diff options
25 files changed, 208 insertions, 164 deletions
diff --git a/cmd/podman/images/history.go b/cmd/podman/images/history.go index cc7b1b4eb..ac693a87b 100644 --- a/cmd/podman/images/history.go +++ b/cmd/podman/images/history.go @@ -1,7 +1,6 @@ package images import ( - "context" "fmt" "os" "strings" @@ -79,7 +78,7 @@ func historyFlags(cmd *cobra.Command) { } func history(cmd *cobra.Command, args []string) error { - results, err := registry.ImageEngine().History(context.Background(), args[0], entities.ImageHistoryOptions{}) + results, err := registry.ImageEngine().History(registry.Context(), args[0], entities.ImageHistoryOptions{}) if err != nil { return err } @@ -111,37 +110,32 @@ func history(cmd *cobra.Command, args []string) error { hr = append(hr, historyReporter{l}) } - hdrs := report.Headers(historyReporter{}, map[string]string{ - "CreatedBy": "CREATED BY", - }) + rpt := report.New(os.Stdout, cmd.Name()) + defer rpt.Flush() - // Defaults - row := "{{.ID}}\t{{.Created}}\t{{.CreatedBy}}\t{{.Size}}\t{{.Comment}}\n" switch { - case cmd.Flags().Changed("format"): - row = report.NormalizeFormat(opts.format) case opts.quiet: - row = "{{.ID}}\n" + rpt, err = rpt.Parse(report.OriginUser, "{{range .}}{{.ID}}\n{{end -}}") + case cmd.Flags().Changed("format"): + rpt, err = rpt.Parse(report.OriginUser, cmd.Flag("format").Value.String()) + default: + format := "{{range .}}{{.ID}}\t{{.Created}}\t{{.CreatedBy}}\t{{.Size}}\t{{.Comment}}\n{{end -}}" + rpt, err = rpt.Parse(report.OriginPodman, format) } - format := report.EnforceRange(row) - - tmpl, err := report.NewTemplate("history").Parse(format) if err != nil { return err } - w, err := report.NewWriterDefault(os.Stdout) - if err != nil { - return err - } - defer w.Flush() + if rpt.RenderHeaders { + hdrs := report.Headers(historyReporter{}, map[string]string{ + "CreatedBy": "CREATED BY", + }) - if !opts.quiet && !cmd.Flags().Changed("format") { - if err := tmpl.Execute(w, hdrs); err != nil { + if err := rpt.Execute(hdrs); err != nil { return errors.Wrapf(err, "failed to write report column headers") } } - return tmpl.Execute(w, hr) + return rpt.Execute(hr) } type historyReporter struct { diff --git a/cmd/podman/images/list.go b/cmd/podman/images/list.go index 01286daf2..61514daa7 100644 --- a/cmd/podman/images/list.go +++ b/cmd/podman/images/list.go @@ -117,7 +117,7 @@ func images(cmd *cobra.Command, args []string) error { listOptions.Filter = append(listOptions.Filter, "reference="+args[0]) } - if cmd.Flag("sort").Changed && !sortFields.Contains(listFlag.sort) { + if cmd.Flags().Changed("sort") && !sortFields.Contains(listFlag.sort) { return fmt.Errorf("\"%s\" is not a valid field for sorting. Choose from: %s", listFlag.sort, sortFields.String()) } @@ -140,7 +140,7 @@ func images(cmd *cobra.Command, args []string) error { if cmd.Flags().Changed("format") && !report.HasTable(listFlag.format) { listFlag.noHeading = true } - return writeTemplate(imgs) + return writeTemplate(cmd, imgs) } } @@ -186,38 +186,31 @@ func writeJSON(images []imageReporter) error { return nil } -func writeTemplate(imgs []imageReporter) error { +func writeTemplate(cmd *cobra.Command, imgs []imageReporter) error { hdrs := report.Headers(imageReporter{}, map[string]string{ "ID": "IMAGE ID", "ReadOnly": "R/O", }) - var format string - if listFlag.format == "" { - format = lsFormatFromFlags(listFlag) - } else { - format = report.NormalizeFormat(listFlag.format) - format = report.EnforceRange(format) - } + rpt := report.New(os.Stdout, cmd.Name()) + defer rpt.Flush() - tmpl, err := report.NewTemplate("list").Parse(format) - if err != nil { - return err + var err error + if cmd.Flags().Changed("format") { + rpt, err = rpt.Parse(report.OriginUser, cmd.Flag("format").Value.String()) + } else { + rpt, err = rpt.Parse(report.OriginPodman, lsFormatFromFlags(listFlag)) } - - w, err := report.NewWriterDefault(os.Stdout) if