diff options
-rw-r--r-- | cmd/podman/common/completion.go | 4 | ||||
-rw-r--r-- | cmd/podman/root.go | 6 | ||||
-rw-r--r-- | contrib/spec/podman.spec.in | 64 | ||||
-rw-r--r-- | docs/source/markdown/podman-build.1.md | 13 | ||||
-rw-r--r-- | docs/source/markdown/podman-create.1.md | 11 | ||||
-rw-r--r-- | docs/source/markdown/podman-run.1.md | 11 | ||||
-rw-r--r-- | go.mod | 2 | ||||
-rw-r--r-- | go.sum | 4 | ||||
-rw-r--r-- | pkg/api/handlers/compat/images_build.go | 10 | ||||
-rw-r--r-- | pkg/bindings/images/build.go | 16 | ||||
-rw-r--r-- | pkg/domain/entities/types/auth.go | 3 | ||||
-rw-r--r-- | pkg/domain/entities/types/types.go | 3 | ||||
-rw-r--r-- | pkg/domain/infra/abi/play.go | 1 | ||||
-rw-r--r-- | pkg/errorhandling/errorhandling.go | 3 | ||||
-rw-r--r-- | pkg/specgen/generate/kube/kube.go | 6 | ||||
-rwxr-xr-x | test/compose/test-compose | 8 | ||||
-rw-r--r-- | test/e2e/play_kube_test.go | 1 | ||||
-rw-r--r-- | test/system/001-basic.bats | 13 | ||||
-rw-r--r-- | vendor/modules.txt | 2 |
19 files changed, 129 insertions, 52 deletions
diff --git a/cmd/podman/common/completion.go b/cmd/podman/common/completion.go index d110fb1b5..6086df297 100644 --- a/cmd/podman/common/completion.go +++ b/cmd/podman/common/completion.go @@ -21,7 +21,7 @@ var ( // ChangeCmds is the list of valid Change commands to passed to the Commit call ChangeCmds = []string{"CMD", "ENTRYPOINT", "ENV", "EXPOSE", "LABEL", "ONBUILD", "STOPSIGNAL", "USER", "VOLUME", "WORKDIR"} // LogLevels supported by podman - LogLevels = []string{"debug", "info", "warn", "warning", "error", "fatal", "panic"} + LogLevels = []string{"trace", "debug", "info", "warn", "warning", "error", "fatal", "panic"} ) type completeType int @@ -1009,7 +1009,7 @@ func AutocompleteEventBackend(cmd *cobra.Command, args []string, toComplete stri } // AutocompleteLogLevel - Autocomplete log level options. -// -> "debug", "info", "warn", "error", "fatal", "panic" +// -> "trace", "debug", "info", "warn", "error", "fatal", "panic" func AutocompleteLogLevel(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { return LogLevels, cobra.ShellCompDirectiveNoFileComp } diff --git a/cmd/podman/root.go b/cmd/podman/root.go index 4527c2646..9e5d2a236 100644 --- a/cmd/podman/root.go +++ b/cmd/podman/root.go @@ -416,7 +416,11 @@ func formatError(err error) string { strings.TrimSuffix(err.Error(), ": "+define.ErrOCIRuntime.Error()), ) } else { - message = "Error: " + err.Error() + if logrus.IsLevelEnabled(logrus.TraceLevel) { + message = fmt.Sprintf("Error: %+v", err) + } else { + message = fmt.Sprintf("Error: %v", err) + } } return message } diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index 78ff664f7..02b73bdb8 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -12,9 +12,9 @@ %global debug_package %{nil} %endif -# %if ! 0% {?gobuild:1} -%define gobuild(o:) go build -tags="$BUILDTAGS" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{?**}; -#% endif +%if ! 0%{?gobuild:1} +%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v -x %{?**}; +%endif # podman hack directory %define hackdir %{_builddir}/%{repo}-%{shortcommit0} @@ -30,12 +30,6 @@ %global commit0 #COMMIT# %global shortcommit0 %(c=%{commit0}; echo ${c:0:8}) -# People want conmon packaged with the copr rpm -%global import_path_conmon github.com/containers/conmon -%global git_conmon https://%{import_path_conmon} -%global commit_conmon 41877362fc4685d55e0473d2e4a1cbe5e1debee0 -%global shortcommit_conmon %(c=%{commit_conmon}; echo ${c:0:7}) - Name: podman %if 0%{?fedora} Epoch: 99 @@ -74,7 +68,8 @@ BuildRequires: libselinux-devel BuildRequires: pkgconfig BuildRequires: make BuildRequires: systemd-devel -Requires: skopeo-containers +Requires: containers-common +Requires: conmon Requires: containernetworking-plugins >= 0.6.0-3 Requires: iptables %if 0%{?rhel} < 8 || 0%{?centos} < 8 @@ -371,6 +366,26 @@ BuildArch: noarch Man pages for the %{name} commands %endif +%if 0%{?fedora} && ! 0%{?centos} +%package tests +Summary: Tests for %{name} + +Requires: %{name} = %{epoch}:%{version}-%{release} +Requires: bats +Requires: jq +Requires: skopeo +Requires: nmap-ncat +Requires: httpd-tools +Requires: openssl +Requires: socat +Requires: buildah + +%description tests +%{summary} + +This package contains system tests for %{name} +%endif + %prep %autosetup -Sgit -n %{repo}-%{shortcommit0} @@ -416,18 +431,6 @@ BUILDTAGS=$BUILDTAGS make binaries docs %else BUILDTAGS=$BUILDTAGS make binaries %endif -# build conmon -pushd conmon - -mkdir _output -pushd _output -mkdir -p src/%{provider}.