diff options
| -rw-r--r-- | cmd/podman/common/create_opts.go | 9 | ||||
| -rw-r--r-- | cmd/podman/machine/inspect.go | 90 | ||||
| -rw-r--r-- | docs/source/markdown/podman-container-clone.1.md | 4 | ||||
| -rw-r--r-- | docs/source/markdown/podman-machine-inspect.1.md | 35 | ||||
| -rw-r--r-- | docs/source/markdown/podman-machine.1.md | 21 | ||||
| -rw-r--r-- | go.mod | 4 | ||||
| -rw-r--r-- | go.sum | 8 | ||||
| -rw-r--r-- | pkg/api/handlers/compat/containers_attach.go | 2 | ||||
| -rw-r--r-- | pkg/machine/config.go | 15 | ||||
| -rw-r--r-- | pkg/machine/qemu/machine.go | 50 | ||||
| -rw-r--r-- | pkg/machine/wsl/machine.go | 7 | ||||
| -rw-r--r-- | test/apiv2/20-containers.at | 13 | ||||
| -rw-r--r-- | vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/doc.go | 20 | ||||
| -rw-r--r-- | vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec.go | 41 | ||||
| -rw-r--r-- | vendor/github.com/containers/common/pkg/config/config.go | 4 | ||||
| -rw-r--r-- | vendor/github.com/containers/common/pkg/config/containers.conf | 9 | ||||
| -rw-r--r-- | vendor/github.com/containers/common/pkg/config/default.go | 23 | ||||
| -rw-r--r-- | vendor/modules.txt | 4 |
18 files changed, 283 insertions, 76 deletions
diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go index 39146f918..7b7626040 100644 --- a/cmd/podman/common/create_opts.go +++ b/cmd/podman/common/create_opts.go @@ -164,8 +164,13 @@ func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig, rtc *c } } - // netMode - nsmode, networks, netOpts, err := specgen.ParseNetworkFlag([]string{string(cc.HostConfig.NetworkMode)}) + // special case for NetworkMode, the podman default is slirp4netns for + // rootless but for better docker compat we want bridge. + netmode := string(cc.HostConfig.NetworkMode) + if netmode == "" || netmode == "default" { + netmode = "bridge" + } + nsmode, networks, netOpts, err := specgen.ParseNetworkFlag([]string{netmode}) if err != nil { return nil, nil, err } diff --git a/cmd/podman/machine/inspect.go b/cmd/podman/machine/inspect.go new file mode 100644 index 000000000..d43cabf6b --- /dev/null +++ b/cmd/podman/machine/inspect.go @@ -0,0 +1,90 @@ +//go:build amd64 || arm64 +// +build amd64 arm64 + +package machine + +import ( + "encoding/json" + "os" + + "github.com/containers/podman/v4/cmd/podman/common" + "github.com/containers/podman/v4/cmd/podman/registry" + "github.com/containers/podman/v4/cmd/podman/utils" + "github.com/containers/podman/v4/libpod/define" + "github.com/containers/podman/v4/pkg/machine" + "github.com/sirupsen/logrus" + "github.com/spf13/cobra" +) + +var ( + inspectCmd = &cobra.Command{ + Use: "inspect [options] [MACHINE...]", + Short: "Inspect an existing machine", + Long: "Provide details on a managed virtual machine", + RunE: inspect, + Example: `podman machine inspect myvm`, + ValidArgsFunction: autocompleteMachine, + } + inspectFlag = inspectFlagType{} +) + +type inspectFlagType struct { + format string +} + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Command: inspectCmd, + Parent: machineCmd, + }) + + flags := inspectCmd.Flags() + formatFlagName := "format" + flags.StringVar(&inspectFlag.format, formatFlagName, "", "Format volume output using JSON or a Go template") + _ = inspectCmd.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteFormat(machine.InspectInfo{})) +} + +func inspect(cmd *cobra.Command, args []string) error { + var ( + errs utils.OutputErrors + ) + if len(args) < 1 { + args = append(args, defaultMachineName) + } + vms := make([]machine.InspectInfo, 0, len(args)) + provider := getSystemDefaultProvider() + for _, vmName := range args { + vm, err := provider.LoadVMByName(vmName) + if err != nil { + errs = append(errs, err) + continue + } + state, err := vm.State() + if err != nil { + errs = append(errs, err) + continue + } + ii := machine.InspectInfo{ + State: state, + VM: vm, + } + vms = append(vms, ii) + } + if len(inspectFlag.format) > 0 { + // need jhonce to work his template magic + return define.ErrNotImplemented + } + if err := printJSON(vms); err != nil { + logrus.Error(err) + } + return errs.PrintErrors() +} + +func printJSON(data []machine.InspectInfo) error { + enc := json.NewEncoder(os.Stdout) + // by default, json marshallers will force utf=8 from + // a string. this breaks healthchecks that use <,>, &&. + enc.SetEscapeHTML(false) + enc.SetIndent("", " ") + return enc.Encode(data) +} diff --git a/docs/source/markdown/podman-container-clone.1.md b/docs/source/markdown/podman-container-clone.1.md index eaf330373..6c23abe81 100644 --- a/docs/source/markdown/podman-container-clone.1.md +++ b/docs/source/markdown/podman-container-clone.1.md @@ -7,7 +7,7 @@ podman\-container\-clone - Creates a copy of an existing container **podman container clone** [*options*] *container* *name* *image* ## DESCRIPTION -**podman container clone** creates a copy of a container, recreating the original with an identical configuration. This command takes three arguments: the first being the container id or name ot clone, the second argument in this command can change the name of the clone from the default of $ORIGINAL_NAME-clone, and the third is a new image to use in the cloned container. +**podman container clone** creates a copy of a container, recreating the original with an identical configuration. This command takes three arguments: the first being the container id or name to clone, the second argument in this command can change the name of the clone from the default of $ORIGINAL_NAME-clone, and the third is a new image to use in the cloned container. ## OPTIONS @@ -59,7 +59,7 @@ Period of 1,000,000us and Runtime of 950,000us means that this container could c The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup. -This option is not supported on cgroup V2 systems. +This option is not supported on cgroups V2 systems. #### **--cpu-shares**=*shares* diff --git a/docs/source/markdown/podman-machine-inspect.1.md b/docs/source/markdown/podman-machine-inspect.1.md new file mode 100644 index 000000000..38eb66b0d --- /dev/null +++ b/docs/source/markdown/podman-machine-inspect.1.md @@ -0,0 +1,35 @@ +% podman-machine-inspect(1) + +## NAME +podman\-machine\-inspect - Inspect one or more virtual machines + +## SYNOPSIS +**podman machine inspect** [*options] *name* ... + +## DESCRIPTION + +Inspect one or more virtual machines + +Obtain greater detail about Podman virtual machines. More than one virtual machine can be +inspected at once. + +## OPTIONS +#### **--format** + +Print results with a Go template. + +#### **--help** + +Print usage statement. + +## EXAMPLES + +``` +$ podman machine inspect podman-machine-default +``` + +## SEE ALSO +**[podman(1)](podman.1.md)**, **[podman-machine(1)](podman-machine.1.md)** + +## HISTORY +April 2022, Originally compiled by Brent Baude <bbaude@redhat.com> diff --git a/docs/source/markdown/podman-machine.1.md b/docs/source/markdown/podman-machine.1.md index 3bdfd0be9..e9f6c7d20 100644 --- a/docs/source/markdown/podman-machine.1.md +++ b/docs/source/markdown/podman-machine.1.md @@ -11,18 +11,19 @@ podman\-machine - Manage Podman's virtual machine ## SUBCOMMANDS -| Command | Man Page | Description | -| ------- | ------------------------------------------------------- | --------------------------------- | -| init | [podman-machine-init(1)](podman-machine-init.1.md) | Initialize a new virtual machine | -| list | [podman-machine-list(1)](podman-machine-list.1.md) | List virtual machines | -| rm | [podman-machine-rm(1)](podman-machine-rm.1.md) | Remove a virtual machine | -| set | [podman-machine-set(1)](podman-machine-set.1.md) | Sets a virtual machine setting | -| ssh | [podman-machine-ssh(1)](podman-machine-ssh.1.md) | SSH into a virtual machine | -| start | [podman-machine-start(1)](podman-machine-start.1.md) | Start a virtual machine | -| stop | [podman-machine-stop(1)](podman-machine-stop.1.md) | Stop a virtual machine | +| Command | Man Page | Description | +|---------|------------------------------------------------------|-----------------------------------| +| init | [podman-machine-init(1)](podman-machine-init.1.md) | Initialize