summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/libpodruntime/runtime.go5
-rw-r--r--cmd/podman/save.go19
-rw-r--r--cmd/podman/umount.go13
-rw-r--r--docs/podman.1.md8
-rw-r--r--libpod/container_api.go21
-rw-r--r--libpod/container_internal.go28
-rw-r--r--libpod/image/image.go10
-rw-r--r--libpod/image/image_test.go4
-rw-r--r--libpod/image/pull.go23
-rw-r--r--libpod/storage.go15
-rw-r--r--pkg/registries/registries.go17
-rw-r--r--pkg/secrets/secrets.go18
-rw-r--r--test/e2e/load_test.go56
-rw-r--r--test/e2e/tag_test.go6
14 files changed, 198 insertions, 45 deletions
diff --git a/cmd/podman/libpodruntime/runtime.go b/cmd/podman/libpodruntime/runtime.go
index 098864810..3216d288b 100644
--- a/cmd/podman/libpodruntime/runtime.go
+++ b/cmd/podman/libpodruntime/runtime.go
@@ -57,6 +57,11 @@ func GetDefaultStoreOptions() (storage.StoreOptions, error) {
if err != nil {
return storageOpts, err
}
+
+ storageConf := filepath.Join(os.Getenv("HOME"), ".config/containers/storage.conf")
+ if _, err := os.Stat(storageConf); err == nil {
+ storage.ReloadConfigurationFile(storageConf, &storageOpts)
+ }
}
return storageOpts, nil
}
diff --git a/cmd/podman/save.go b/cmd/podman/save.go
index 2f9adc843..016fa580a 100644
--- a/cmd/podman/save.go
+++ b/cmd/podman/save.go
@@ -1,6 +1,7 @@
package main
import (
+ "fmt"
"io"
"os"
"strings"
@@ -118,14 +119,26 @@ func saveCmd(c *cli.Context) error {
return err
}
}
- newImage, err := runtime.ImageRuntime().NewFromLocal(args[0])
+ source := args[0]
+ newImage, err := runtime.ImageRuntime().NewFromLocal(source)
if err != nil {
return err
}
dest := dst
// need dest to be in the format transport:path:reference for the following transports
- if (strings.Contains(dst, libpod.OCIArchive) || strings.Contains(dst, libpod.DockerArchive)) && !strings.Contains(newImage.ID(), args[0]) {
- dest = dst + ":" + args[0]
+ if (strings.Contains(dst, libpod.OCIArchive) || strings.Contains(dst, libpod.DockerArchive)) && !strings.Contains(newImage.ID(), source) {
+ prepend := ""
+ if !strings.Contains(source, libpodImage.DefaultLocalRepo) {
+ // we need to check if localhost was added to the image name in NewFromLocal
+ for _, name := range newImage.Names() {
+ // if the user searched for the image whose tag was prepended with localhost, we'll need to prepend localhost to successfully search
+ if strings.Contains(name, libpodImage.DefaultLocalRepo) && strings.Contains(name, source) {
+ prepend = fmt.Sprintf("%s/", libpodImage.DefaultLocalRepo)
+ break
+ }
+ }
+ }
+ dest = fmt.Sprintf("%s:%s%s", dst, prepend, source)
}
if err := newImage.PushImage(getContext(), dest, manifestType, "", "", writer, c.Bool("compress"), libpodImage.SigningOptions{}, &libpodImage.DockerRegistryOptions{}, false, additionaltags); err != nil {
if err2 := os.Remove(output); err2 != nil {
diff --git a/cmd/podman/umount.go b/cmd/podman/umount.go
index 0fd7ff144..1a2cf22c6 100644
--- a/cmd/podman/umount.go
+++ b/cmd/podman/umount.go
@@ -58,7 +58,7 @@ func umountCmd(c *cli.Context) error {
continue
}
- if err = unmountContainer(ctr); err != nil {
+ if err = ctr.Unmount(); err != nil {
if lastError != nil {
logrus.Error(lastError)
}
@@ -78,7 +78,7 @@ func umountCmd(c *cli.Context) error {
continue
}
- if err = unmountContainer(ctr); err != nil {
+ if err = ctr.Unmount(); err != nil {
if lastError != nil {
logrus.Error(lastError)
}
@@ -90,12 +90,3 @@ func umountCmd(c *cli.Context) error {
}
return lastError
}
-
-func unmountContainer(ctr *libpod.Container) error {
- if mounted, err := ctr.Mounted(); mounted {
- return ctr.Unmount()
- } else {
- return err
- }
- return errors.Errorf("container is not mounted")
-}
diff --git a/docs/podman.1.md b/docs/podman.1.md
index ea7f93afa..5581e0569 100644
--- a/docs/podman.1.md
+++ b/docs/podman.1.md
@@ -117,7 +117,7 @@ Print the version
**libpod.conf** (`/etc/containers/libpod.conf`)
-libpod.conf is the configuration file for all tools using libpod to manage containers. This file is ignored when running in rootless mode.
