summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile8
-rw-r--r--cmd/podman/root.go1
-rw-r--r--cmd/podman/system/connection/add.go13
-rw-r--r--contrib/msi/podman.wxs5
-rw-r--r--contrib/spec/podman.spec.in1
-rw-r--r--docs/source/markdown/podman-create.1.md1
-rw-r--r--docs/source/markdown/podman-run.1.md12
-rw-r--r--libpod/container_internal_linux.go2
-rw-r--r--libpod/events/config.go2
-rw-r--r--libpod/events/events.go2
-rw-r--r--libpod/networking_linux.go16
-rw-r--r--libpod/runtime_img.go13
-rw-r--r--pkg/bindings/connection.go10
-rw-r--r--pkg/network/network.go9
-rw-r--r--test/apiv2/35-networks.at28
-rw-r--r--test/e2e/run_networking_test.go16
16 files changed, 124 insertions, 15 deletions
diff --git a/Makefile b/Makefile
index 70e4a49c7..4c9440fc5 100644
--- a/Makefile
+++ b/Makefile
@@ -305,7 +305,7 @@ testunit: libpodimage ## Run unittest on the built image
localunit: test/goecho/goecho varlink_generate
hack/check_root.sh make localunit
rm -rf ${COVERAGE_PATH} && mkdir -p ${COVERAGE_PATH}
- ginkgo \
+ $(GOBIN)/ginkgo \
-r \
$(TESTFLAGS) \
--skipPackage test/e2e,pkg/apparmor,test/endpoint,pkg/bindings,hack \
@@ -321,16 +321,16 @@ localunit: test/goecho/goecho varlink_generate
.PHONY: ginkgo
ginkgo:
- ginkgo -v $(TESTFLAGS) -tags "$(BUILDTAGS)" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor -nodes 3 -debug test/e2e/. hack/.
+ $(GOBIN)/ginkgo -v $(TESTFLAGS) -tags "$(BUILDTAGS)" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor -nodes 3 -debug test/e2e/. hack/.
.PHONY: ginkgo-remote
ginkgo-remote:
- ginkgo -v $(TESTFLAGS) -tags "$(REMOTETAGS)" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor test/e2e/.
+ $(GOBIN)/ginkgo -v $(TESTFLAGS) -tags "$(REMOTETAGS)" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor test/e2e/.
.PHONY: endpoint
ifneq (,$(findstring varlink,$(BUILDTAGS)))
endpoint:
- ginkgo -v $(TESTFLAGS) -tags "$(BUILDTAGS)" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor -debug test/endpoint/.
+ $(GOBIN)/ginkgo -v $(TESTFLAGS) -tags "$(BUILDTAGS)" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor -debug test/endpoint/.
endpoint:
endif
diff --git a/cmd/podman/root.go b/cmd/podman/root.go
index 2aa7267c2..dd9c75ece 100644
--- a/cmd/podman/root.go
+++ b/cmd/podman/root.go
@@ -290,6 +290,7 @@ func resolveDestination() (string, string) {
cfg, err := config.ReadCustomConfig()
if err != nil {
+ logrus.Warning(errors.Wrap(err, "unable to read local containers.conf"))
return registry.DefaultAPIAddress(), ""
}
diff --git a/cmd/podman/system/connection/add.go b/cmd/podman/system/connection/add.go
index 89cea10ca..af13b970c 100644
--- a/cmd/podman/system/connection/add.go
+++ b/cmd/podman/system/connection/add.go
@@ -124,6 +124,7 @@ func add(cmd *cobra.Command, args []string) error {
cfg.Engine.ServiceDestinations = map[string]config.Destination{
args[0]: dst,
}
+ cfg.Engine.ActiveService = args[0]
} else {
cfg.Engine.ServiceDestinations[args[0]] = dst
}
@@ -181,12 +182,20 @@ func getUDS(cmd *cobra.Command, uri *url.URL) (string, error) {
authMethods = append(authMethods, ssh.PublicKeysCallback(a.Signers))
}
- config := &ssh.ClientConfig{
+ if len(authMethods) == 0 {
+ pass, err := terminal.ReadPassword(fmt.Sprintf("%s's login password:", uri.User.Username()))
+ if err != nil {
+ return "", err
+ }
+ authMethods = append(authMethods, ssh.Password(string(pass)))
+ }
+
+ cfg := &ssh.ClientConfig{
User: uri.User.Username(),
Auth: authMethods,
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
- dial, err := ssh.Dial("tcp", uri.Host, config)
+ dial, err := ssh.Dial("tcp", uri.Host, cfg)
if err != nil {
return "", errors.Wrapf(err, "failed to connect to %q", uri.Host)
}
diff --git a/contrib/msi/podman.wxs b/contrib/msi/podman.wxs
index c2c2cea4f..ff8160a53 100644
--- a/contrib/msi/podman.wxs
+++ b/contrib/msi/podman.wxs
@@ -24,8 +24,7 @@
<CreateFolder/>
</Component>
<Component Id="MainExecutable" Guid="73752F94-6589-4C7B-ABED-39D655A19714">
