diff options
46 files changed, 645 insertions, 182 deletions
@@ -22,7 +22,7 @@ ETCDIR ?= /etc TMPFILESDIR ?= ${PREFIX}/lib/tmpfiles.d SYSTEMDDIR ?= ${PREFIX}/lib/systemd/system USERSYSTEMDDIR ?= ${PREFIX}/lib/systemd/user -REMOTETAGS ?= !ABISupport remoteclient exclude_graphdriver_btrfs btrfs_noversion exclude_graphdriver_devicemapper containers_image_openpgp +REMOTETAGS ?= !ABISupport remote exclude_graphdriver_btrfs btrfs_noversion exclude_graphdriver_devicemapper containers_image_openpgp BUILDTAGS ?= \ $(shell hack/apparmor_tag.sh) \ $(shell hack/btrfs_installed_tag.sh) \ @@ -45,7 +45,7 @@ ifeq ($(shell go help mod >/dev/null 2>&1 && echo true), true) GO_BUILD=GO111MODULE=on $(GO) build -mod=vendor endif -BUILDTAGS_CROSS ?= containers_image_openpgp exclude_graphdriver_btrfs exclude_graphdriver_devicemapper exclude_graphdriver_overlay +BUILDTAGS_CROSS ?= ABISupport containers_image_openpgp exclude_graphdriver_btrfs exclude_graphdriver_devicemapper exclude_graphdriver_overlay ifneq (,$(findstring varlink,$(BUILDTAGS))) PODMAN_VARLINK_DEPENDENCIES = pkg/varlink/iopodman.go endif diff --git a/cmd/podman/containers/stats.go b/cmd/podman/containers/stats.go index 5b7f52cc7..c61b161e4 100644 --- a/cmd/podman/containers/stats.go +++ b/cmd/podman/containers/stats.go @@ -4,6 +4,7 @@ import ( "fmt" "os" "strings" + "sync" "text/tabwriter" "text/template" @@ -111,14 +112,20 @@ func stats(cmd *cobra.Command, args []string) error { } } statsOptions.StatChan = make(chan []*define.ContainerStats, 1) + wg := sync.WaitGroup{} + wg.Add(1) go func() { for reports := range statsOptions.StatChan { if err := outputStats(reports); err != nil { logrus.Error(err) } } + wg.Done() + }() - return registry.ContainerEngine().ContainerStats(registry.Context(), args, statsOptions) + err := registry.ContainerEngine().ContainerStats(registry.Context(), args, statsOptions) + wg.Wait() + return err } func outputStats(reports []*define.ContainerStats) error { diff --git a/cmd/podman/pods/inspect.go b/cmd/podman/pods/inspect.go index 1e333247b..34c07c11b 100644 --- a/cmd/podman/pods/inspect.go +++ b/cmd/podman/pods/inspect.go @@ -4,6 +4,7 @@ import ( "context" "fmt" + "github.com/containers/buildah/pkg/formats" "github.com/containers/libpod/cmd/podman/registry" "github.com/containers/libpod/pkg/domain/entities" "github.com/pkg/errors" @@ -36,6 +37,7 @@ func init() { }) flags := inspectCmd.Flags() flags.BoolVarP(&inspectOptions.Latest, "latest", "l", false, "Act on the latest pod podman is aware of") + flags.StringVarP(&inspectOptions.Format, "format", "f", "json", "Format the output to a Go template or json") if registry.IsRemote() { _ = flags.MarkHidden("latest") } @@ -54,10 +56,11 @@ func inspect(cmd *cobra.Command, args []string) error { if err != nil { return err } - b, err := json.MarshalIndent(responses, "", " ") - if err != nil { - return err + var data interface{} = responses + var out formats.Writer = formats.JSONStruct{Output: data} + if inspectOptions.Format != "json" { + out = formats.StdoutTemplate{Output: data, Template: inspectOptions.Format} } - fmt.Println(string(b)) - return nil + + return out.Out() } diff --git a/completions/bash/podman b/completions/bash/podman index 8f02a4b36..a58becaf0 100644 --- a/completions/bash/podman +++ b/completions/bash/podman @@ -3345,6 +3345,18 @@ _podman_pod_unpause() { esac } +_podman_pod_inspect() { + local options_with_args=" + --format + -f + --latest + -l + " + + _complete_ "$options_with_args" +} + + _podman_pod() { local boolean_options=" --help @@ -3362,6 +3374,7 @@ _podman_pod() { stop top unpause + inspect " local aliases=" list diff --git a/docs/source/index.rst b/docs/source/index.rst index 9cc8e7af8..1c46f1c8a 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -2,7 +2,7 @@ What is Podman? ================================== -Podman_ is a daemonless, open source, Linux native tool designed to make it easy to find, run, build, share and deploy applications using Open Containers Initiative (OCI_) Containers_ and `Container Images`_. Podman provides a command line interface (CLI) familiar to anyone who has used the Docker `Container Engine`_. Most users can simply alias Docker to Podman (`alias docker=podman`) without any problems. Similiar other common `Container Engines`_ (Docker, CRI-O, containerd), Podman relies on an OCI compliant `Container Runtime`_ (runc, crun, runv, etc) to interface with the operating system and create the running containers.This makes the running containers created by Podman nearly indistinguishable from those created by any other common container engine. +Podman_ is a daemonless, open source, Linux native tool designed to make it easy to find, run, build, share and deploy applications using Open Containers Initiative (OCI_) Containers_ and `Container Images`_. Podman provides a command line interface (CLI) familiar to anyone who has used the Docker `Container Engine`_. Most users can simply alias Docker to Podman (`alias docker=podman`) without any problems. Similar to other common `Container Engines`_ (Docker, CRI-O, containerd), Podman relies on an OCI compliant `Container Runtime`_ (runc, crun, runv, etc) to interface with the operating system and create the running containers.This makes the running containers created by Podman nearly indistinguishable from those created by any other common container engine. Containers under the control of Podman can either be run by root or by a non-privileged user. Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod_ library. Podman specializes in all of the commands and functions that help you to maintain and modify OCI container images, such as pulling and tagging. It allows you to create, run, and maintain those containers and container images in a production environment. diff --git a/docs/source/markdown/podman-pod-inspect.1.md b/docs/source/markdown/podman-pod-inspect.1.md index 831d28259..bc04b2b32 100644 --- a/docs/source/markdown/podman-pod-inspect.1.md +++ b/docs/source/markdown/podman-pod-inspect.1.md @@ -18,21 +18,50 @@ to run pods such as CRI-O, the last started pod could be from either of those me The latest option is not supported on the remote client. +**-f**, **--format**=*format* + +Change the default output format. This can be of a supported type like 'json' +or a Go template. +Valid placeholders for the Go template are listed below: + +| **Placeholder** | **Description** | +| ----------------- | ----------------------------------------------------------------------------- | +| .ID | Pod ID | +| .Name | Pod name | +| .State | Pod state | +| .Hostname | Pod hostname | +| .Labels | Pod labels | +| .Created | Time when the pod was created | +| .CreateCgroup | Whether cgroup was created | +| .CgroupParent | Pod cgroup parent | +| .CgroupPath | Pod cgroup path | +| .CreateInfra | Whether infrastructure created | +| .InfraContainerID | Pod infrastructure ID | +| .SharedNamespaces | Pod shared namespaces | +| .NumContainers | Number of containers in the pod | +| .Containers | Pod containers | + ## EXAMPLE ``` # podman pod inspect foobar { - "Config": { - "id": "3513ca70583dd7ef2bac83331350f6b6c47d7b4e526c908e49d89ebf720e4693", - "name": "foobar", - "labels": {}, - "cgroupParent": "/libpod_parent", - "UsePodCgroup": true, - "created": "2018-08-08T11:15:18.823115347-05:00" - }, - "State": { - "CgroupPath": "" - }, + + "Id": "3513ca70583dd7ef2bac83331350f6b6c47d7b4e526c908e49d89ebf720e4693", + "Name": "foobar", + "Labels": {}, + "CgroupParent": "/libpod_parent", + "CreateCgroup": true, + "Created": "2018-08-08T11:15:18.823115347-05:00" + "State": "created", + "Hostname": "", + "SharedNamespaces": [ + "uts", + "ipc", + "net" + ] + "CreateInfra": false, + "InfraContainerID": "1020dd70583dd7ff2bac83331350f6b6e007de0d026c908e49d89ebf891d4699" + "CgroupPath": "" "Containers": [ { "id": "d53f8bf1e9730281264aac6e6586e327429f62c704abea4b6afb5d8a2b2c9f2c", @@ -11,7 +11,7 @@ require ( github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921 github.com/containernetworking/plugins v0.8.6 github.com/containers/buildah v1.14.9-0.20200523094741-de0f541d9224 - github.com/containers/common v0.11.4 + github.com/containers/common v0.12.0 github.com/containers/conmon v2.0.16+incompatible github.com/containers/image/v5 v5.4.4 github.com/containers/psgo v1.5.0 @@ -69,8 +69,8 @@ github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHV github.com/containers/buildah v1.14.9-0.20200523094741-de0f541d9224 h1:EqwBZRqyUYvU7JOmmSSPviSaAoUP1wN0cefXXDZ9ATo= github.com/containers/buildah v1.14.9-0.20200523094741-de0f541d9224/go.mod h1:5ZkWjOuK90yl55L5R+purJNLfUo0VUr8pstJazNtYck= github.com/containers/common v0.11.2/go.mod h1:2w3QE6VUmhltGYW4wV00h4okq1Crs7hNI1ZD2I0QRUY= -github.com/containers/common v0.11.4 h1:M7lmjaVY+29g+YiaWH/UP4YeHjT/pZMxvRgmsWsQn74= -github.com/containers/common v0.11.4/go.mod h1:AOxw4U5TJJrR/J1QPRvWbjHNdwU13wMy79rjK+7+aJE= +github.com/containers/common v0.12.0 h1:LR/sYyzFa22rFhfu6J9dEYhVkrWjagUigz/ewHhHL9s= +github.com/containers/common v0.12.0/go.mod h1:PKlahPDnQQYcXuIw5qq8mq6yNuCHBtgABphzy6pN0iI= github.com/containers/conmon v2.0.16+incompatible h1:QFOlb9Id4WoJ24BelCFWwDSPTquwKMp3L3g2iGmRTq4= github.com/containers/conmon v2.0.16+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.4.3/go.mod h1:pN0tvp3YbDd7BWavK2aE0mvJUqVd2HmhPjekyWSFm0U= diff --git a/pkg/api/handlers/compat/containers_attach.go b/pkg/api/handlers/compat/containers_attach.go index 012e20daf..990140ee1 100644 --- a/pkg/api/handlers/compat/containers_attach.go +++ b/pkg/api/handlers/compat/containers_attach.go @@ -90,7 +90,7 @@ func AttachContainer(w http.ResponseWriter, r *http.Request) { // For Docker compatibility, we need to re-initialize containers in these states. if state == define.ContainerStateConfigured || state == define.ContainerStateExited { if err := ctr.Init(r.Context()); err != nil { - utils.InternalServerError(w, errors.Wrapf(err, "error preparing container %s for attach", ctr.ID())) + utils.Error(w, "Container in wrong state", http.StatusConflict, errors.Wrapf(err, "error preparing container %s for attach", ctr.ID())) return } } else if !(state == define.ContainerStateCreated || state == define.ContainerStateRunning) { diff --git a/pkg/api/handlers/compat/containers_stats.go b/pkg/api/handlers/compat/containers_stats.go index 62ccd2b93..048321add 100644 --- a/pkg/api/handlers/compat/containers_stats.go +++ b/pkg/api/handlers/compat/containers_stats.go @@ -45,8 +45,8 @@ func StatsContainer(w http.ResponseWriter, r *http.Request) { utils.InternalServerError(w, err) return } - if state != define.ContainerStateRunning && !query.Stream { - utils.InternalServerError(w, define.ErrCtrStateInvalid) + if state != define.ContainerStateRunning { + utils.Error(w, "Container not running and streaming requested", http.StatusConflict, define.ErrCtrStateInvalid) return } diff --git a/pkg/api/handlers/compat/events.go b/pkg/api/handlers/compat/events.go index 7ebfb0d1e..577ddd0a1 100644 --- a/pkg/api/handlers/compat/events.go +++ b/pkg/api/handlers/compat/events.go @@ -26,7 +26,10 @@ func GetEvents(w http.ResponseWriter, r *http.Request) { Since string `schema:"since"` Until string `schema:"until"` Filters map[string][]string `schema:"filters"` - }{} + Stream bool `schema:"stream"` + }{ + Stream: true, + } if err := decoder.Decode(&query, r.URL.Query()); err != nil { utils.Error(w, "Failed to parse parameters", http.StatusBadRequest, errors.Wrapf(err, "Failed to parse parameters for %s", r.URL.String())) } @@ -41,9 +44,10 @@ func GetEvents(w http.ResponseWriter, r *http.Request) { if len(query.Since) > 0 || len(query.Until) > 0 { fromStart = true } + eventChannel := make(chan *events.Event) go func() { - readOpts := events.ReadOptions{FromStart: fromStart, Stream: true, Filters: libpodFilters, EventChannel: eventChannel, Since: query.Since, Until: query.Until} + readOpts := events.ReadOptions{FromStart: fromStart, Stream: query.Stream, Filters: libpodFilters, EventChannel: eventChannel, Since: query.Since, Until: query.Until} eventsError = runtime.Events(readOpts) }() if eventsError != nil { @@ -55,7 +59,9 @@ func GetEvents(w http.ResponseWriter, r *http.Request) { // If client disappears we need to stop listening for events go func(done <-chan struct{}) { <-done - close(eventChannel) + if _, ok := <-eventChannel; ok { + close(eventChannel) + } }(r.Context().Done()) // Headers need to be written out before turning Writer() over to json encoder diff --git a/pkg/api/handlers/compat/networks.go b/pkg/api/handlers/compat/networks.go index ceeae30fb..c52ca093f 100644 --- a/pkg/api/handlers/compat/networks.go +++ b/pkg/api/handlers/compat/networks.go @@ -123,7 +123,7 @@ func getNetworkResourceByName(name string, runtime *libpod.Runtime) (*types.Netw report := types.NetworkResource{ Name: name, ID: "", - Created: time.Unix(stat.Ctim.Sec, stat.Ctim.Nsec), + Created: time.Unix(int64(stat.Ctim.Sec), int64(stat.Ctim.Nsec)), // nolint: unconvert Scope: "", Driver: network.DefaultNetworkDriver, EnableIPv6: false, diff --git a/pkg/api/handlers/compat/resize.go b/pkg/api/handlers/compat/resize.go index 3ead733bc..231b53175 100644 --- a/pkg/api/handlers/compat/resize.go +++ b/pkg/api/handlers/compat/resize.go @@ -1,10 +1,12 @@ package compat import ( + "fmt" "net/http" "strings" "github.com/containers/libpod/libpod" + "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/pkg/api/handlers/utils" "github.com/gorilla/schema" "github.com/pkg/errors" @@ -43,6 +45,14 @@ func ResizeTTY(w http.ResponseWriter, r *http.Request) { utils.ContainerNotFound(w, name, err) return } + if state, err := ctnr.State(); err != nil { + utils.InternalServerError(w, errors.Wrapf(err, "cannot obtain container state")) + return + } else if state != define.ContainerStateRunning { + utils.Error(w, "Container not running", http.StatusConflict, + fmt.Errorf("container %q in wrong state %q", name, state.String())) + return + } if err := ctnr.AttachResize(sz); err != nil { utils.InternalServerError(w, errors.Wrapf(err, "cannot resize container")) return @@ -56,6 +66,14 @@ func ResizeTTY(w http.ResponseWriter, r *http.Request) { utils.SessionNotFound(w, name, err) return } + if state, err := ctnr.State(); err != nil { + utils.InternalServerError(w, errors.Wrapf(err, "cannot obtain session container state")) + return + } else if state != define.ContainerStateRunning { + utils.Error(w, "Container not running", http.StatusConflict, + fmt.Errorf("container %q in wrong state %q", name, state.String())) + return + } if err := ctnr.ExecResize(name, sz); err != nil { utils.InternalServerError(w, errors.Wrapf(err, "cannot resize session")) return diff --git a/pkg/api/handlers/compat/types.go b/pkg/api/handlers/compat/types.go index b8d06760f..6d47ede64 100644 --- a/pkg/api/handlers/compat/types.go +++ b/pkg/api/handlers/compat/types.go @@ -48,7 +48,7 @@ type StatsJSON struct { Stats Name string `json:"name,omitempty"` - ID string `json:"id,omitempty"` + ID string `json:"Id,omitempty"` // Networks request version >=1.21 Networks map[string]docker.NetworkStats `json:"networks,omitempty"` diff --git a/pkg/api/handlers/libpod/containers.go b/pkg/api/handlers/libpod/containers.go index 3902bdc9b..50f6b1a38 100644 --- a/pkg/api/handlers/libpod/containers.go +++ b/pkg/api/handlers/libpod/containers.go @@ -66,6 +66,10 @@ func ListContainers(w http.ResponseWriter, r *http.Request) { utils.InternalServerError(w, err) return } + if len(pss) == 0 { + utils.WriteResponse(w, http.StatusOK, "[]") + return + } utils.WriteResponse(w, http.StatusOK, pss) } diff --git a/pkg/api/handlers/types.go b/pkg/api/handlers/types.go index d8cdd9caf..aa3d0fe91 100644 --- a/pkg/api/handlers/types.go +++ b/pkg/api/handlers/types.go @@ -120,7 +120,7 @@ type CreateContainerConfig struct { // swagger:model IDResponse type IDResponse struct { // ID - ID string `json:"id"` + ID string `json:"Id"` } type ContainerTopOKBody struct { diff --git a/pkg/api/server/register_events.go b/pkg/api/server/register_events.go index e909303da..2b85eb169 100644 --- a/pkg/api/server/register_events.go +++ b/pkg/api/server/register_events.go @@ -58,6 +58,11 @@ func (s *APIServer) registerEventsHandlers(r *mux.Router) error { // type: string // in: query // description: JSON encoded map[string][]string of constraints + // - name: stream + // type: boolean + // in: query + // default: true + // description: when false, do not follow events // responses: // 200: // description: returns a string of json data describing an event diff --git a/pkg/api/server/register_images.go b/pkg/api/server/register_images.go index c885dc81a..64094e8e4 100644 --- a/pkg/api/server/register_images.go +++ b/pkg/api/server/register_images.go @@ -631,13 +631,18 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error { // required: true // description: Name of image to push. // - in: query - // name: tag + // name: destination // type: string - // description: The tag to associate with the image on the registry. + // description: Allows for pushing the image to a different destintation than the image refers to. // - in: query // name: credentials // description: username:password for the registry. // type: string + // - in: query + // name: tlsVerify + // description: Require TLS verification. + // type: boolean + // default: true // - in: header // name: X-Registry-Auth // type: string diff --git a/pkg/bindings/system/system.go b/pkg/bindings/system/system.go index 5348d0cfb..2cd894228 100644 --- a/pkg/bindings/system/system.go +++ b/pkg/bindings/system/system.go @@ -20,7 +20,7 @@ import ( // Events allows you to monitor libdpod related events like container creation and // removal. The events are then passed to the eventChan provided. The optional cancelChan // can be used to cancel the read of events and close down the HTTP connection. -func Events(ctx context.Context, eventChan chan (entities.Event), cancelChan chan bool, since, until *string, filters map[string][]string) error { +func Events(ctx context.Context, eventChan chan entities.Event, cancelChan chan bool, since, until *string, filters map[string][]string, stream *bool) error { conn, err := bindings.GetClient(ctx) if err != nil { return err @@ -32,6 +32,9 @@ func Events(ctx context.Context, eventChan chan (entities.Event), cancelChan cha if until != nil { params.Set("until", *until) } + if stream != nil { + params.Set("stream", strconv.FormatBool(*stream)) + } if filters != nil { filterString, err := bindings.FiltersToString(filters) if err != nil { @@ -50,18 +53,24 @@ func Events(ctx context.Context, eventChan chan (entities.Event), cancelChan cha logrus.Error(errors.Wrap(err, "unable to close event response body")) }() } + dec := json.NewDecoder(response.Body) - for { - e := entities.Event{} - if err := dec.Decode(&e); err != nil { - if err == io.EOF { - break - } - return errors.Wrap(err, "unable to decode event response") + for err = (error)(nil); err == nil; { + var e = entities.Event{} + err = dec.Decode(&e) + if err == nil { + eventChan <- e } - eventChan <- e } - return nil + close(eventChan) + switch { + case err == nil: + return nil + case errors.Is(err, io.EOF): + return nil + default: + return errors.Wrap(err, "unable to decode event response") + } } // Prune removes all unused system data. diff --git a/pkg/bindings/test/system_test.go b/pkg/bindings/test/system_test.go index 27ab2f555..dd3778754 100644 --- a/pkg/bindings/test/system_test.go +++ b/pkg/bindings/test/system_test.go @@ -47,13 +47,13 @@ var _ = Describe("Podman system", func() { } }() go func() { - system.Events(bt.conn, eChan, cancelChan, nil, nil, nil) + system.Events(bt.conn, eChan, cancelChan, nil, nil, nil, bindings.PFalse) }() _, err := bt.RunTopContainer(nil, nil, nil) Expect(err).To(BeNil()) cancelChan <- true - Expect(len(messages)).To(BeNumerically("==", 3)) + Expect(len(messages)).To(BeNumerically("==", 5)) }) It("podman system prune - pod,container stopped", func() { diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go index 0f909ab37..968bcff3b 100644 --- a/pkg/domain/entities/images.go +++ b/pkg/domain/entities/images.go @@ -50,7 +50,7 @@ func (i *Image) Id() string { } type ImageSummary struct { - ID string + ID string `json:"Id"` ParentId string `json:",omitempty"` RepoTags []string `json:",omitempty"` Created time.Time `json:",omitempty"` diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go index a4896ce4d..1a38a7aa4 100644 --- a/pkg/domain/entities/pods.go +++ b/pkg/domain/entities/pods.go @@ -184,6 +184,8 @@ type PodInspectOptions struct { // Options for the API. NameOrID string + + Format string } type PodInspectReport struct { diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go index b4e38ca23..e982c7c11 100644 --- a/pkg/domain/infra/abi/containers.go +++ b/pkg/domain/infra/abi/containers.go @@ -1087,6 +1087,7 @@ func (ic *ContainerEngine) Shutdown(_ context.Context) { } func (ic *ContainerEngine) ContainerStats(ctx context.Context, namesOrIds []string, options entities.ContainerStatsOptions) error { + defer close(options.StatChan) containerFunc := ic.Libpod.GetRunningContainers switch { case len(namesOrIds) > 0: diff --git a/pkg/domain/infra/abi/events.go b/pkg/domain/infra/abi/events.go index 20773cdce..7ec9db369 100644 --- a/pkg/domain/infra/abi/events.go +++ b/pkg/domain/infra/abi/events.go @@ -5,12 +5,9 @@ import ( "github.com/containers/libpod/libpod/events" "github.com/containers/libpod/pkg/domain/entities" - "github.com/sirupsen/logrus" ) func (ic *ContainerEngine) Events(ctx context.Context, opts entities.EventsOptions) error { readOpts := events.ReadOptions{FromStart: opts.FromStart, Stream: opts.Stream, Filters: opts.Filter, EventChannel: opts.EventChan, Since: opts.Since, Until: opts.Until} - err := ic.Libpod.Events(readOpts) - logrus.Error(err) - return err + return ic.Libpod.Events(readOpts) } diff --git a/pkg/domain/infra/tunnel/events.go b/pkg/domain/infra/tunnel/events.go index 93da3aeb4..6a08a1f85 100644 --- a/pkg/domain/infra/tunnel/events.go +++ b/pkg/domain/infra/tunnel/events.go @@ -25,6 +25,7 @@ func (ic *ContainerEngine) Events(ctx context.Context, opts entities.EventsOptio for e := range binChan { opts.EventChan <- entities.ConvertToLibpodEvent(e) } + close(opts.EventChan) }() - return system.Events(ic.ClientCxt, binChan, nil, &opts.Since, &opts.Until, filters) + return system.Events(ic.ClientCxt, binChan, nil, &opts.Since, &opts.Until, filters, &opts.Stream) } diff --git a/pkg/ps/ps.go b/pkg/ps/ps.go index 907063df9..ec96367cb 100644 --- a/pkg/ps/ps.go +++ b/pkg/ps/ps.go @@ -23,7 +23,7 @@ func GetContainerLists(runtime *libpod.Runtime, options entities.ContainerListOp filterFuncs []libpod.ContainerFilter pss []entities.ListContainer ) - all := options.All + all := options.All || options.Last > 0 if len(options.Filters) > 0 { for k, v := range options.Filters { for _, val := range v { diff --git a/pkg/specgen/generate/config_linux.go b/pkg/specgen/generate/config_linux.go index 1b2a2ac32..f4cf0c704 100644 --- a/pkg/specgen/generate/config_linux.go +++ b/pkg/specgen/generate/config_linux.go @@ -72,13 +72,17 @@ func addPrivilegedDevices(g *generate.Generator) error { newMounts = append(newMounts, devMnt) } g.Config.Mounts = append(newMounts, g.Config.Mounts...) - g.Config.Linux.Resources.Devices = nil + if g.Config.Linux.Resources != nil { + g.Config.Linux.Resources.Devices = nil + } } else { for _, d := range hostDevices { g.AddDevice(Device(d)) } // Add resources device - need to clear the existing one first. - g.Config.Linux.Resources.Devices = nil + if g.Config.Linux.Resources != nil { + g.Config.Linux.Resources.Devices = nil + } g.AddLinuxResourcesDevice(true, "", nil, nil, "rwm") } diff --git a/test/apiv2/10-images.at b/test/apiv2/10-images.at index 1c8da0c2f..1c7ba8948 100644 --- a/test/apiv2/10-images.at +++ b/test/apiv2/10-images.at @@ -7,15 +7,15 @@ podman pull -q $IMAGE t GET libpod/images/json 200 \ - .[0].ID~[0-9a-f]\\{64\\} -iid=$(jq -r '.[0].ID' <<<"$output") + .[0].Id~[0-9a-f]\\{64\\} +iid=$(jq -r '.[0].Id' <<<"$output") t GET libpod/images/$iid/exists 204 t GET libpod/images/$PODMAN_TEST_IMAGE_NAME/exists 204 # FIXME: compare to actual podman info t GET libpod/images/json 200 \ - .[0].ID=${iid} + .[0].Id=${iid} t GET libpod/images/$iid/json 200 \ .Id=$iid \ @@ -33,4 +33,27 @@ t GET images/$iid/json 200 \ #t POST images/create fromImage=alpine 201 foo +# Display the image history +t GET libpod/images/nonesuch/history 404 + +for i in $iid ${iid:0:12} $PODMAN_TEST_IMAGE_NAME; do + t GET libpod/images/$i/history 200 \ + .[0].Id=$iid \ + .[0].Created~[0-9]\\{10\\} \ + .[0].Tags=null \ + .[0].Size=0 \ + .[0].Comment= +done + +# Export an image on the local +t GET libpod/images/nonesuch/get 404 +t GET libpod/images/$iid/get?format=foo 500 +t GET libpod/images/$PODMAN_TEST_IMAGE_NAME/get?compress=bar 400 + +for i in $iid ${iid:0:12} $PODMAN_TEST_IMAGE_NAME; do + t GET "libpod/images/$i/get" 200 '[POSIX tar archive]' + t GET "libpod/images/$i/get?compress=true" 200 '[POSIX tar archive]' + t GET "libpod/images/$i/get?compress=false" 200 '[POSIX tar archive]' +done + # vim: filetype=sh diff --git a/test/apiv2/40-pods.at b/test/apiv2/40-pods.at index 26877a102..2dea1918a 100644 --- a/test/apiv2/40-pods.at +++ b/test/apiv2/40-pods.at @@ -5,8 +5,8 @@ t GET "libpod/pods/json (clean slate at start)" 200 null -t POST libpod/pods/create name=foo 201 .id~[0-9a-f]\\{64\\} -pod_id=$(jq -r .id <<<"$output") +t POST libpod/pods/create name=foo 201 .Id~[0-9a-f]\\{64\\} +pod_id=$(jq -r .Id <<<"$output") t GET libpod/pods/foo/exists 204 t GET libpod/pods/$pod_id/exists 204 t GET libpod/pods/notfoo/exists 404 diff --git a/test/apiv2/rest_api/__init__.py b/test/apiv2/rest_api/__init__.py new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/apiv2/rest_api/__init__.py diff --git a/test/apiv2/rest_api/test_rest_v1_0_0.py b/test/apiv2/rest_api/test_rest_v1_0_0.py new file mode 100644 index 000000000..7c53623cb --- /dev/null +++ b/test/apiv2/rest_api/test_rest_v1_0_0.py @@ -0,0 +1,219 @@ +import json +import os +import shlex +import signal +import string +import subprocess +import sys +import time +import unittest +from collections.abc import Iterable +from multiprocessing import Process + +import requests +from dateutil.parser import parse + + +def _url(path): + return "http://localhost:8080/v1.0.0/libpod" + path + + +def podman(): + binary = os.getenv("PODMAN_BINARY") + if binary is None: + binary = "bin/podman" + return binary + + +def ctnr(path): + r = requests.get(_url("/containers/json?all=true")) + try: + ctnrs = json.loads(r.text) + except Exception as e: + sys.stderr.write("Bad container response: {}/{}".format(r.text, e)) + raise e + return path.format(ctnrs[0]["Id"]) + + +class TestApi(unittest.TestCase): + podman = None + + def setUp(self): + super().setUp() + if TestApi.podman.poll() is not None: + sys.stderr.write("podman service returned {}", + TestApi.podman.returncode) + sys.exit(2) + requests.get( + _url("/images/create?fromSrc=docker.io%2Falpine%3Alatest")) + # calling out to podman is easier than the API for running a container + subprocess.run([podman(), "run", "alpine", "/bin/ls"], + check=True, + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL) + + @classmethod + def setUpClass(cls): + super().setUpClass() + + TestApi.podman = subprocess.Popen( + [ + podman(), "system", "service", "tcp:localhost:8080", + "--log-level=debug", "--time=0" + ], + shell=False, + stdin=subprocess.DEVNULL, + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL, + ) + time.sleep(2) + + @classmethod + def tearDownClass(cls): + TestApi.podman.terminate() + stdout, stderr = TestApi.podman.communicate(timeout=0.5) + if stdout: + print("\nService Stdout:\n" + stdout.decode('utf-8')) + if stderr: + print("\nService Stderr:\n" + stderr.decode('utf-8')) + + if TestApi.podman.returncode > 0: + sys.stderr.write("podman exited with error code {}\n".format( + TestApi.podman.returncode)) + sys.exit(2) + + return super().tearDownClass() + + def test_info(self): + r = requests.get(_url("/info")) + self.assertEqual(r.status_code, 200) + self.assertIsNotNone(r.content) + _ = json.loads(r.text) + + def test_events(self): + r = requests.get(_url("/events?stream=false")) + self.assertEqual(r.status_code, 200, r.text) + self.assertIsNotNone(r.content) + for line in r.text.splitlines(): + obj = json.loads(line) + # Actor.ID is uppercase for compatibility + _ = obj["Actor"]["ID"] + + def test_containers(self): + r = requests.get(_url("/containers/json"), timeout=5) + self.assertEqual(r.status_code, 200, r.text) + obj = json.loads(r.text) + self.assertEqual(len(obj), 0) + + def test_containers_all(self): + r = requests.get(_url("/containers/json?all=true")) + self.assertEqual(r.status_code, 200, r.text) + self.validateObjectFields(r.text) + + def test_inspect_container(self): + r = requests.get(_url(ctnr("/containers/{}/json"))) + self.assertEqual(r.status_code, 200, r.text) + obj = self.validateObjectFields(r.content) + _ = parse(obj["Created"]) + + def test_stats(self): + r = requests.get(_url(ctnr("/containers/{}/stats?stream=false"))) + self.assertIn(r.status_code, (200, 409), r.text) + if r.status_code == 200: + self.validateObjectFields(r.text) + + def test_delete_containers(self): + r = requests.delete(_url(ctnr("/containers/{}"))) + self.assertEqual(r.status_code, 204, r.text) + + def test_stop_containers(self): + r = requests.post(_url(ctnr("/containers/{}/start"))) + self.assertIn(r.status_code, (204, 304), r.text) + + r = requests.post(_url(ctnr("/containers/{}/stop"))) + self.assertIn(r.status_code, (204, 304), r.text) + + def test_start_containers(self): + r = requests.post(_url(ctnr("/containers/{}/stop"))) + self.assertIn(r.status_code, (204, 304), r.text) + + r = requests.post(_url(ctnr("/containers/{}/start"))) + self.assertIn(r.status_code, (204, 304), r.text) + + def test_restart_containers(self): + r = requests.post(_url(ctnr("/containers/{}/start"))) + self.assertIn(r.status_code, (204, 304), r.text) + + r = requests.post(_url(ctnr("/containers/{}/restart")), timeout=5) + self.assertEqual(r.status_code, 204, r.text) + + def test_resize(self): + r = requests.post(_url(ctnr("/containers/{}/resize?h=43&w=80"))) + self.assertIn(r.status_code, (200, 409), r.text) + if r.status_code == 200: + self.assertIsNone(r.text) + + def test_attach_containers(self): + r = requests.post(_url(ctnr("/containers/{}/attach"))) + self.assertIn(r.status_code, (101, 409), r.text) + + def test_logs_containers(self): + r = requests.get(_url(ctnr("/containers/{}/logs?stdout=true"))) + self.assertEqual(r.status_code, 200, r.text) + + def test_post_create(self): + self.skipTest("TODO: create request body") + r = requests.post(_url("/containers/create?args=True")) + self.assertEqual(r.status_code, 200, r.text) + json.loads(r.text) + + def test_commit(self): + r = requests.post(_url(ctnr("/commit?container={}"))) + self.assertEqual(r.status_code, 200, r.text) + self.validateObjectFields(r.text) + + def test_images(self): + r = requests.get(_url("/images/json")) + self.assertEqual(r.status_code, 200, r.text) + self.validateObjectFields(r.content) + + def test_inspect_image(self): + r = requests.get(_url("/images/alpine/json")) + self.assertEqual(r.status_code, 200, r.text) + obj = self.validateObjectFields(r.content) + _ = parse(obj["Created"]) + + def test_delete_image(self): + r = requests.delete(_url("/images/alpine?force=true")) + self.assertEqual(r.status_code, 200, r.text) + json.loads(r.text) + + def test_pull(self): + r = requests.post(_url("/images/pull?reference=alpine"), timeout=5) + self.assertEqual(r.status_code, 200, r.text) + json.loads(r.text) + + def test_search(self): + # Had issues with this test hanging when repositories not happy + def do_search(): + r = requests.get(_url("/images/search?term=alpine"), timeout=5) + self.assertEqual(r.status_code, 200, r.text) + json.loads(r.text) + + search = Process(target=do_search) + search.start() + search.join(timeout=10) + self.assertFalse(search.is_alive(), "/images/search took too long") + + def validateObjectFields(self, buffer): + objs = json.loads(buffer) + if not isinstance(objs, dict): + for o in objs: + _ = o["Id"] + else: + _ = objs["Id"] + return objs + + +if __name__ == '__main__': + unittest.main() diff --git a/test/apiv2/test-apiv2 b/test/apiv2/test-apiv2 index 11c914704..7a3518df2 100755 --- a/test/apiv2/test-apiv2 +++ b/test/apiv2/test-apiv2 @@ -207,13 +207,21 @@ function t() { fi cat $WORKDIR/curl.headers.out >>$LOG 2>/dev/null || true - output=$(< $WORKDIR/curl.result.out) - # Log results. If JSON, filter through jq for readability - if egrep -qi '^Content-Type: application/json' $WORKDIR/curl.headers.out; then - jq . <<<"$output" >>$LOG - else + # Log results, if text. If JSON, filter through jq for readability. + content_type=$(sed -ne 's/^Content-Type:[ ]\+//pi' <$WORKDIR/curl.headers.out) + + if [[ $content_type =~ /octet ]]; then + output="[$(file --brief $WORKDIR/curl.result.out)]" echo "$output" >>$LOG + else + output=$(< $WORKDIR/curl.result.out) + + if [[ $content_type =~ application/json ]]; then + jq . <<<"$output" >>$LOG + else + echo "$output" >>$LOG + fi fi # Test return code @@ -232,6 +240,7 @@ function t() { return fi + local i for i; do case "$i" in # Exact match on json field diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index 80ee83f44..e12edad49 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -21,6 +21,7 @@ import ( "github.com/containers/storage/pkg/reexec" "github.com/containers/storage/pkg/stringid" jsoniter "github.com/json-iterator/go" + "github.com/onsi/ginkgo" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" . "github.com/onsi/gomega/gexec" @@ -573,3 +574,10 @@ func (p *PodmanTestIntegration) CreateSeccompJson(in []byte) (string, error) { } return jsonFile, nil } + +func SkipIfNotFedora() { + info := GetHostDistributionInfo() + if info.Distribution != "fedora" { + ginkgo.Skip("Test can only run on Fedora") + } +} diff --git a/test/e2e/events_test.go b/test/e2e/events_test.go index 460554b77..8c496872f 100644 --- a/test/e2e/events_test.go +++ b/test/e2e/events_test.go @@ -5,6 +5,7 @@ import ( "fmt" "os" "strings" + "time" . "github.com/containers/libpod/test/utils" . "github.com/onsi/ginkgo" @@ -24,23 +25,26 @@ var _ = Describe("Podman events", func() { os.Exit(1) } podmanTest = PodmanTestCreate(tempdir) + podmanTest.Setup() podmanTest.SeedImages() }) AfterEach(func() { podmanTest.Cleanup() f := CurrentGinkgoTestDescription() - timedResult := fmt.Sprintf("Test: %s completed in %f seconds", f.TestText, f.Duration.Seconds()) - GinkgoWriter.Write([]byte(timedResult)) - + processTestResult(f) }) // For most, all, of these tests we do not "live" test following a log because it may make a fragile test // system more complex. Instead we run the "events" and then verify that the events are processed correctly. // Perhaps a future version of this test would put events in a go func and send output back over a channel // while events occur. + + // These tests are only known to work on Fedora ATM. Other distributions + // will be skipped. It("podman events", func() { - Skip("need to verify images have correct packages for journald") + SkipIfRootless() + SkipIfNotFedora() _, ec, _ := podmanTest.RunLsContainer("") Expect(ec).To(Equal(0)) result := podmanTest.Podman([]string{"events", "--stream=false"}) @@ -49,7 +53,8 @@ var _ = Describe("Podman events", func() { }) It("podman events with an event filter", func() { - Skip("need to verify images have correct packages for journald") + SkipIfRootless() + SkipIfNotFedora() _, ec, _ := podmanTest.RunLsContainer("") Expect(ec).To(Equal(0)) result := podmanTest.Podman([]string{"events", "--stream=false", "--filter", "event=start"}) @@ -59,11 +64,14 @@ var _ = Describe("Podman events", func() { }) It("podman events with an event filter and container=cid", func() { - Skip("need to verify images have correct packages for journald") + Skip("Does not work on v2") + SkipIfRootless() + SkipIfNotFedora() _, ec, cid := podmanTest.RunLsContainer("") Expect(ec).To(Equal(0)) _, ec2, cid2 := podmanTest.RunLsContainer("") Expect(ec2).To(Equal(0)) + time.Sleep(5 * time.Second) result := podmanTest.Podman([]string{"events", "--stream=false", "--filter", "event=start", "--filter", fmt.Sprintf("container=%s", cid)}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) @@ -72,7 +80,8 @@ var _ = Describe("Podman events", func() { }) It("podman events with a type and filter container=id", func() { - Skip("need to verify images have correct packages for journald") + SkipIfRootless() + SkipIfNotFedora() _, ec, cid := podmanTest.RunLsContainer("") Expect(ec).To(Equal(0)) result := podmanTest.Podman([]string{"events", "--stream=false", "--filter", "type=pod", "--filter", fmt.Sprintf("container=%s", cid)}) @@ -82,7 +91,8 @@ var _ = Describe("Podman events", func() { }) It("podman events with a type", func() { - Skip("need to verify images have correct packages for journald") + SkipIfRootless() + SkipIfNotFedora() setup := podmanTest.Podman([]string{"run", "-dt", "--pod", "new:foobarpod", ALPINE, "top"}) setup.WaitWithDefaultTimeout() stop := podmanTest.Podman([]string{"pod", "stop", "foobarpod"}) @@ -97,7 +107,8 @@ var _ = Describe("Podman events", func() { }) It("podman events --since", func() { - Skip("need to verify images have correct packages for journald") + SkipIfRootless() + SkipIfNotFedora() _, ec, _ := podmanTest.RunLsContainer("") Expect(ec).To(Equal(0)) result := podmanTest.Podman([]string{"events", "--stream=false", "--since", "1m"}) @@ -106,7 +117,8 @@ var _ = Describe("Podman events", func() { }) It("podman events --until", func() { - Skip("need to verify images have correct packages for journald") + SkipIfRootless() + SkipIfNotFedora() _, ec, _ := podmanTest.RunLsContainer("") Expect(ec).To(Equal(0)) test := podmanTest.Podman([]string{"events", "--help"}) @@ -118,37 +130,28 @@ var _ = Describe("Podman events", func() { }) It("podman events format", func() { - Skip(v2remotefail) - info := GetHostDistributionInfo() - if info.Distribution != "fedora" { - Skip("need to verify images have correct packages for journald") - } + SkipIfRootless() + SkipIfNotFedora() _, ec, _ := podmanTest.RunLsContainer("") Expect(ec).To(Equal(0)) test := podmanTest.Podman([]string{"events", "--stream=false", "--format", "json"}) test.WaitWithDefaultTimeout() - fmt.Println(test.OutputToStringArray()) jsonArr := test.OutputToStringArray() Expect(len(jsonArr)).To(Not(BeZero())) eventsMap := make(map[string]string) err := json.Unmarshal([]byte(jsonArr[0]), &eventsMap) - if err != nil { - os.Exit(1) - } + Expect(err).To(BeNil()) _, exist := eventsMap["Status"] Expect(exist).To(BeTrue()) Expect(test.ExitCode()).To(BeZero()) test = podmanTest.Podman([]string{"events", "--stream=false", "--format", "{{json.}}"}) test.WaitWithDefaultTimeout() - fmt.Println(test.OutputToStringArray()) jsonArr = test.OutputToStringArray() Expect(len(jsonArr)).To(Not(BeZero())) eventsMap = make(map[string]string) err = json.Unmarshal([]byte(jsonArr[0]), &eventsMap) - if err != nil { - os.Exit(1) - } + Expect(err).To(BeNil()) _, exist = eventsMap["Status"] Expect(exist).To(BeTrue()) Expect(test.ExitCode()).To(BeZero()) diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go index 8965ce297..12ce4661f 100644 --- a/test/e2e/ps_test.go +++ b/test/e2e/ps_test.go @@ -114,6 +114,17 @@ var _ = Describe("Podman ps", func() { It("podman ps last flag", func() { Skip("--last flag nonfunctional and disabled") + // Make sure that non-running containers are being counted as + // well. + session := podmanTest.Podman([]string{"create", "alpine", "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + result := podmanTest.Podman([]string{"ps", "--last", "2"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + Expect(len(result.OutputToStringArray())).Should(Equal(2)) // 1 container + _, ec, _ := podmanTest.RunLsContainer("test1") Expect(ec).To(Equal(0)) @@ -123,10 +134,20 @@ var _ = Describe("Podman ps", func() { _, ec, _ = podmanTest.RunLsContainer("test3") Expect(ec).To(Equal(0)) - result := podmanTest.Podman([]string{"ps", "--last", "2"}) + result = podmanTest.Podman([]string{"ps", "--last", "2"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + Expect(len(result.OutputToStringArray())).Should(Equal(3)) // 2 containers + + result = podmanTest.Podman([]string{"ps", "--last", "3"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + Expect(len(result.OutputToStringArray())).Should(Equal(4)) // 3 containers + + result = podmanTest.Podman([]string{"ps", "--last", "100"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) - Expect(len(result.OutputToStringArray())).Should(Equal(3)) + Expect(len(result.OutputToStringArray())).Should(Equal(5)) // 4 containers (3 running + 1 created) }) It("podman ps no-trunc", func() { diff --git a/test/system/010-images.bats b/test/system/010-images.bats index 6957d4830..2b1845d72 100644 --- a/test/system/010-images.bats +++ b/test/system/010-images.bats @@ -28,7 +28,7 @@ load helpers # 'created': podman includes fractional seconds, podman-remote does not tests=" Names[0] | $PODMAN_TEST_IMAGE_FQN -ID | [0-9a-f]\\\{64\\\} +Id | [0-9a-f]\\\{64\\\} Digest | sha256:[0-9a-f]\\\{64\\\} CreatedAt | [0-9-]\\\+T[0-9:.]