summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cmd/podman/containers/kill.go8
-rw-r--r--docs/source/markdown/podman-kill.1.md8
-rw-r--r--libpod/image/utils.go57
-rw-r--r--libpod/oci_conmon_linux.go5
-rw-r--r--pkg/domain/entities/containers.go7
-rw-r--r--pkg/domain/infra/abi/containers.go9
-rw-r--r--pkg/domain/infra/abi/play.go2
-rw-r--r--pkg/domain/infra/tunnel/containers.go8
-rw-r--r--pkg/specgen/generate/kube/kube.go8
-rw-r--r--test/e2e/exists_test.go1
-rw-r--r--test/e2e/kill_test.go55
-rw-r--r--test/e2e/play_kube_test.go29
12 files changed, 176 insertions, 21 deletions
diff --git a/cmd/podman/containers/kill.go b/cmd/podman/containers/kill.go
index 4640229a9..28040e08a 100644
--- a/cmd/podman/containers/kill.go
+++ b/cmd/podman/containers/kill.go
@@ -5,6 +5,7 @@ import (
"errors"
"fmt"
+ "github.com/containers/common/pkg/completion"
"github.com/containers/podman/v2/cmd/podman/common"
"github.com/containers/podman/v2/cmd/podman/registry"
"github.com/containers/podman/v2/cmd/podman/utils"
@@ -22,7 +23,7 @@ var (
Long: killDescription,
RunE: kill,
Args: func(cmd *cobra.Command, args []string) error {
- return validate.CheckAllLatestAndCIDFile(cmd, args, false, false)
+ return validate.CheckAllLatestAndCIDFile(cmd, args, false, true)
},
ValidArgsFunction: common.AutocompleteContainersRunning,
Example: `podman kill mywebserver
@@ -32,7 +33,7 @@ var (
containerKillCommand = &cobra.Command{
Args: func(cmd *cobra.Command, args []string) error {
- return validate.CheckAllLatestAndCIDFile(cmd, args, false, false)
+ return validate.CheckAllLatestAndCIDFile(cmd, args, false, true)
},
Use: killCommand.Use,
Short: killCommand.Short,
@@ -57,6 +58,9 @@ func killFlags(cmd *cobra.Command) {
signalFlagName := "signal"
flags.StringVarP(&killOptions.Signal, signalFlagName, "s", "KILL", "Signal to send to the container")
_ = cmd.RegisterFlagCompletionFunc(signalFlagName, common.AutocompleteStopSignal)
+ cidfileFlagName := "cidfile"
+ flags.StringArrayVar(&killOptions.CIDFiles, cidfileFlagName, []string{}, "Read the container ID from the file")
+ _ = cmd.RegisterFlagCompletionFunc(cidfileFlagName, completion.AutocompleteDefault)
}
func init() {
diff --git a/docs/source/markdown/podman-kill.1.md b/docs/source/markdown/podman-kill.1.md
index 5956c03da..96c01ac09 100644
--- a/docs/source/markdown/podman-kill.1.md
+++ b/docs/source/markdown/podman-kill.1.md
@@ -16,6 +16,10 @@ The main process inside each container specified will be sent SIGKILL, or any si
Signal all running containers. This does not include paused containers.
+#### **--cidfile**
+
+Read container ID from the specified file and remove the container. Can be specified multiple times.
