diff options
| -rw-r--r-- | cmd/podman/images/pull.go | 7 | ||||
| -rw-r--r-- | cmd/podman/images/push.go | 8 | ||||
| -rw-r--r-- | cmd/podman/system/info.go | 2 | ||||
| -rw-r--r-- | libpod/container_internal.go | 6 | ||||
| -rw-r--r-- | pkg/api/server/server.go | 41 | ||||
| -rw-r--r-- | pkg/domain/infra/abi/images.go | 4 | ||||
| -rw-r--r-- | pkg/domain/infra/tunnel/images.go | 10 | ||||
| -rw-r--r-- | pkg/selinux/selinux.go | 40 | ||||
| -rw-r--r-- | pkg/util/utils.go | 36 | ||||
| -rw-r--r-- | test/e2e/info_test.go | 42 | ||||
| -rw-r--r-- | test/e2e/pull_test.go | 1 | ||||
| -rw-r--r-- | test/e2e/untag_test.go | 1 |
12 files changed, 145 insertions, 53 deletions
diff --git a/cmd/podman/images/pull.go b/cmd/podman/images/pull.go index fb107d00c..f996d0681 100644 --- a/cmd/podman/images/pull.go +++ b/cmd/podman/images/pull.go @@ -2,11 +2,13 @@ package images import ( "fmt" + "os" buildahcli "github.com/containers/buildah/pkg/cli" "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/registry" "github.com/containers/libpod/pkg/domain/entities" + "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/spf13/pflag" ) @@ -99,6 +101,11 @@ func imagePull(cmd *cobra.Command, args []string) error { if cmd.Flags().Changed("tls-verify") { pullOptsAPI.TLSVerify = types.NewOptionalBool(pullOptions.TLSVerifyCLI) } + if pullOptsAPI.Authfile != "" { + if _, err := os.Stat(pullOptsAPI.Authfile); err != nil { + return errors.Wrapf(err, "error getting authfile %s", pullOptsAPI.Authfile) + } + } // Let's do all the remaining Yoga in the API to prevent us from // scattering logic across (too) many parts of the code. diff --git a/cmd/podman/images/push.go b/cmd/podman/images/push.go index f12a5ac86..ef2ffd0d7 100644 --- a/cmd/podman/images/push.go +++ b/cmd/podman/images/push.go @@ -1,6 +1,8 @@ package images import ( + "os" + buildahcli "github.com/containers/buildah/pkg/cli" "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/registry" @@ -114,6 +116,12 @@ func imagePush(cmd *cobra.Command, args []string) error { pushOptsAPI.TLSVerify = types.NewOptionalBool(pushOptions.TLSVerifyCLI) } + if pushOptsAPI.Authfile != "" { + if _, err := os.Stat(pushOptsAPI.Authfile); err != nil { + return errors.Wrapf(err, "error getting authfile %s", pushOptsAPI.Authfile) + } + } + // Let's do all the remaining Yoga in the API to prevent us from scattering // logic across (too) many parts of the code. return registry.ImageEngine().Push(registry.GetContext(), source, destination, pushOptsAPI) diff --git a/cmd/podman/system/info.go b/cmd/podman/system/info.go index 8e014a91b..8b36ef549 100644 --- a/cmd/podman/system/info.go +++ b/cmd/podman/system/info.go @@ -7,8 +7,8 @@ import ( "github.com/containers/libpod/cmd/podman/registry" "github.com/containers/libpod/pkg/domain/entities" + "github.com/ghodss/yaml" "github.com/spf13/cobra" - "gopkg.in/yaml.v2" ) var ( diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 50bd9bc25..4cb80a98b 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -19,7 +19,7 @@ import ( "github.com/containers/libpod/pkg/hooks" "github.com/containers/libpod/pkg/hooks/exec" "github.com/containers/libpod/pkg/rootless" - "github.com/containers/libpod/pkg/util" + "github.com/containers/libpod/pkg/selinux" "github.com/containers/storage" "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/mount" @@ -435,12 +435,12 @@ func (c *Container) setupStorage(ctx context.Context) error { processLabel := containerInfo.ProcessLabel switch { case c.ociRuntime.SupportsKVM(): - processLabel, err = util.SELinuxKVMLabel(processLabel) + processLabel, err = selinux.SELinuxKVMLabel(processLabel) if err != nil { return err } case c.config.Systemd: - processLabel, err = util.SELinuxInitLabel(processLabel) + processLabel, err = selinux.SELinuxInitLabel(processLabel) if err != nil { return err } diff --git a/pkg/api/server/server.go b/pkg/api/server/server.go index 9576fd437..ce2d152e0 100644 --- a/pkg/api/server/server.go +++ b/pkg/api/server/server.go @@ -8,6 +8,7 @@ import ( "os" "os/signal" "runtime" + goRuntime "runtime" "strings" "sync" "syscall" @@ -30,6 +31,7 @@ type APIServer struct { net.Listener // mux for routing HTTP API calls to libpod routines context.CancelFunc // Stop APIServer idleTracker *IdleTracker // Track connections to support idle shutdown + pprof *http.Server // Sidecar http server for providing performance data } // Number of seconds to wait for next request, if exceeded shutdown server @@ -145,6 +147,20 @@ func (s *APIServer) Serve() error { _ = s.Shutdown() }() + if logrus.IsLevelEnabled(logrus.DebugLevel) { + go func() { + pprofMux := mux.NewRouter() + pprofMux.PathPrefix("/debug/pprof").Handler(http.DefaultServeMux) + goRuntime.SetMutexProfileFraction(1) + goRuntime.SetBlockProfileRate(1) + s.pprof = &http.Server{Addr: "localhost:8888", Handler: pprofMux} + err := s.pprof.ListenAndServe() + if err != nil && err != http.ErrServerClosed { + logrus.Warn("Profiler Service failed: " + err.Error()) + } + }() + } + go func() { err := s.Server.Serve(s.Listener) if err != nil && err != http.ErrServerClosed { @@ -166,26 +182,29 @@ func (s *APIServer) Serve() error { // Shutdown is a clean shutdown waiting on existing clients func (s *APIServer) Shutdown() error { - if logrus.IsLevelEnabled(logrus.DebugLevel) { - _, file, line, _ := runtime.Caller(1) - logrus.Debugf("APIServer.Shutdown by %s:%d, %d/%d connection(s)", - file, line, s.idleTracker.ActiveConnections(), s.idleTracker.TotalConnections()) - } - - // Duration == 0 flags no auto-shutdown of the server - if s.idleTracker.Duration == 0 { - logrus.Debug("APIServer.Shutdown ignored as Duration == 0") + if s.idleTracker.Duration == UnlimitedServiceDuration { + logrus.Debug("APIServer.Shutdown ignored as Duration is UnlimitedService.") return nil } - // Gracefully shutdown server, duration of wait same as idle window + // Gracefully shutdown server(s), duration of wait same as idle window // TODO: Should we really wait the idle window for shutdown? ctx, cancel := context.WithTimeout(context.Background(), s.idleTracker.Duration) defer cancel() + + if logrus.IsLevelEnabled(logrus.DebugLevel) { + _, file, line, _ := runtime.Caller(1) + logrus.Debugf("APIServer.Shutdown by %s:%d, %d/%d connection(s)", + file, line, s.idleTracker.ActiveConnections(), s.idleTracker.TotalConnections()) + if err := s.pprof.Shutdown(ctx); err != nil { + logrus.Warn("Failed to cleanly shutdown pprof Server: " + err.Error()) + } + } + go func() { err := s.Server.Shutdown(ctx) if err != nil && err != context.Canceled && err != http.ErrServerClosed { - logrus.Errorf("Failed to cleanly shutdown APIServer: %s", err.Error()) + logrus.Error("Failed to cleanly shutdown APIServer: " + err.Error()) } }() <-ctx.Done() diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index 32f7d75e5..d0b7b42b5 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -303,6 +303,10 @@ func (ir *ImageEngine) Untag(ctx context.Context, nameOrId string, tags []string if err != nil { return err } + // If only one arg is provided, all names are to be untagged + if len(tags) == 0 { + tags = newImage.Names() + } for _, tag := range tags { if err := newImage.UntagImage(tag); err != nil { return err diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go index 822842936..27ed9f1ec 100644 --- a/pkg/domain/infra/tunnel/images.go +++ b/pkg/domain/infra/tunnel/images.go @@ -7,6 +7,7 @@ import ( "github.com/containers/common/pkg/config" "github.com/containers/image/v5/docker/reference" + "github.com/containers/libpod/pkg/bindings" images "github.com/containers/libpod/pkg/bindings/images" "github.com/containers/libpod/pkg/domain/entities" "github.com/containers/libpod/pkg/domain/utils" @@ -109,6 +110,15 @@ func (ir *ImageEngine) Tag(ctx context.Context, nameOrId string, tags []string, } func (ir *ImageEngine) Untag(ctx context.Context, nameOrId string, tags []string, options entities.ImageUntagOptions) error { + // Remove all tags if none are provided + if len(tags) == 0 { + newImage, err := images.GetImage(ir.ClientCxt, nameOrId, &bindings.PFalse) + if err != nil { + return err + } + tags = newImage.NamesHistory + } + for _, newTag := range tags { var ( tag, repo string diff --git a/pkg/selinux/selinux.go b/pkg/selinux/selinux.go new file mode 100644 index 000000000..975519cce --- /dev/null +++ b/pkg/selinux/selinux.go @@ -0,0 +1,40 @@ +package selinux + +import ( + "github.com/opencontainers/selinux/go-selinux" +) + +// SELinuxKVMLabel returns labels for running kvm isolated containers +func SELinuxKVMLabel(cLabel string) (string, error) { + if cLabel == "" { + // selinux is disabled + return "", nil + } + processLabel, _ := selinux.KVMContainerLabels() + selinux.ReleaseLabel(processLabel) + return swapSELinuxLabel(cLabel, processLabel) +} + +// SELinuxInitLabel returns labels for running systemd based containers +func SELinuxInitLabel(cLabel string) (string, error) { + if cLabel == "" { + // selinux is