diff options
-rw-r--r-- | cmd/podman/libpodruntime/runtime.go | 5 | ||||
-rw-r--r-- | cmd/podman/save.go | 19 | ||||
-rw-r--r-- | cmd/podman/umount.go | 13 | ||||
-rw-r--r-- | docs/podman.1.md | 8 | ||||
-rw-r--r-- | libpod/container_api.go | 21 | ||||
-rw-r--r-- | libpod/container_internal.go | 28 | ||||
-rw-r--r-- | libpod/image/image.go | 10 | ||||
-rw-r--r-- | libpod/image/image_test.go | 4 | ||||
-rw-r--r-- | libpod/image/pull.go | 23 | ||||
-rw-r--r-- | libpod/storage.go | 15 | ||||
-rw-r--r-- | pkg/registries/registries.go | 17 | ||||
-rw-r--r-- | pkg/secrets/secrets.go | 18 | ||||
-rw-r--r-- | test/e2e/load_test.go | 56 | ||||
-rw-r--r-- | test/e2e/tag_test.go | 6 |
14 files changed, 198 insertions, 45 deletions
diff --git a/cmd/podman/libpodruntime/runtime.go b/cmd/podman/libpodruntime/runtime.go index 098864810..3216d288b 100644 --- a/cmd/podman/libpodruntime/runtime.go +++ b/cmd/podman/libpodruntime/runtime.go @@ -57,6 +57,11 @@ func GetDefaultStoreOptions() (storage.StoreOptions, error) { if err != nil { return storageOpts, err } + + storageConf := filepath.Join(os.Getenv("HOME"), ".config/containers/storage.conf") + if _, err := os.Stat(storageConf); err == nil { + storage.ReloadConfigurationFile(storageConf, &storageOpts) + } } return storageOpts, nil } diff --git a/cmd/podman/save.go b/cmd/podman/save.go index 2f9adc843..016fa580a 100644 --- a/cmd/podman/save.go +++ b/cmd/podman/save.go @@ -1,6 +1,7 @@ package main import ( + "fmt" "io" "os" "strings" @@ -118,14 +119,26 @@ func saveCmd(c *cli.Context) error { return err } } - newImage, err := runtime.ImageRuntime().NewFromLocal(args[0]) + source := args[0] + newImage, err := runtime.ImageRuntime().NewFromLocal(source) if err != nil { return err } dest := dst // need dest to be in the format transport:path:reference for the following transports - if (strings.Contains(dst, libpod.OCIArchive) || strings.Contains(dst, libpod.DockerArchive)) && !strings.Contains(newImage.ID(), args[0]) { - dest = dst + ":" + args[0] + if (strings.Contains(dst, libpod.OCIArchive) || strings.Contains(dst, libpod.DockerArchive)) && !strings.Contains(newImage.ID(), source) { + prepend := "" + if !strings.Contains(source, libpodImage.DefaultLocalRepo) { + // we need to check if localhost was added to the image name in NewFromLocal + for _, name := range newImage.Names() { + // if the user searched for the image whose tag was prepended with localhost, we'll need to prepend localhost to successfully search + if strings.Contains(name, libpodImage.DefaultLocalRepo) && strings.Contains(name, source) { + prepend = fmt.Sprintf("%s/", libpodImage.DefaultLocalRepo) + break + } + } + } + dest = fmt.Sprintf("%s:%s%s", dst, prepend, source) } if err := newImage.PushImage(getContext(), dest, manifestType, "", "", writer, c.Bool("compress"), libpodImage.SigningOptions{}, &libpodImage.DockerRegistryOptions{}, false, additionaltags); err != nil { if err2 := os.Remove(output); err2 != nil { diff --git a/cmd/podman/umount.go b/cmd/podman/umount.go index 0fd7ff144..1a2cf22c6 100644 --- a/cmd/podman/umount.go +++ b/cmd/podman/umount.go @@ -58,7 +58,7 @@ func umountCmd(c *cli.Context) error { continue } - if err = unmountContainer(ctr); err != nil { + if err = ctr.Unmount(); err != nil { if lastError != nil { logrus.Error(lastError) } @@ -78,7 +78,7 @@ func umountCmd(c *cli.Context) error { continue } - if err = unmountContainer(ctr); err != nil { + if err = ctr.Unmount(); err != nil { if lastError != nil { logrus.Error(lastError) } @@ -90,12 +90,3 @@ func umountCmd(c *cli.Context) error { } return lastError } - -func unmountContainer(ctr *libpod.Container) error { - if mounted, err := ctr.Mounted(); mounted { - return ctr.Unmount() - } else { - return err - } - return errors.Errorf("container is not mounted") -} diff --git a/docs/podman.1.md b/docs/podman.1.md index ea7f93afa..5581e0569 100644 --- a/docs/podman.1.md +++ b/docs/podman.1.md @@ -117,7 +117,7 @@ Print the version **libpod.conf** (`/etc/containers/libpod.conf`) -libpod.conf is the configuration file for all tools using libpod to manage containers. This file is ignored when running