diff options
34 files changed, 650 insertions, 159 deletions
diff --git a/cmd/podman/containers/stats.go b/cmd/podman/containers/stats.go index 11e8f6870..d21feaabc 100644 --- a/cmd/podman/containers/stats.go +++ b/cmd/podman/containers/stats.go @@ -11,9 +11,7 @@ import ( "github.com/containers/podman/v3/cmd/podman/registry" "github.com/containers/podman/v3/cmd/podman/validate" "github.com/containers/podman/v3/libpod/define" - "github.com/containers/podman/v3/pkg/cgroups" "github.com/containers/podman/v3/pkg/domain/entities" - "github.com/containers/podman/v3/pkg/rootless" "github.com/containers/podman/v3/utils" "github.com/docker/go-units" "github.com/pkg/errors" @@ -113,16 +111,6 @@ func checkStatOptions(cmd *cobra.Command, args []string) error { } func stats(cmd *cobra.Command, args []string) error { - if rootless.IsRootless() { - unified, err := cgroups.IsCgroup2UnifiedMode() - if err != nil { - return err - } - if !unified { - return errors.New("stats is not supported in rootless mode without cgroups v2") - } - } - // Convert to the entities options. We should not leak CLI-only // options into the backend and separate concerns. opts := entities.ContainerStatsOptions{ diff --git a/cmd/podman/machine/list.go b/cmd/podman/machine/list.go index 95b7d860f..7e5459e08 100644 --- a/cmd/podman/machine/list.go +++ b/cmd/podman/machine/list.go @@ -188,11 +188,13 @@ func toHumanFormat(vms []*machine.ListResponse) ([]*machineReporter, error) { response := new(machineReporter) if vm.Name == cfg.Engine.ActiveService { response.Name = vm.Name + "*" + response.Default = true } else { response.Name = vm.Name } if vm.Running { response.LastUp = "Currently running" + response.Running = true } else { response.LastUp = units.HumanDuration(time.Since(vm.LastUp)) + " ago" } diff --git a/cmd/podman/play/kube.go b/cmd/podman/play/kube.go index 85e0c279c..e6869efd3 100644 --- a/cmd/podman/play/kube.go +++ b/cmd/podman/play/kube.go @@ -11,7 +11,9 @@ import ( "github.com/containers/podman/v3/cmd/podman/common" "github.com/containers/podman/v3/cmd/podman/registry" "github.com/containers/podman/v3/cmd/podman/utils" + "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/pkg/domain/entities" + "github.com/containers/podman/v3/pkg/errorhandling" "github.com/containers/podman/v3/pkg/util" "github.com/pkg/errors" "github.com/spf13/cobra" @@ -90,6 +92,9 @@ func init() { downFlagName := "down" flags.BoolVar(&kubeOptions.Down, downFlagName, false, "Stop pods defined in the YAML file") + replaceFlagName := "replace" + flags.BoolVar(&kubeOptions.Replace, replaceFlagName, false, "Delete and recreate pods defined in the YAML file") + if !registry.IsRemote() { certDirFlagName := "cert-dir" flags.StringVar(&kubeOptions.CertDir, certDirFlagName, "", "`Pathname` of a directory containing TLS certificates and keys") @@ -151,6 +156,11 @@ func kube(cmd *cobra.Command, args []string) error { if kubeOptions.Down { return teardown(yamlfile) } + if kubeOptions.Replace { + if err := teardown(yamlfile); err != nil && !errorhandling.Contains(err, define.ErrNoSuchPod) { + return err + } + } return playkube(yamlfile) } diff --git a/cmd/podman/system/dial_stdio.go b/cmd/podman/system/dial_stdio.go new file mode 100644 index 000000000..eae89f38e --- /dev/null +++ b/cmd/podman/system/dial_stdio.go @@ -0,0 +1,145 @@ +package system + +import ( + "context" + "io" + "os" + + "github.com/containers/podman/v3/cmd/podman/registry" + "github.com/containers/podman/v3/cmd/podman/validate" + "github.com/containers/podman/v3/pkg/bindings" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" + "github.com/spf13/cobra" +) + +var ( + dialStdioCommand = &cobra.Command{ + Use: "dial-stdio", + Short: "Proxy the stdio stream to the daemon connection. Should not be invoked manually.", + Args: validate.NoArgs, + Hidden: true, + RunE: func(cmd *cobra.Command, args []string) error { + return runDialStdio() + }, + Example: "podman system dial-stdio", + } +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Command: dialStdioCommand, + Parent: systemCmd, + }) +} + +func runDialStdio() error { + ctx := registry.Context() + cfg := registry.PodmanConfig() + ctx, cancel := context.WithCancel(ctx) + defer cancel() + bindCtx, err := bindings.NewConnection(ctx, cfg.URI) + if err != nil { + return errors.Wrap(err, "failed to open connection to podman") + } + conn, err := bindings.GetClient(bindCtx) + if err != nil { + return errors.Wrap(err, "failed to get connection after initialization") + } + netConn, err := conn.GetDialer(bindCtx) + if err != nil { + return errors.Wrap(err, "failed to open the raw stream connection") + } + defer netConn.Close() + + var connHalfCloser halfCloser + switch t := netConn.(type) { + case halfCloser: + connHalfCloser = t + case halfReadWriteCloser: + connHalfCloser = &nopCloseReader{t} + default: + return errors.New("the raw stream connection does not implement halfCloser") + } + + stdin2conn := make(chan error, 1) + conn2stdout := make(chan error, 1) + go func() { + stdin2conn <- copier(connHalfCloser, &halfReadCloserWrapper{os.Stdin}, "stdin to stream") + }() + go func() { + conn2stdout <- copier(&halfWriteCloserWrapper{os.Stdout}, connHalfCloser, "stream to stdout") + }() + select { + case err = <-stdin2conn: + if err != nil { + return err + } + // wait for stdout + err = <-conn2stdout + case err = <-conn2stdout: + // return immediately + } + return err +} + +// Below portion taken from original docker CLI +// https://github.com/docker/cli/blob/v20.10.9/cli/command/system/dial_stdio.go +func copier(to halfWriteCloser, from halfReadCloser, debugDescription string) error { + defer func() { + if err := from.CloseRead(); err != nil { + logrus.Errorf("error while CloseRead (%s): %v", debugDescription, err) + } + if err := to.CloseWrite(); err != nil { + logrus.Errorf("error while CloseWrite (%s): %v", debugDescription, err) + } + }() + if _, err := io.Copy(to, from); err != nil { + return errors.Wrapf(err, "error while Copy (%s)", debugDescription) + } + return nil +} + +type halfReadCloser interface { + io.Reader + CloseRead() error +} + +type halfWriteCloser interface { + io.Writer + CloseWrite() error +} + +type halfCloser interface { + halfReadCloser + halfWriteCloser +} + +type halfReadWriteCloser interface { + io.Reader + halfWriteCloser +} + +type nopCloseReader struct { + halfReadWriteCloser +} + +func (x *nopCloseReader) CloseRead() error { + return nil +} + +type halfReadCloserWrapper struct { + io.ReadCloser +} + +func (x *halfReadCloserWrapper) CloseRead() error { + return x.Close() +} + +type halfWriteCloserWrapper struct { + io.WriteCloser +} + +func (x *halfWriteCloserWrapper) CloseWrite() error { + return x.Close() +} diff --git a/cmd/podman/system/service.go b/cmd/podman/system/service.go index 99a6b1e1e..41d20d9fd 100644 --- a/cmd/podman/system/service.go +++ b/cmd/podman/system/service.go @@ -35,12 +35,14 @@ Enable a listening service for API access to Podman commands. Long: srvDescription, RunE: service, ValidArgsFunction: common.AutocompleteDefaultOneArg, - Example: `podman system service --time=0 unix:///tmp/podman.sock`, + Example: `podman system service --time=0 unix:///tmp/podman.sock + podman system service --time=0 tcp://localhost:8888`, } srvArgs = struct { - Timeout int64 CorsHeaders string + PProfAddr string + Timeout uint }{} ) @@ -51,15 +53,20 @@ func init() { }) flags := srvCmd.Flags() - cfg := registry.PodmanConfig() + timeFlagName := "time" - flags.Int64VarP(&srvArgs.Timeout, timeFlagName, "t", int64(cfg.Engine.ServiceTimeout), "Time until the service session expires in seconds. Use 0 to disable the timeout") + flags.UintVarP(&srvArgs.Timeout, timeFlagName, "t", cfg.Engine.ServiceTimeout, + "Time until the service session expires in seconds. Use 0 to disable the timeout") _ = srvCmd.RegisterFlagCompletionFunc(timeFlagName, completion.AutocompleteNone) + flags.SetNormalizeFunc(aliasTimeoutFlag) + flags.StringVarP(&srvArgs.CorsHeaders, "cors", "", "", "Set CORS Headers") _ = srvCmd.RegisterFlagCompletionFunc("cors", completion.AutocompleteNone) - flags.SetNormalizeFunc(aliasTimeoutFlag) + flags.StringVarP(&srvArgs.PProfAddr, "pprof-address", "", "", + "Binding network address for pprof profile endpoints, default: do not expose endpoints") + flags.MarkHidden("pprof-address") } func aliasTimeoutFlag(_ *pflag.FlagSet, name string) pflag.NormalizedName { @@ -74,7 +81,7 @@ func service(cmd *cobra.Command, args []string) error { if err != nil { return err } - logrus.Infof("Using API endpoint: '%s'", apiURI) + // Clean up any old existing unix domain socket if len(apiURI) > 0 { uri, err := url.Parse(apiURI) @@ -92,33 +99,31 @@ func service(cmd *cobra.Command, args []string) error { } } - opts := entities.ServiceOptions{ - URI: apiURI, - Command: cmd, + return restService(cmd.Flags(), registry.PodmanConfig(), entities.ServiceOptions{ CorsHeaders: srvArgs.CorsHeaders, - } - - opts.Timeout = time.Duration(srvArgs.Timeout) * time.Second - return restService(opts, cmd.Flags(), registry.PodmanConfig()) + PProfAddr: srvArgs.PProfAddr, + Timeout: time.Duration(srvArgs.Timeout) * time.Second, + URI: apiURI, + }) } -func resolveAPIURI(_url []string) (string, error) { +func resolveAPIURI(uri []string) (string, error) { // When determining _*THE*_ listening endpoint -- // 1) User input wins always // 2) systemd socket activation // 3) rootless honors XDG_RUNTIME_DIR // 4) lastly adapter.DefaultAPIAddress - if len(_url) == 0 { + if len(uri) == 0 { if v, found := os.LookupEnv("PODMAN_SOCKET"); found { - logrus.Debugf("PODMAN_SOCKET='%s' used to determine API endpoint", v) - _url = []string{v} + logrus.Debugf("PODMAN_SOCKET=%q used to determine API endpoint", v) + uri = []string{v} } } switch { - case len(_url) > 0 && _url[0] != "": - return _url[0], nil + case len(uri) > 0 && uri[0] != "": + return uri[0], nil case systemd.SocketActivated(): logrus.Info("Using systemd socket activation to determine API endpoint") return "", nil diff --git a/cmd/podman/system/service_abi.go b/cmd/podman/system/service_abi.go index e484db339..0a4be6aea 100644 --- a/cmd/podman/system/service_abi.go +++ b/cmd/podman/system/service_abi.go @@ -5,9 +5,9 @@ package system import ( "context" "net" + "net/url" "os" "path/filepath" - "strings" api "github.com/containers/podman/v3/pkg/api/server" "github.com/containers/podman/v3/pkg/domain/entities" @@ -20,41 +20,54 @@ import ( "golang.org/x/sys/unix" ) -func restService(opts entities.ServiceOptions, flags *pflag.FlagSet, cfg *entities.PodmanConfig) error { +func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities.ServiceOptions) error { var ( listener *net.Listener err error ) if opts.URI != "" { - fields := strings.Split(opts.URI, ":") - if len(fields) == 1 { + uri, err := url.Parse(opts.URI) + if err != nil { return errors.Errorf("%s is an invalid socket destination", opts.URI) } - path := opts.URI - if fields[0] == "unix" { - if path, err = filepath.Abs(fields[1]); err != nil { - return err - } - } - util.SetSocketPath(path) - if os.Getenv("LISTEN_FDS") != "" { - // If it is activated by systemd, use the first LISTEN_FD (3) - // instead of opening the socket file. - f := os.NewFile(uintptr(3), "podman.sock") - l, err := net.FileListener(f) + + switch uri.Scheme { + case "unix": + path, err := filepath.Abs(uri.Path) if err != nil { return err } - listener = &l - } else { - network := fields[0] - address := strings.Join(fields[1:], ":") - l, err := net.Listen(network, address) + util.SetSocketPath(path) + if os.Getenv("LISTEN_FDS") != "" { + // If it is activated by systemd, use the first LISTEN_FD (3) + // instead of opening the socket file. + f := os.NewFile(uintptr(3), "podman.sock") + l, err := net.FileListener(f) + if err != nil { + return err + } + listener = &l + } else { + l, err := net.Listen(uri.Scheme, path) + if err != nil { + return errors.Wrapf(err, "unable to create socket") + } + listener = &l + } + case "tcp": + host := uri.Host + if host == "" { + // For backward compatibility, support "tcp:<host>:<port>" and "tcp://<host>:<port>" + host = uri.Opaque + } + l, err := net.Listen(uri.Scheme, host) if err != nil { - return errors.Wrapf(err, "unable to create socket") + return errors.Wrapf(err, "unable to create socket %v", host) } listener = &l + default: + logrus.Debugf("Attempting API Service endpoint scheme %q", uri.Scheme) } } @@ -75,12 +88,12 @@ func restService(opts entities.ServiceOptions, flags *pflag.FlagSet, cfg *entiti servicereaper.Start() infra.StartWatcher(rt) - server, err := api.NewServerWithSettings(rt, listener, api.Options{Timeout: opts.Timeout, CorsHeaders: opts.CorsHeaders}) + server, err := api.NewServerWithSettings(rt, listener, opts) if err != nil { return err } defer func() { - if err := server.Shutdown(); err != nil { + if err := server.Shutdown(false); err != nil { logrus.Warnf("Error when stopping API service: %s", err) } }() diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md index a4b9722b8..d4770a538 100644 --- a/docs/source/markdown/podman-play-kube.1.md +++ b/docs/source/markdown/podman-play-kube.1.md @@ -9,6 +9,7 @@ podman-play-kube - Create containers, pods or volumes based on Kubernetes YAML ## DESCRIPTION **podman play kube** will read in a structured file of Kubernetes YAML. It will then recreate the containers, pods or volumes described in the YAML. Containers within a pod are then started and the ID of the new Pod or the name of the new Volume is output. If the yaml file is specified as "-" then `podman play kube` will read the YAML file from stdin. Using the `--down` command line option, it is also capable of tearing down the pods created by a previous run of `podman play kube`. +Using the `--replace` command line option, it will tear down the pods(if any) created by a previous run of `podman play kube` and recreate the pods with the Kubernetes YAML file. Ideally the input file would be one created by Podman (see podman-generate-kube(1)). This would guarantee a smooth import and expected results. Currently, the supported Kubernetes kinds are: @@ -146,6 +147,10 @@ Do not create /etc/hosts within the pod's containers, instead use the version fr Suppress output information when pulling images +#### **--replace** + +Tears down the pods created by a previous run of `play kube` and recreates the pods. This option is used to keep the existing pods up to date based upon the Kubernetes YAML. + #### **--seccomp-profile-root**=*path* Directory path for seccomp profiles (default: "/var/lib/kubelet/seccomp"). (This option is not available with the remote Podman client) @@ -12,7 +12,7 @@ require ( github.com/containernetworking/cni v1.0.1 github.com/containernetworking/plugins v1.0.1 github.com/containers/buildah v1.23.1 - github.com/containers/common v0.46.1-0.20211001143714-161e078e4c7f + github.com/containers/common v0.46.1-0.20211008123044-d846f5aaec0e github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.16.1 github.com/containers/ocicrypt v1.1.2 @@ -251,8 +251,8 @@ github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNB github.com/containers/buildah v1.23.1 h1:Tpc9DsRuU+0Oofewpxb6OJVNQjCu7yloN/obUqzfDTY= github.com/containers/buildah v1.23.1/go.mod h1:4WnrN0yrA7ab0ppgunixu2WM1rlD2rG8QLJAKbEkZlQ= github.com/containers/common v0.44.2/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo= -github.com/containers/common v0.46.1-0.20211001143714-161e078e4c7f h1:vVmx51AzWvB4/ao2zyR6s053a1leLTOh+zsOPVWQRgA= -github.com/containers/common v0.46.1-0.20211001143714-161e078e4c7f/go.mod h1:aml/OO4FmYfPbfT87rvWiCgkLzTdqO6PuZ/xXq6bPbk= +github.com/containers/common v0.46.1-0.20211008123044-d846f5aaec0e h1:lYazDued7KBcMq5IJzRIbX47SSLRg/yYxvM/P9LaVhE= +github.com/containers/common v0.46.1-0.20211008123044-d846f5aaec0e/go.mod h1:ggZks97KCmjBcHvNTCyLc17SqdjSYoeexW7rnRt9H9Y= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.16.0/go.mod h1:XgTpfAPLRGOd1XYyCU5cISFr777bLmOerCSpt/v7+Q4= @@ -921,7 +921,6 @@ github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaW github.com/vbauerster/mpb/v6 v6.0.4 h1:h6J5zM/2wimP5Hj00unQuV8qbo5EPcj6wbkCqgj7KcY= github.com/vbauerster/mpb/v6 v6.0.4/go.mod h1:a/+JT57gqh6Du0Ay5jSR+uBMfXGdlR7VQlGP52fJxLM= github.com/vbauerster/mpb/v7 v7.1.3/go.mod h1:X5GlohZw2fIpypMXWaKart+HGSAjpz49skxkDk+ZL7c= -github.com/vbauerster/mpb/v7 v7.1.4/go.mod h1:4zulrZfvshMOnd2APiHgWS9Yrw08AzZVRr9G11tkpcQ= github.com/vbauerster/mpb/v7 v7.1.5 h1:vtUEUfQHmNeJETyF4AcRCOV6RC4wqFwNORy52UMXPbQ= github.com/vbauerster/mpb/v7 v7.1.5/go.mod h1:4M8+qAoQqV60WDNktBM5k05i1iTrXE7rjKOHEVkVlec= github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= @@ -1211,7 +1210,6 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210820121016-41cdb8703e55/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210910150752-751e447fb3d0 h1:xrCZDmdtoloIiooiA9q0OQb9r8HejIHYoHGhGCe1pGg= golang.org/x/sys v0.0.0-20210910150752-751e447fb3d0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= diff --git a/libpod/kube.go b/libpod/kube.go index bf86a9d16..816fe9cc3 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -477,7 +477,7 @@ func containerToV1Container(ctx context.Context, c *Container) (v1.Container, [] if err != nil { return kubeContainer, kubeVolumes, nil, annotations, err } - imgData, err := img.Inspect(ctx, false) + imgData, err := img.Inspect(ctx, nil) if err != nil { return kubeContainer, kubeVolumes, nil, annotations, err } diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index 0369a9977..1719b2dfa 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -441,7 +441,8 @@ func (r *ConmonOCIRuntime) StopContainer(ctr *Container, timeout uint, all bool) } if err := waitContainerStop(ctr, time.Duration(timeout)*time.Second); err != nil { - logrus.Infof("Timed out stopping container %s, resorting to SIGKILL: %v", ctr.ID(), err) + logrus.Debugf("Timed out stopping container %s with %s, resorting to SIGKILL: %v", ctr.ID(), unix.SignalName(syscall.Signal(stopSignal)), err) + logrus.Warnf("StopSignal %s failed to stop container %s in %d seconds, resorting to SIGKILL", unix.SignalName(syscall.Signal(stopSignal)), ctr.Name(), timeout) } else { // No error, the container is dead return nil diff --git a/libpod/shutdown/handler.go b/libpod/shutdown/handler.go index cca74c3c4..b0feafa0b 100644 --- a/libpod/shutdown/handler.go +++ b/libpod/shutdown/handler.go @@ -87,12 +87,12 @@ func Stop() error { return nil } -// Temporarily inhibit signals from shutting down Libpod. +// Inhibit temporarily inhibit signals from shutting down Libpod. func Inhibit() { shutdownInhibit.RLock() } -// Stop inhibiting signals from