- <File Id="520C6E17-77A2-4F41-9611-30FA763A0702" Name="podman-remote-windows.exe" Source="bin/podman-remote-windows.exe"/>
- <File Id="A14218A0-4180-44AC-B109-7C63B3099DCA" Name="podman.bat" Source="podman.bat" KeyPath="yes"/>
+ <File Id="520C6E17-77A2-4F41-9611-30FA763A0702" Name="podman.exe" Source="bin/podman-remote-windows.exe" KeyPath="yes"/>
</Component>
</Directory>
</Directory>
@@ -33,7 +32,7 @@
</Directory>
<Property Id="setx" Value="setx.exe"/>
- <CustomAction Id="ChangePath" ExeCommand="PATH &quot;%PATH%;[INSTALLDIR] &quot;" Property="setx" Execute="deferred" Impersonate="yes" Return="check"/>
+ <CustomAction Id="ChangePath" ExeCommand="PATH &quot;%PATH%;[INSTALLDIR]&quot;" Property="setx" Execute="deferred" Impersonate="yes" Return="check"/>
<Feature Id="Complete" Level="1">
<ComponentRef Id="INSTALLDIR_Component"/>
diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in
index 2411eaabc..363aa60d7 100644
--- a/contrib/spec/podman.spec.in
+++ b/contrib/spec/podman.spec.in
@@ -91,6 +91,7 @@ Recommends: container-selinux
Recommends: slirp4netns
Recommends: fuse-overlayfs
%endif
+Recommends: xz
# vendored libraries
# awk '{print "Provides: bundled(golang("$1")) = "$2}' vendor.conf | sort
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index f65c52e29..9df76e48e 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -563,6 +563,7 @@ Valid values are:
- `private`: create a new namespace for the container (default)
- `slirp4netns[:OPTIONS,...]`: use slirp4netns to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options:
- **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
+ - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
- **enable_ipv6=true|false**: Enable IPv6. Default is false. (Required for `outbound_addr6`).
- **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
- **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to.
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 976cdd88b..799cd1408 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -570,9 +570,15 @@ Valid _mode_ values are:
- **ns:**_path_: path to a network namespace to join;
- `private`: create a new namespace for the container (default)
- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options:
- **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default.
- **port_handler=slirp4netns**: Use the slirp4netns port forwarding.
- **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default to false.
+ - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
+ - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
+ - **enable_ipv6=true|false**: Enable IPv6. Default is false. (Required for `outbound_addr6`).
+ - **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
+ - **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to.
+ - **outbound_addr6=INTERFACE**: Specify the outbound interface slirp should bind to (ipv6 traffic only).
+ - **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp should bind to.
+ - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default.
+ - **port_handler=slirp4netns**: Use the slirp4netns port forwarding.
**--network-alias**=*alias*
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index e2bc4e50f..fdee3877c 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -626,7 +626,7 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
Destination: "/sys/fs/cgroup/systemd",
Type: "bind",
Source: "/sys/fs/cgroup/systemd",
- Options: []string{"bind", "nodev", "noexec", "nosuid", "rslave"},
+ Options: []string{"bind", "nodev", "noexec", "nosuid", "rprivate"},
}
g.AddMount(systemdMnt)
g.AddLinuxMaskedPaths("/sys/fs/cgroup/systemd/release_agent")
diff --git a/libpod/events/config.go b/libpod/events/config.go
index c34408e63..bb35c03c0 100644
--- a/libpod/events/config.go
+++ b/libpod/events/config.go
@@ -101,6 +101,8 @@ const (
Attach Status = "attach"
// AutoUpdate ...
AutoUpdate Status = "auto-update"
+ // Build ...
+ Build Status = "build"
// Checkpoint ...
