summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--go.mod2
-rw-r--r--go.sum3
-rw-r--r--vendor/github.com/containers/common/pkg/config/config.go82
-rw-r--r--vendor/github.com/containers/common/pkg/config/config_local.go9
-rw-r--r--vendor/github.com/containers/common/pkg/config/config_remote.go4
-rw-r--r--vendor/github.com/containers/common/pkg/config/containers.conf28
-rw-r--r--vendor/github.com/containers/common/pkg/config/default.go5
-rw-r--r--vendor/github.com/containers/common/version/version.go2
-rw-r--r--vendor/modules.txt2
9 files changed, 114 insertions, 23 deletions
diff --git a/go.mod b/go.mod
index e1ca385c7..bf9718dea 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921
github.com/containernetworking/plugins v0.8.6
github.com/containers/buildah v1.15.1-0.20200708111410-d2ea9429455d
- github.com/containers/common v0.15.2
+ github.com/containers/common v0.16.0
github.com/containers/conmon v2.0.19+incompatible
github.com/containers/image/v5 v5.5.1
github.com/containers/psgo v1.5.1
diff --git a/go.sum b/go.sum
index 57b75bde3..7f95292ac 100644
--- a/go.sum
+++ b/go.sum
@@ -72,8 +72,9 @@ github.com/containernetworking/plugins v0.8.6 h1:npZTLiMa4CRn6m5P9+1Dz4O1j0UeFbm
github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
github.com/containers/buildah v1.15.1-0.20200708111410-d2ea9429455d h1:HgJJn1UBFjM464NpEmgLwVje5vSF/fBYAdLLoww9HgU=
github.com/containers/buildah v1.15.1-0.20200708111410-d2ea9429455d/go.mod h1:HUAiD1mCGPFPcIuk5zls1LElLhXo7Q3hWDwheojjyAs=
-github.com/containers/common v0.15.2 h1:KNNnSxeWRlghZPTVu07pjMWCRKvDObWykglf4ZFVDVI=
github.com/containers/common v0.15.2/go.mod h1:rhpXuGLTEKsk/xX/x0iKGHjRadMHpBd2ZiNDugwXPEM=
+github.com/containers/common v0.16.0 h1:zAxDJ2tA2wBEjXwV/+ddC8s1f3MfqulH3waSjKxlX3o=
+github.com/containers/common v0.16.0/go.mod h1:siKqOA03Bhh7Ss2m7fCsbVvbjwaNqrI+gZtC9FUp+DI=
github.com/containers/conmon v2.0.19+incompatible h1:1bDVRvHy2MUNTUT/SW6LlHsJHQBTSwXvnKNdcB/a1vQ=
github.com/containers/conmon v2.0.19+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image/v5 v5.5.1 h1:h1FCOXH6Ux9/p/E4rndsQOC4yAdRU0msRTfLVeQ7FDQ=
diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go
index c652a66f2..b3278bb28 100644
--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@@ -165,9 +165,12 @@ type ContainersConfig struct {
// ShmSize holds the size of /dev/shm.
ShmSize string `toml:"shm_size,omitempty"`
- //TZ sets the timezone inside the container
+ // TZ sets the timezone inside the container
TZ string `toml:"tz,omitempty"`
+ // Umask is the umask inside the container.
+ Umask string `toml:"umask,omitempty"`
+
// UTSNS indicates how to create a UTS namespace for the container
UTSNS string `toml:"utsns,omitempty"`
@@ -198,7 +201,7 @@ type EngineConfig struct {
// The first path pointing to a valid file will be used.
ConmonPath []string `toml:"conmon_path,omitempty"`
- //DetachKeys is the sequence of keys used to detach a container.
+ // DetachKeys is the sequence of keys used to detach a container.
DetachKeys string `toml:"detach_keys,omitempty"`
// EnablePortReservation determines whether engine will reserve ports on the
@@ -272,12 +275,20 @@ type EngineConfig struct {
// Indicates whether the application should be running in Remote mode
Remote bool `toml:"-"`
+ // RemoteURI is deprecated, see ActiveService
// RemoteURI containers connection information used to connect to remote system.