shutting down Libpod. +// Uninhibit stop inhibiting signals from shutting down Libpod. func Uninhibit() { shutdownInhibit.RUnlock() } diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go index 1c6cc917c..f2f93434a 100644 --- a/pkg/api/handlers/libpod/images.go +++ b/pkg/api/handlers/libpod/images.go @@ -11,6 +11,7 @@ import ( "strings" "github.com/containers/buildah" + "github.com/containers/common/libimage" "github.com/containers/common/pkg/filters" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/types" @@ -93,7 +94,8 @@ func GetImage(w http.ResponseWriter, r *http.Request) { utils.Error(w, "Something went wrong.", http.StatusNotFound, errors.Wrapf(err, "failed to find image %s", name)) return } - inspect, err := newImage.Inspect(r.Context(), true) + options := &libimage.InspectOptions{WithParent: true, WithSize: true} + inspect, err := newImage.Inspect(r.Context(), options) if err != nil { utils.Error(w, "Server error", http.StatusInternalServerError, errors.Wrapf(err, "failed in inspect image %s", inspect.ID)) return diff --git a/pkg/api/handlers/types.go b/pkg/api/handlers/types.go index fedab3bb3..b90154e30 100644 --- a/pkg/api/handlers/types.go +++ b/pkg/api/handlers/types.go @@ -166,7 +166,8 @@ type ExecStartConfig struct { } func ImageToImageSummary(l *libimage.Image) (*entities.ImageSummary, error) { - imageData, err := l.Inspect(context.TODO(), true) + options := &libimage.InspectOptions{WithParent: true, WithSize: true} + imageData, err := l.Inspect(context.TODO(), options) if err != nil { return nil, errors.Wrapf(err, "failed to obtain summary for image %s", l.ID()) } @@ -205,7 +206,8 @@ func ImageToImageSummary(l *libimage.Image) (*entities.ImageSummary, error) { } func ImageDataToImageInspect(ctx context.Context, l *libimage.Image) (*ImageInspect, error) { - info, err := l.Inspect(context.Background(), true) + options := &libimage.InspectOptions{WithParent: true, WithSize: true} + info, err := l.Inspect(context.Background(), options) if err != nil { return nil, err } diff --git a/pkg/api/server/server.go b/pkg/api/server/server.go index c7174775e..6e9578cd1 100644 --- a/pkg/api/server/server.go +++ b/pkg/api/server/server.go @@ -6,6 +6,7 @@ import ( "log" "net" "net/http" + "net/http/pprof" "os" "runtime" "strings" @@ -18,6 +19,7 @@ import ( "github.com/containers/podman/v3/pkg/api/handlers" "github.com/containers/podman/v3/pkg/api/server/idle" "github.com/containers/podman/v3/pkg/api/types" + "github.com/containers/podman/v3/pkg/domain/entities" "github.com/coreos/go-systemd/v22/activation" "github.com/coreos/go-systemd/v22/daemon" "github.com/gorilla/mux" @@ -27,14 +29,14 @@ import ( type APIServer struct { http.Server // The HTTP work happens here - *schema.Decoder // Decoder for Query parameters to structs - context.Context // Context to carry objects to handlers - *libpod.Runtime // Where the real work happens net.Listener // mux for routing HTTP API calls to libpod routines + *libpod.Runtime // Where the real work happens + *schema.Decoder // Decoder for Query parameters to structs context.CancelFunc // Stop APIServer + context.Context // Context to carry objects to handlers + CorsHeaders string // Inject Cross-Origin Resource Sharing (CORS) headers + PProfAddr string // Binding network address for pprof profiles idleTracker *idle.Tracker // Track connections to support idle shutdown - pprof *http.Server // Sidecar http server for providing performance data - CorsHeaders string // Inject CORS headers to each request } // Number of seconds to wait for next request, if exceeded shutdown server @@ -49,22 +51,20 @@ var ( shutdownOnce sync.Once ) -type Options struct { - Timeout time.Duration - CorsHeaders string -} - // NewServer will create and configure a new API server with all defaults func NewServer(runtime *libpod.Runtime) (*APIServer, error) { - return newServer(runtime, DefaultServiceDuration, nil, DefaultCorsHeaders) + return newServer(runtime, nil, entities.ServiceOptions{ + CorsHeaders: DefaultCorsHeaders, + Timeout: DefaultServiceDuration, + }) } // NewServerWithSettings will create and configure a new API server using provided settings -func NewServerWithSettings(runtime *libpod.Runtime, listener *net.Listener, opts Options) (*APIServer, error) { - return newServer(runtime, opts.Timeout, listener, opts.CorsHeaders) +func NewServerWithSettings(runtime *libpod.Runtime, listener *net.Listener, opts entities.ServiceOptions) (*APIServer, error) { + return newServer(runtime, listener, opts) } -func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Listener, corsHeaders string) (*APIServer, error) { +func newServer(runtime *libpod.Runtime, listener *net.Listener, opts entities.ServiceOptions) (*APIServer, error) { // If listener not provided try socket activation protocol if listener == nil { if _, found := os.LookupEnv("LISTEN_PID"); !found { @@ -80,15 +80,15 @@ func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Li } listener = &listeners[0] } - if corsHeaders == "" { + if opts.CorsHeaders == "" { logrus.Debug("CORS Headers were not set") } else { - logrus.Debugf("CORS Headers were set to %s", corsHeaders) + logrus.Debugf("CORS Headers were set to %q", opts.CorsHeaders) } logrus.Infof("API service listening on %q", (*listener).Addr()) router := mux.NewRouter().UseEncodedPath() - tracker := idle.NewTracker(duration) + tracker := idle.NewTracker(opts.Timeout) server := APIServer{ Server: http.Server{ @@ -98,10 +98,11 @@ func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Li ConnState: tracker.ConnState, ErrorLog: log.New(logrus.StandardLogger().Out, "", 0), Handler: router, - IdleTimeout: duration * 2, + IdleTimeout: opts.Timeout * 2, }, - CorsHeaders: corsHeaders, + CorsHeaders: opts.CorsHeaders, Listener: *listener, + PProfAddr: opts.PProfAddr, idleTracker: tracker, } @@ -181,18 +182,18 @@ func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Li return &server, nil } -// If the NOTIFY_SOCKET is set, communicate the PID and readiness, and -// further unset NOTIFY_SOCKET to prevent containers from sending -// messages and unset INVOCATION_ID so conmon and containers are in -// the correct cgroup. -func setupSystemd() { - if