+libpod.conf is the configuration file for all tools using libpod to manage containers. When Podman runs in rootless mode, then the file `$HOME/.config/containers/libpod.conf` is used.
**storage.conf** (`/etc/containers/storage.conf`)
@@ -125,6 +125,8 @@ storage.conf is the storage configuration file for all tools using containers/st
The storage configuration file specifies all of the available container storage options for tools using shared container storage.
+When Podman runs in rootless mode, the file `$HOME/.config/containers/storage.conf` is also loaded.
+
**mounts.conf** (`/usr/share/containers/mounts.conf` and optionally `/etc/containers/mounts.conf`)
The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the `podman run` or `podman start` commands. Container processes can then use this content. The volume mount content does not get committed to the final image if you do a `podman commit`.
@@ -137,6 +139,8 @@ The format of the mounts.conf is the volume format /SRC:/DEST, one mount per lin
Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host.
+When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.conf` is also used.
+
**hook JSON** (`/usr/share/containers/oci/hooks.d/*.json`)
Each `*.json` file in `/usr/share/containers/oci/hooks.d` configures a hook for Podman containers. For more details on the syntax of the JSON files and the semantics of hook injection, see `oci-hooks(5)`.
@@ -153,6 +157,8 @@ Hooks are not used when running in rootless mode.
registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion.
+When Podman runs in rootless mode, the file `$HOME/.config/containers/registries.conf` is used.
+
## Rootless mode
Podman can also be used as non-root user. When podman runs in rootless mode, an user namespace is automatically created.
diff --git a/libpod/container_api.go b/libpod/container_api.go
index a3756ac5f..bb9727ec1 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -437,11 +437,7 @@ func (c *Container) Mount() (string, error) {
}
}
- if err := c.mountStorage(); err != nil {
- return "", err
- }
-
- return c.state.Mountpoint, nil
+ return c.mount()
}
// Unmount unmounts a container's filesystem on the host
@@ -456,15 +452,24 @@ func (c *Container) Unmount() error {
}
if c.state.State == ContainerStateRunning || c.state.State == ContainerStatePaused {
- return errors.Wrapf(ErrCtrStateInvalid, "cannot remove storage for container %s as it is running or paused", c.ID())
+ return errors.Wrapf(ErrCtrStateInvalid, "cannot unmount storage for container %s as it is running or paused", c.ID())
}
// Check if we have active exec sessions
if len(c.state.ExecSessions) != 0 {
- return errors.Wrapf(ErrCtrStateInvalid, "container %s has active exec sessions, refusing to clean up", c.ID())
+ return errors.Wrapf(ErrCtrStateInvalid, "container %s has active exec sessions, refusing to unmount", c.ID())
}
- return c.cleanupStorage()
+ if c.state.Mounted {
+ mounted, err := c.runtime.storageService.MountedContainerImage(c.ID())
+ if err != nil {
+ return errors.Wrapf(err, "can't determine how many times %s is mounted, refusing to unmount", c.ID())
+ }
+ if mounted == 1 {
+ return errors.Wrapf(err, "can't unmount %s last mount, it is still in use", c.ID())
+ }
+ }
+ return c.unmount()
}
// Pause pauses a container