err != nil { return err } - defer w.Flush() - if !listFlag.noHeading { - if err := tmpl.Execute(w, hdrs); err != nil { + if rpt.RenderHeaders && !listFlag.noHeading { + if err := rpt.Execute(hdrs); err != nil { return err } } - - return tmpl.Execute(w, imgs) + return rpt.Execute(imgs) } func sortImages(imageS []*entities.ImageSummary) ([]imageReporter, error) { diff --git a/cmd/podman/images/mount.go b/cmd/podman/images/mount.go index 89c00cb70..cdeb9eecf 100644 --- a/cmd/podman/images/mount.go +++ b/cmd/podman/images/mount.go @@ -87,7 +87,7 @@ func mount(cmd *cobra.Command, args []string) error { case report.IsJSON(mountOpts.Format): return printJSON(reports) case mountOpts.Format == "": - break // default format + break // see default format below default: return errors.Errorf("unknown --format argument: %q", mountOpts.Format) } @@ -97,19 +97,12 @@ func mount(cmd *cobra.Command, args []string) error { mrs = append(mrs, mountReporter{r}) } - row := "{{range . }}{{.ID}}\t{{.Path}}\n{{end -}}" - tmpl, err := report.NewTemplate("mounts").Parse(row) + rpt, err := report.New(os.Stdout, cmd.Name()).Parse(report.OriginPodman, "{{range . }}{{.ID}}\t{{.Path}}\n{{end -}}") if err != nil { return err } - - w, err := report.NewWriterDefault(os.Stdout) - if err != nil { - return err - } - defer w.Flush() - - return tmpl.Execute(w, mrs) + defer rpt.Flush() + return rpt.Execute(mrs) } func printJSON(reports []*entities.ImageMountReport) error { diff --git a/cmd/podman/images/search.go b/cmd/podman/images/search.go index c9a4793aa..0791ac02c 100644 --- a/cmd/podman/images/search.go +++ b/cmd/podman/images/search.go @@ -149,9 +149,9 @@ func imageSearch(cmd *cobra.Command, args []string) error { searchReport[i].Description = d } - hdrs := report.Headers(entities.ImageSearchReport{}, nil) - renderHeaders := true - var row string + rpt := report.New(os.Stdout, cmd.Name()) + defer rpt.Flush() + switch { case searchOptions.ListTags: if len(searchOptions.Filters) != 0 { @@ -161,39 +161,30 @@ func imageSearch(cmd *cobra.Command, args []string) error { listTagsEntries := buildListTagsJSON(searchReport) return printArbitraryJSON(listTagsEntries) } - row = "{{.Name}}\t{{.Tag}}\n" + rpt, err = rpt.Parse(report.OriginPodman, "{{range .}}{{.Name}}\t{{.Tag}}\n{{end -}}") case isJSON: return printArbitraryJSON(searchReport) case cmd.Flags().Changed("format"): - renderHeaders = report.HasTable(searchOptions.Format) - row = report.NormalizeFormat(searchOptions.Format) + rpt, err = rpt.Parse(report.OriginUser, searchOptions.Format) default: - row = "{{.Name}}\t{{.Description}}" + row := "{{.Name}}\t{{.Description}}" if searchOptions.Compatible { row += "\t{{.Stars}}\t{{.Official}}\t{{.Automated}}" } - row += "\n" + row = "{{range . }}" + row + "\n{{end -}}" + rpt, err = rpt.Parse(report.OriginPodman, row) } - format := report.EnforceRange(row) - - tmpl, err := report.NewTemplate("search").Parse(format) if err != nil { return err } - w, err := report.NewWriterDefault(os.Stdout) - if err != nil { - return err - } - defer w.Flush() - - if renderHeaders { - if err := tmpl.Execute(w, hdrs); err != nil { - return errors.Wrapf(err, "failed to write search column headers") + if rpt.RenderHeaders { + hdrs := report.Headers(entities.ImageSearchReport{}, nil) + if err := rpt.Execute(hdrs); err != nil { + return errors.Wrapf(err, "failed to write report column headers") } } - - return tmpl.Execute(w, searchReport) + return rpt.Execute(searchReport) } func printArbitraryJSON(v interface{}) error { diff --git a/cmd/podman/images/trust_show.go b/cmd/podman/images/trust_show.go index c0e56f504..04ea24ca5 100644 --- a/cmd/podman/images/trust_show.go +++ b/cmd/podman/images/trust_show.go @@ -48,11 +48,12 @@ func showTrust(cmd *cobra.Command, args []string) error { if err != nil { return err } - if showTrustOptions.Raw { + + switch { + case showTrustOptions.Raw: fmt.Println(string(trust.Raw)) return nil - } - if showTrustOptions.JSON { + case showTrustOptions.JSON: b, err := json.MarshalIndent(trust.Policies, "", " ") if err != nil { return err @@ -60,23 +61,13 @@ func showTrust(cmd *cobra.Command, args []string) error { fmt.Println(string(b)) return nil } + rpt := report.New(os.Stdout, cmd.Name()) + defer rpt.Flush() - format := "{{range . }}{{.RepoName}}\t{{.Type}}\t{{.GPGId}}\t{{.SignatureStore}}\n{{end -}}" - tmpl, err := report.NewTemplate("list").Parse(format) - if err != nil { - return err - } - - w, err := report.NewWriterDefault(os.Stdout) + rpt, err = rpt.Parse(report.OriginPodman, + "{{range . }}{{.RepoName}}\t{{.Type}}\t{{.GPGId}}\t{{.SignatureStore}}\n{{end -}}") if err != nil { return err } - - if err := tmpl.Execute(w, trust.Policies); err != nil { - return err - } - if err := w.Flush(); err != nil { - return err - } - return nil + return rpt.Execute(trust.Policies) } diff --git a/cmd/podman/inspect/inspect.go b/cmd/podman/inspect/inspect.go index 64b586388..c982b1b7f 100644 --- a/cmd/podman/inspect/inspect.go +++ b/cmd/podman/inspect/inspect.go @@ -215,8 +215,10 @@ func (i *inspector) inspect(namesOrIDs []string) error { case report.IsJSON(i.options.Format) || i.options.Format == "": err = printJSON(data) default: + // Landing here implies user has given a custom --format row := inspectNormalize(i.options.Format) - row = "{{range . }}" + report.NormalizeFormat(row) + "{{end -}}" + row = report.NormalizeFormat(row) + row = report.EnforceRange(row) err = printTmpl(tmpType, row, data) } if err != nil { diff --git a/cmd/podman/machine/list.go b/cmd/podman/machine/list.go index d569f4db0..774ab4fd0 100644 --- a/cmd/podman/machine/list.go +++ b/cmd/podman/machine/list.go @@ -116,7 +116,15 @@ func outputTemplate(cmd *cobra.Command, responses []*machineReporter) error { "DiskSize": "DISK SIZE", }) - row := report.NormalizeFormat(listFlag.format) + var row string + switch { + case cmd.Flags().Changed("format"): + row = cmd.Flag("format").Value.String() + listFlag.noHeading = !report.HasTable(row) + row = report.NormalizeFormat(row) + default: + row = cmd.Flag("format").Value.String() + } format := report.EnforceRange(row) tmpl, err := report.NewTemplate("list").Parse(format) @@ -130,10 +138,6 @@ func outputTemplate(cmd *cobra.Command, responses []*machineReporter) error { } defer w.Flush() - if cmd.Flags().Changed("format") && !report.HasTable(listFlag.format) { - listFlag.noHeading = true - } - if !listFlag.noHeading { if err := tmpl.Execute(w, headers); err != nil { return errors.Wrapf(err, "failed to write report column headers") diff --git a/cmd/podman/networks/list.go b/cmd/podman/networks/list.go index 124a17d5d..6f1a7742a 100644 --- a/cmd/podman/networks/list.go +++ b/cmd/podman/networks/list.go @@ -84,7 +84,7 @@ func networkList(cmd *cobra.Command, args []string) error { // table or other format output default: - err = templateOut(responses, cmd) + err = templateOut(cmd, responses) } return err @@ -105,7 +105,7 @@ func jsonOut(responses []types.Network) error { return nil } -func templateOut(responses []types.Network, cmd *cobra.Command) error { +func templateOut(cmd *cobra.Command, responses []types.Network) error { nlprs := make([]ListPrintReports, 0, len(responses)) for _, r := range responses { nlprs = append(nlprs, ListPrintReports{r}) @@ -120,14 +120,16 @@ func templateOut(responses []types.Network, cmd *cobra.Command) error { }) renderHeaders := report.HasTable(networkListOptions.Format) - var row, format string - if cmd.Flags().Changed("format") { + var row string + switch { + case cmd.Flags().Changed("format"): row = report.NormalizeFormat(networkListOptions.Format) - } else { // 'podman network ls' equivalent to 'podman network ls --format="table {{.ID}} {{.Name}} {{.Version}} {{.Plugins}}" ' - renderHeaders = true + default: + // 'podman network