a new virtual machine | +| inspect | [podman-machine-inspect(1)](podman-machine-inspect.1.md) | Inspect one or more virtual machines | +| list | [podman-machine-list(1)](podman-machine-list.1.md) | List virtual machines | +| rm | [podman-machine-rm(1)](podman-machine-rm.1.md) | Remove a virtual machine | +| set | [podman-machine-set(1)](podman-machine-set.1.md) | Sets a virtual machine setting | +| ssh | [podman-machine-ssh(1)](podman-machine-ssh.1.md) | SSH into a virtual machine | +| start | [podman-machine-start(1)](podman-machine-start.1.md) | Start a virtual machine | +| stop | [podman-machine-stop(1)](podman-machine-stop.1.md) | Stop a virtual machine | ## SEE ALSO -**[podman(1)](podman.1.md)**, **[podman-machine-init(1)](podman-machine-init.1.md)**, **[podman-machine-list(1)](podman-machine-list.1.md)**, **[podman-machine-rm(1)](podman-machine-rm.1.md)**, **[podman-machine-ssh(1)](podman-machine-ssh.1.md)**, **[podman-machine-start(1)](podman-machine-start.1.md)**, **[podman-machine-stop(1)](podman-machine-stop.1.md)** +**[podman(1)](podman.1.md)**, **[podman-machine-init(1)](podman-machine-init.1.md)**, **[podman-machine-list(1)](podman-machine-list.1.md)**, **[podman-machine-rm(1)](podman-machine-rm.1.md)**, **[podman-machine-ssh(1)](podman-machine-ssh.1.md)**, **[podman-machine-start(1)](podman-machine-start.1.md)**, **[podman-machine-stop(1)](podman-machine-stop.1.md)**, **[podman-machine-inspect(1)](podman-machine-inspect.1.md)** ## HISTORY March 2021, Originally compiled by Ashley Cui <acui@redhat.com> @@ -8,11 +8,11 @@ require ( github.com/buger/goterm v1.0.4 github.com/checkpoint-restore/checkpointctl v0.0.0-20211204171957-54b4ebfdb681 github.com/checkpoint-restore/go-criu/v5 v5.3.0 - github.com/container-orchestrated-devices/container-device-interface v0.3.0 + github.com/container-orchestrated-devices/container-device-interface v0.3.2 github.com/containernetworking/cni v1.0.1 github.com/containernetworking/plugins v1.1.1 github.com/containers/buildah v1.25.2-0.20220406205807-5b8e79118057 - github.com/containers/common v0.47.5-0.20220406101255-3dd66c046c25 + github.com/containers/common v0.47.5-0.20220413182852-c23a4e11f91b github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.21.1-0.20220405081457-d1b64686e1d0 github.com/containers/ocicrypt v1.1.3 @@ -244,8 +244,8 @@ github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:z github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= -github.com/container-orchestrated-devices/container-device-interface v0.3.0 h1:tM2zdVYZY8getsFaTc7Z+v+UqDXhk5alchOHVEADes0= -github.com/container-orchestrated-devices/container-device-interface v0.3.0/go.mod h1:LGs3yHVe1wZn2XsWl4AxywYQ3NRZ6osTEZozCHQCRSM= +github.com/container-orchestrated-devices/container-device-interface v0.3.2 h1:vZVaQwmFFddi7Y9mJgQTLPFxTWg81+OIHEMu/Th1wuw= +github.com/container-orchestrated-devices/container-device-interface v0.3.2/go.mod h1:E1zcucIkq9P3eyNmY+68dBQsTcsXJh9cgRo2IVNScKQ= github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE= github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU= github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU= @@ -355,8 +355,8 @@ github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19 github.com/containers/buildah v1.25.2-0.20220406205807-5b8e79118057 h1:lKSxhMBpcHyyQrj2QJYzcm56uiSeibRdSL2KoppF6rg= github.com/containers/buildah v1.25.2-0.20220406205807-5b8e79118057/go.mod h1:iSoopbYRb6K4b5c3hXgXNkGTI/T085t2+XiGjceud94= github.com/containers/common v0.47.5-0.20220331143923-5f14ec785c18/go.mod h1:Vr2Fn6EdzD6JNAbz8L8bTv3uWLv2p31Ih2O3EAK6Hyc= -github.com/containers/common v0.47.5-0.20220406101255-3dd66c046c25 h1:IQeqv8Hf6CqFUlKaz95QFTrLc9V4sbVQyhP9jzGnNBc= -github.com/containers/common v0.47.5-0.20220406101255-3dd66c046c25/go.mod h1:0mfWn1RRdpBjXmiunOVLaJ1I86pQjXKAc8zuiAuUesk= +github.com/containers/common v0.47.5-0.20220413182852-c23a4e11f91b h1:HVOojcjTGPke7oOh1T/Wj67DK74LBJOR6qU5uW+33zk= +github.com/containers/common v0.47.5-0.20220413182852-c23a4e11f91b/go.mod