%{provider_tld}/{containers,opencontainers} -ln -s $(dirs +1 -l) src/%{import_path_conmon} -popd - -export BUILDTAGS="selinux seccomp systemd $(%{hackdir}/hack/btrfs_installed_tag.sh) $(%{hackdir}/hack/btrfs_tag.sh)" -BUILDTAGS=$BUILDTAGS make -popd %install install -dp %{buildroot}%{_unitdir} @@ -444,10 +447,6 @@ PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} ETCDIR=%{build mv pkg/hooks/README.md pkg/hooks/README-hooks.md -# install conmon -install -dp %{buildroot}%{_libexecdir}/%{name} -install -p -m 755 conmon/bin/conmon %{buildroot}%{_libexecdir}/%{name} - # source codes for building projects %if 0%{?with_devel} install -d -p %{buildroot}/%{gopath}/src/%{import_path}/ @@ -467,6 +466,11 @@ for file in $(find . \( -iname "*.go" -or -iname "*.s" \) \! -iname "*_test.go" done %endif +%if 0%{?fedora} && ! 0%{?centos} +install -d -p %{buildroot}/%{_datadir}/%{name}/test/system +cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/ +%endif + # testing files for this project %if 0%{?with_unit_test} && 0%{?with_devel} install -d -p %{buildroot}/%{gopath}/src/%{import_path}/ @@ -522,7 +526,6 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_datadir}/bash-completion/completions/* %{_datadir}/zsh/site-functions/* %{_datadir}/fish/vendor_completions.d/* -%{_libexecdir}/%{name}/conmon %config(noreplace) %{_sysconfdir}/cni/net.d/87-%{name}-bridge.conflist %{_unitdir}/podman-auto-update.service %{_unitdir}/podman-auto-update.timer @@ -558,6 +561,13 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_mandir}/man5/*.5* %endif +%if 0%{?fedora} && ! 0%{?centos} +%files tests +%license LICENSE +%{_datadir}/%{name}/test +%dir %{_datadir}/%{name}/test/system +%endif + %changelog * Sat Aug 4 2018 Dan Walsh <dwalsh@redhat.com> - 0.8.1-1.git6b4ab2a - Bump to v0.8.1 diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md index a91c7b6a6..876bfe412 100644 --- a/docs/source/markdown/podman-build.1.md +++ b/docs/source/markdown/podman-build.1.md @@ -692,6 +692,7 @@ Set the architecture variant of the image to be pulled. * [rw|ro] * [z|Z|O] + * [U] * [`[r]shared`|`[r]slave`|`[r]private`] The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR` @@ -707,6 +708,18 @@ You can add the `:ro` or `:rw` suffix to a volume to mount it read-only or read-write mode, respectively. By default, the volumes are mounted read-write. See examples. + `Chowning Volume Mounts` + +By default, Podman does not change the owner and group of source volume +directories mounted. When running using user namespaces, the UID and GID inside +the namespace may correspond to another UID and GID on the host. + +The `:U` suffix tells Podman to use the correct host UID and GID based on the +UID and GID within the namespace, to change recursively the owner and group of +the source volume. + +**Warning** use with caution since this will modify the host filesystem. + `Labeling Volume Mounts` Labeling systems like SELinux require that proper labels are placed on volume diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index fcd5f3e3f..ae6dfe03b 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -1075,9 +1075,14 @@ See examples. `Chowning Volume Mounts` -By default, Podman does not change the owner and group of source volume directories mounted into containers. If a container is created in a new user namespace, the UID and GID in the container may correspond to another UID and GID on the host. - -The `:U` suffix tells Podman to use the correct host UID and GID based on the UID and GID within the container, to change recursively the owner and group of the source volume. +By default, Podman does not change the owner and group of source volume +directories mounted into containers. If a container is created in a new user +namespace, the UID and GID in the container may correspond to another UID and +GID on the host. + +The `:U` suffix tells Podman to use the correct host UID and GID based on the +UID and GID within the container, to change recursively the owner and group of +the source volume. **Warning** use with caution since this will modify the host filesystem. diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 3fad9bf64..40b271828 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -1155,9 +1155,14 @@ read-write mode, respectively. By default, the volumes are mounted read-write. `Chowning Volume Mounts` -By default, Podman does not change the owner and group of source volume directories