in rootless mode. +libpod.conf is the configuration file for all tools using libpod to manage containers. When Podman runs in rootless mode, then the file `$HOME/.config/containers/libpod.conf` is used. **storage.conf** (`/etc/containers/storage.conf`) @@ -125,6 +125,8 @@ storage.conf is the storage configuration file for all tools using containers/st The storage configuration file specifies all of the available container storage options for tools using shared container storage. +When Podman runs in rootless mode, the file `$HOME/.config/containers/storage.conf` is also loaded. + **mounts.conf** (`/usr/share/containers/mounts.conf` and optionally `/etc/containers/mounts.conf`) The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the `podman run` or `podman start` commands. Container processes can then use this content. The volume mount content does not get committed to the final image if you do a `podman commit`. @@ -137,6 +139,8 @@ The format of the mounts.conf is the volume format /SRC:/DEST, one mount per lin Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host. +When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.conf` is also used. + **hook JSON** (`/usr/share/containers/oci/hooks.d/*.json`) Each `*.json` file in `/usr/share/containers/oci/hooks.d` configures a hook for Podman containers. For more details on the syntax of the JSON files and the semantics of hook injection, see `oci-hooks(5)`. @@ -153,6 +157,8 @@ Hooks are not used when running in rootless mode. registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. +When Podman runs in rootless mode, the file `$HOME/.config/containers/registries.conf` is used. + ## Rootless mode Podman can also be used as non-root user. When podman runs in rootless mode, an user namespace is automatically created. diff --git a/libpod/container_api.go b/libpod/container_api.go index a3756ac5f..bb9727ec1 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -437,11 +437,7 @@ func (c *Container) Mount() (string, error) { } } - if err := c.mountStorage(); err != nil { - return "", err - } - - return c.state.Mountpoint, nil + return c.mount() } // Unmount unmounts a container's filesystem on the host @@ -456,15 +452,24 @@ func (c *Container) Unmount() error { } if c.state.State == ContainerStateRunning || c.state.State == ContainerStatePaused { - return errors.Wrapf(ErrCtrStateInvalid, "cannot remove storage for container %s as it is running or paused", c.ID()) + return errors.Wrapf(ErrCtrStateInvalid, "cannot unmount storage for container %s as it is running or paused", c.ID()) } // Check if we have active exec sessions if len(c.state.ExecSessions) != 0 { - return errors.Wrapf(ErrCtrStateInvalid, "container %s has active exec sessions, refusing to clean up", c.ID()) + return errors.Wrapf(ErrCtrStateInvalid, "container %s has active exec sessions, refusing to unmount", c.ID()) } - return c.cleanupStorage() + if c.state.Mounted { + mounted, err := c.runtime.storageService.MountedContainerImage(c.ID()) + if err != nil { + return errors.Wrapf(err, "can't determine how many times %s is mounted, refusing to unmount", c.ID()) + } + if mounted == 1 { + return errors.Wrapf(err, "can't unmount %s last mount, it is still in use", c.ID()) + } + } + return c.unmount() } // Pause pauses a container diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 38099c6ac..55fd7369d 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -753,9 +753,9 @@ func (c *Container) mountStorage() (err error) { mountPoint := c.config.Rootfs if mountPoint == "" { - mountPoint, err = c.runtime.storageService.MountContainerImage(c.ID()) + mountPoint, err = c.mount() if err != nil { - return errors.Wrapf(err, "error mounting storage for container %s", c.ID()) + return err } } c.state.Mounted = true @@ -796,8 +796,7 @@ func (c *Container) cleanupStorage() error { return nil } - // Also unmount storage - if _, err := c.runtime.storageService.UnmountContainerImage(c.ID()); err != nil { + if err := c.unmount(); err != nil { // If the container has already been removed, warn but don't // error // We still want to be able to kick the container out of the @@ -807,7 +806,7 @@ func (c *Container) cleanupStorage() error { return nil } - return errors.Wrapf(err, "error unmounting container %s root filesystem", c.ID()) + return err } c.state.Mountpoint = "" @@ -1285,3 +1284,22 @@ func (c *Container) setupOCIHooks(ctx context.Context, config *spec.Spec) (exten return manager.Hooks(config, c.Spec().Annotations, len(c.config.UserVolumes) > 0) } + +// mount mounts the container's root filesystem +func (c *Container) mount() (string, error) { + mountPoint, err := c.runtime.storageService.MountContainerImage(c.ID()) + if err != nil { + return "", errors.Wrapf(err, "error mounting storage for container %s", c.ID()) + } + return mountPoint, nil +} + +// unmount unmounts the container's root filesystem +func (c *Container) unmount() error { + // Also unmount storage + if _, err := c.runtime.storageService.UnmountContainerImage(c.ID()); err != nil { + return errors.Wrapf(err, "error unmounting container %s root filesystem", c.ID()) + } + + return nil +} diff --git a/libpod/image/image.go b/libpod/image/image.go index b5c4c537f..3863338b5 100644 --- a/libpod/image/image.go +++ b/libpod/image/image.go @@ -260,6 +260,12 @@ func (i *Image) getLocalImage() (*storage.Image, error) { if hasReg { return nil, errors.Errorf("%s", imageError) } + // if the image is saved with the repository localhost, searching with localhost prepended is necessary + // We don't need to strip the sha because we have already determined it is not an ID + img, err = i.imageruntime.getImage(DefaultLocalRepo + "/" + i.InputName) + if err == nil { + return img.image, err + } // grab all the local images images, err := i.imageruntime.GetImages() @@ -462,6 +468,10 @@ func (i *Image) TagImage(tag string) error { if !decomposedTag.isTagged { tag = fmt.Sprintf("%s:%s", tag, decomposedTag.tag) } + // If the input doesn't specify a registry, set the registry to localhost + if !decomposedTag.hasRegistry { + tag = fmt.Sprintf("%s/%s", DefaultLocalRepo, tag) + } tags := i.Names() if util.StringInSlice(tag, tags) { return nil diff --git a/libpod/image/image_test.go b/libpod/image/image_test.go index 71beed495..04877dbe5 100644 --- a/libpod/image/image_test.go +++ b/libpod/image/image_test.go @@ -170,12 +170,12 @@ func TestImage_MatchRepoTag(t *testing.T) { // foo should resolve to foo:latest repoTag, err := newImage.MatchRepoTag("foo") assert.NoError(t, err) - assert.Equal(t, "foo:latest", repoTag) + assert.Equal(t, "localhost/foo:latest", repoTag) // foo:bar should resolve to foo:bar repoTag, err = newImage.MatchRepoTag("foo:bar") assert.NoError(t, err) - assert.Equal(t, "foo:bar", repoTag) + assert.Equal(t, "localhost/foo:bar", repoTag) // Shutdown the runtime and remove the temporary storage cleanup(workdir, ir) } diff --git a/libpod/image/pull.go b/libpod/image/pull.go index a5a398eb1..3bfbc912c 100644 --- a/libpod/image/pull.go +++ b/libpod/image/pull.go @@ -4,7 +4,6 @@ import ( "context" "fmt" "io" - "os" "strings" cp "github.com/containers/image/copy" @@ -46,6 +45,9 @@ var ( AtomicTransport = "atomic" // DefaultTransport is a prefix that we apply to an image name DefaultTransport = DockerTransport + // DefaultLocalRepo is the default local repository for local image operations + // Remote pulls will still use defined registries + DefaultLocalRepo = "localhost" ) type pullStruct struct { @@ -56,6 +58,14 @@ type pullStruct struct { } func (ir *Runtime) getPullStruct(srcRef types.ImageReference, destName string) (*pullStruct, error) { + imgPart, err := decompose(destName) + if err == nil && !imgPart.hasRegistry { + // If the image doesn't have a registry, set it as the default repo + imgPart.registry = DefaultLocalRepo + imgPart.hasRegistry = true + destName = imgPart.assemble() + } + reference := destName if srcRef.DockerReference() != nil { reference = srcRef.DockerReference().String() @@ -149,7 +159,9 @@ func (ir *Runtime) getPullListFromRef(ctx context.Context, srcRef types.ImageRef image := splitArr[1] // remove leading "/" if image[:1] == "/" { - image = image[1:] + // Instead of removing the leading /, set localhost as the registry + // so docker.io isn't