len(os.Getenv("NOTIFY_SOCKET")) == 0 { +// setupSystemd notifies systemd API service is ready +// If the NOTIFY_SOCKET is set, communicate the PID and readiness, and unset INVOCATION_ID +// so conmon and containers are in the correct cgroup. +func (s *APIServer) setupSystemd() { + if _, found := os.LookupEnv("NOTIFY_SOCKET"); !found { return } + payload := fmt.Sprintf("MAINPID=%d\n", os.Getpid()) payload += daemon.SdNotifyReady if sent, err := daemon.SdNotify(true, payload); err != nil { - logrus.Error("API service error notifying systemd of Conmon PID: " + err.Error()) + logrus.Error("API service failed to notify systemd of Conmon PID: " + err.Error()) } else if !sent { logrus.Warn("API service unable to successfully send SDNotify") } @@ -204,10 +205,10 @@ func setupSystemd() { // Serve starts responding to HTTP requests. func (s *APIServer) Serve() error { - setupSystemd() + s.setupPprof() if err := shutdown.Register("server", func(sig os.Signal) error { - return s.Shutdown() + return s.Shutdown(true) }); err != nil { return err } @@ -216,32 +217,17 @@ func (s *APIServer) Serve() error { return err } - errChan := make(chan error, 1) - go func() { <-s.idleTracker.Done() - logrus.Debug("API service shutting down, idle for " + s.idleTracker.Duration.Round(time.Second).String()) - _ = s.Shutdown() + logrus.Debugf("API service(s) shutting down, idle for %ds", int(s.idleTracker.Duration.Seconds())) + _ = s.Shutdown(false) }() - if logrus.IsLevelEnabled(logrus.DebugLevel) { - go func() { - pprofMux := mux.NewRouter() - pprofMux.PathPrefix("/debug/pprof").Handler(http.DefaultServeMux) - runtime.SetMutexProfileFraction(1) - runtime.SetBlockProfileRate(1) - s.pprof = &http.Server{Addr: "localhost:8888", Handler: pprofMux} - err := s.pprof.ListenAndServe() - if err != nil && err != http.ErrServerClosed { - logrus.Warnf("API profiler service failed: %v", err) - } - }() - } - - // Before we start serving, ensure umask is properly set for container - // creation. + // Before we start serving, ensure umask is properly set for container creation. _ = syscall.Umask(0022) + errChan := make(chan error, 1) + s.setupSystemd() go func() { err := s.Server.Serve(s.Listener) if err != nil && err != http.ErrServerClosed { @@ -254,10 +240,40 @@ func (s *APIServer) Serve() error { return <-errChan } +// setupPprof enables pprof default endpoints +// Note: These endpoints and the podman flag --cpu-profile are mutually exclusive +// +// Examples: +// #1 go tool pprof -http localhost:8889 localhost:8888/debug/pprof/heap?seconds=120 +// Note: web page will only render after a sample has been recorded +// #2 curl http://localhost:8888/debug/pprof/heap > heap.pprof && go tool pprof heap.pprof +func (s *APIServer) setupPprof() { + if s.PProfAddr == "" { + return + } + + logrus.Infof("pprof service listening on %q", s.PProfAddr) + go func() { + old := runtime.SetMutexProfileFraction(1) + defer runtime.SetMutexProfileFraction(old) + + runtime.SetBlockProfileRate(1) + defer runtime.SetBlockProfileRate(0) + + router := mux.NewRouter() + router.PathPrefix("/debug/pprof/").HandlerFunc(pprof.Index) + + err := http.ListenAndServe(s.PProfAddr, router) + if err != nil && err != http.ErrServerClosed { + logrus.Warnf("pprof service failed: %v", err) + } + }() +} + // Shutdown is a clean shutdown waiting on existing clients -func (s *APIServer) Shutdown() error { - if s.idleTracker.Duration == UnlimitedServiceDuration { - logrus.Debug("API service shutdown ignored as Duration is UnlimitedService") +func (s *APIServer) Shutdown(halt bool) error { + if s.idleTracker.Duration == UnlimitedServiceDuration && !halt { + logrus.Debug("API service shutdown request ignored as Duration is UnlimitedService") return nil } @@ -266,17 +282,6 @@ func (s *APIServer) Shutdown() error { _, file, line, _ := runtime.Caller(1) logrus.Debugf("API service shutdown by %s:%d, %d/%d connection(s)", file, line, s.idleTracker.ActiveConnections(), s.idleTracker.TotalConnections()) - - go func() { - ctx, cancel := context.WithTimeout(context.Background(), s.idleTracker.Duration) - go func() { - defer cancel() - if err := s.pprof.Shutdown(ctx); err != nil { - logrus.Warnf("Failed to cleanly shutdown API pprof service: %v", err) - } - }() - <-ctx.Done() - }() } // Gracefully shutdown server(s), duration of wait same as idle window diff --git a/pkg/bindings/connection.go b/pkg/bindings/connection.go index e2c46e481..dc75dac5a 100644 --- a/pkg/bindings/connection.go +++ b/pkg/bindings/connection.go @@ -349,6 +349,17 @@ func (c *Connection) DoRequest(httpBody io.Reader, httpMethod, endpoint string, return &APIResponse{response, req}, err } +// Get raw Transport.DialContext from client +func (c *Connection) GetDialer(ctx context.Context) (net.Conn, error) { + client := c.Client + transport := client.Transport.(*http.Transport) + if transport.DialContext != nil && transport.TLSClientConfig == nil { + return transport.DialContext(ctx, c.URI.Scheme, c.URI.String()) + } + + return nil, errors.New("Unable to get dial context") +} + // FiltersToString converts our typical filter format of a // map[string][]string to a query/html safe string. func FiltersToString(filters map[string][]string) (string, error) { diff --git a/pkg/domain/entities/play.go b/pkg/domain/entities/play.go index af4b0fc35..715d8acaf 100644 --- a/pkg/domain/entities/play.go +++ b/pkg/domain/entities/play.go @@ -17,6 +17,8 @@ type PlayKubeOptions struct { // Down indicates whether to bring contents of a yaml file "down" // as in stop Down bool + // Replace indicates whether to delete and recreate a yaml file + Replace bool // Do not create /etc/hosts within the pod's containers, // instead use the version from the image NoHosts bool diff --git a/pkg/domain/entities/system.go b/pkg/domain/entities/system.go index cca4bf44e..fe041dec8 100644 --- a/pkg/domain/entities/system.go +++ b/pkg/domain/entities/system.go @@ -6,15 +6,14 @@ import ( "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/pkg/domain/entities/reports" "github.com/containers/podman/v3/pkg/domain/entities/types" - "github.com/spf13/cobra" ) -// ServiceOptions provides the input for starting an API Service +// ServiceOptions provides the