\\\+Z Size | [0-9]\\\+ diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index e3643a3bd..f34cd0707 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -170,4 +170,16 @@ function random_ip() { is "$output" ".*options $dns_opt" "--dns-opt was added" } +@test "podman pod inspect - format" { + skip_if_remote "podman-pod does not work with podman-remote" + + run_podman pod create --name podtest + podid=$output + + run_podman pod inspect --format '-> {{.Name}}: {{.NumContainers}}' podtest + is "$output" "-> podtest: 1" + + run_podman pod rm -f podtest +} + # vim: filetype=sh diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go index ef75d9847..d0b56c7f6 100644 --- a/vendor/github.com/containers/common/pkg/config/config.go +++ b/vendor/github.com/containers/common/pkg/config/config.go @@ -7,7 +7,6 @@ import ( "path/filepath" "strings" "sync" - "syscall" "github.com/BurntSushi/toml" "github.com/containers/common/pkg/capabilities" @@ -263,6 +262,13 @@ type EngineConfig struct { // PullPolicy determines whether to pull image before creating or running a container // default is "missing" PullPolicy string `toml:"pull_policy"` + + // Indicates whether the application should be running in Remote mode + Remote bool `toml:"_"` + + // RemoteURI containers connection information used to connect to remote system. + RemoteURI string `toml:"remote_uri,omitempty"` + // RuntimePath is the path to OCI runtime binary for launching containers. // The first path pointing to a valid file will be used This is used only // when there are no OCIRuntime/OCIRuntimes defined. It is used only to be @@ -540,17 +546,8 @@ func (c *Config) Validate() error { // It returns an `error` on validation failure, otherwise // `nil`. func (c *EngineConfig) Validate() error { - // Relative paths can cause nasty bugs, because core paths we use could - // shift between runs (or even parts of the program - the OCI runtime - // uses a different working directory than we do, for example. - if c.StaticDir != "" && !filepath.IsAbs(c.StaticDir) { - return fmt.Errorf("static directory must be an absolute path - instead got %q", c.StaticDir) - } - if c.TmpDir != "" && !filepath.IsAbs(c.TmpDir) { - return fmt.Errorf("temporary directory must be an absolute path - instead got %q", c.TmpDir) - } - if c.VolumePath != "" && !filepath.IsAbs(c.VolumePath) { - return fmt.Errorf("volume path must be an absolute path - instead got %q", c.VolumePath) + if err := c.validatePaths(); err != nil { + return err } // Check if the pullPolicy from containers.conf is valid @@ -566,22 +563,13 @@ func (c *EngineConfig) Validate() error { // It returns an `error` on validation failure, otherwise // `nil`. func (c *ContainersConfig) Validate() error { - for _, u := range c.DefaultUlimits { - ul, err := units.ParseUlimit(u) - if err != nil { - return fmt.Errorf("unrecognized ulimit %s: %v", u, err) - } - _, err = ul.GetRlimit() - if err != nil { - return err - } + + if err := c.validateUlimits(); err != nil { + return err } - for _, d := range c.Devices { - _, _, _, err := Device(d) - if err != nil { - return err - } + if err := c.validateDevices(); err != nil { + return err } if c.LogSizeMax >= 0 && c.LogSizeMax < OCIBufSize { @@ -600,8 +588,7 @@ func (c *ContainersConfig) Validate() error { // execution checks. It returns an `error` on validation failure, otherwise // `nil`. func (c *NetworkConfig) Validate() error { - - if c.NetworkConfigDir != cniConfigDir { + if c.NetworkConfigDir != _cniConfigDir { err := isDirectory(c.NetworkConfigDir) if err != nil { return errors.Wrapf(err, "invalid network_config_dir: %s", c.NetworkConfigDir) @@ -803,31 +790,6 @@ func resolveHomeDir(path string) (string, error) { return strings.Replace(path, "~", home, 1), nil } -// isDirectory tests whether the given path exists and is a directory. It -// follows symlinks. -func isDirectory(path string) error { - path, err := resolveHomeDir(path) - if err != nil { - return err - } - - info, err := os.Stat(path) - if err != nil { - return err - } - - if !info.Mode().IsDir() { - // Return a PathError to be consistent with os.Stat(). - return &os.PathError{ - Op: "stat", - Path: path, - Err: syscall.ENOTDIR, - } - } - - return nil -} - func rootlessConfigPath() (string, error) { if configHome := os.Getenv("XDG_CONFIG_HOME"); configHome != "" { return filepath.Join(configHome, _configPath), nil @@ -878,3 +840,16 @@ func Default() (*Config, error) { }) return config, err } + +func Path() string { + if path := os.Getenv("CONTAINERS_CONF"); path != "" { + return path + } + if unshare.IsRootless() { + if rpath, err := rootlessConfigPath(); err == nil { + return rpath + } + return "$HOME/" + UserOverrideContainersConfig + } + return OverrideContainersConfig +} diff --git a/vendor/github.com/containers/common/pkg/config/config_local.go b/vendor/github.com/containers/common/pkg/config/config_local.go new file mode 100644 index 000000000..8f4daa3d7 --- /dev/null +++ b/vendor/github.com/containers/common/pkg/config/config_local.go @@ -0,0 +1,81 @@ +// +build !remote + +package config + +import ( + "fmt" + "os" + "path/filepath" + "syscall" + + units "github.com/docker/go-units" +) + +// isDirectory tests whether the given path exists and is a directory. It +// follows symlinks. +func isDirectory(path string) error { + path, err := resolveHomeDir(path) + if err != nil { + return err + } + + info, err := os.Stat(path) + if err != nil { + return err + } + + if !info.Mode().IsDir() { + // Return a PathError to be consistent with os.Stat(). + return &os.PathError{ + Op: "stat", + Path: path, + Err: syscall.ENOTDIR, + } + } + + return nil +} + +func (c *EngineConfig) validatePaths() error { + // Relative paths can cause nasty bugs, because core paths we use could + // shift between runs or even parts of the program. - The OCI runtime + // uses a different working directory than we do, for example. + if c.StaticDir != "" && !filepath.IsAbs(c.StaticDir) { + return fmt.Errorf("static directory must be an absolute path - instead got %q", c.StaticDir) + } + if c.TmpDir != "" && !filepath.IsAbs(c.TmpDir) { + return fmt.Errorf("temporary directory must be an absolute path - instead got %q", c.TmpDir) + } + if c.VolumePath != "" && !filepath.IsAbs(c.VolumePath) { + return fmt.Errorf("volume path must be an absolute path - instead got %q", c.VolumePath) + } + return nil +} + +func (c *ContainersConfig) validateDevices() error { + for _, d := range c.Devices { + _, _, _, err := Device(d) + if err != nil { + return err + } + } + return nil +} + +func (c *ContainersConfig) validateUlimits() error { + for _, u := range c.DefaultUlimits { + ul, err := units.ParseUlimit(u) + if err != nil { + return fmt.Errorf("unrecognized