prepended, and the path becomes the repository + image = DefaultLocalRepo + image } pullInfo, err := ir.getPullStruct(srcRef, image) if err != nil { @@ -277,12 +289,7 @@ func (i *Image) createNamesToPull() ([]*pullStruct, error) { pullNames = append(pullNames, &ps) } else { - registryConfigPath := "" - envOverride := os.Getenv("REGISTRIES_CONFIG_PATH") - if len(envOverride) > 0 { - registryConfigPath = envOverride - } - searchRegistries, err := sysregistries.GetRegistries(&types.SystemContext{SystemRegistriesConfPath: registryConfigPath}) + searchRegistries, err := registries.GetRegistries() if err != nil { return nil, err } diff --git a/libpod/storage.go b/libpod/storage.go index ff366edf2..76aa9efa4 100644 --- a/libpod/storage.go +++ b/libpod/storage.go @@ -248,6 +248,21 @@ func (r *storageService) UnmountContainerImage(idOrName string) (bool, error) { return mounted, nil } +func (r *storageService) MountedContainerImage(idOrName string) (int, error) { + if idOrName == "" { + return 0, ErrEmptyID + } + container, err := r.store.Container(idOrName) + if err != nil { + return 0, err + } + mounted, err := r.store.Mounted(container.ID) + if err != nil { + return 0, err + } + return mounted, nil +} + func (r *storageService) GetWorkDir(id string) (string, error) { container, err := r.store.Container(id) if err != nil { diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go index 844d2c415..c84bb21f6 100644 --- a/pkg/registries/registries.go +++ b/pkg/registries/registries.go @@ -2,15 +2,27 @@ package registries import ( "os" + "path/filepath" "github.com/containers/image/pkg/sysregistries" "github.com/containers/image/types" "github.com/pkg/errors" + "github.com/projectatomic/libpod/pkg/rootless" ) +// userRegistriesFile is the path to the per user registry configuration file. +var userRegistriesFile = filepath.Join(os.Getenv("HOME"), ".config/containers/registries.conf") + // GetRegistries obtains the list of registries defined in the global registries file. func GetRegistries() ([]string, error) { registryConfigPath := "" + + if rootless.IsRootless() { + if _, err := os.Stat(userRegistriesFile); err == nil { + registryConfigPath = userRegistriesFile + } + } + envOverride := os.Getenv("REGISTRIES_CONFIG_PATH") if len(envOverride) > 0 { registryConfigPath = envOverride @@ -25,6 +37,11 @@ func GetRegistries() ([]string, error) { // GetInsecureRegistries obtains the list of insecure registries from the global registration file. func GetInsecureRegistries() ([]string, error) { registryConfigPath := "" + + if _, err := os.Stat(userRegistriesFile); err == nil { + registryConfigPath = userRegistriesFile + } + envOverride := os.Getenv("REGISTRIES_CONFIG_PATH") if len(envOverride) > 0 { registryConfigPath = envOverride diff --git a/pkg/secrets/secrets.go b/pkg/secrets/secrets.go index ba0f3b925..bc63ece00 100644 --- a/pkg/secrets/secrets.go +++ b/pkg/secrets/secrets.go @@ -10,6 +10,7 @@ import ( rspec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" + "github.com/projectatomic/libpod/pkg/rootless" "github.com/sirupsen/logrus" ) @@ -20,6 +21,9 @@ var ( // OverrideMountsFile holds the default mount paths in the form // "host_path:container_path" overridden by the user OverrideMountsFile = "/etc/containers/mounts.conf" + // UserOverrideMountsFile holds the default mount paths in the form + // "host_path:container_path" overridden by the rootless user + UserOverrideMountsFile = filepath.Join(os.Getenv("HOME"), ".config/containers/mounts.conf") ) // secretData stores the name of the file and the content read from it @@ -143,15 +147,21 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPre // Note for testing purposes only if mountFile == "" { mountFiles = append(mountFiles, []string{OverrideMountsFile, DefaultMountsFile}...) + if rootless.IsRootless() { + mountFiles = append([]string{UserOverrideMountsFile}, mountFiles...) + } } else { mountFiles = append(mountFiles, mountFile) } for _, file := range mountFiles { - mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, mountPrefix, uid, gid) - if err != nil { - logrus.Warnf("error mounting secrets, skipping: %v", err) + if _, err := os.Stat(file); err == nil { + mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, mountPrefix, uid, gid) + if err != nil { + logrus.Warnf("error mounting secrets, skipping: %v", err) + } + secretMounts = mounts + break } - secretMounts = append(secretMounts, mounts...) } // Add FIPS mode secret if /etc/system-fips exists on the host diff --git a/test/e2e/load_test.go b/test/e2e/load_test.go index 3fe68ad8e..d39f75927 100644 --- a/test/e2e/load_test.go +++ b/test/e2e/load_test.go @@ -161,4 +161,60 @@ var _ = Describe("Podman load", func() { inspect.