ls' equivalent to 'podman network ls --format="table {{.ID}} {{.Name}} {{.Version}} {{.Plugins}}" ' row = "{{.ID}}\t{{.Name}}\t{{.Driver}}\n" + renderHeaders = true } - format = report.EnforceRange(row) + format := report.EnforceRange(row) tmpl, err := report.NewTemplate("list").Parse(format) if err != nil { diff --git a/cmd/podman/pods/inspect.go b/cmd/podman/pods/inspect.go index 96eaec3b9..d4b8df90e 100644 --- a/cmd/podman/pods/inspect.go +++ b/cmd/podman/pods/inspect.go @@ -64,11 +64,13 @@ func inspect(cmd *cobra.Command, args []string) error { } if report.IsJSON(inspectOptions.Format) { + json.MarshalIndent(responses, "", " ") enc := json.NewEncoder(os.Stdout) enc.SetIndent("", " ") return enc.Encode(responses) } + // cmd.Flags().Changed("format") must be true to reach this code row := report.NormalizeFormat(inspectOptions.Format) t, err := report.NewTemplate("inspect").Parse(row) diff --git a/cmd/podman/pods/ps.go b/cmd/podman/pods/ps.go index 60aadf224..808ec31b3 100644 --- a/cmd/podman/pods/ps.go +++ b/cmd/podman/pods/ps.go @@ -136,11 +136,12 @@ func pods(cmd *cobra.Command, _ []string) error { renderHeaders = report.HasTable(psInput.Format) row = report.NormalizeFormat(psInput.Format) } + format := report.EnforceRange(row) + noHeading, _ := cmd.Flags().GetBool("noheading") if noHeading { renderHeaders = false } - format := report.EnforceRange(row) tmpl, err := report.NewTemplate("list").Parse(format) if err != nil { diff --git a/cmd/podman/pods/stats.go b/cmd/podman/pods/stats.go index ba2c1495b..a7bba3064 100644 --- a/cmd/podman/pods/stats.go +++ b/cmd/podman/pods/stats.go @@ -67,9 +67,7 @@ func stats(cmd *cobra.Command, args []string) error { return err } - row := report.NormalizeFormat(statsOptions.Format) - doJSON := report.IsJSON(row) - + doJSON := report.IsJSON(cmd.Flag("format").Value.String()) headers := report.Headers(entities.PodStatsReport{}, map[string]string{ "CPU": "CPU %", "MemUsage": "MEM USAGE/ LIMIT", @@ -96,6 +94,8 @@ func stats(cmd *cobra.Command, args []string) error { goterm.Flush() } if cmd.Flags().Changed("format") { + row := report.NormalizeFormat(statsOptions.Format) + row = report.EnforceRange(row) if err := printFormattedPodStatsLines(headers, row, reports); err != nil { return err } @@ -143,8 +143,6 @@ func printFormattedPodStatsLines(headerNames []map[string]string, row string, st return nil } - row = report.EnforceRange(row) - tmpl, err := report.NewTemplate("stats").Parse(row) if err != nil { return err diff --git a/cmd/podman/secrets/list.go b/cmd/podman/secrets/list.go index f136de4ab..255d9ae1a 100644 --- a/cmd/podman/secrets/list.go +++ b/cmd/podman/secrets/list.go @@ -71,7 +71,10 @@ func outputTemplate(cmd *cobra.Command, responses []*entities.SecretListReport) "UpdatedAt": "UPDATED", }) - row := report.NormalizeFormat(listFlag.format) + row := cmd.Flag("format").Value.String() + if cmd.Flags().Changed("format") { + row = report.NormalizeFormat(row) + } format := report.EnforceRange(row) tmpl, err := report.NewTemplate("list").Parse(format) diff --git a/cmd/podman/system/connection/list.go b/cmd/podman/system/connection/list.go index f1f7657ad..2710142a8 100644 --- a/cmd/podman/system/connection/list.go +++ b/cmd/podman/system/connection/list.go @@ -82,7 +82,7 @@ func list(cmd *cobra.Command, _ []string) error { return rows[i].Name < rows[j].Name }) - format := "{{.Name}}\t{{.URI}}\t{{.Identity}}\t{{.Default}}\n" + var format string switch { case report.IsJSON(cmd.Flag("format").Value.String()): buf, err := registry.JSONLibrary().MarshalIndent(rows, "", " ") @@ -90,11 +90,10 @@ func list(cmd *cobra.Command, _ []string) error { fmt.Println(string(buf)) } return err + case cmd.Flags().Changed("format"): + format = report.NormalizeFormat(cmd.Flag("format").Value.String()) default: - if cmd.Flag("format").Changed { - format = cmd.Flag("format").Value.String() - format = report.NormalizeFormat(format) - } + format = "{{.Name}}\t{{.URI}}\t{{.Identity}}\t{{.Default}}\n" } format = report.EnforceRange(format) diff --git a/cmd/podman/system/version.go b/cmd/podman/system/version.go index 3443978d6..87b806503 100644 --- a/cmd/podman/system/version.go +++ b/cmd/podman/system/version.go @@ -59,7 +59,7 @@ func version(cmd *cobra.Command, args []string) error { } defer w.Flush() - if cmd.Flag("format").Changed { + if cmd.Flags().Changed("format") { row := report.NormalizeFormat(versionFormat) tmpl, err := report.NewTemplate("version 2.0.0").Parse(row) if err != nil { diff --git a/cmd/podman/volumes/list.go b/cmd/podman/volumes/list.go index 0243054af..c372527de 100644 --- a/cmd/podman/volumes/list.go +++ b/cmd/podman/volumes/list.go @@ -97,9 +97,14 @@ func outputTemplate(cmd *cobra.Command, responses []*entities.VolumeListReport) "Name": "VOLUME NAME", }) - row := report.NormalizeFormat(cliOpts.Format) - if cliOpts.Quiet { + var row string + switch { + case cliOpts.Quiet: row = "{{.Name}}\n" + case cmd.Flags().Changed("format"): + row = report.NormalizeFormat(cliOpts.Format) + default: + row = cmd.Flag("format").Value.String() } format := report.EnforceRange(row) diff --git a/docs/source/markdown/podman-unshare.1.md b/docs/source/markdown/podman-unshare.1.md index 5676b1be7..01393a862 100644 --- a/docs/source/markdown/podman-unshare.1.md +++ b/docs/source/markdown/podman-unshare.1.md @@ -35,7 +35,6 @@ Print usage statement Join the rootless network namespace used for CNI and netavark networking. It can be used to connect to a rootless container via IP address (bridge networking). This is otherwise not possible from the host network namespace. -_Note: Using this option with more than one unshare session can have unexpected results._ ## Exit Codes @@ -57,13 +56,13 @@ the exit codes follow the `chroot` standard, see below: **127** Executing a _contained command_ and the _command_ cannot be found - $ podman run busybox foo; echo $? + $ podman unshare foo; echo $? Error: fork/exec /usr/bin/bogus: no such file or directory 127 **Exit code** _contained command_ exit code - $ podman run busybox /bin/sh -c 'exit 3'; echo $? + $ podman unshare /bin/sh -c 'exit 3'; echo $? 3 ## EXAMPLE diff --git a/docs/tutorials/remote_client.md b/docs/tutorials/remote_client.md index 889947397..0370b0329 100644 --- a/docs/tutorials/remote_client.md +++ b/docs/tutorials/remote_client.md @@ -58,11 +58,11 @@ sudo systemctl enable --now -s sshd ``` #### Setting up SSH -Remote Podman uses SSH to communicate between the client and server. The remote client works considerably smoother using SSH keys. To set up your ssh connection, you need to generate an ssh key pair from your client machine. +Remote Podman uses SSH to communicate between the client and server. The remote client works considerably smoother using SSH keys. To set up your ssh connection, you need to generate an ssh key pair from your client machine. *NOTE:* in some instances, using a `rsa` key will cause connection issues, be sure to create an `ed25519` key. ``` -ssh-keygen +ssh-keygen -t ed25519 ``` -Your public key by default should be in your home directory under ~/.ssh/id_rsa.pub. You then need to copy the contents of id_rsa.pub and append it into ~/.ssh/authorized_keys on the Linux server. You can automate this using ssh-copy-id. +Your public key by default should be in your home directory under ~/.ssh/id_ed25519.pub. You then need to copy the contents of id_ed25519.pub and append it into ~/.ssh/authorized_keys on the Linux server. You can automate this using ssh-copy-id. If you do not wish to use SSH keys, you will be prompted with each Podman command for your login password. @@ -75,7 +75,7 @@ The first step in using the Podman remote client is to configure a connection. You can add a connection by using the `podman-remote system connection add` command. ``` -podman-remote