h1:nRW9288gdZqIGoRwoV23i3qO7Zznbd34sdDOBnq2GjY= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.19.2-0.20220224100137-1045fb70b094/go.mod h1:XoYK6kE0dpazFNcuS+a8lra+QfbC6s8tzv+cUuCrZpE= diff --git a/pkg/api/handlers/compat/containers_attach.go b/pkg/api/handlers/compat/containers_attach.go index 027dadaa3..c8905808f 100644 --- a/pkg/api/handlers/compat/containers_attach.go +++ b/pkg/api/handlers/compat/containers_attach.go @@ -83,7 +83,7 @@ func AttachContainer(w http.ResponseWriter, r *http.Request) { return } // For Docker compatibility, we need to re-initialize containers in these states. - if state == define.ContainerStateConfigured || state == define.ContainerStateExited { + if state == define.ContainerStateConfigured || state == define.ContainerStateExited || state == define.ContainerStateStopped { if err := ctr.Init(r.Context(), ctr.PodID() != ""); err != nil { utils.Error(w, http.StatusConflict, errors.Wrapf(err, "error preparing container %s for attach", ctr.ID())) return diff --git a/pkg/machine/config.go b/pkg/machine/config.go index 7e1561506..6c2fab0e5 100644 --- a/pkg/machine/config.go +++ b/pkg/machine/config.go @@ -33,14 +33,14 @@ type InitOptions struct { UID string } -type QemuMachineStatus = string +type Status = string const ( // Running indicates the qemu vm is running. - Running QemuMachineStatus = "running" + Running Status = "running" // Stopped indicates the vm has stopped. - Stopped QemuMachineStatus = "stopped" - DefaultMachineName string = "podman-machine-default" + Stopped Status = "stopped" + DefaultMachineName string = "podman-machine-default" ) type Provider interface { @@ -113,12 +113,15 @@ type RemoveOptions struct { SaveIgnition bool } +type InspectOptions struct{} + type VM interface { Init(opts InitOptions) (bool, error) Remove(name string, opts RemoveOptions) (string, func() error, error) Set(name string, opts SetOptions) error SSH(name string, opts SSHOptions) error Start(name string, opts StartOptions) error + State() (Status, error) Stop(name string, opts StopOptions) error } @@ -126,6 +129,10 @@ type DistributionDownload interface { HasUsableCache() (bool, error) Get() *Download } +type InspectInfo struct { + State Status + VM +} func (rc RemoteConnectionType) MakeSSHURL(host, path, port, userName string) url.URL { //TODO Should this function have input verification? diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go index 321c1b99c..a3dedeedb 100644 --- a/pkg/machine/qemu/machine.go +++ b/pkg/machine/qemu/machine.go @@ -439,12 +439,12 @@ func (v *MachineVM) Set(_ string, opts machine.SetOptions) error { return nil } - running, err := v.isRunning() + state, err := v.State() if err != nil { return err } - if running { + if state == machine.Running { suffix := "" if v.Name != machine.DefaultMachineName { suffix = " " + v.Name @@ -581,14 +581,14 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error { } if len(v.Mounts) > 0 { - running, err := v.isRunning() + state, err := v.State() if err != nil { return err } listening := v.isListening() - for !running || !listening { + for state != machine.Running || !listening { time.Sleep(100 * time.Millisecond) - running, err = v.isRunning() + state, err = v.State() if err != nil { return err } @@ -634,7 +634,7 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error { return nil } -func (v *MachineVM) checkStatus(monitor *qmp.SocketMonitor) (machine.QemuMachineStatus, error) { +func (v *MachineVM) checkStatus(monitor *qmp.SocketMonitor) (machine.Status, error) { // this is the format returned from the monitor // {"return": {"status": "running", "singlestep": false, "running": true}} @@ -748,11 +748,11 @@ func (v *MachineVM) Stop(_ string, _ machine.StopOptions) error { disconnected = true waitInternal := 250 * time.Millisecond for i := 0; i < 5; i++ { - running, err := v.isRunning() + state, err := v.State() if err != nil { return err } - if !running { + if state != machine.Running { break } time.Sleep(waitInternal) @@ -800,11 +800,11 @@ func (v *MachineVM) Remove(_ string, opts machine.RemoveOptions) (string, func() ) // cannot