mounted into containers. If a container is created in a new user namespace, the UID and GID in the container may correspond to another UID and GID on the host. - -The `:U` suffix tells Podman to use the correct host UID and GID based on the UID and GID within the container, to change recursively the owner and group of the source volume. +By default, Podman does not change the owner and group of source volume +directories mounted into containers. If a container is created in a new user +namespace, the UID and GID in the container may correspond to another UID and +GID on the host. + +The `:U` suffix tells Podman to use the correct host UID and GID based on the +UID and GID within the container, to change recursively the owner and group of +the source volume. **Warning** use with caution since this will modify the host filesystem. @@ -51,7 +51,7 @@ require ( github.com/opencontainers/selinux v1.8.0 github.com/pkg/errors v0.9.1 github.com/pmezard/go-difflib v1.0.0 - github.com/rootless-containers/rootlesskit v0.14.1 + github.com/rootless-containers/rootlesskit v0.14.2 github.com/sirupsen/logrus v1.8.1 github.com/spf13/cobra v1.1.3 github.com/spf13/pflag v1.0.5 @@ -713,8 +713,8 @@ github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rootless-containers/rootlesskit v0.14.1 h1:lvyG8XLYOiHPoSjWekgqY4MkNZJ+218KBOLfw9kB3Hk= -github.com/rootless-containers/rootlesskit v0.14.1/go.mod h1:nV3TpRISvwhZQSwo0nmQQnxjCxXr3mvrMi0oASLvzcg= +github.com/rootless-containers/rootlesskit v0.14.2 h1:jmsSyNyRG0QdWc3usppt5jEy5qOheeUsIINcymPrOFg= +github.com/rootless-containers/rootlesskit v0.14.2/go.mod h1:nV3TpRISvwhZQSwo0nmQQnxjCxXr3mvrMi0oASLvzcg= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index e0c79e5a7..ec40fdd2d 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -464,15 +464,16 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { var ( imageID string - failed bool + success bool ) runCtx, cancel := context.WithCancel(context.Background()) go func() { defer cancel() imageID, _, err = runtime.Build(r.Context(), buildOptions, query.Dockerfile) - if err != nil { - failed = true + if err == nil { + success = true + } else { stderr.Write([]byte(err.Error() + "\n")) } }() @@ -534,7 +535,8 @@ loop: } flush() case <-runCtx.Done(): - if !failed { + flush() + if success { if !utils.IsLibpodRequest(r) { m.Stream = fmt.Sprintf("Successfully built %12.12s\n", imageID) if err := enc.Encode(m); err != nil { diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go index 34d6cee05..c0e5706a5 100644 --- a/pkg/bindings/images/build.go +++ b/pkg/bindings/images/build.go @@ -340,6 +340,7 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO re := regexp.MustCompile(`[0-9a-f]{12}`) var id string + var mErr error for { var s struct { Stream string `json:"stream,omitempty"` @@ -347,11 +348,21 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO } if err := dec.Decode(&s); err != nil { if errors.Is(err, io.EOF) { - return &entities.BuildReport{ID: id}, nil + if mErr == nil && id == "" { + mErr = errors.New("stream dropped, unexpected failure") + } + break } s.Error = err.Error() + "\n" } + select { + case <-response.Request.Context().Done(): + return &entities.BuildReport{ID: id}, mErr + default: + // non-blocking select + } + switch { case s.Stream != "": stdout.Write([]byte(s.Stream)) @@ -359,11 +370,12 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO id = strings.TrimSuffix(s.Stream, "\n") } case s.Error != "": - return nil, errors.New(s.Error) + mErr = errors.New(s.Error) default: return &entities.BuildReport{ID: id}, errors.New("failed to parse build results stream, unexpected input") } } + return &entities.BuildReport{ID: id}, mErr } func nTar(excludes []string, sources ...string) (io.ReadCloser, error) { diff --git a/pkg/domain/entities/types/auth.go b/pkg/domain/entities/types/auth.go index ddf15bb18..7f2480173 100644 --- a/pkg/domain/entities/types/auth.go +++ b/pkg/domain/entities/types/auth.go @@ -1,4 +1,5 @@ -package types // import "github.com/docker/docker/api/types" +// copied from github.com/docker/docker/api/types +package types // AuthConfig contains authorization information for connecting to a Registry type AuthConfig struct { diff --git a/pkg/domain/entities/types/types.go b/pkg/domain/entities/types/types.go index 77834c0cb..7dc785078 100644 --- a/pkg/domain/entities/types/types.go +++ b/pkg/domain/entities/types/types.go @@ -1,4 +1,5 @@ -package types // import "github.com/docker/docker/api/types" +// copied