input for starting an API and sidecar pprof services type ServiceOptions struct { - URI string // Path to unix domain socket service should listen on - Timeout time.Duration // duration of inactivity the service should wait before shutting down - Command *cobra.Command // CLI command provided. Used in V1 code - CorsHeaders string // CORS headers + CorsHeaders string // Cross-Origin Resource Sharing (CORS) headers + PProfAddr string // Network address to bind pprof profiles service + Timeout time.Duration // Duration of inactivity the service should wait before shutting down + URI string // Path to unix domain socket service should listen on } // SystemPruneOptions provides options to prune system. diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go index 6ca142618..c30129001 100644 --- a/pkg/domain/infra/abi/containers.go +++ b/pkg/domain/infra/abi/containers.go @@ -1319,6 +1319,15 @@ func (ic *ContainerEngine) ContainerStats(ctx context.Context, namesOrIds []stri if options.Interval < 1 { return nil, errors.New("Invalid interval, must be a positive number greater zero") } + if rootless.IsRootless() { + unified, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + return nil, err + } + if !unified { + return nil, errors.New("stats is not supported in rootless mode without cgroups v2") + } + } statsChan = make(chan entities.ContainerStatsReport, 1) containerFunc := ic.Libpod.GetRunningContainers diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index c06059205..8a0b87cab 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -252,6 +252,8 @@ func (ir *ImageEngine) Pull(ctx context.Context, rawImage string, options entiti func (ir *ImageEngine) Inspect(ctx context.Context, namesOrIDs []string, opts entities.InspectOptions) ([]*entities.ImageInspectReport, []error, error) { reports := []*entities.ImageInspectReport{} errs := []error{} + + inspectOptions := &libimage.InspectOptions{WithParent: true, WithSize: true} for _, i := range namesOrIDs { img, _, err := ir.Libpod.LibimageRuntime().LookupImage(i, nil) if err != nil { @@ -259,7 +261,7 @@ func (ir *ImageEngine) Inspect(ctx context.Context, namesOrIDs []string, opts en errs = append(errs, err) continue } - result, err := img.Inspect(ctx, true) + result, err := img.Inspect(ctx, inspectOptions) if err != nil { // This is more likely to be fatal. return nil, nil, err diff --git a/pkg/hooks/docs/oci-hooks.5.md b/pkg/hooks/docs/oci-hooks.5.md index d6b866231..9a1a35682 100644 --- a/pkg/hooks/docs/oci-hooks.5.md +++ b/pkg/hooks/docs/oci-hooks.5.md @@ -1,4 +1,4 @@ -% oci-hooks(5) OCI Hooks Configuration +% oci-hooks 5 OCI Hooks Configuration % W. Trevor King % MAY 2018 diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index f126aa018..002b4ace3 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -26,7 +26,7 @@ func getImageFromSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGen // Image may already have been set in the generator. image, resolvedName := s.GetImage() if image != nil { - inspectData, err := image.Inspect(ctx, false) + inspectData, err := image.Inspect(ctx, nil) if err != nil { return nil, "", nil, err } @@ -39,7 +39,7 @@ func getImageFromSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGen return nil, "", nil, err } s.SetImage(image, resolvedName) - inspectData, err := image.Inspect(ctx, false) + inspectData, err := image.Inspect(ctx, nil) if err != nil { return nil, "", nil, err } @@ -55,7 +55,7 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat return nil, err } if inspectData != nil { - inspectData, err = newImage.Inspect(ctx, false) + inspectData, err = newImage.Inspect(ctx, nil) if err != nil { return nil, err } diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index 194c8dce5..e93462008 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -194,7 +194,7 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener // TODO: We don't understand why specgen does not take of this, but // integration tests clearly pointed out that it was required. - imageData, err := opts.Image.Inspect(ctx, false) + imageData, err := opts.Image.Inspect(ctx, nil) if err != nil { return nil, err } diff --git a/pkg/specgen/generate/storage.go b/pkg/specgen/generate/storage.go index de655ad7d..3fde1a1b4 100644 --- a/pkg/specgen/generate/storage.go +++ b/pkg/specgen/generate/storage.go @@ -208,7 +208,7 @@ func getImageVolumes(ctx context.Context, img *libimage.Image, s *specgen.SpecGe return mounts, volumes, nil } - inspect, err := img.Inspect(ctx, false) + inspect, err := img.Inspect(ctx, nil) if err != nil { return nil, nil, errors.Wrapf(err, "error inspecting image to get image volumes") } diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index a29d0ad46..079bb53b5 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -2798,4 +2798,58 @@ invalid kube kind exists.WaitWithDefaultTimeout() Expect(exists).To(Exit(0)) }) + + It("podman play kube replace", func() { + pod := getPod() + err := generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + ls := podmanTest.Podman([]string{"pod", "ps", "--format", "'{{.ID}}'"}) + ls.WaitWithDefaultTimeout() + Expect(ls).Should(Exit(0)) + Expect(len(ls.OutputToStringArray())).To(Equal(1)) + + containerLen := podmanTest.Podman([]string{"pod", "inspect", pod.Name, "--format", "'{{len .Containers}}'"}) + + ctr01Name := "ctr01" + ctr02Name := "ctr02" + + ctr01 := getCtr(withName(ctr01Name)) + ctr02 := getCtr(withName(ctr02Name)) + + newPod := getPod( + withCtr(ctr01), + withCtr(ctr02), + ) + err = generateKubeYaml("pod", newPod, kubeYaml) + Expect(err).To(BeNil()) + + replace := podmanTest.Podman([]string{"play", "kube", "--replace", kubeYaml}) + replace.WaitWithDefaultTimeout() + Expect(replace).Should(Exit(0)) + + newContainerLen := podmanTest.Podman([]string{"pod", "inspect", newPod.Name, "--format", "'{{len .Containers}}'"}) + newContainerLen.WaitWithDefaultTimeout() + Expect(newContainerLen).Should(Exit(0)) + Expect(newContainerLen.OutputToString()).NotTo(Equal(containerLen.OutputToString())) + }) + + It("podman play kube replace non-existing pod", func() { + pod := getPod() + err := generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + replace := podmanTest.Podman([]string{"play", "kube", "--replace", kubeYaml}) + replace.WaitWithDefaultTimeout() + Expect(replace).Should(Exit(0)) + + ls := podmanTest.Podman([]string{"pod", "ps", "--format", "'{{.ID}}'"}) + ls.WaitWithDefaultTimeout() + Expect(ls).Should(Exit(0)) + Expect(len(ls.OutputToStringArray())).To(Equal(1)) + }) }) diff --git a/test/e2e/stop_test.go b/test/e2e/stop_test.go index 7f178d719..fb8f92e0f 100644 --- a/test/e2e/stop_test.go +++ b/test/e2e/stop_test.go @@ -181,6 +181,18 @@ var _ = Describe("Podman stop", func() { Expect(strings.TrimSpace(finalCtrs.OutputToString())).To(Equal("")) }) + It("podman stop container --timeout Warning", func() { + SkipIfRemote("warning will happen only on server side") + session := podmanTest.Podman([]string{"run", "-d", "--name", "test5", ALPINE, "sleep", "100"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + session = podmanTest.Podman([]string{"stop", "--timeout", "1", "test5"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + warning := session.ErrorToString() + Expect(warning).To(ContainSubstring("StopSignal SIGTERM failed to stop container test5 in 1 seconds, resorting to SIGKILL")) + }) + It("podman stop latest containers", func() { SkipIfRemote("--latest flag n/a") session := podmanTest.RunTopContainer("test1") diff --git a/test/e2e/system_dial_stdio_test.go b/test/e2e/system_dial_stdio_test.go new file mode 100644 index 000000000..afe3d5acd --- /dev/null +++ b/test/e2e/system_dial_stdio_test.go @@ -0,0 +1,53 @@ +package integration + +import ( + "fmt" + "os" + + . "github.com/containers/podman/v3/test/utils" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + . "github.com/onsi/gomega/gexec" +) + +var _ = Describe("podman system dial-stdio", func() { + var ( + tempdir string + err error + podmanTest *PodmanTestIntegration + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanTestCreate(tempdir) + podmanTest.Setup() + podmanTest.SeedImages() + }) + + AfterEach(func() { + podmanTest.Cleanup() + f := CurrentGinkgoTestDescription() + timedResult := fmt.Sprintf("Test: %s completed in %f seconds", f.TestText, f.Duration.Seconds()) + GinkgoWriter.Write([]byte(timedResult)) + }) + + It("podman system dial-stdio help", func() { + session := podmanTest.Podman([]string{"system", "dial-stdio", "--help"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).To(ContainSubstring("Examples: podman system dial-stdio")) + }) + + It("podman system dial-stdio while service is not running", func() { + if IsRemote() { + Skip("this test is only for non-remote") + } + session := podmanTest.Podman([]string{"system", "dial-stdio"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(125)) + Expect(session.ErrorToString()).To(ContainSubstring("Error: failed to open connection to podman")) + }) +}) diff --git a/test/e2e/system_service_test.go b/test/e2e/system_service_test.go new file mode 100644 index 000000000..684ac56b4 --- /dev/null +++ b/test/e2e/system_service_test.go @@ -0,0 +1,142 @@ +package integration + +import ( + "io/ioutil" + "net" + "net/http" + "net/url" + "strconv" + "time" + + . "github.com/containers/podman/v3/test/utils" + "github.com/containers/podman/v3/utils" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + . "github.com/onsi/gomega/gexec" +) + +var _ = Describe("podman system service", func() { + var podmanTest *PodmanTestIntegration + + BeforeEach(func() { + tempdir, err := CreateTempDirInTempDir() + Expect(err).ShouldNot(HaveOccurred()) + + podmanTest = PodmanTestCreate(tempdir) + podmanTest.Setup() + }) + + AfterEach(func() { + podmanTest.Cleanup() + processTestResult(CurrentGinkgoTestDescription()) + }) + + Describe("verify timeout", func() { + It("of 2 seconds", func() { + SkipIfRemote("service subcommand not supported remotely") + + address := url.URL{ + Scheme: "tcp", + Host: net.JoinHostPort("localhost", randomPort()), + } + session := podmanTest.Podman([]string{ + "system", "service", "--time=2", address.String(), + }) + defer session.Kill() + + WaitForService(address) + + session.Wait(5 * time.Second) + Eventually(session, 5).Should(Exit(0)) + }) + }) + + Describe("verify pprof endpoints", func() { + // Depends on pkg/api/server/server.go:255 + const magicComment = "pprof service listening on" + + It("are available", func() { + SkipIfRemote("service subcommand not supported remotely") + + address := url.URL{ + Scheme: "tcp", + Host: net.JoinHostPort("localhost", randomPort()), + } + + pprofPort := randomPort() + session := podmanTest.Podman([]string{ + "system", "service", "--log-level=info", "--time=0", + "--pprof-address=localhost:" + pprofPort, address.String(), + }) + defer session.Kill() + + WaitForService(address) + + // Combined with test below we have positive/negative test for pprof + Expect(session.Err.Contents()).Should(ContainSubstring(magicComment)) + + heap := url.URL{ + Scheme: "http", + Host: net.JoinHostPort("localhost", pprofPort), + Path: "/debug/pprof/heap", + RawQuery: "seconds=2", + } + resp, err := http.Get(heap.String()) + Expect(err).ShouldNot(HaveOccurred()) + defer resp.Body.Close() + Expect(resp).To(HaveHTTPStatus(http.StatusOK)) + + body, err := ioutil.ReadAll(resp.Body) + Expect(err).ShouldNot(HaveOccurred()) + Expect(body).ShouldNot(BeEmpty()) + + session.Interrupt().Wait(2 * time.Second) + Eventually(session, 2).Should(Exit(1)) + }) + + It("are not available", func() { + SkipIfRemote("service subcommand not supported remotely") + + address := url.URL{ + Scheme: "tcp", + Host: net.JoinHostPort("localhost", randomPort()), + } + + session := podmanTest.Podman([]string{ + "system", "service", "--log-level=info", "--time=0", address.String(), + }) + defer session.Kill() + + WaitForService(address) + + // Combined with test above we have positive/negative test for pprof + Expect(session.Err.Contents()).ShouldNot(ContainSubstring(magicComment)) + + session.Interrupt().Wait(2 * time.Second) + Eventually(session, 2).Should(Exit(1)) + }) + }) +}) + +// WaitForService blocks, waiting for some service listening on given host:port +func WaitForService(address url.URL) { + // Wait for podman to be ready + var conn net.Conn + var err error + for i := 1; i <= 5; i++ { + conn, err = net.Dial("tcp", address.Host) + if err != nil { + // Podman not available yet... + time.Sleep(time.Duration(i) * time.Second) + } + } + Expect(err).ShouldNot(HaveOccurred()) + conn.Close() +} + +// randomPort leans on the go net library to find an available port... +func randomPort() string { + port, err := utils.GetRandomPort() + Expect(err).ShouldNot(HaveOccurred()) + return strconv.Itoa(port) +} diff --git a/test/system/050-stop.bats b/test/system/050-stop.bats index d809507a5..e049da518 100644 --- a/test/system/050-stop.bats +++ b/test/system/050-stop.bats @@ -166,4 +166,11 @@ load helpers is "$output" "137" "Exit code of killed container" } +@test "podman stop -t 1 Generate warning" { + skip_if_remote "warning only happens on server side" + run_podman run --rm --name stopme -d $IMAGE sleep 100 + run_podman stop -t 1 stopme + is "$output" ".