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 38099c6ac..55fd7369d 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -753,9 +753,9 @@ func (c *Container) mountStorage() (err error) {
mountPoint := c.config.Rootfs
if mountPoint == "" {
- mountPoint, err = c.runtime.storageService.MountContainerImage(c.ID())
+ mountPoint, err = c.mount()
if err != nil {
- return errors.Wrapf(err, "error mounting storage for container %s", c.ID())
+ return err
}
}
c.state.Mounted = true
@@ -796,8 +796,7 @@ func (c *Container) cleanupStorage() error {
return nil
}
- // Also unmount storage
- if _, err := c.runtime.storageService.UnmountContainerImage(c.ID()); err != nil {
+ if err := c.unmount(); err != nil {
// If the container has already been removed, warn but don't
// error
// We still want to be able to kick the container out of the
@@ -807,7 +806,7 @@ func (c *Container) cleanupStorage() error {
return nil
}
- return errors.Wrapf(err, "error unmounting container %s root filesystem", c.ID())
+ return err
}
c.state.Mountpoint = ""
@@ -1285,3 +1284,22 @@ func (c *Container) setupOCIHooks(ctx context.Context, config *spec.Spec) (exten
return manager.Hooks(config, c.Spec().Annotations, len(c.config.UserVolumes) > 0)
}
+
+// mount mounts the container's root filesystem
+func (c *Container) mount() (string, error) {
+ mountPoint, err := c.runtime.storageService.MountContainerImage(c.ID())
+ if err != nil {
+ return "", errors.Wrapf(err, "error mounting storage for container %s", c.ID())
+ }
+ return mountPoint, nil
+}
+
+// unmount unmounts the container's root filesystem
+func (c *Container) unmount() error {
+ // Also unmount storage
+ if _, err := c.runtime.storageService.UnmountContainerImage(c.ID()); err != nil {
+ return errors.Wrapf(err, "error unmounting container %s root filesystem", c.ID())
+ }
+
+ return nil
+}
diff --git a/libpod/image/image.go b/libpod/image/image.go
index b5c4c537f..3863338b5 100644
--- a/libpod/image/image.go
+++ b/libpod/image/image.go
@@ -260,6 +260,12 @@ func (i *Image) getLocalImage() (*storage.Image, error) {
if hasReg {
return nil, errors.Errorf("%s", imageError)
}
+ // if the image is saved with the repository localhost, searching with localhost prepended is necessary
+ // We don't need to strip the sha because we have already determined it is not an ID
+ img, err = i.imageruntime.getImage(DefaultLocalRepo + "/" + i.InputName)
+ if err == nil {
+ return img.image, err
+ }
// grab all the local images
images, err := i.imageruntime.GetImages()
@@ -462,6 +468,10 @@ func (i *Image) TagImage(tag string) error {
if !decomposedTag.isTagged {
tag = fmt.Sprintf("%s:%s", tag, decomposedTag.tag)
}
+ // If the input doesn't specify a registry, set the registry to localhost
+ if !decomposedTag.hasRegistry {
+ tag = fmt.Sprintf("%s/%s", DefaultLocalRepo, tag)
+ }
tags := i.Names()
if util.StringInSlice(tag, tags) {
return nil
diff --git a/libpod/image/image_test.go b/libpod/image/image_test.go
index 71beed495..04877dbe5 100644
--- a/libpod/image/image_test.go
+++ b/libpod/image/image_test.go
@@ -170,12 +170,12 @@ func TestImage_MatchRepoTag(t *testing.T) {
// foo should resolve to foo:latest
repoTag, err := newImage.MatchRepoTag("foo")
assert.NoError(t, err)
- assert.Equal(t, "foo:latest", repoTag)
+ assert.Equal(t, "localhost/foo:latest", repoTag)
// foo:bar should resolve to foo:bar
repoTag, err = newImage.MatchRepoTag("foo:bar")
