine whether an image is included in // command output. Images to be outputted are tested using the function. A true // return will include the image, a false return will exclude it. -type Filter func(*adapter.ContainerImage, *inspect.ImageData) bool +type Filter func(*Image, *inspect.ImageData) bool // CreatedBeforeFilter allows you to filter on images created before // the given time.Time func CreatedBeforeFilter(createTime time.Time) ResultFilter { - return func(i *adapter.ContainerImage) bool { + return func(i *Image) bool { return i.Created().Before(createTime) } } @@ -31,14 +32,14 @@ func CreatedBeforeFilter(createTime time.Time) ResultFilter { // CreatedAfterFilter allows you to filter on images created after // the given time.Time func CreatedAfterFilter(createTime time.Time) ResultFilter { - return func(i *adapter.ContainerImage) bool { + return func(i *Image) bool { return i.Created().After(createTime) } } // DanglingFilter allows you to filter images for dangling images func DanglingFilter(danglingImages bool) ResultFilter { - return func(i *adapter.ContainerImage) bool { + return func(i *Image) bool { if danglingImages { return i.Dangling() } @@ -48,7 +49,7 @@ func DanglingFilter(danglingImages bool) ResultFilter { // ReadOnlyFilter allows you to filter images based on read/only and read/write func ReadOnlyFilter(readOnly bool) ResultFilter { - return func(i *adapter.ContainerImage) bool { + return func(i *Image) bool { if readOnly { return i.IsReadOnly() } @@ -59,7 +60,7 @@ func ReadOnlyFilter(readOnly bool) ResultFilter { // LabelFilter allows you to filter by images labels key and/or value func LabelFilter(ctx context.Context, labelfilter string) ResultFilter { // We need to handle both label=key and label=key=value - return func(i *adapter.ContainerImage) bool { + return func(i *Image) bool { var value string splitFilter := strings.Split(labelfilter, "=") key := splitFilter[0] @@ -83,7 +84,10 @@ func LabelFilter(ctx context.Context, labelfilter string) ResultFilter { func ReferenceFilter(ctx context.Context, referenceFilter string) ResultFilter { filter := fmt.Sprintf("*%s*", referenceFilter) filter = strings.Replace(filter, "/", "|", -1) - return func(i *adapter.ContainerImage) bool { + return func(i *Image) bool { + if len(referenceFilter) < 1 { + return true + } for _, name := range i.Names() { newName := strings.Replace(name, "/", "|", -1) match, err := filepath.Match(filter, newName) @@ -99,15 +103,15 @@ func ReferenceFilter(ctx context.Context, referenceFilter string) ResultFilter { } // OutputImageFilter allows you to filter by an a specific image name -func OutputImageFilter(userImage *adapter.ContainerImage) ResultFilter { - return func(i *adapter.ContainerImage) bool { +func OutputImageFilter(userImage *Image) ResultFilter { + return func(i *Image) bool { return userImage.ID() == i.ID() } } // FilterImages filters images using a set of predefined filter funcs -func FilterImages(images []*adapter.ContainerImage, filters []ResultFilter) []*adapter.ContainerImage { - var filteredImages []*adapter.ContainerImage +func FilterImages(images []*Image, filters []ResultFilter) []*Image { + var filteredImages []*Image for _, image := range images { include := true for _, filter := range filters { @@ -119,3 +123,54 @@ func FilterImages(images []*adapter.ContainerImage, filters []ResultFilter) []*a } return filteredImages } + +// createFilterFuncs returns an array of filter functions based on the user inputs +// and is later used to filter images for output +func (ir *Runtime) createFilterFuncs(filters []string, img *Image) ([]ResultFilter, error) { + var filterFuncs []ResultFilter + ctx := context.Background() + for _, filter := range filters { + splitFilter := strings.Split(filter, "=") + if len(splitFilter) < 2 { + return nil, errors.Errorf("invalid filter syntax %s", filter) + } + switch splitFilter[0] { + case "before": + before, err := ir.NewFromLocal(splitFilter[1]) + if err != nil { + return nil, errors.Wrapf(err, "unable to find image %s in local stores", splitFilter[1]) + } + filterFuncs = append(filterFuncs, CreatedBeforeFilter(before.Created())) + case "after": + after, err := ir.NewFromLocal(splitFilter[1]) + if err != nil { + return nil, errors.Wrapf(err, "unable to find image %s in local stores", splitFilter[1]) + } + filterFuncs = append(filterFuncs, CreatedAfterFilter(after.Created())) + case "readonly": + readonly, err := strconv.ParseBool(splitFilter[1]) + if err != nil { + return nil, errors.Wrapf(err, "invalid filter readonly=%s", splitFilter[1]) + } + filterFuncs = append(filterFuncs, ReadOnlyFilter(readonly)) + case "dangling": + danglingImages, err := strconv.ParseBool(splitFilter[1]) + if err != nil { + return nil, errors.Wrapf(err, "invalid filter dangling=%s", splitFilter[1]) + } + filterFuncs = append(filterFuncs, DanglingFilter(danglingImages)) + case "label": + labelFilter := strings.Join(splitFilter[1:], "=") + filterFuncs = append(filterFuncs, LabelFilter(ctx, labelFilter)) + case "reference": + referenceFilter := strings.Join(splitFilter[1:], "=") + filterFuncs = append(filterFuncs, ReferenceFilter(ctx, referenceFilter)) + default: + return nil, errors.Errorf("invalid filter %s ", splitFilter[0]) + } + } + if img != nil { + filterFuncs = append(filterFuncs, OutputImageFilter(img)) + } + return filterFuncs, nil +} diff --git a/libpod/image/image.go b/libpod/image/image.go index 129ccd376..c8583a1c5 100644 --- a/libpod/image/image.go +++ b/libpod/image/image.go @@ -216,6 +216,19 @@ func (ir *Runtime) Shutdown(force bool) error { return err } +// GetImagesWithFilters gets images with a series of filters applied +func (ir *Runtime) GetImagesWithFilters(filters []string) ([]*Image, error) { + filterFuncs, err := ir.createFilterFuncs(filters, nil) + if err != nil { + return nil, err + } + images, err := ir.GetImages() + if err != nil { + return nil, err + } + return FilterImages(images, filterFuncs), nil +} + func (i *Image) reloadImage() error { newImage, err := i.imageruntime.getImage(i.ID()) if err != nil { diff --git a/libpod/oci.go b/libpod/oci.go index 9e761788e..05a2f37db 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -23,9 +23,6 @@ type OCIRuntime interface { // CreateContainer creates the container in the OCI runtime. CreateContainer(ctr *Container, restoreOptions *ContainerCheckpointOptions) error // UpdateContainerStatus updates the status of the given container. - // It includes a switch for whether to perform a hard query of the - // runtime. If unset, the exit file (if supported by the implementation) - // will be used. UpdateContainerStatus(ctr *Container) error // StartContainer starts the given container. StartContainer(ctr *Container) error @@ -59,6 +56,9 @@ type OCIRuntime interface { // If timeout is 0, SIGKILL will be sent immediately, and SIGTERM will // be omitted. ExecStopContainer(ctr *Container, sessionID string, timeout uint) error + // ExecUpdateStatus checks the status of a given exec session. + // Returns true if the session is still running, or false if it exited. + ExecUpdateStatus(ctr *Container, sessionID string) (bool, error) // ExecContainerCleanup cleans up after an exec session exits. // It removes any files left by the exec session that are no longer // needed, including the attach socket. diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index 026b13129..37aa71cbb 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -687,6 +687,28 @@ func (r *ConmonOCIRuntime) ExecStopContainer(ctr *Container, sessionID string, t return nil } +// ExecUpdateStatus checks if the given exec session is still running. +func (r *ConmonOCIRuntime) ExecUpdateStatus(ctr *Container, sessionID string) (bool, error) { + session, ok := ctr.state.ExecSessions[sessionID] + if !ok { + // TODO This should probably be a separate error + return false, errors.Wrapf(define.ErrInvalidArg, "no exec session with ID %s found in container %s", sessionID, ctr.ID()) + } + + logrus.Debugf("Checking status of container %s exec session %s", ctr.ID(), sessionID) + + // Is the session dead? + // Ping the PID with signal 0 to see if it still exists. + if err := unix.Kill(session.PID, 0); err != nil { + if err == unix.ESRCH { + return false, nil + } + return false, errors.Wrapf(err, "error pinging container %s exec session %s PID %d with signal 0", ctr.ID(), sessionID, session.PID) + } + + return true, nil +} + // ExecCleanupContainer cleans up files created when a command is run via // ExecContainer. This includes the attach socket for the exec session. func (r *ConmonOCIRuntime) ExecContainerCleanup(ctr *Container, sessionID string) error { diff --git a/libpod/oci_missing.go b/libpod/oci_missing.go index d4524cd34..0faa1805b 100644 --- a/libpod/oci_missing.go +++ b/libpod/oci_missing.go @@ -120,6 +120,11 @@ func (r *MissingRuntime) ExecStopContainer(ctr *Container, sessionID string, tim return r.printError() } +// ExecUpdateStatus is not available as the runtime is missing. +func (r *MissingRuntime) ExecUpdateStatus(ctr *Container, sessionID string) (bool, error) { + return false, r.printError() +} + // ExecContainerCleanup is not available as the runtime is missing func (r *MissingRuntime) ExecContainerCleanup(ctr *Container, sessionID string) error { return r.printError() diff --git a/pkg/adapter/containers.go b/pkg/adapter/containers.go index 6d139d0bf..3334e9fa1 100644 --- a/pkg/adapter/containers.go +++ b/pkg/adapter/containers.go @@ -1024,7 +1024,7 @@ func (r *LocalRuntime) ExecContainer(ctx context.Context, cli *cliconfig.ExecVal // Validate given environment variables env := map[string]string{} - if err := parse.ReadKVStrings(env, []string{}, cli.Env); err != nil { + if err := parse.ReadKVStrings(env, cli.EnvFile, cli.Env); err != nil { return ec, errors.Wrapf(err, "unable to process environment variables") } diff --git a/pkg/adapter/network.go