from github.com/docker/docker/api/types +package types // ComponentVersion describes the version information for a specific component. type ComponentVersion struct { diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index 52f759f13..6eecef2de 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -300,6 +300,7 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY RestartPolicy: ctrRestartPolicy, NetNSIsHost: p.NetNS.IsHost(), SecretsManager: secretsManager, + LogDriver: options.LogDriver, } specGen, err := kube.ToSpecGen(ctx, &specgenOpts) if err != nil { diff --git a/pkg/errorhandling/errorhandling.go b/pkg/errorhandling/errorhandling.go index b1923be98..9dc545ebb 100644 --- a/pkg/errorhandling/errorhandling.go +++ b/pkg/errorhandling/errorhandling.go @@ -24,6 +24,9 @@ func JoinErrors(errs []error) error { if finalErr == nil { return finalErr } + if len(multiE.WrappedErrors()) == 1 && logrus.IsLevelEnabled(logrus.TraceLevel) { + return multiE.WrappedErrors()[0] + } return errors.New(strings.TrimSpace(finalErr.Error())) } diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index 31ed3fd7c..7aeec9d41 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -98,6 +98,8 @@ type CtrSpecGenOptions struct { NetNSIsHost bool // SecretManager to access the secrets SecretsManager *secrets.SecretsManager + // LogDriver which should be used for the container + LogDriver string } func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGenerator, error) { @@ -115,6 +117,10 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener s.Pod = opts.PodID + s.LogConfiguration = &specgen.LogConfig{ + Driver: opts.LogDriver, + } + setupSecurityContext(s, opts.Container) // Since we prefix the container name with pod name to work-around the uniqueness requirement, diff --git a/test/compose/test-compose b/test/compose/test-compose index c4c484190..46ca80321 100755 --- a/test/compose/test-compose +++ b/test/compose/test-compose @@ -173,15 +173,16 @@ function test_port() { if [ $curl_rc -ne 0 ]; then _show_ok 0 "$testname - curl (port $port) failed with status $curl_rc" - # FIXME: is this useful? What else can we do to diagnose? - echo "# docker-compose logs:" - docker-compose logs echo "# podman ps -a:" $PODMAN_BIN --root $WORKDIR/root --runroot $WORKDIR/runroot ps -a if type -p ss; then echo "# ss -tulpn:" ss -tulpn + echo "# podman unshare --rootless-cni ss -tulpn:" + $PODMAN_BIN --root $WORKDIR/root --runroot $WORKDIR/runroot unshare --rootless-cni ss -tulpn fi + echo "# cat $WORKDIR/server.log:" + cat $WORKDIR/server.log return fi @@ -212,6 +213,7 @@ function start_service() { cp /etc/cni/net.d/*podman*conflist $WORKDIR/cni/ $PODMAN_BIN \ + --log-level debug \ --root $WORKDIR/root \ --runroot $WORKDIR/runroot \ --cgroup-manager=systemd \ diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 41afd9f75..e479b88cc 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -1970,7 +1970,6 @@ MemoryReservation: {{ .HostConfig.MemoryReservation }}`}) }) It("podman play kube applies log driver to containers", func() { - Skip("need to verify images have correct packages for journald") pod := getPod() err := generateKubeYaml("pod", pod, kubeYaml) Expect(err).To(BeNil()) diff --git a/test/system/001-basic.bats b/test/system/001-basic.bats index 081bb1171..35107f0a0 100644 --- a/test/system/001-basic.bats +++ b/test/system/001-basic.bats @@ -111,4 +111,17 @@ function setup() { is "$output" "you found me" "sample invocation of 'jq'" } +@test "podman --log-level recognizes log levels" { + run_podman 1 --log-level=telepathic info + is "$output" 'Log Level "telepathic" is not supported.*' + run_podman --log-level=trace info + run_podman --log-level=debug info + run_podman --log-level=info info + run_podman --log-level=warn info + run_podman --log-level=warning info + run_podman --log-level=error info + run_podman --log-level=fatal info + run_podman --log-level=panic info +} + # vim: filetype=sh diff --git a/vendor/modules.txt b/vendor/modules.txt index 1bf189b86..431a21c8a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -542,7 +542,7 @@ github.com/prometheus/procfs/internal/fs github.com/prometheus/procfs/internal/util # github.com/rivo/uniseg v0.2.0 github.com/rivo/uniseg -# github.com/rootless-containers/rootlesskit v0.14.1 +# github.com/rootless-containers/rootlesskit v0.14.2 github.com/rootless-containers/rootlesskit/pkg/api github.com/rootless-containers/rootlesskit/pkg/msgutil github.com/rootless-containers/rootlesskit/pkg/port |