Checkpoint Status = "checkpoint"
// Cleanup ...
diff --git a/libpod/events/events.go b/libpod/events/events.go
index 0253b1ee5..722c9595e 100644
--- a/libpod/events/events.go
+++ b/libpod/events/events.go
@@ -127,6 +127,8 @@ func StringToStatus(name string) (Status, error) {
switch name {
case Attach.String():
return Attach, nil
+ case Build.String():
+ return Build, nil
case Checkpoint.String():
return Checkpoint, nil
case Cleanup.String():
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index ed8f82c46..6f266e5d6 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -171,6 +171,7 @@ type slirpFeatures struct {
HasMTU bool
HasEnableSandbox bool
HasEnableSeccomp bool
+ HasCIDR bool
HasOutboundAddr bool
HasIPv6 bool
}
@@ -199,6 +200,7 @@ func checkSlirpFlags(path string) (*slirpFeatures, error) {
HasMTU: strings.Contains(string(out), "--mtu"),
HasEnableSandbox: strings.Contains(string(out), "--enable-sandbox"),
HasEnableSeccomp: strings.Contains(string(out), "--enable-seccomp"),
+ HasCIDR: strings.Contains(string(out), "--cidr"),
HasOutboundAddr: strings.Contains(string(out), "--outbound-addr"),
HasIPv6: strings.Contains(string(out), "--enable-ipv6"),
}, nil
@@ -227,6 +229,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
havePortMapping := len(ctr.Config().PortMappings) > 0
logPath := filepath.Join(ctr.runtime.config.Engine.TmpDir, fmt.Sprintf("slirp4netns-%s.log", ctr.config.ID))
+ cidr := ""
isSlirpHostForward := false
disableHostLoopback := true
enableIPv6 := false
@@ -240,6 +243,12 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
option, value := parts[0], parts[1]
switch option {
+ case "cidr":
+ ipv4, _, err := net.ParseCIDR(value)
+ if err != nil || ipv4.To4() == nil {
+ return errors.Errorf("invalid cidr %q", value)
+ }
+ cidr = value
case "port_handler":
switch value {
case "slirp4netns":
@@ -309,6 +318,13 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
cmdArgs = append(cmdArgs, "--enable-seccomp")
}
+ if cidr != "" {
+ if !slirpFeatures.HasCIDR {
+ return errors.Errorf("cidr not supported")
+ }
+ cmdArgs = append(cmdArgs, fmt.Sprintf("--cidr=%s", cidr))
+ }
+
if enableIPv6 {
if !slirpFeatures.HasIPv6 {
return errors.Errorf("enable_ipv6 not supported")
diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go
index 4b5129f44..a95cd1d7a 100644
--- a/libpod/runtime_img.go
+++ b/libpod/runtime_img.go
@@ -17,6 +17,7 @@ import (
"github.com/containers/image/v5/oci/layout"
"github.com/containers/image/v5/types"
"github.com/containers/podman/v2/libpod/define"
+ "github.com/containers/podman/v2/libpod/events"
"github.com/containers/podman/v2/libpod/image"
"github.com/containers/podman/v2/pkg/util"
"github.com/containers/storage"
@@ -150,9 +151,21 @@ func removeStorageContainers(ctrIDs []string, store storage.Store) error {
return nil
}
+// newBuildEvent creates a new event based on completion of a built image
+func (r *Runtime) newImageBuildCompleteEvent(idOrName string) {
+ e := events.NewEvent(events.Build)
+ e.Type = events.Image
+ e.Name = idOrName
+ if err := r.eventer.Write(e); err != nil {
+ logrus.Errorf("unable to write build event: %q", err)
+ }
+}
+
// Build adds the runtime to the imagebuildah call
func (r *Runtime) Build(ctx context.Context, options imagebuildah.BuildOptions, dockerfiles ...string) (string, reference.Canonical, error) {
id, ref, err := imagebuildah.BuildDockerfiles(ctx, r.store, options, dockerfiles...)