system connection add myuser --identity ~/.ssh/id_rsa ssh://192.168.122.1/run/user/1000/podman/podman.sock +podman-remote system connection add myuser --identity ~/.ssh/id_ed25519 ssh://192.168.122.1/run/user/1000/podman/podman.sock ``` This will add a remote connection to Podman and if it is the first connection added, it will mark the connection as the default. You can observe your connections with `podman-remote system connection list`: @@ -83,7 +83,7 @@ This will add a remote connection to Podman and if it is the first connection ad ``` podman-remote system connection list Name Identity URI -myuser* id_rsa ssh://myuser@192.168.122.1/run/user/1000/podman/podman.sock +myuser* id_ed25519 ssh://myuser@192.168.122.1/run/user/1000/podman/podman.sock ``` Now we can test the connection with `podman info`: diff --git a/libpod/kube.go b/libpod/kube.go index 351c49c9a..4e61b5377 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -79,7 +79,11 @@ func (p *Pod) GenerateForKube(ctx context.Context) (*v1.Pod, []v1.ServicePort, e if err != nil { return nil, servicePorts, err } - servicePorts = containerPortsToServicePorts(ports) + spState := newServicePortState() + servicePorts, err = spState.containerPortsToServicePorts(ports) + if err != nil { + return nil, servicePorts, err + } hostNetwork = infraContainer.NetworkMode() == string(namespaces.NetworkMode(specgen.Host)) } pod, err := p.podWithContainers(ctx, allContainers, ports, hostNetwork) @@ -242,13 +246,17 @@ func ConvertV1PodToYAMLPod(pod *v1.Pod) *YAMLPod { } // GenerateKubeServiceFromV1Pod creates a v1 service object from a v1 pod object -func GenerateKubeServiceFromV1Pod(pod *v1.Pod, servicePorts []v1.ServicePort) YAMLService { +func GenerateKubeServiceFromV1Pod(pod *v1.Pod, servicePorts []v1.ServicePort) (YAMLService, error) { service := YAMLService{} selector := make(map[string]string) selector["app"] = pod.Labels["app"] ports := servicePorts if len(ports) == 0 { - ports = containersToServicePorts(pod.Spec.Containers) + p, err := containersToServicePorts(pod.Spec.Containers) + if err != nil { + return service, err + } + ports = p } serviceSpec := v1.ServiceSpec{ Ports: ports, @@ -262,15 +270,43 @@ func GenerateKubeServiceFromV1Pod(pod *v1.Pod, servicePorts []v1.ServicePort) YA APIVersion: pod.TypeMeta.APIVersion, } service.TypeMeta = tm - return service + return service, nil +} + +// servicePortState allows calling containerPortsToServicePorts for a single service +type servicePortState struct { + // A program using the shared math/rand state with the default seed will produce the same sequence of pseudo-random numbers + // for each execution. Use a private RNG state not to interfere with other users. + rng *rand.Rand + usedPorts map[int]struct{} +} + +func newServicePortState() servicePortState { + return servicePortState{ + rng: rand.New(rand.NewSource(time.Now().UnixNano())), + usedPorts: map[int]struct{}{}, + } } // containerPortsToServicePorts takes a slice of containerports and generates a // slice of service ports -func containerPortsToServicePorts(containerPorts []v1.ContainerPort) []v1.ServicePort { +func (state *servicePortState) containerPortsToServicePorts(containerPorts []v1.ContainerPort) ([]v1.ServicePort, error) { sps := make([]v1.ServicePort, 0, len(containerPorts)) for _, cp := range containerPorts { - nodePort := 30000 + rand.Intn(32767-30000+1) + var nodePort int + attempt := 0 + for { + // Legal nodeport range is 30000-32767 + nodePort = 30000 + state.rng.Intn(32767-30000+1) + if _, found := state.usedPorts[nodePort]; !found { + state.usedPorts[nodePort] = struct{}{} + break + } + attempt++ + if attempt >= 100 { + return nil, fmt.Errorf("too many attempts trying to generate a unique NodePort number") + } + } servicePort := v1.ServicePort{ Protocol: cp.Protocol, Port: cp.ContainerPort, @@ -280,21 +316,22 @@ func containerPortsToServicePorts(containerPorts []v1.ContainerPort) []v1.Servic } sps = append(sps, servicePort) } - return sps + return sps, nil } // containersToServicePorts takes a slice of v1.Containers and generates an // inclusive list of serviceports to expose -func containersToServicePorts(containers []v1.Container) []v1.ServicePort { - // Without the call to rand.Seed, a program will produce the same sequence of pseudo-random numbers - // for each execution. Legal nodeport range is 30000-32767 - rand.Seed(time.Now().UnixNano()) - +func containersToServicePorts(containers []v1.Container) ([]v1.ServicePort, error) { + state := newServicePortState() sps := make([]v1.ServicePort, 0, len(containers)) for _, ctr := range containers { - sps = append(sps, containerPortsToServicePorts(ctr.Ports)...) + ports, err := state.containerPortsToServicePorts(ctr.Ports) + if err != nil { + return nil, err + } + sps = append(sps, ports...) } - return sps + return sps, nil } func (p *Pod) podWithContainers(ctx context.Context, containers []*Container, ports []v1.ContainerPort, hostNetwork bool) (*v1.Pod, error) { diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 7d1214183..b734b9c95 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -322,17 +322,14 @@ func (r *RootlessNetNS) Do(toRun func() error) error { // Cleanup the rootless network namespace if needed. // It checks if we have running containers with the bridge network mode. -// Cleanup() will try to lock RootlessNetNS, therefore you have to call -// it with an unlocked lock. +// Cleanup() expects that r.Lock is locked func (r *RootlessNetNS) Cleanup(runtime *Runtime) error { _, err := os.Stat(r.dir) if os.IsNotExist(err) { // the directory does not exists no need for cleanup return nil } - r.Lock.Lock() - defer r.Lock.Unlock() - running := func(c *Container) bool { + activeNetns := func(c *Container) bool { // no bridge => no need to check if !c.config.NetMode.IsBridge() { return false @@ -352,15 +349,18 @@ func (r *RootlessNetNS) Cleanup(runtime *Runtime) error { return false } - state := c.state.State - return state == define.ContainerStateRunning + // only check for an active netns, we cannot use the container state + // because not running does not mean that the netns does not need cleanup + // only if the netns is empty we know that we do not need cleanup + return c.state.NetNS != nil } - ctrs, err := runtime.GetContainersWithoutLock(running) + ctrs, err := runtime.GetContainersWithoutLock(activeNetns) if err != nil { return err } - // no cleanup if we found containers - if len(ctrs) > 0 { + // no cleanup if we found no other containers with a netns + // we will always find one container (the container cleanup that is currently calling us) + if len(ctrs) > 1 { return nil } logrus.Debug("Cleaning up rootless network namespace") @@ -809,10 +809,10 @@ func (r *Runtime) teardownNetwork(ns string, opts types.NetworkOptions) error { if rootlessNetNS != nil { // execute the cni setup in the rootless net ns err = rootlessNetNS.Do(tearDownPod) - rootlessNetNS.Lock.Unlock() - if err == nil { - err = rootlessNetNS.Cleanup(r) + if cerr := rootlessNetNS.Cleanup(r); cerr != nil { + logrus.WithError(err).Error("failed to cleanup rootless netns") } + rootlessNetNS.Lock.Unlock() } else { err = tearDownPod() } diff --git a/pkg/api/handlers/compat/images.go b/pkg/api/handlers/compat/images.go index af8b6b63d..4533fddeb 100644 --- a/pkg/api/handlers/compat/images.go +++ b/pkg/api/handlers/compat/images.go @@ -409,14 +409,20 @@ func GetImages(w http.ResponseWriter, r *http.Request) { utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "Failed get images")) return } - var summaries = make([]*entities.ImageSummary, len(images)) - for j, img := range images { + + summaries := make([]*entities.ImageSummary, 0, len(images)) + for _, img := range images { + // If the image is a manifest list, extract as much as we can. + if