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) }) + + It("podman load localhost repo from scratch", func() { + outfile := filepath.Join(podmanTest.TempDir, "load_test.tar.gz") + setup := podmanTest.Podman([]string{"pull", fedoraMinimal}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + + setup = podmanTest.Podman([]string{"tag", "fedora-minimal", "hello:world"}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + + setup = podmanTest.Podman([]string{"save", "-o", outfile, "--format", "oci-archive", "hello:world"}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + + setup = podmanTest.Podman([]string{"rmi", "hello:world"}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + + load := podmanTest.Podman([]string{"load", "-i", outfile}) + load.WaitWithDefaultTimeout() + Expect(load.ExitCode()).To(Equal(0)) + + result := podmanTest.Podman([]string{"images", "-f", "label", "hello:world"}) + result.WaitWithDefaultTimeout() + Expect(result.LineInOutputContains("docker")).To(Not(BeTrue())) + Expect(result.LineInOutputContains("localhost")).To(BeTrue()) + }) + + It("podman load localhost repo from dir", func() { + outfile := filepath.Join(podmanTest.TempDir, "load") + setup := podmanTest.Podman([]string{"pull", fedoraMinimal}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + + setup = podmanTest.Podman([]string{"tag", "fedora-minimal", "hello:world"}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + + setup = podmanTest.Podman([]string{"save", "-o", outfile, "--format", "oci-dir", "hello:world"}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + + setup = podmanTest.Podman([]string{"rmi", "hello:world"}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + + load := podmanTest.Podman([]string{"load", "-i", outfile}) + load.WaitWithDefaultTimeout() + Expect(load.ExitCode()).To(Equal(0)) + + result := podmanTest.Podman([]string{"images", "-f", "label", "load:latest"}) + result.WaitWithDefaultTimeout() + Expect(result.LineInOutputContains("docker")).To(Not(BeTrue())) + Expect(result.LineInOutputContains("localhost")).To(BeTrue()) + }) }) diff --git a/test/e2e/tag_test.go b/test/e2e/tag_test.go index 5b578ee07..b07bc5550 100644 --- a/test/e2e/tag_test.go +++ b/test/e2e/tag_test.go @@ -38,7 +38,7 @@ var _ = Describe("Podman tag", func() { Expect(results.ExitCode()).To(Equal(0)) inspectData := results.InspectImageJSON() Expect(StringInSlice("docker.io/library/alpine:latest", inspectData[0].RepoTags)).To(BeTrue()) - Expect(StringInSlice("foobar:latest", inspectData[0].RepoTags)).To(BeTrue()) + Expect(StringInSlice("localhost/foobar:latest", inspectData[0].RepoTags)).To(BeTrue()) }) It("podman tag shortname", func() { @@ -51,7 +51,7 @@ var _ = Describe("Podman tag", func() { Expect(results.ExitCode()).To(Equal(0)) inspectData := results.InspectImageJSON() Expect(StringInSlice("docker.io/library/alpine:latest", inspectData[0].RepoTags)).To(BeTrue()) - Expect(StringInSlice("foobar:latest", inspectData[0].RepoTags)).To(BeTrue()) + Expect(StringInSlice("localhost/foobar:latest", inspectData[0].RepoTags)).To(BeTrue()) }) It("podman tag shortname:tag", func() { @@ -64,7 +64,7 @@ var _ = Describe("Podman tag", func() { Expect(results.ExitCode()).To(Equal(0)) inspectData := results.InspectImageJSON() Expect(StringInSlice("docker.io/library/alpine:latest", inspectData[0].RepoTags)).To(BeTrue()) - Expect(StringInSlice("foobar:new", inspectData[0].RepoTags)).To(BeTrue()) + Expect(StringInSlice("localhost/foobar:new", inspectData[0].RepoTags)).To(BeTrue()) }) It("podman tag shortname image no tag", func() { |