b/pkg/adapter/network.go index 9659ae339..160e334e9 100644 --- a/pkg/adapter/network.go +++ b/pkg/adapter/network.go @@ -153,8 +153,8 @@ func (r *LocalRuntime) removeNetwork(ctx context.Context, name string, container return nil } -// NetworkCreate creates a CNI network -func (r *LocalRuntime) NetworkCreate(cli *cliconfig.NetworkCreateValues) (string, error) { +// NetworkCreateBridge creates a CNI network +func (r *LocalRuntime) NetworkCreateBridge(cli *cliconfig.NetworkCreateValues) (string, error) { isGateway := true ipMasq := true subnet := &cli.Network @@ -262,3 +262,50 @@ func (r *LocalRuntime) NetworkCreate(cli *cliconfig.NetworkCreateValues) (string err = ioutil.WriteFile(cniPathName, b, 0644) return cniPathName, err } + +// NetworkCreateMacVLAN creates a CNI network +func (r *LocalRuntime) NetworkCreateMacVLAN(cli *cliconfig.NetworkCreateValues) (string, error) { + var ( + name string + plugins []network.CNIPlugins + ) + liveNetNames, err := network.GetLiveNetworkNames() + if err != nil { + return "", err + } + // Make sure the host-device exists + if !util.StringInSlice(cli.MacVLAN, liveNetNames) { + return "", errors.Errorf("failed to find network interface %q", cli.MacVLAN) + } + if len(cli.InputArgs) > 0 { + name = cli.InputArgs[0] + netNames, err := network.GetNetworkNamesFromFileSystem() + if err != nil { + return "", err + } + if util.StringInSlice(name, netNames) { + return "", errors.Errorf("the network name %s is already used", name) + } + } + if len(name) < 1 { + name, err = network.GetFreeDeviceName() + if err != nil { + return "", err + } + } + ncList := network.NewNcList(name, cniversion.Current()) + macvlan := network.NewMacVLANPlugin(cli.MacVLAN) + plugins = append(plugins, macvlan) + ncList["plugins"] = plugins + b, err := json.MarshalIndent(ncList, "", " ") + if err != nil { + return "", err + } + cniConfigPath, err := getCNIConfDir(r) + if err != nil { + return "", err + } + cniPathName := filepath.Join(cniConfigPath, fmt.Sprintf("%s.conflist", name)) + err = ioutil.WriteFile(cniPathName, b, 0644) + return cniPathName, err +} diff --git a/pkg/adapter/runtime.go b/pkg/adapter/runtime.go index 069283bde..ac843b655 100644 --- a/pkg/adapter/runtime.go +++ b/pkg/adapter/runtime.go @@ -84,6 +84,15 @@ func getRuntime(runtime *libpod.Runtime) (*LocalRuntime, error) { }, nil } +// GetFilterImages returns a slice of images in containerimages that are "filtered" +func (r *LocalRuntime) GetFilteredImages(filters []string, rwOnly bool) ([]*ContainerImage, error) { + images, err := r.ImageRuntime().GetImagesWithFilters(filters) + if err != nil { + return nil, err + } + return r.ImagestoContainerImages(images, rwOnly) +} + // GetImages returns a slice of images in containerimages func (r *LocalRuntime) GetImages() ([]*ContainerImage, error) { return r.getImages(false) @@ -95,11 +104,15 @@ func (r *LocalRuntime) GetRWImages() ([]*ContainerImage, error) { } func (r *LocalRuntime) getImages(rwOnly bool) ([]*ContainerImage, error) { - var containerImages []*ContainerImage images, err := r.Runtime.ImageRuntime().GetImages() if err != nil { return nil, err } + return r.ImagestoContainerImages(images, rwOnly) +} + +func (r *LocalRuntime) ImagestoContainerImages(images []*image.Image, rwOnly bool) ([]*ContainerImage, error) { + var containerImages []*ContainerImage for _, i := range images { if rwOnly && i.IsReadOnly() { continue diff --git a/pkg/adapter/runtime_remote.go b/pkg/adapter/runtime_remote.go index f9232897c..87b4999ce 100644 --- a/pkg/adapter/runtime_remote.go +++ b/pkg/adapter/runtime_remote.go @@ -200,6 +200,28 @@ func (r *LocalRuntime) GetRWImages() ([]*ContainerImage, error) { return r.getImages(true) } +func (r *LocalRuntime) GetFilteredImages(filters []string, rwOnly bool) ([]*ContainerImage, error) { + var newImages []*ContainerImage + images, err := iopodman.ListImagesWithFilters().Call(r.Conn, filters) + if err != nil { + return nil, err + } + for _, i := range images { + if rwOnly && i.ReadOnly { + continue + } + name := i.Id + if len(i.RepoTags) > 1 { + name = i.RepoTags[0] + } + newImage, err := imageInListToContainerImage(i, name, r) + if err != nil { + return nil, err + } + newImages = append(newImages, newImage) + } + return newImages, nil +} func (r *LocalRuntime) getImages(rwOnly bool) ([]*ContainerImage, error) { var newImages []*ContainerImage images, err := iopodman.ListImages().Call(r.Conn) diff --git a/pkg/network/config.go b/pkg/network/config.go index 37eb0dd64..e47b16143 100644 --- a/pkg/network/config.go +++ b/pkg/network/config.go @@ -90,6 +90,22 @@ func (p PortMapConfig) Bytes() ([]byte, error) { return json.MarshalIndent(p, "", "\t") } +type IPAMDHCP struct { + DHCP string `json:"type"` +} + +// MacVLANConfig describes the macvlan config +type MacVLANConfig struct { + PluginType string `json:"type"` + Master string `json:"master"` + IPAM IPAMDHCP `json:"ipam"` +} + +// Bytes outputs the configuration as []byte +func (p MacVLANConfig) Bytes() ([]byte, error) { + return json.MarshalIndent(p, "", "\t") +} + // FirewallConfig describes the firewall plugin type FirewallConfig struct { PluginType string `json:"type"` diff --git a/pkg/network/netconflist.go b/pkg/network/netconflist.go index e19051b88..a8217097a 100644 --- a/pkg/network/netconflist.go +++ b/pkg/network/netconflist.go @@ -132,3 +132,15 @@ func HasDNSNamePlugin(paths []string) bool { } return false } + +// NewMacVLANPlugin creates a macvlanconfig with a given device name +func NewMacVLANPlugin(device string) MacVLANConfig { + i := IPAMDHCP{DHCP: "dhcp"} + + m := MacVLANConfig{ + PluginType: "macvlan", + Master: device, + IPAM: i, + } + return m +} diff --git a/pkg/varlinkapi/images.go b/pkg/varlinkapi/images.go index 604a455a5..1d46c5b71 100644 --- a/pkg/varlinkapi/images.go +++ b/pkg/varlinkapi/images.go @@ -35,26 +35,34 @@ import ( "github.com/sirupsen/logrus" ) -// ListImages lists all the images in the store -// It requires no inputs. -func (i *LibpodAPI) ListImages(call iopodman.VarlinkCall) error { - images, err := i.Runtime.ImageRuntime().GetImages() +// ListImagesWithFilters returns a list of images that have been filtered +func (i *LibpodAPI) ListImagesWithFilters(call iopodman.VarlinkCall, filters []string) error { + images, err := i.Runtime.ImageRuntime().GetImagesWithFilters(filters) if err != nil { return call.ReplyErrorOccurred(fmt.Sprintf("unable to get list of images %q", err)) } + imageList, err := imagesToImageList(images) + if err != nil { + return call.ReplyErrorOccurred(fmt.Sprintf("unable to parse response", err)) + } + return call.ReplyListImagesWithFilters(imageList) +} + +// imagesToImageList converts a slice of Images to an imagelist for varlink responses +func imagesToImageList(images []*image.Image) ([]iopodman.Image, error) { var imageList []iopodman.Image for _, image := range images { labels, _ := image.Labels(getContext()) containers, _ := image.Containers() repoDigests, err := image.RepoDigests() if err != nil { - return err + return nil, err } size, _ := image.Size(getContext()) isParent, err := image.IsParent(context.TODO()) if err != nil { - return call.ReplyErrorOccurred(err.Error()) + return nil, err } i := iopodman.Image{ @@ -74,6 +82,20 @@ func (i *LibpodAPI) ListImages(call iopodman.VarlinkCall) error { } imageList = append(imageList, i) } + return imageList, nil +} + +// ListImages lists all the images in the store +// It requires no inputs. +func (i *LibpodAPI) ListImages(call iopodman.VarlinkCall) error { + images, err := i.Runtime.ImageRuntime().GetImages() + if err != nil { + return call.ReplyErrorOccurred(fmt.Sprintf("unable to get list of images %q", err)) + } + imageList, err := imagesToImageList(images) + if err != nil { + return call.ReplyErrorOccurred(fmt.Sprintf("unable to parse response", err)) + } return call.ReplyListImages(imageList) } diff --git a/vendor/github.com/containers/psgo/README.md b/vendor/github.com/containers/psgo/README.md index 55cb73a71..fed42c683 100644 --- a/vendor/github.com/containers/psgo/README.md +++ b/vendor/github.com/containers/psgo/README.md @@ -85,6 +85,8 @@ The ps library is compatible with all AIX format descriptors of the ps command-l - Seccomp mode of the process (i.e., disabled, strict or filter). See seccomp(2) for more information. - **state** - Process state codes (e.g, **R** for *running*, **S** for *sleeping*). See proc(5) for more information. +- **stime** + - Process start time (e.g, "2019-12-09 10:50:36 +0100 CET). We can try out different format descriptors with the psgo binary: diff --git a/vendor/github.com/containers/psgo/internal/process/process.go b/vendor/github.com/containers/psgo/internal/process/process.go index 20e40163f..a936cc4ef 100644 --- a/vendor/github.com/containers/psgo/internal/process/process.go +++ b/vendor/github.com/containers/psgo/internal/process/process.go @@ -188,23 +188,30 @@ func (p *Process) SetHostData() error { // ElapsedTime returns the time.Duration since process p was created. func (p *Process) ElapsedTime() (time.Duration, error) { - sinceBoot, err := strconv.ParseInt(p.Stat.Starttime, 10, 64) + startTime, err := p.StartTime() if err != nil { return 0, err } + return (time.Now()).Sub(startTime), nil +} + +// StarTime returns the time.Time when process p was started. +func (p *Process) StartTime() (time.Time, error) { + sinceBoot, err := strconv.ParseInt(p.Stat.Starttime, 10, 64) + if err != nil { + return time.Time{}, err + } clockTicks, err := host.ClockTicks() if err != nil { - return 0, err + return time.Time{}, err } - - sinceBoot = sinceBoot / clockTicks - bootTime, err := host.BootTime() if err != nil { - return 0, err + return time.Time{}, err } - created := time.Unix(sinceBoot+bootTime, 0) - return (time.Now()).Sub(created), nil + + sinceBoot = sinceBoot / clockTicks + return time.Unix(sinceBoot+bootTime, 0), nil } // CPUTime returns the cumlative CPU time of process