isML, _ := img.IsManifestList(r.Context()); isML { + continue + } + is, err := handlers.ImageToImageSummary(img) if err != nil { utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "Failed transform image summaries")) return } - summaries[j] = is + summaries = append(summaries, is) } utils.WriteResponse(w, http.StatusOK, summaries) } diff --git a/pkg/domain/infra/abi/generate.go b/pkg/domain/infra/abi/generate.go index 0defa1923..68bb351bf 100644 --- a/pkg/domain/infra/abi/generate.go +++ b/pkg/domain/infra/abi/generate.go @@ -139,7 +139,11 @@ func (ic *ContainerEngine) GenerateKube(ctx context.Context, nameOrIDs []string, podContent = append(podContent, b) if options.Service { - b, err := generateKubeYAML(libpod.GenerateKubeServiceFromV1Pod(po, []k8sAPI.ServicePort{})) + svc, err := libpod.GenerateKubeServiceFromV1Pod(po, []k8sAPI.ServicePort{}) + if err != nil { + return nil, err + } + b, err := generateKubeYAML(svc) if err != nil { return nil, err } @@ -177,7 +181,11 @@ func getKubePods(ctx context.Context, pods []*libpod.Pod, getService bool) ([][] pos = append(pos, b) if getService { - b, err := generateKubeYAML(libpod.GenerateKubeServiceFromV1Pod(po, sp)) + svc, err := libpod.GenerateKubeServiceFromV1Pod(po, sp) + if err != nil { + return nil, nil, err + } + b, err := generateKubeYAML(svc) if err != nil { return nil, nil, err } diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go index 7da7754f2..e6c9d850b 100644 --- a/pkg/domain/infra/abi/system.go +++ b/pkg/domain/infra/abi/system.go @@ -365,9 +365,12 @@ func (ic *ContainerEngine) Unshare(ctx context.Context, args []string, options e if err != nil { return err } - // make sure to unlock, unshare can run for a long time + // Make sure to unlock, unshare can run for a long time. rootlessNetNS.Lock.Unlock() - defer rootlessNetNS.Cleanup(ic.Libpod) + // We do not want to cleanup the netns after unshare. + // The problem is that we cannot know if we need to cleanup and + // secondly unshare should allow user to setup the namespace with + // special things, e.g. potentially macvlan or something like that. return rootlessNetNS.Do(unshare) } return unshare() diff --git a/test/apiv2/10-images.at b/test/apiv2/10-images.at index b7bcaf81d..e67f559f3 100644 --- a/test/apiv2/10-images.at +++ b/test/apiv2/10-images.at @@ -10,6 +10,13 @@ t GET libpod/images/json 200 \ .[0].Id~[0-9a-f]\\{64\\} iid=$(jq -r '.[0].Id' <<<"$output") +# Create an empty manifest and make sure it is not listed +# in the compat endpoint. +t GET images/json 200 length=1 +podman manifest create foo +t GET images/json 200 length=1 +t GET libpod/images/json 200 length=2 + t GET libpod/images/$iid/exists 204 t GET libpod/images/$PODMAN_TEST_IMAGE_NAME/exists 204 t GET libpod/images/${iid}abcdef/exists 404 \ diff --git a/test/system/010-images.bats b/test/system/010-images.bats index 1e9d5f181..9de31f96c 100644 --- a/test/system/010-images.bats +++ b/test/system/010-images.bats @@ -221,9 +221,7 @@ Labels.created_at | 20[0-9-]\\\+T[0-9:]\\\+Z iid=${output:0:12} # Run the test: this will output three column-aligned rows. Test them. - # Tab character (\t) should have the same effect as the 'table' directive _run_format_test 'table' 'table {{.Repository}} {{.Tag}} {{.ID}}' - _run_format_test 'tabs' '{{.Repository}}\t{{.Tag}}\t{{.ID}}' # Clean up. run_podman rmi ${aaa_name}:${aaa_tag} ${zzz_name}:${zzz_tag} diff --git a/test/system/110-history.bats b/test/system/110-history.bats index 75c15b088..0f6d75cb3 100644 --- a/test/system/110-history.bats +++ b/test/system/110-history.bats @@ -21,6 +21,14 @@ load helpers done } +@test "podman history - custom format" { + run_podman history --format "{{.ID}}\t{{.ID}}" $IMAGE + od -c <<<$output + while IFS= read -r row; do + is "$row" ".* .*$" + done <<<$output +} + @test "podman history - json" { # Sigh. Timestamp in .created can be '...Z' or '...-06:00' tests=" |