assert.NoError(t, err)
- assert.Equal(t, "foo:bar", repoTag)
+ assert.Equal(t, "localhost/foo:bar", repoTag)
// Shutdown the runtime and remove the temporary storage
cleanup(workdir, ir)
}
diff --git a/libpod/image/pull.go b/libpod/image/pull.go
index a5a398eb1..3bfbc912c 100644
--- a/libpod/image/pull.go
+++ b/libpod/image/pull.go
@@ -4,7 +4,6 @@ import (
"context"
"fmt"
"io"
- "os"
"strings"
cp "github.com/containers/image/copy"
@@ -46,6 +45,9 @@ var (
AtomicTransport = "atomic"
// DefaultTransport is a prefix that we apply to an image name
DefaultTransport = DockerTransport
+ // DefaultLocalRepo is the default local repository for local image operations
+ // Remote pulls will still use defined registries
+ DefaultLocalRepo = "localhost"
)
type pullStruct struct {
@@ -56,6 +58,14 @@ type pullStruct struct {
}
func (ir *Runtime) getPullStruct(srcRef types.ImageReference, destName string) (*pullStruct, error) {
+ imgPart, err := decompose(destName)
+ if err == nil && !imgPart.hasRegistry {
+ // If the image doesn't have a registry, set it as the default repo
+ imgPart.registry = DefaultLocalRepo
+ imgPart.hasRegistry = true
+ destName = imgPart.assemble()
+ }
+
reference := destName
if srcRef.DockerReference() != nil {
reference = srcRef.DockerReference().String()
@@ -149,7 +159,9 @@ func (ir *Runtime) getPullListFromRef(ctx context.Context, srcRef types.ImageRef
image := splitArr[1]
// remove leading "/"
if image[:1] == "/" {
- image = image[1:]
+ // Instead of removing the leading /, set localhost as the registry
+ // so docker.io isn't prepended, and the path becomes the repository
+ image = DefaultLocalRepo + image
}
pullInfo, err := ir.getPullStruct(srcRef, image)
if err != nil {
@@ -277,12 +289,7 @@ func (i *Image) createNamesToPull() ([]*pullStruct, error) {
pullNames = append(pullNames, &ps)
} else {
- registryConfigPath := ""
- envOverride := os.Getenv("REGISTRIES_CONFIG_PATH")
- if len(envOverride) > 0 {
- registryConfigPath = envOverride
- }
- searchRegistries, err := sysregistries.GetRegistries(&types.SystemContext{SystemRegistriesConfPath: registryConfigPath})
+ searchRegistries, err := registries.GetRegistries()
if err != nil {
return nil, err
}
diff --git a/libpod/storage.go b/libpod/storage.go
index ff366edf2..76aa9efa4 100644
--- a/libpod/storage.go
+++ b/libpod/storage.go
@@ -248,6 +248,21 @@ func (r *storageService) UnmountContainerImage(idOrName string) (bool, error) {
return mounted, nil
}
+func (r *storageService) MountedContainerImage(idOrName string) (int, error) {
+ if idOrName == "" {
+ return 0, ErrEmptyID
+ }
+ container, err := r.store.Container(idOrName)
+ if err != nil {
+ return 0, err
+ }
+ mounted, err := r.store.Mounted(container.ID)
+ if err != nil {
+ return 0, err
+ }
+ return mounted, nil
+}
+
func (r *storageService) GetWorkDir(id string) (string, error) {
container, err := r.store.Container(id)
if err != nil {
diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index 844d2c415..c84bb21f6 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -2,15 +2,27 @@ package registries
import (
"os"
+ "path/filepath"
"github.com/containers/image/pkg/sysregistries"
"github.com/containers/image/types"
"github.com/pkg/errors"
+ "github.com/projectatomic/libpod/pkg/rootless"
)
+// userRegistriesFile is the path to the per user registry configuration file.