p as a time.Duration. diff --git a/vendor/github.com/containers/psgo/psgo.go b/vendor/github.com/containers/psgo/psgo.go index 4986c9c71..30b8b74ce 100644 --- a/vendor/github.com/containers/psgo/psgo.go +++ b/vendor/github.com/containers/psgo/psgo.go @@ -310,6 +310,11 @@ var ( header: "STATE", procFn: processState, }, + { + normal: "stime", + header: "STIME", + procFn: processStartTime, + }, } ) @@ -715,6 +720,15 @@ func processTIME(p *process.Process, ctx *psContext) (string, error) { return fmt.Sprintf("%v", cpu), nil } +// processStartTime returns the start time of process p. +func processStartTime(p *process.Process, ctx *psContext) (string, error) { + sTime, err := p.StartTime() + if err != nil { + return "", err + } + return fmt.Sprintf("%v", sTime), nil +} + // processTTY returns the controlling tty (terminal) of process p. func processTTY(p *process.Process, ctx *psContext) (string, error) { ttyNr, err := strconv.ParseUint(p.Stat.TtyNr, 10, 64) diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION index 42cf0675c..f2380cc7a 100644 --- a/vendor/github.com/containers/storage/VERSION +++ b/vendor/github.com/containers/storage/VERSION @@ -1 +1 @@ -1.15.2 +1.15.3 diff --git a/vendor/github.com/containers/storage/drivers/overlay/overlay.go b/vendor/github.com/containers/storage/drivers/overlay/overlay.go index 13cd65fa5..16549e88b 100644 --- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go +++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go @@ -676,9 +676,6 @@ func (d *Driver) getLower(parent string) (string, error) { parentLowers := strings.Split(string(parentLower), ":") lowers = append(lowers, parentLowers...) } - if len(lowers) > maxDepth { - return "", errors.New("max depth exceeded") - } return strings.Join(lowers, ":"), nil } @@ -828,6 +825,10 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO if err != nil && !os.IsNotExist(err) { return "", err } + splitLowers := strings.Split(string(lowers), ":") + if len(splitLowers) > maxDepth { + return "", errors.New("max depth exceeded") + } // absLowers is the list of lowers as absolute paths, which works well with additional stores. absLowers := []string{} @@ -851,7 +852,7 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO // For each lower, resolve its path, and append it and any additional diffN // directories to the lowers list. - for _, l := range strings.Split(string(lowers), ":") { + for _, l := range splitLowers { if l == "" { continue } diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go index ac905b0b4..3db94e880 100644 --- a/vendor/github.com/containers/storage/layers.go +++ b/vendor/github.com/containers/storage/layers.go @@ -475,7 +475,7 @@ func (r *layerStore) saveMounts() error { return r.loadMounts() } -func newLayerStore(rundir string, layerdir string, driver drivers.Driver, uidMap, gidMap []idtools.IDMap) (LayerStore, error) { +func (s *store) newLayerStore(rundir string, layerdir string, driver drivers.Driver) (LayerStore, error) { if err := os.MkdirAll(rundir, 0700); err != nil { return nil, err } @@ -501,8 +501,8 @@ func newLayerStore(rundir string, layerdir string, driver drivers.Driver, uidMap byid: make(map[string]*Layer), bymount: make(map[string]*Layer), byname: make(map[string]*Layer), - uidMap: copyIDMap(uidMap), - gidMap: copyIDMap(gidMap), + uidMap: copyIDMap(s.uidMap), + gidMap: copyIDMap(s.gidMap), } if err := rlstore.Load(); err != nil { return nil, err diff --git a/vendor/github.com/containers/storage/pkg/tarlog/tarlogger.go b/vendor/github.com/containers/storage/pkg/tarlog/tarlogger.go index c6985d757..26cd8504c 100644 --- a/vendor/github.com/containers/storage/pkg/tarlog/tarlogger.go +++ b/vendor/github.com/containers/storage/pkg/tarlog/tarlogger.go @@ -11,7 +11,6 @@ import ( type tarLogger struct { writer *io.PipeWriter closeMutex *sync.Mutex - stateMutex *sync.Mutex closed bool } @@ -22,7 +21,6 @@ func NewLogger(logger func(*tar.Header)) (io.WriteCloser, error) { t := &tarLogger{ writer: writer, closeMutex: new(sync.Mutex), - stateMutex: new(sync.Mutex), closed: false, } tr := tar.NewReader(reader) @@ -35,12 +33,9 @@ func NewLogger(logger func(*tar.Header)) (io.WriteCloser, error) { } // Make sure to avoid writes after the reader has been closed. - t.stateMutex.Lock() - t.closed = true if err := reader.Close(); err != nil { logrus.Errorf("error closing tarlogger reader: %v", err) } - t.stateMutex.Unlock() // Unblock the Close(). t.closeMutex.Unlock() }() @@ -48,16 +43,19 @@ func NewLogger(logger func(*tar.Header)) (io.WriteCloser, error) { } func (t *tarLogger) Write(b []byte) (int, error) { - t.stateMutex.Lock() if t.closed { // We cannot use os.Pipe() as this alters the tar's digest. Using // io.Pipe() requires this workaround as it does not allow for writes // after close. - t.stateMutex.Unlock() return len(b), nil } - t.stateMutex.Unlock() - return t.writer.Write(b) + n, err := t.writer.Write(b) + if err == io.ErrClosedPipe { + // The pipe got closed. Track it and avoid to call Write in future. + t.closed = true + return len(b), nil + } + return n, err } func (t *tarLogger) Close() error { diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go index 654e86880..65808b8a0 100644 --- a/vendor/github.com/containers/storage/store.go +++ b/vendor/github.com/containers/storage/store.go @@ -667,15 +667,6 @@ func (s *store) load() error { s.graphDriverName = driver.String() driverPrefix := s.graphDriverName + "-" - rls, err := s.LayerStore() - if err != nil { - return err - } - s.layerStore = rls - if _, err := s.ROLayerStores(); err != nil { - return err - } - gipath := filepath.Join(s.graphRoot, driverPrefix+"images") if err := os.MkdirAll(gipath, 0700); err != nil { return err @@ -774,7 +765,7 @@ func (s *store) LayerStore() (LayerStore, error) { if err := os.MkdirAll(glpath, 0700); err != nil { return nil, err } - rls, err := newLayerStore(rlpath, glpath, driver, s.uidMap, s.gidMap) + rls, err := s.newLayerStore(rlpath, glpath, driver) if err != nil { return nil, err } diff --git a/vendor/github.com/uber/jaeger-client-go/CHANGELOG.md b/vendor/github.com/uber/jaeger-client-go/CHANGELOG.md index c4590bf93..5e7e9d5e5 100644 --- a/vendor/github.com/uber/jaeger-client-go/CHANGELOG.md +++ b/vendor/github.com/uber/jaeger-client-go/CHANGELOG.md @@ -1,6 +1,16 @@ Changes by Version ================== +2.20.1 (2019-11-08) +------------------- + +Minor patch via https://github.com/jaegertracing/jaeger-client-go/pull/468 + +- Make `AdaptiveSamplerUpdater` usable with default values; Resolves #467 +- Create `OperationNameLateBinding` sampler option and config option +- Make `SamplerOptions` var of public type, so that its functions are discoverable via godoc + + 2.20.0 (2019-11-06) ------------------- diff --git a/vendor/github.com/uber/jaeger-client-go/config/config.go b/vendor/github.com/uber/jaeger-client-go/config/config.go index 965f7c3ee..a0c32d804 100644 --- a/vendor/github.com/uber/jaeger-client-go/config/config.go +++ b/vendor/github.com/uber/jaeger-client-go/config/config.go @@ -76,17 +76,26 @@ type SamplerConfig struct { // Can be set by exporting an environment variable named JAEGER_SAMPLER_MANAGER_HOST_PORT SamplingServerURL string `yaml:"samplingServerURL"` - // MaxOperations is the maximum number of operations that the sampler - // will keep track of. If an operation is not tracked, a default probabilistic - // sampler will be used rather than the per operation specific sampler. - // Can be set by exporting an environment variable named JAEGER_SAMPLER_MAX_OPERATIONS - MaxOperations int `yaml:"maxOperations"` - // SamplingRefreshInterval controls how often the remotely controlled sampler will poll // jaeger-agent for the appropriate sampling strategy. // Can be set by exporting an environment variable named JAEGER_SAMPLER_REFRESH_INTERVAL SamplingRefreshInterval time.Duration `yaml:"samplingRefreshInterval"` + // MaxOperations is the maximum number of operations that the PerOperationSampler + // will keep track of. If an operation is not tracked, a default probabilistic + // sampler will be used rather than the per operation specific sampler. + // Can be set by exporting an environment variable named JAEGER_SAMPLER_MAX_OPERATIONS. + MaxOperations int `yaml:"maxOperations"` + + // Opt-in feature for applications that require late binding of span name via explicit + // call to SetOperationName when using PerOperationSampler. When this feature is enabled, + // the sampler will return retryable=true from OnCreateSpan(), thus leaving the sampling + // decision as non-final (and the span as writeable). This may lead to degraded performance + // in applications that always provide the correct span name on trace creation. + // + // For backwards compatibility this option is off by default. + OperationNameLateBinding bool `yaml:"operationNameLateBinding"` + // Options can be used to programmatically pass additional options to the Remote sampler. Options []jaeger.SamplerOption } @@ -335,7 +344,7 @@ func (sc *SamplerConfig) NewSampler( return jaeger.NewProbabilisticSampler(sc.Param) } return nil, fmt.Errorf( - "Invalid Param for probabilistic sampler: %v. Expecting value between 0 and 1", + "invalid Param for probabilistic sampler; expecting value between 0 and 1, received %v", sc.Param, ) } @@ -353,17 +362,14 @@ func (sc *SamplerConfig) NewSampler( jaeger.SamplerOptions.Metrics(metrics), jaeger.SamplerOptions.InitialSampler(initSampler), jaeger.SamplerOptions.SamplingServerURL(sc.SamplingServerURL), - } - if sc.MaxOperations != 0 { - options = append(options, jaeger.SamplerOptions.MaxOperations(sc.MaxOperations)) - } - if sc.SamplingRefreshInterval != 0 { - options = append(options, jaeger.SamplerOptions.SamplingRefreshInterval(sc.SamplingRefreshInterval)) + jaeger.SamplerOptions.MaxOperations(sc.MaxOperations), + jaeger.SamplerOptions.OperationNameLateBinding(sc.OperationNameLateBinding), + jaeger.SamplerOptions.SamplingRefreshInterval(sc.SamplingRefreshInterval), } options = append(options, sc.Options...) return jaeger.NewRemotelyControlledSampler(serviceName, options...), nil } - return nil, fmt.Errorf("Unknown sampler type %v", sc.Type) + return nil, fmt.Errorf("unknown sampler type (%s)", sc.Type) } // NewReporter instantiates a new reporter that submits spans to the collector diff --git a/vendor/github.com/uber/jaeger-client-go/constants.go b/vendor/github.com/uber/jaeger-client-go/constants.go index 0da47b02f..5d27b628d 100644 --- a/vendor/github.com/uber/jaeger-client-go/constants.go +++ b/vendor/github.com/uber/jaeger-client-go/constants.go @@ -22,7 +22,7 @@ import ( const ( // JaegerClientVersion is the version of the client library reported as Span tag. - JaegerClientVersion = "Go-2.20.0" + JaegerClientVersion = "Go-2.20.1" // JaegerClientVersionTagKey is the name of the tag used to report client version. JaegerClientVersionTagKey = "jaeger.version" diff --git a/vendor/github.com/uber/jaeger-client-go/sampler.go b/vendor/github.com/uber/jaeger-client-go/sampler.go index 6195d59c5..f47004b1f 100644 --- a/vendor/github.com/uber/jaeger-client-go/sampler.go +++ b/vendor/github.com/uber/jaeger-client-go/sampler.go @@ -363,6 +363,9 @@ type PerOperationSamplerParams struct { // NewPerOperationSampler returns a new PerOperationSampler. func NewPerOperationSampler(params PerOperationSamplerParams) *PerOperationSampler { + if params.MaxOperations <= 0 { + params.MaxOperations = defaultMaxOperations + } samplers := make(map[string]*GuaranteedThroughputProbabilisticSampler) for _, strategy := range params.Strategies.PerOperationStrategies { sampler := newGuaranteedThroughputProbabilisticSampler( diff --git a/vendor/github.com/uber/jaeger-client-go/sampler_remote.go b/vendor/github.com/uber/jaeger-client-go/sampler_remote.go index 9bd0c9822..4448b8f64 100644 --- a/vendor/github.com/uber/jaeger-client-go/sampler_remote.go +++ b/vendor/github.com/uber/jaeger-client-go/sampler_remote.go @@ -258,8 +258,9 @@ func (u *RateLimitingSamplerUpdater) Update(sampler SamplerV2, strategy interfac // ----------------------- // AdaptiveSamplerUpdater is used by RemotelyControlledSampler to parse sampling configuration. +// Fields have the same meaning as in PerOperationSamplerParams. type AdaptiveSamplerUpdater struct { - MaxOperations int // required + MaxOperations int OperationNameLateBinding bool } diff --git a/vendor/github.com/uber/jaeger-client-go/sampler_remote_options.go b/vendor/github.com/uber/jaeger-client-go/sampler_remote_options.go index 7a292effc..3b5c6aa9c 100644 --- a/vendor/github.com/uber/jaeger-client-go/sampler_remote_options.go +++ b/vendor/github.com/uber/jaeger-client-go/sampler_remote_options.go @@ -23,12 +23,17 @@ import ( // SamplerOption is a function that sets some option on the sampler type SamplerOption func(options *samplerOptions) -// SamplerOptions is a factory for all available SamplerOption's -var SamplerOptions samplerOptions +// SamplerOptions is a factory for all available SamplerOption's. +var SamplerOptions SamplerOptionsFactory + +// SamplerOptionsFactory is a factory for all available SamplerOption's. +// The type acts as a namespace for factory functions. It is public to +// make the functions discoverable via godoc. Recommended to be used +// via global SamplerOptions variable. +type SamplerOptionsFactory struct{} type samplerOptions struct { metrics *Metrics - maxOperations int sampler SamplerV2 logger Logger samplingServerURL string @@ -36,11 +41,12 @@ type samplerOptions struct { samplingFetcher SamplingStrategyFetcher samplingParser SamplingStrategyParser updaters []SamplerUpdater + posParams PerOperationSamplerParams } // Metrics creates a SamplerOption that initializes Metrics on the sampler, // which is used to emit statistics. -func (samplerOptions) Metrics(m *Metrics) SamplerOption { +func (SamplerOptionsFactory) Metrics(m *Metrics) SamplerOption { return func(o *samplerOptions) { o.metrics = m } @@ -48,22 +54,30 @@ func (samplerOptions) Metrics(m *Metrics) SamplerOption { // MaxOperations creates a SamplerOption that sets the maximum number of // operations the sampler will keep track of. -func (samplerOptions) MaxOperations(maxOperations int) SamplerOption { +func (SamplerOptionsFactory) MaxOperations(maxOperations int) SamplerOption { + return func(o *samplerOptions) { + o.posParams.MaxOperations = maxOperations + } +} + +// OperationNameLateBinding creates a SamplerOption that sets the respective +// field in the PerOperationSamplerParams. +func (SamplerOptionsFactory) OperationNameLateBinding(enable bool) SamplerOption { return func(o *samplerOptions) { - o.maxOperations = maxOperations + o.posParams.OperationNameLateBinding = enable } } // InitialSampler creates a SamplerOption that sets the initial sampler // to use before a remote sampler is created and used. -func (samplerOptions) InitialSampler(sampler