RemoteURI string `toml:"remote_uri,omitempty"`
- // Identity key file for RemoteURI
+ // RemoteIdentity is deprecated, ServiceDestinations
+ // RemoteIdentity key file for RemoteURI
RemoteIdentity string `toml:"remote_identity,omitempty"`
+ // ActiveService index to Destinations added v2.0.3
+ ActiveService string `toml:"active_service,omitempty"`
+
+ // Destinations mapped by service Names
+ ServiceDestinations map[string]Destination `toml:"service_destinations,omitempty"`
+
// RuntimePath is the path to OCI runtime binary for launching containers.
// The first path pointing to a valid file will be used This is used only
// when there are no OCIRuntime/OCIRuntimes defined. It is used only to be
@@ -393,6 +404,15 @@ type NetworkConfig struct {
NetworkConfigDir string `toml:"network_config_dir,omitempty"`
}
+// Destination represents destination for remote service
+type Destination struct {
+ // URI, required. Example: ssh://root@example.com:22/run/podman/podman.sock
+ URI string `toml:"uri"`
+
+ // Identity file with ssh key, optional
+ Identity string `toml:"identity,omitempty"`
+}
+
// NewConfig creates a new Config. It starts with an empty config and, if
// specified, merges the config at `userConfigPath` path. Depending if we're
// running as root or rootless, we then merge the system configuration followed
@@ -582,6 +602,10 @@ func (c *ContainersConfig) Validate() error {
return err
}
+ if err := c.validateUmask(); err != nil {
+ return err
+ }
+
if c.LogSizeMax >= 0 && c.LogSizeMax < OCIBufSize {
return fmt.Errorf("log size max should be negative or >= %d", OCIBufSize)
}
@@ -828,9 +852,9 @@ func stringsEq(a, b []string) bool {
}
var (
- configOnce sync.Once
- configErr error
- config *Config
+ configErr error
+ configMutex sync.Mutex
+ config *Config
)
// Default returns the default container config.
@@ -845,9 +869,12 @@ var (
// The system defaults container config files can be overwritten using the
// CONTAINERS_CONF environment variable. This is usually done for testing.
func Default() (*Config, error) {
- configOnce.Do(func() {
- config, configErr = NewConfig("")
- })
+ configMutex.Lock()
+ defer configMutex.Unlock()
+ if config != nil || configErr != nil {
+ return config, configErr
+ }
+ config, configErr = NewConfig("")
return config, configErr
}
@@ -879,8 +906,8 @@ func customConfigFile() (string, error) {
return OverrideContainersConfig, nil
}
-//ReadCustomConfig reads the custom config and only generates a config based on it
-//If the custom config file does not exists, function will return an empty config
+// ReadCustomConfig reads the custom config and only generates a config based on it
+// If the custom config file does not exists, function will return an empty config
func ReadCustomConfig() (*Config, error) {
path, err := customConfigFile()
if err != nil {
@@ -936,3 +963,36 @@ func (c *Config) Write() error {
}
return nil
}
+
+// Reload clean the cached config and reloads the configuration from containers.conf files
+// This function is meant to be used for long-running processes that need to reload potential changes made to
+// the cached containers.conf files.
+func Reload() (*Config, error) {
+ configMutex.Lock()
+ configErr = nil
+ config = nil
+ configMutex.Unlock()
+ return Default()
+}
+
+func (c *Config) ActiveDestination() (string, string, error){
+ if uri, found := os.LookupEnv("CONTAINER_HOST"); found {
+ var ident string
+ if v, found := os.LookupEnv("CONTAINER_SSHKEY"); found {
+ ident = v
+ }
+ return uri, ident, nil
+ }
+
+ switch {
+ case c.Engine.ActiveService != "":
+ d, found := c.Engine.ServiceDestinations[c.Engine.ActiveService]
+ if !found {
+ return "", "", errors.Errorf("%q service destination not found", c.Engine.ActiveService)
+ }
+ return d.URI, d.Identity, nil
+ case c.Engine.RemoteURI != "":
+ return c.Engine.RemoteURI, c.Engine.RemoteIdentity, nil
+ }
+ return "", "", errors.New("no service destination configured")
+}
diff --git a/vendor/github.com/containers/common/pkg/config/config_local.go b/vendor/github.com/containers/common/pkg/config/config_local.go
index a6ab33c50..282eb80b7 100644
--- a/vendor/github.com/containers/common/pkg/config/config_local.go
+++ b/vendor/github.com/containers/common/pkg/config/config_local.go