+ // Write event for build completion
+ r.newImageBuildCompleteEvent(id)
return id, ref, err
}
diff --git a/pkg/bindings/connection.go b/pkg/bindings/connection.go
index e820e1c8b..ef9644de8 100644
--- a/pkg/bindings/connection.go
+++ b/pkg/bindings/connection.go
@@ -180,8 +180,9 @@ func pingNewConnection(ctx context.Context) error {
}
func sshClient(_url *url.URL, secure bool, passPhrase string, identity string) (Connection, error) {
+ // if you modify the authmethods or their conditionals, you will also need to make similar
+ // changes in the client (currently cmd/podman/system/connection/add getUDS).
authMethods := []ssh.AuthMethod{}
-
if len(identity) > 0 {
auth, err := terminal.PublicKey(identity, []byte(passPhrase))
if err != nil {
@@ -205,6 +206,13 @@ func sshClient(_url *url.URL, secure bool, passPhrase string, identity string) (
if pw, found := _url.User.Password(); found {
authMethods = append(authMethods, ssh.Password(pw))
}
+ if len(authMethods) == 0 {
+ pass, err := terminal.ReadPassword("Login password:")
+ if err != nil {
+ return Connection{}, err
+ }
+ authMethods = append(authMethods, ssh.Password(string(pass)))
+ }
callback := ssh.InsecureIgnoreHostKey()
if secure {
diff --git a/pkg/network/network.go b/pkg/network/network.go
index b24c72f5f..db625da56 100644
--- a/pkg/network/network.go
+++ b/pkg/network/network.go
@@ -137,6 +137,15 @@ func networkIntersect(n1, n2 *net.IPNet) bool {
// ValidateUserNetworkIsAvailable returns via an error if a network is available
// to be used
func ValidateUserNetworkIsAvailable(config *config.Config, userNet *net.IPNet) error {
+ if len(userNet.IP) == 0 || len(userNet.Mask) == 0 {
+ return errors.Errorf("network %s's ip or mask cannot be empty", userNet.String())
+ }
+
+ ones, bit := userNet.Mask.Size()
+ if ones == 0 || bit == 0 {
+ return errors.Errorf("network %s's mask is invalid", userNet.String())
+ }
+
networks, err := GetNetworksFromFilesystem(config)
if err != nil {
return err
diff --git a/test/apiv2/35-networks.at b/test/apiv2/35-networks.at
index fff3f3b1f..4c032c072 100644
--- a/test/apiv2/35-networks.at
+++ b/test/apiv2/35-networks.at
@@ -3,6 +3,32 @@
# network-related tests
#
-t GET /networks/non-existing-network 404
+t GET networks/non-existing-network 404 \
+ .cause='network not found'
+
+if root; then
+ t POST libpod/networks/create?name=network1 '' 200 \
+ .Filename~.*/network1\\.conflist
+
+ # --data '{"Subnet":{"IP":"10.10.254.0","Mask":[255,255,255,0]}}'
+ t POST libpod/networks/create?name=network2 '"Subnet":{"IP":"10.10.254.0","Mask":[255,255,255,0]}' 200 \
+ .Filename~.*/network2\\.conflist
+
+ # test for empty mask
+ t POST libpod/networks/create '"Subnet":{"IP":"10.10.1.0","Mask":[]}' 500 \
+ .cause~'.*cannot be empty'
+ # test for invalid mask
+ t POST libpod/networks/create '"Subnet":{"IP":"10.10.1.0","Mask":[0,255,255,0]}' 500 \
+ .cause~'.*mask is invalid'
+
+ # clean the network
+ t DELETE libpod/networks/network1 200 \
+ .[0].Name~network1 \
+ .[0].Err=null
+ t DELETE libpod/networks/network2 200 \
+ .[0].Name~network2 \
+ .[0].Err=null
+
+fi
# vim: filetype=sh
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index d735217d6..83befe730 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -293,6 +293,22 @@ var _ = Describe("Podman run networking", func() {
Expect(session.ExitCode()).To(Equal(0))
})
+ It("podman run slirp4netns network with different cidr", func() {
+ slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"})
+ Expect(slirp4netnsHelp.ExitCode()).To(Equal(0))
+
+ networkConfiguration := "slirp4netns:cidr=192.168.0.0/24,allow_host_loopback=true"
+ session := podmanTest.Podman([]string{"run", "--network", networkConfiguration, ALPINE, "ping", "-c1", "192.168.0.2"})
+ session.Wait(30)
+
+ if strings.Contains(slirp4netnsHelp.OutputToString(), "cidr") {
+ Expect(session.ExitCode()).To(Equal(0))
+ } else {
+ Expect(session.ExitCode()).ToNot(Equal(0))
+ Expect(session.ErrorToString()).To(ContainSubstring("cidr not supported"))
+ }
+ })
+
It("podman run network bind to 127.0.0.1", func() {
slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"})
Expect(slirp4netnsHelp.ExitCode()).To(Equal(0))