Sampler) SamplerOption { +func (SamplerOptionsFactory) InitialSampler(sampler Sampler) SamplerOption { return func(o *samplerOptions) { o.sampler = samplerV1toV2(sampler) } } // Logger creates a SamplerOption that sets the logger used by the sampler. -func (samplerOptions) Logger(logger Logger) SamplerOption { +func (SamplerOptionsFactory) Logger(logger Logger) SamplerOption { return func(o *samplerOptions) { o.logger = logger } @@ -71,7 +85,7 @@ func (samplerOptions) Logger(logger Logger) SamplerOption { // SamplingServerURL creates a SamplerOption that sets the sampling server url // of the local agent that contains the sampling strategies. -func (samplerOptions) SamplingServerURL(samplingServerURL string) SamplerOption { +func (SamplerOptionsFactory) SamplingServerURL(samplingServerURL string) SamplerOption { return func(o *samplerOptions) { o.samplingServerURL = samplingServerURL } @@ -79,28 +93,28 @@ func (samplerOptions) SamplingServerURL(samplingServerURL string) SamplerOption // SamplingRefreshInterval creates a SamplerOption that sets how often the // sampler will poll local agent for the appropriate sampling strategy. -func (samplerOptions) SamplingRefreshInterval(samplingRefreshInterval time.Duration) SamplerOption { +func (SamplerOptionsFactory) SamplingRefreshInterval(samplingRefreshInterval time.Duration) SamplerOption { return func(o *samplerOptions) { o.samplingRefreshInterval = samplingRefreshInterval } } // SamplingStrategyFetcher creates a SamplerOption that initializes sampling strategy fetcher. -func (samplerOptions) SamplingStrategyFetcher(fetcher SamplingStrategyFetcher) SamplerOption { +func (SamplerOptionsFactory) SamplingStrategyFetcher(fetcher SamplingStrategyFetcher) SamplerOption { return func(o *samplerOptions) { o.samplingFetcher = fetcher } } // SamplingStrategyParser creates a SamplerOption that initializes sampling strategy parser. -func (samplerOptions) SamplingStrategyParser(parser SamplingStrategyParser) SamplerOption { +func (SamplerOptionsFactory) SamplingStrategyParser(parser SamplingStrategyParser) SamplerOption { return func(o *samplerOptions) { o.samplingParser = parser } } // Updaters creates a SamplerOption that initializes sampler updaters. -func (samplerOptions) Updaters(updaters ...SamplerUpdater) SamplerOption { +func (SamplerOptionsFactory) Updaters(updaters ...SamplerUpdater) SamplerOption { return func(o *samplerOptions) { o.updaters = updaters } @@ -116,9 +130,6 @@ func (o *samplerOptions) applyOptionsAndDefaults(opts ...SamplerOption) *sampler if o.logger == nil { o.logger = log.NullLogger } - if o.maxOperations <= 0 { - o.maxOperations = defaultMaxOperations - } if o.samplingServerURL == "" { o.samplingServerURL = DefaultSamplingServerURL } @@ -139,7 +150,10 @@ func (o *samplerOptions) applyOptionsAndDefaults(opts ...SamplerOption) *sampler } if o.updaters == nil { o.updaters = []SamplerUpdater{ - &AdaptiveSamplerUpdater{MaxOperations: o.maxOperations}, + &AdaptiveSamplerUpdater{ + MaxOperations: o.posParams.MaxOperations, + OperationNameLateBinding: o.posParams.OperationNameLateBinding, + }, new(ProbabilisticSamplerUpdater), new(RateLimitingSamplerUpdater), } diff --git a/vendor/modules.txt b/vendor/modules.txt index 5a17ebd78..ba692e089 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -117,7 +117,7 @@ github.com/containers/image/v5/types github.com/containers/image/v5/version # github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b github.com/containers/libtrust -# github.com/containers/psgo v1.3.2 +# github.com/containers/psgo v1.4.0 github.com/containers/psgo github.com/containers/psgo/internal/capabilities github.com/containers/psgo/internal/cgroups @@ -125,7 +125,7 @@ github.com/containers/psgo/internal/dev github.com/containers/psgo/internal/host github.com/containers/psgo/internal/proc github.com/containers/psgo/internal/process -# github.com/containers/storage v1.15.2 +# github.com/containers/storage v1.15.3 github.com/containers/storage github.com/containers/storage/drivers github.com/containers/storage/drivers/aufs @@ -451,7 +451,7 @@ github.com/stretchr/testify/require github.com/syndtr/gocapability/capability # github.com/tchap/go-patricia v2.3.0+incompatible github.com/tchap/go-patricia/patricia -# github.com/uber/jaeger-client-go v2.20.0+incompatible +# github.com/uber/jaeger-client-go v2.20.1+incompatible github.com/uber/jaeger-client-go github.com/uber/jaeger-client-go/config github.com/uber/jaeger-client-go/internal/baggage diff --git a/version/version.go b/version/version.go index 129a2cd4b..e75d1e713 100644 --- a/version/version.go +++ b/version/version.go @@ -4,7 +4,7 @@ package version // NOTE: remember to bump the version at the top // of the top-level README.md file when this is // bumped. -const Version = "1.6.4-dev" +const Version = "1.7.0-dev" // RemoteAPIVersion is the version for the remote // client API. It is used to determine compatibility |