remove a running vm unless --force is used - running, err := v.isRunning() + state, err := v.State() if err != nil { return "", nil, err } - if running && !opts.Force { + if state == machine.Running && !opts.Force { return "", nil, errors.Errorf("running vm %q cannot be destroyed", v.Name) } @@ -858,10 +858,7 @@ func (v *MachineVM) Remove(_ string, opts machine.RemoveOptions) (string, func() confirmationMessage += "\n" return confirmationMessage, func() error { for _, f := range files { - if err := os.Remove(f); err != nil { - if errors.Is(err, os.ErrNotExist) { - continue - } + if err := os.Remove(f); err != nil && !errors.Is(err, os.ErrNotExist) { logrus.Error(err) } } @@ -869,19 +866,19 @@ func (v *MachineVM) Remove(_ string, opts machine.RemoveOptions) (string, func() }, nil } -func (v *MachineVM) isRunning() (bool, error) { +func (v *MachineVM) State() (machine.Status, error) { // Check if qmp socket path exists if _, err := os.Stat(v.QMPMonitor.Address.GetPath()); os.IsNotExist(err) { - return false, nil + return "", nil } // Check if we can dial it monitor, err := qmp.NewSocketMonitor(v.QMPMonitor.Network, v.QMPMonitor.Address.GetPath(), v.QMPMonitor.Timeout) if err != nil { // FIXME: this error should probably be returned - return false, nil // nolint: nilerr + return "", err } if err := monitor.Connect(); err != nil { - return false, err + return "", err } defer func() { if err := monitor.Disconnect(); err != nil { @@ -889,14 +886,7 @@ func (v *MachineVM) isRunning() (bool, error) { } }() // If there is a monitor, lets see if we can query state - state, err := v.checkStatus(monitor) - if err != nil { - return false, err - } - if state == machine.Running { - return true, nil - } - return false, nil + return v.checkStatus(monitor) } func (v *MachineVM) isListening() bool { @@ -912,11 +902,11 @@ func (v *MachineVM) isListening() bool { // SSH opens an interactive SSH session to the vm specified. // Added ssh function to VM interface: pkg/machine/config/go : line 58 func (v *MachineVM) SSH(_ string, opts machine.SSHOptions) error { - running, err := v.isRunning() + state, err := v.State() if err != nil { return err } - if !running { + if state != machine.Running { return errors.Errorf("vm %q is not running.", v.Name) } @@ -1037,11 +1027,11 @@ func getVMInfos() ([]*machine.ListResponse, error) { return err } listEntry.LastUp = fi.ModTime() - running, err := vm.isRunning() + state, err := vm.State() if err != nil { return err } - if running { + if state == machine.Running { listEntry.Running = true } diff --git a/pkg/machine/wsl/machine.go b/pkg/machine/wsl/machine.go index fdda45ca6..1da042f6a 100644 --- a/pkg/machine/wsl/machine.go +++ b/pkg/machine/wsl/machine.go @@ -18,6 +18,7 @@ import ( "strings" "time" + "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/machine" "github.com/containers/podman/v4/utils" "github.com/containers/storage/pkg/homedir" @@ -1013,6 +1014,12 @@ func (v *MachineVM) Stop(name string, _ machine.StopOptions) error { return nil } +// TODO: We need to rename isRunning to State(); I do not have a +// windows system to test this on. +func (v *MachineVM) State() (machine.Status, error) { + return "", define.ErrNotImplemented +} + func stopWinProxy(v *MachineVM) error { pid, tid, tidFile, err := readWinProxyTid(v) if err != nil { diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at index a3675d40a..2d5754077 100644 --- a/test/apiv2/20-containers.at +++ b/test/apiv2/20-containers.at @@ -239,16 +239,11 @@ t GET containers/$cid/json 200 \ t POST containers/create Image=$IMAGE Entrypoint='["top"]' 201 \ .Id~[0-9a-f]\\{64\\} cid_top=$(jq -r '.Id' <<<"$output") -# .Network is N/A when rootless -network_expect= -if root; then - network_expect='.NetworkSettings.Networks.podman.NetworkID=podman' -fi t GET containers/${cid_top}/json 200 \ .Config.Entrypoint[0]="top" \ .Config.Cmd='[]' \ .Path="top" \ - $network_expect + .NetworkSettings.Networks.podman.NetworkID=podman t POST containers/${cid_top}/start 204 # make sure the container is running t GET