disabled + return "", nil + } + processLabel, _ := selinux.InitContainerLabels() + selinux.ReleaseLabel(processLabel) + return swapSELinuxLabel(cLabel, processLabel) +} + +func swapSELinuxLabel(cLabel, processLabel string) (string, error) { + dcon, err := selinux.NewContext(cLabel) + if err != nil { + return "", err + } + scon, err := selinux.NewContext(processLabel) + if err != nil { + return "", err + } + dcon["type"] = scon["type"] + return dcon.Get(), nil +} diff --git a/pkg/util/utils.go b/pkg/util/utils.go index 55e775d7a..64331cf66 100644 --- a/pkg/util/utils.go +++ b/pkg/util/utils.go @@ -22,7 +22,6 @@ import ( "github.com/containers/storage" "github.com/containers/storage/pkg/idtools" v1 "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/opencontainers/selinux/go-selinux" "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/crypto/ssh/terminal" @@ -647,41 +646,6 @@ func ValidateSysctls(strSlice []string) (map[string]string, error) { return sysctl, nil } -// SELinuxKVMLabel returns labels for running kvm isolated containers -func SELinuxKVMLabel(cLabel string) (string, error) { - if cLabel == "" { - // selinux is disabled - return "", nil - } - processLabel, _ := selinux.KVMContainerLabels() - selinux.ReleaseLabel(processLabel) - return swapSELinuxLabel(cLabel, processLabel) -} - -// SELinuxInitLabel returns labels for running systemd based containers -func SELinuxInitLabel(cLabel string) (string, error) { - if cLabel == "" { - // selinux is disabled - return "", nil - } - processLabel, _ := selinux.InitContainerLabels() - selinux.ReleaseLabel(processLabel) - return swapSELinuxLabel(cLabel, processLabel) -} - -func swapSELinuxLabel(cLabel, processLabel string) (string, error) { - dcon, err := selinux.NewContext(cLabel) - if err != nil { - return "", err - } - scon, err := selinux.NewContext(processLabel) - if err != nil { - return "", err - } - dcon["type"] = scon["type"] - return dcon.Get(), nil -} - func DefaultContainerConfig() *config.Config { return containerConfig } diff --git a/test/e2e/info_test.go b/test/e2e/info_test.go index ff3615dcd..7cb299e0f 100644 --- a/test/e2e/info_test.go +++ b/test/e2e/info_test.go @@ -1,8 +1,13 @@ package integration import ( + "fmt" + "io/ioutil" "os" + "os/exec" + "path/filepath" + "github.com/containers/libpod/pkg/rootless" . "github.com/containers/libpod/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -50,4 +55,41 @@ var _ = Describe("Podman Info", func() { Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring("registry")) }) + + It("podman info rootless storage path", func() { + if !rootless.IsRootless() { + Skip("test of rootless_storage_path is only meaningful as rootless") + } + SkipIfRemote() + oldHOME, hasHOME := os.LookupEnv("HOME") + defer func() { + if hasHOME { + os.Setenv("HOME", oldHOME) + } else { + os.Unsetenv("HOME") + } + }() + os.Setenv("HOME", podmanTest.TempDir) + configPath := filepath.Join(os.Getenv("HOME"), ".config", "containers", "storage.conf") + err := os.RemoveAll(filepath.Dir(configPath)) + Expect(err).To(BeNil()) + + err = os.MkdirAll(filepath.Dir(configPath), os.ModePerm) + Expect(err).To(BeNil()) + + rootlessStoragePath := `"/tmp/$HOME/$USER/$UID"` + driver := `"overlay"` + storageOpt := `"/usr/bin/fuse-overlayfs"` + storageConf := []byte(fmt.Sprintf("[storage]\ndriver=%s\nrootless_storage_path=%s\n[storage.options]\nmount_program=%s", driver, rootlessStoragePath, storageOpt)) + err = ioutil.WriteFile(configPath, storageConf, os.ModePerm) + Expect(err).To(BeNil()) + + expect := filepath.Join("/tmp", os.Getenv("HOME"), os.Getenv("USER"), os.Getenv("UID")) + podmanPath := podmanTest.PodmanTest.PodmanBinary + cmd := exec.Command(podmanPath, "info", "--format", "{{.Store.GraphRoot}}") + out, err := cmd.CombinedOutput() + fmt.Println(string(out)) + Expect(err).To(BeNil()) + Expect(string(out)).To(ContainSubstring(expect)) + }) }) diff --git a/test/e2e/pull_test.go b/test/e2e/pull_test.go index 153195825..96340ef30 100644 --- a/test/e2e/pull_test.go +++ b/test/e2e/pull_test.go @@ -22,7 +22,6 @@ var _ = Describe("Podman pull", func() { ) BeforeEach(func() { - Skip(v2fail) tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/untag_test.go b/test/e2e/untag_test.go index 8b4b454db..17171cd41 100644 --- a/test/e2e/untag_test.go +++ b/test/e2e/untag_test.go @@ -16,7 +16,6 @@ var _ = Describe("Podman untag", func() { ) BeforeEach(func() { - Skip(v2fail) tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) |