@@ -6,6 +6,7 @@ import (
"fmt"
"os"
"path/filepath"
+ "regexp"
"syscall"
units "github.com/docker/go-units"
@@ -88,6 +89,14 @@ func (c *ContainersConfig) validateTZ() error {
return nil
}
+func (c *ContainersConfig) validateUmask() error {
+ validUmask := regexp.MustCompile(`^[0-7]{1,4}$`)
+ if !validUmask.MatchString(c.Umask) {
+ return fmt.Errorf("Not a valid Umask %s", c.Umask)
+ }
+ return nil
+}
+
func isRemote() bool {
return false
}
diff --git a/vendor/github.com/containers/common/pkg/config/config_remote.go b/vendor/github.com/containers/common/pkg/config/config_remote.go
index 61dd159ad..7fd9202bb 100644
--- a/vendor/github.com/containers/common/pkg/config/config_remote.go
+++ b/vendor/github.com/containers/common/pkg/config/config_remote.go
@@ -27,3 +27,7 @@ func (c *ContainersConfig) validateUlimits() error {
func (c *ContainersConfig) validateTZ() error {
return nil
}
+
+func (c *ContainersConfig) validateUmask() error {
+ return nil
+}
diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf
index 80afbb9bc..780df2a22 100644
--- a/vendor/github.com/containers/common/pkg/config/containers.conf
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf
@@ -210,6 +210,10 @@
#
# tz = ""
+# Set umask inside the container
+#
+# umask="0022"
+
# Default way to to create a UTS namespace for the container
# Options are:
# `private` Create private UTS Namespace for the container.
@@ -340,14 +344,6 @@
# Whether to pull new image before running a container
# pull_policy = "missing"
-# Default Remote URI to access the Podman service.
-# Examples:
-# rootless "unix://run/user/$UID/podman/podman.sock" (Default)
-# rootfull "unix://run/podman/podman.sock.(Default)
-# remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock
-# remote rootfull ssh://root@10.10.1.136:22/run/podman/podman.sock
-# remote_uri= ""
-
# Directory for persistent engine files (database, etc)
# By default, this will be configured relative to where the containers/storage
# stores containers
@@ -386,6 +382,22 @@
# Number of seconds to wait for container to exit before sending kill signal.
# stop_timeout = 10
+# Index to the active service
+# active_service = production
+
+# map of service destinations
+# [service_destinations]
+# [service_destinations.production]
+# URI to access the Podman service
+# Examples:
+# rootless "unix://run/user/$UID/podman/podman.sock" (Default)
+# rootfull "unix://run/podman/podman.sock (Default)
+# remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock
+# remote rootfull ssh://root@10.10.1.136:22/run/podman/podman.sock
+# uri="ssh://user@production.example.com/run/user/1001/podman/podman.sock"
+# Path to file containing ssh identity key
+# identity = "~/.ssh/id_rsa"
+
# Paths to look for a valid OCI runtime (runc, runv, kata, etc)
[engine.runtimes]
# runc = [
diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go
index e7a1836bd..12cf1b421 100644
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@@ -191,6 +191,7 @@ func DefaultConfig() (*Config, error) {
SeccompProfile: SeccompDefaultPath,
ShmSize: DefaultShmSize,
TZ: "",
+ Umask: "0022",
UTSNS: "private",
UserNS: "host",
UserNSSize: DefaultUserNSSize,
@@ -504,3 +505,7 @@ func (c *Config) DetachKeys() string {
func (c *Config) TZ() string {
return c.Containers.TZ
}
+
+func (c *Config) Umask() string {
+ return c.Containers.Umask
+}
diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go
index 741e9bd03..b75bbe971 100644
--- a/vendor/github.com/containers/common/version/version.go
+++ b/vendor/github.com/containers/common/version/version.go
@@ -1,4 +1,4 @@
package version
// Version is the version of the build.
-const Version = "0.15.2"
+const Version = "0.16.0"
diff --git a/vendor/modules.txt b/vendor/modules.txt
index b6512816c..913cb71eb 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -84,7 +84,7 @@ github.com/containers/buildah/pkg/secrets
github.com/containers/buildah/pkg/supplemented
github.com/containers/buildah/pkg/umask
github.com/containers/buildah/util
-# github.com/containers/common v0.15.2
+# github.com/containers/common v0.16.0
github.com/containers/common/pkg/apparmor
github.com/containers/common/pkg/auth
github.com/containers/common/pkg/capabilities