+var userRegistriesFile = filepath.Join(os.Getenv("HOME"), ".config/containers/registries.conf")
+
// GetRegistries obtains the list of registries defined in the global registries file.
func GetRegistries() ([]string, error) {
registryConfigPath := ""
+
+ if rootless.IsRootless() {
+ if _, err := os.Stat(userRegistriesFile); err == nil {
+ registryConfigPath = userRegistriesFile
+ }
+ }
+
envOverride := os.Getenv("REGISTRIES_CONFIG_PATH")
if len(envOverride) > 0 {
registryConfigPath = envOverride
@@ -25,6 +37,11 @@ func GetRegistries() ([]string, error) {
// GetInsecureRegistries obtains the list of insecure registries from the global registration file.
func GetInsecureRegistries() ([]string, error) {
registryConfigPath := ""
+
+ if _, err := os.Stat(userRegistriesFile); err == nil {
+ registryConfigPath = userRegistriesFile
+ }
+
envOverride := os.Getenv("REGISTRIES_CONFIG_PATH")
if len(envOverride) > 0 {
registryConfigPath = envOverride
diff --git a/pkg/secrets/secrets.go b/pkg/secrets/secrets.go
index ba0f3b925..bc63ece00 100644
--- a/pkg/secrets/secrets.go
+++ b/pkg/secrets/secrets.go
@@ -10,6 +10,7 @@ import (
rspec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
+ "github.com/projectatomic/libpod/pkg/rootless"
"github.com/sirupsen/logrus"
)
@@ -20,6 +21,9 @@ var (
// OverrideMountsFile holds the default mount paths in the form
// "host_path:container_path" overridden by the user
OverrideMountsFile = "/etc/containers/mounts.conf"
+ // UserOverrideMountsFile holds the default mount paths in the form
+ // "host_path:container_path" overridden by the rootless user
+ UserOverrideMountsFile = filepath.Join(os.Getenv("HOME"), ".config/containers/mounts.conf")
)
// secretData stores the name of the file and the content read from it
@@ -143,15 +147,21 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPre
// Note for testing purposes only
if mountFile == "" {
mountFiles = append(mountFiles, []string{OverrideMountsFile, DefaultMountsFile}...)
+ if rootless.IsRootless() {
+ mountFiles = append([]string{UserOverrideMountsFile}, mountFiles...)
+ }
} else {
mountFiles = append(mountFiles, mountFile)
}
for _, file := range mountFiles {
- mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, mountPrefix, uid, gid)
- if err != nil {
- logrus.Warnf("error mounting secrets, skipping: %v", err)
+ if _, err := os.Stat(file); err == nil {
+ mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, mountPrefix, uid, gid)
+ if err != nil {
+ logrus.Warnf("error mounting secrets, skipping: %v", err)
+ }
+ secretMounts = mounts
+ break
}
- secretMounts = append(secretMounts, mounts...)