*StopSignal SIGTERM failed to stop container stopme in 1 seconds, resorting to SIGKILL" "stopping container should print warning" +} + # vim: filetype=sh diff --git a/test/system/271-tcp-cors-server.bats b/test/system/271-tcp-cors-server.bats index d8e4eb3df..be77afd40 100644 --- a/test/system/271-tcp-cors-server.bats +++ b/test/system/271-tcp-cors-server.bats @@ -38,7 +38,7 @@ SOCKET_FILE="$UNIT_DIR/$SERVICE_NAME.socket" @test "podman system service - CORS enabled in logs" { skip_if_remote "system service tests are meaningless over remote" run_podman system service --log-level="debug" --cors="*" -t 1 - is "$output" ".*CORS Headers were set to \*.*" "debug log confirms CORS headers set" + is "$output" ".*CORS Headers were set to ..\*...*" "debug log confirms CORS headers set" } # vim: filetype=sh diff --git a/vendor/github.com/containers/common/libimage/inspect.go b/vendor/github.com/containers/common/libimage/inspect.go index a872e5cf9..007cbdd89 100644 --- a/vendor/github.com/containers/common/libimage/inspect.go +++ b/vendor/github.com/containers/common/libimage/inspect.go @@ -50,19 +50,39 @@ type RootFS struct { Layers []digest.Digest `json:"Layers"` } -// Inspect inspects the image. Use `withSize` to also perform the -// comparatively expensive size computation of the image. -func (i *Image) Inspect(ctx context.Context, withSize bool) (*ImageData, error) { +// InspectOptions allow for customizing inspecting images. +type InspectOptions struct { + // Compute the size of the image (expensive). + WithSize bool + // Compute the parent of the image (expensive). + WithParent bool +} + +// Inspect inspects the image. +func (i *Image) Inspect(ctx context.Context, options *InspectOptions) (*ImageData, error) { logrus.Debugf("Inspecting image %s", i.ID()) + if options == nil { + options = &InspectOptions{} + } + if i.cached.completeInspectData != nil { - if withSize && i.cached.completeInspectData.Size == int64(-1) { + if options.WithSize && i.cached.completeInspectData.Size == int64(-1) { size, err := i.Size() if err != nil { return nil, err } i.cached.completeInspectData.Size = size } + if options.WithParent && i.cached.completeInspectData.Parent == "" { + parentImage, err := i.Parent(ctx) + if err != nil { + return nil, err + } + if parentImage != nil { + i.cached.completeInspectData.Parent = parentImage.ID() + } + } return i.cached.completeInspectData, nil } @@ -75,10 +95,7 @@ func (i *Image) Inspect(ctx context.Context, withSize bool) (*ImageData, error) if err != nil { return nil, err } - parentImage, err := i.Parent(ctx) - if err != nil { - return nil, err - } + repoTags, err := i.RepoTags() if err != nil { return nil, err @@ -93,7 +110,7 @@ func (i *Image) Inspect(ctx context.Context, withSize bool) (*ImageData, error) } size := int64(-1) - if withSize { + if options.WithSize { size, err = i.Size() if err != nil { return nil, err @@ -124,8 +141,14 @@ func (i *Image) Inspect(ctx context.Context, withSize bool) (*ImageData, error) NamesHistory: i.NamesHistory(), } - if parentImage != nil { - data.Parent = parentImage.ID() + if options.WithParent { + parentImage, err := i.Parent(ctx) + if err != nil { + return nil, err + } + if parentImage != nil { + data.Parent = parentImage.ID() + } } // Determine the format of the image. How we determine certain data diff --git a/vendor/github.com/containers/common/libimage/pull.go b/vendor/github.com/containers/common/libimage/pull.go index 1c322c37e..1d1bc201b 100644 --- a/vendor/github.com/containers/common/libimage/pull.go +++ b/vendor/github.com/containers/common/libimage/pull.go @@ -477,10 +477,10 @@ func (r *Runtime) copySingleImageFromRegistry(ctx context.Context, imageName str if pullPolicy == config.PullPolicyNever { if localImage != nil { - logrus.Debugf("Pull policy %q but no local image has been found for %s", pullPolicy, imageName) + logrus.Debugf("Pull policy %q and %s resolved to local image %s", pullPolicy, imageName, resolvedImageName) return []string{resolvedImageName}, nil } - logrus.Debugf("Pull policy %q and %s resolved to local image %s", pullPolicy, imageName, resolvedImageName) + logrus.Debugf("Pull policy %q but no local image has been found for %s", pullPolicy, imageName) return nil, errors.Wrap(storage.ErrImageUnknown, imageName) } diff --git a/vendor/github.com/containers/common/libimage/search.go b/vendor/github.com/containers/common/libimage/search.go index df29bc7da..7e20e4331 100644 --- a/vendor/github.com/containers/common/libimage/search.go +++ b/vendor/github.com/containers/common/libimage/search.go @@ -284,8 +284,9 @@ func searchRepositoryTags(ctx context.Context, sys *types.SystemContext, registr paramsArr := []SearchResult{} for i := 0; i < limit; i++ { params := SearchResult{ - Name: imageRef.DockerReference().Name(), - Tag: tags[i], + Name: imageRef.DockerReference().Name(), + Tag: tags[i], + Index: registry, } paramsArr = append(paramsArr, params) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 224926b88..ae28bf9ee 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -95,7 +95,7 @@ github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.46.1-0.20211001143714-161e078e4c7f +# github.com/containers/common v0.46.1-0.20211008123044-d846f5aaec0e github.com/containers/common/libimage github.com/containers/common/libimage/manifests github.com/containers/common/pkg/apparmor |