ulimit %s: %v", u, err) + } + _, err = ul.GetRlimit() + if err != nil { + return err + } + } + return nil +} + +func isRemote() bool { + return false +} diff --git a/vendor/github.com/containers/common/pkg/config/config_remote.go b/vendor/github.com/containers/common/pkg/config/config_remote.go new file mode 100644 index 000000000..d012dbd2f --- /dev/null +++ b/vendor/github.com/containers/common/pkg/config/config_remote.go @@ -0,0 +1,25 @@ +// +build remote + +package config + +// isDirectory tests whether the given path exists and is a directory. It +// follows symlinks. +func isDirectory(path string) error { + return nil +} + +func isRemote() bool { + return true +} + +func (c *EngineConfig) validatePaths() error { + return nil +} + +func (c *ContainersConfig) validateDevices() error { + return nil +} + +func (c *ContainersConfig) validateUlimits() error { + return nil +} diff --git a/vendor/github.com/containers/common/pkg/config/config_unix.go b/vendor/github.com/containers/common/pkg/config/config_unix.go deleted file mode 100644 index f270f2e95..000000000 --- a/vendor/github.com/containers/common/pkg/config/config_unix.go +++ /dev/null @@ -1,15 +0,0 @@ -// +build !windows - -package config - -// Defaults for linux/unix if none are specified -const ( - cniConfigDir = "/etc/cni/net.d/" -) - -var cniBinDir = []string{ - "/usr/libexec/cni", - "/usr/lib/cni", - "/usr/local/lib/cni", - "/opt/cni/bin", -} diff --git a/vendor/github.com/containers/common/pkg/config/config_windows.go b/vendor/github.com/containers/common/pkg/config/config_windows.go deleted file mode 100644 index f6a6512a1..000000000 --- a/vendor/github.com/containers/common/pkg/config/config_windows.go +++ /dev/null @@ -1,10 +0,0 @@ -// +build windows - -package config - -// Defaults for linux/unix if none are specified -const ( - cniConfigDir = "C:\\cni\\etc\\net.d\\" -) - -var cniBinDir = []string{"C:\\cni\\bin\\"} diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index 185ce8cee..fe523cbf5 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -53,9 +53,6 @@ var ( // DefaultDetachKeys is the default keys sequence for detaching a // container DefaultDetachKeys = "ctrl-p,ctrl-q" -) - -var ( // ErrConmonOutdated indicates the version of conmon found (whether via the configuration or $PATH) // is out of date for the current podman version ErrConmonOutdated = errors.New("outdated conmon version") @@ -80,15 +77,24 @@ var ( "CAP_SETUID", "CAP_SYS_CHROOT", } + + cniBinDir = []string{ + "/usr/libexec/cni", + "/usr/lib/cni", + "/usr/local/lib/cni", + "/opt/cni/bin", + } ) const ( - // EtcDir is the sysconfdir where podman should look for system config files. + // _etcDir is the sysconfdir where podman should look for system config files. // It can be overridden at build time. _etcDir = "/etc" // InstallPrefix is the prefix where podman will be installed. // It can be overridden at build time. _installPrefix = "/usr" + // _cniConfigDir is the directory where cni plugins are found + _cniConfigDir = "/etc/cni/net.d/" // CgroupfsCgroupsManager represents cgroupfs native cgroup manager CgroupfsCgroupsManager = "cgroupfs" // DefaultApparmorProfile specifies the default apparmor profile for the container. @@ -191,7 +197,7 @@ func DefaultConfig() (*Config, error) { }, Network: NetworkConfig{ DefaultNetwork: "podman", - NetworkConfigDir: cniConfigDir, + NetworkConfigDir: _cniConfigDir, CNIPluginDirs: cniBinDir, }, Engine: *defaultEngineConfig, @@ -233,6 +239,7 @@ func defaultConfigFromMemory() (*EngineConfig, error) { c.CgroupManager = defaultCgroupManager() c.StopTimeout = uint(10) + c.Remote = isRemote() c.OCIRuntimes = map[string][]string{ "runc": { "/usr/bin/runc", diff --git a/vendor/github.com/containers/common/pkg/config/libpodConfig.go b/vendor/github.com/containers/common/pkg/config/libpodConfig.go index a8e4c9c93..ab507e864 100644 --- a/vendor/github.com/containers/common/pkg/config/libpodConfig.go +++ b/vendor/github.com/containers/common/pkg/config/libpodConfig.go @@ -226,7 +226,7 @@ func newLibpodConfig(c *Config) error { // hard code EventsLogger to "file" to match older podman versions. if config.EventsLogger != "file" { - logrus.Debugf("Ignoring lipod.conf EventsLogger setting %q. Use containers.conf if you want to change this setting and remove libpod.conf files.", config.EventsLogger) + logrus.Debugf("Ignoring libpod.conf EventsLogger setting %q. Use %q if you want to change this setting and remove libpod.conf files.", Path(), config.EventsLogger) config.EventsLogger = "file" } @@ -262,7 +262,7 @@ func systemLibpodConfigs() ([]string, error) { } // TODO: Raise to Warnf, when Podman is updated to // remove libpod.conf by default - logrus.Debugf("Found deprecated file %s, please remove. Use %s to override defaults.\n", path, containersConfPath) + logrus.Debugf("Found deprecated file %s, please remove. Use %s to override defaults.\n", Path(), containersConfPath) return []string{path}, nil } return nil, err diff --git a/vendor/github.com/containers/common/pkg/sysinfo/sysinfo_linux.go b/vendor/github.com/containers/common/pkg/sysinfo/sysinfo_linux.go index 269ea686a..fcb3cab72 100644 --- a/vendor/github.com/containers/common/pkg/sysinfo/sysinfo_linux.go +++ b/vendor/github.com/containers/common/pkg/sysinfo/sysinfo_linux.go @@ -40,7 +40,7 @@ func New(quiet bool) *SysInfo { sysInfo.cgroupCPUInfo = checkCgroupCPU(cgMounts, quiet) sysInfo.cgroupBlkioInfo = checkCgroupBlkioInfo(cgMounts, quiet) sysInfo.cgroupCpusetInfo = checkCgroupCpusetInfo(cgMounts, quiet) - sysInfo.cgroupPids = checkCgroupPids(quiet) + sysInfo.cgroupPids = checkCgroupPids(cgMounts, quiet) } _, ok := cgMounts["devices"] @@ -227,16 +227,17 @@ func checkCgroupCpusetInfo(cgMounts map[string]string, quiet bool) cgroupCpusetI } // checkCgroupPids reads the pids information from the pids cgroup mount point. -func checkCgroupPids(quiet bool) cgroupPids { +func checkCgroupPids(cgMounts map[string]string, quiet bool) cgroupPids { cgroup2, err := cgroupv2.Enabled() if err != nil { logrus.Errorf("Failed to check cgroups version: %v", err) + return cgroupPids{} } if !cgroup2 { - _, err := cgroups.FindCgroupMountpoint("", "pids") - if err != nil { + _, ok := cgMounts["pids"] + if !ok { if !quiet { - logrus.Warn(err) + logrus.Warn("unable to find pids cgroup in mounts") } return cgroupPids{} } diff --git a/vendor/modules.txt b/vendor/modules.txt index b3c8b96ae..bc0143238 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -84,7 +84,7 @@ github.com/containers/buildah/pkg/secrets github.com/containers/buildah/pkg/supplemented github.com/containers/buildah/pkg/umask github.com/containers/buildah/util -# github.com/containers/common v0.11.4 +# github.com/containers/common v0.12.0 github.com/containers/common/pkg/apparmor github.com/containers/common/pkg/auth github.com/containers/common/pkg/capabilities |