containers/${cid_top}/json 200 \ @@ -372,15 +367,11 @@ t GET containers/$cid/json 200 \ t DELETE containers/$cid?v=true 204 # Test Compat Create with default network mode (#10569) -networkmode=slirp4netns -if root; then - networkmode=bridge -fi t POST containers/create Image=$IMAGE HostConfig='{"NetworkMode":"default"}' 201 \ .Id~[0-9a-f]\\{64\\} cid=$(jq -r '.Id' <<<"$output") t GET containers/$cid/json 200 \ - .HostConfig.NetworkMode="$networkmode" + .HostConfig.NetworkMode="bridge" t DELETE containers/$cid?v=true 204 diff --git a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/doc.go b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/doc.go index 4fcdc44db..a9017259c 100644 --- a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/doc.go +++ b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/doc.go @@ -127,4 +127,24 @@ // The default directories are '/etc/cdi' and '/var/run/cdi'. By putting // dynamically generated Spec files under '/var/run/cdi', those take // precedence over static ones in '/etc/cdi'. +// +// CDI Spec Validation +// +// This package performs both syntactic and semantic validation of CDI +// Spec file data when a Spec file is loaded via the registry or using +// the ReadSpec API function. As part of the semantic verification, the +// Spec file is verified against the CDI Spec JSON validation schema. +// +// If a valid externally provided JSON validation schema is found in +// the filesystem at /etc/cdi/schema/schema.json it is loaded and used +// as the default validation schema. If such a file is not found or +// fails to load, an embedded no-op schema is used. +// +// The used validation schema can also be changed programmatically using +// the SetSchema API convenience function. This function also accepts +// the special "builtin" (BuiltinSchemaName) and "none" (NoneSchemaName) +// schema names which switch the used schema to the in-repo validation +// schema embedded into the binary or the now default no-op schema +// correspondingly. Other names are interpreted as the path to the actual +/// validation schema to load and use. package cdi diff --git a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec.go b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec.go index adebc101f..59f01acb7 100644 --- a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec.go +++ b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/spec.go @@ -35,6 +35,9 @@ var ( "0.2.0": {}, "0.3.0": {}, } + + // Externally set CDI Spec validation function. + specValidator func(*cdi.Spec) error ) // Spec represents a single CDI Spec. It is usually loaded from a @@ -68,8 +71,16 @@ func ReadSpec(path string, priority int) (*Spec, error) { if err != nil { return nil, errors.Wrapf(err, "failed to parse CDI Spec %q", path) } + if raw == nil { + return nil, errors.Errorf("failed to parse CDI Spec %q, no Spec data", path) + } + + spec, err := NewSpec(raw, path, priority) + if err != nil { + return nil, err + } - return NewSpec(raw, path, priority) + return spec, nil } // NewSpec creates a new Spec from the given CDI Spec data. The @@ -77,7 +88,10 @@ func ReadSpec(path string, priority int) (*Spec, error) { // priority. If Spec data validation fails NewSpec returns a nil // Spec and an error. func NewSpec(raw *cdi.Spec, path string, priority int) (*Spec, error) { - var err error + err := validateSpec(raw) + if err != nil { + return nil, err + } spec := &Spec{ Spec: raw, @@ -170,16 +184,29 @@ func validateVersion(version string) error { // Parse raw CDI Spec file data. func parseSpec(data []byte) (*cdi.Spec, error) { - raw := &cdi.Spec{} + var raw *cdi.Spec err := yaml.UnmarshalStrict(data, &raw) if err != nil { return nil, errors.Wrap(err, "failed to unmarshal CDI Spec") } - return raw, validateJSONSchema(raw) + return raw, nil +} + +// SetSpecValidator sets a CDI Spec validator function. This function +// is used for extra CDI Spec content validation whenever a Spec file +// loaded (using ReadSpec() or NewSpec()) or written (Spec.Write()). +func SetSpecValidator(fn func(*cdi.Spec) error) { + specValidator = fn } -// Validate CDI Spec against JSON Schema. -func validateJSONSchema(raw *cdi.Spec) error { - // TODO +// validateSpec validates the Spec using the extneral validator. +func validateSpec(raw *cdi.Spec) error { + if specValidator == nil { + return nil + } + err := specValidator(raw) + if err != nil { + return errors.Wrap(err, "Spec validation failed") + } return nil } diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go index 2c556c1bb..77654406a 100644 --- a/vendor/github.com/containers/common/pkg/config/config.go +++ b/vendor/github.com/containers/common/pkg/config/config.go @@ -558,8 +558,10 @@ type MachineConfig struct { Image string `toml:"image,omitempty"` // Memory in MB a machine is created with. Memory uint64 `toml:"memory,omitempty,omitzero"` - // Username to use for rootless podman when init-ing a podman machine VM + // User to use for rootless podman when init-ing a podman machine VM User string `toml:"user,omitempty"` + // Volumes are host directories mounted into the VM by default. + Volumes []string `toml:"volumes"` } // Destination represents destination for remote service diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index 48ea8263b..923b668bb 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -627,6 +627,15 @@ default_sysctls = [ # #user = "core" +# Host directories to be mounted as volumes into the VM by default. +# Environment variables like $HOME as well as complete paths are supported for +# the source and destination. An optional third field `:ro` can be used to +# tell the container engines to mount the volume readonly. +# +# volumes = [ +# "$HOME:$HOME", +#] + # The [machine] table MUST be the last entry in this file. # (Unless another table is added) # TOML does not provide a way to end a table other than a further table being diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index 14858e967..1a1da3fcd 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -9,6 +9,7 @@ import ( "path/filepath" "regexp" "strconv" + "strings" nettypes "github.com/containers/common/libnetwork/types" "github.com/containers/common/pkg/apparmor" @@ -246,6 +247,7 @@ func defaultMachineConfig() MachineConfig { Image: getDefaultMachineImage(), Memory: 2048, User: getDefaultMachineUser(), + Volumes: []string{"$HOME:$HOME"}, } } @@ -593,3 +595,24 @@ func (c *Config) LogDriver() string { func (c *Config) MachineEnabled() bool { return c.Engine.MachineEnabled } + +// MachineVolumes returns volumes to mount into the VM +func (c *Config) MachineVolumes() ([]string, error) { + return machineVolumes(c.Machine.Volumes) +} + +func machineVolumes(volumes []string) ([]string, error) { + translatedVolumes := []string{} + for _, v := range volumes { + vol := os.ExpandEnv(v) + split := strings.Split(vol, ":") + if len(split) < 2 || len(split) > 3 { + return nil, errors.Errorf("invalid machine volume %s, 2 or 3 fields required", v) + } + if split[0] == "" || split[1] == "" { + return nil, errors.Errorf("invalid machine volume %s, fields must container data", v) + } + translatedVolumes = append(translatedVolumes, vol) + } + return translatedVolumes, nil +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 11ee3b189..d6d26b561 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -57,7 +57,7 @@ github.com/checkpoint-restore/go-criu/v5/rpc github.com/checkpoint-restore/go-criu/v5/stats # github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e github.com/chzyer/readline -# github.com/container-orchestrated-devices/container-device-interface v0.3.0 +# github.com/container-orchestrated-devices/container-device-interface v0.3.2 ## explicit github.com/container-orchestrated-devices/container-device-interface/pkg/cdi github.com/container-orchestrated-devices/container-device-interface/specs-go @@ -109,7 +109,7 @@ github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.47.5-0.20220406101255-3dd66c046c25 +# github.com/containers/common v0.47.5-0.20220413182852-c23a4e11f91b ## explicit github.com/containers/common/libimage github.com/containers/common/libimage/manifests |