}
// Add FIPS mode secret if /etc/system-fips exists on the host
diff --git a/test/e2e/load_test.go b/test/e2e/load_test.go
index 3fe68ad8e..d39f75927 100644
--- a/test/e2e/load_test.go
+++ b/test/e2e/load_test.go
@@ -161,4 +161,60 @@ var _ = Describe("Podman load", func() {
inspect.WaitWithDefaultTimeout()
Expect(result.ExitCode()).To(Equal(0))
})
+
+ It("podman load localhost repo from scratch", func() {
+ outfile := filepath.Join(podmanTest.TempDir, "load_test.tar.gz")
+ setup := podmanTest.Podman([]string{"pull", fedoraMinimal})
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
+ setup = podmanTest.Podman([]string{"tag", "fedora-minimal", "hello:world"})
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
+ setup = podmanTest.Podman([]string{"save", "-o", outfile, "--format", "oci-archive", "hello:world"})
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
+ setup = podmanTest.Podman([]string{"rmi", "hello:world"})
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
+ load := podmanTest.Podman([]string{"load", "-i", outfile})
+ load.WaitWithDefaultTimeout()
+ Expect(load.ExitCode()).To(Equal(0))
+
+ result := podmanTest.Podman([]string{"images", "-f", "label", "hello:world"})
+ result.WaitWithDefaultTimeout()
+ Expect(result.LineInOutputContains("docker")).To(Not(BeTrue()))
+ Expect(result.LineInOutputContains("localhost")).To(BeTrue())
+ })
+
+ It("podman load localhost repo from dir", func() {
+ outfile := filepath.Join(podmanTest.TempDir, "load")
+ setup := podmanTest.Podman([]string{"pull", fedoraMinimal})
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
+ setup = podmanTest.Podman([]string{"tag", "fedora-minimal", "hello:world"})
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
+ setup = podmanTest.Podman([]string{"save", "-o", outfile, "--format", "oci-dir", "hello:world"})
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
+ setup = podmanTest.Podman([]string{"rmi", "hello:world"})
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
+ load := podmanTest.Podman([]string{"load", "-i", outfile})
+ load.WaitWithDefaultTimeout()
+ Expect(load.ExitCode()).To(Equal(0))
+
+ result := podmanTest.Podman([]string{"images", "-f", "label", "load:latest"})
+ result.WaitWithDefaultTimeout()
+ Expect(result.LineInOutputContains("docker")).To(Not(BeTrue()))
+ Expect(result.LineInOutputContains("localhost")).To(BeTrue())
+ })
})
diff --git a/test/e2e/tag_test.go b/test/e2e/tag_test.go
index 5b578ee07..b07bc5550 100644
--- a/test/e2e/tag_test.go
+++ b/test/e2e/tag_test.go
@@ -38,7 +38,7 @@ var _ = Describe("Podman tag", func() {
Expect(results.ExitCode()).To(Equal(0))
inspectData := results.InspectImageJSON()
Expect(StringInSlice("docker.io/library/alpine:latest", inspectData[0].RepoTags)).To(BeTrue())
- Expect(StringInSlice("foobar:latest", inspectData[0].RepoTags)).To(BeTrue())
+ Expect(StringInSlice("localhost/foobar:latest", inspectData[0].RepoTags)).To(BeTrue())
})
It("podman tag shortname", func() {
@@ -51,7 +51,7 @@ var _ = Describe("Podman tag", func() {
Expect(results.ExitCode()).To(Equal(0))
inspectData := results.InspectImageJSON()
Expect(StringInSlice("docker.io/library/alpine:latest", inspectData[0].RepoTags)).To(BeTrue())
- Expect(StringInSlice("foobar:latest", inspectData[0].RepoTags)).To(BeTrue())
+ Expect(StringInSlice("localhost/foobar:latest", inspectData[0].RepoTags)).To(BeTrue())
})
It("podman tag shortname:tag", func() {
@@ -64,7 +64,7 @@ var _ = Describe("Podman tag", func() {
Expect(results.ExitCode()).To(Equal(0))
inspectData := results.InspectImageJSON()
Expect(StringInSlice("docker.io/library/alpine:latest", inspectData[0].RepoTags)).To(BeTrue())
- Expect(StringInSlice("foobar:new", inspectData[0].RepoTags)).To(BeTrue())
+ Expect(StringInSlice("localhost/foobar:new", inspectData[0].RepoTags)).To(BeTrue())
})
It("podman tag shortname image no tag", func() {