+
#### **--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
@@ -40,6 +44,10 @@ podman kill --latest
podman kill --signal KILL -a
+podman kill --cidfile /home/user/cidfile-1
+
+podman kill --cidfile /home/user/cidfile-1 --cidfile ./cidfile-2
+
## SEE ALSO
podman(1), podman-stop(1)
diff --git a/libpod/image/utils.go b/libpod/image/utils.go
index 7429a7f10..727c73a71 100644
--- a/libpod/image/utils.go
+++ b/libpod/image/utils.go
@@ -20,7 +20,11 @@ import (
// a match on name:tag
func findImageInRepotags(search imageParts, images []*Image) (*storage.Image, error) {
_, searchName, searchSuspiciousTagValueForSearch := search.suspiciousRefNameTagValuesForSearch()
- var results []*storage.Image
+ type Candidate struct {
+ name string
+ image *Image
+ }
+ var candidates []Candidate
for _, image := range images {
for _, name := range image.Names() {
d, err := decompose(name)
@@ -29,23 +33,52 @@ func findImageInRepotags(search imageParts, images []*Image) (*storage.Image, er
continue
}
_, dName, dSuspiciousTagValueForSearch := d.suspiciousRefNameTagValuesForSearch()
- if dName == searchName && dSuspiciousTagValueForSearch == searchSuspiciousTagValueForSearch {
- results = append(results, image.image)
+ if dSuspiciousTagValueForSearch != searchSuspiciousTagValueForSearch {
continue
}
- // account for registry:/somedir/image
- if strings.HasSuffix(dName, "/"+searchName) && dSuspiciousTagValueForSearch == searchSuspiciousTagValueForSearch {
- results = append(results, image.image)
- continue
+ if dName == searchName || strings.HasSuffix(dName, "/"+searchName) {
+ candidates = append(candidates, Candidate{
+ name: name,
+ image: image,
+ })
}
}
}
- if len(results) == 0 {
- return &storage.Image{}, errors.Errorf("unable to find a name and tag match for %s in repotags", searchName)
- } else if len(results) > 1 {
- return &storage.Image{}, errors.Wrapf(define.ErrMultipleImages, searchName)
+ if len(candidates) == 0 {
+ return nil, errors.Errorf("unable to find a name and tag match for %s in repotags", searchName)
+ }
+
+ // If more then one candidate and the candidates all have same name
+ // and only one is read/write return it.
+ // Othewise return error with the list of candidates
+ if len(candidates) > 1 {
+ var (
+ rwImage *Image
+ rwImageCnt int
+ )
+ names := make(map[string]bool)
+ for _, c := range candidates {
+ names[c.name] = true
+ if !c.image.IsReadOnly() {
+ rwImageCnt++
+ rwImage = c.image
+ }
+ }
+ // If only one name used and have read/write image return it
+ if len(names) == 1 && rwImageCnt == 1 {
+ return rwImage.image, nil
+ }
+ keys := []string{}
+ for k := range names {
+ keys = append(keys, k)
+ }
+ if rwImageCnt > 1 {
+ return nil, errors.Wrapf(define.ErrMultipleImages, "found multiple read/write images %s", strings.Join(keys, ","))
+ } else {
+ return nil, errors.Wrapf(define.ErrMultipleImages, "found multiple read/only images %s", strings.Join(keys, ","))
+ }
}
- return results[0], nil
+ return candidates[0].image.image, nil
}
// getCopyOptions constructs a new containers/image/copy.Options{} struct from the given parameters, inheriting some from sc.
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index 77c6a2f76..c99086b33 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -69,6 +69,7 @@ type ConmonOCIRuntime struct {
supportsKVM bool
supportsNoCgroups bool
sdNotify bool
+ enableKeyring bool
}
// Make a new Conmon-based OCI runtime with the given options.
@@ -107,6 +108,7 @@ func newConmonOCIRuntime(name string, paths []string, conmonPath string, runtime
runtime.noPivot = runtimeCfg.Engine.NoPivotRoot
runtime.reservePorts = runtimeCfg.Engine.EnablePortReservation
runtime.sdNotify = runtimeCfg.Engine.SDNotify
+ runtime.enableKeyring = runtimeCfg.Containers.EnableKeyring
// TODO: probe OCI runtime for feature and enable automatically if
// available.
@@ -1021,6 +1023,9 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co
args = append(args, "-i")
}
+ if !r.enableKeyring {
+ args = append(args, "--no-new-keyring")
+ }
if ctr.config.ConmonPidFile != "" {
args = append(args, "--conmon-pidfile", ctr.config.ConmonPidFile)
}
diff --git a/pkg/domain/entities/containers.go b/pkg/domain/entities/containers.go
index 4442c0030..b8d49d067 100644
--- a/pkg/domain/entities/containers.go
+++ b/pkg/domain/entities/containers.go
@@ -104,9 +104,10 @@ type TopOptions struct {
}
type KillOptions struct {
- All bool
- Latest bool
- Signal string
+ All bool
+ Latest bool
+ Signal string
+ CIDFiles []string
}
type KillReport struct {
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index ec65dbe44..efb4f866f 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -229,6 +229,14 @@ func (ic *ContainerEngine) pruneContainersHelper(filterFuncs []libpod.ContainerF
}
func (ic *ContainerEngine) ContainerKill(ctx context.Context, namesOrIds []string, options entities.KillOptions) ([]*entities.KillReport, error) {
+ for _, cidFile := range options.CIDFiles {
+ content, err := ioutil.ReadFile(cidFile)
+ if err != nil {
+ return nil, errors.Wrap(err, "error reading CIDFile")
+ }
+ id := strings.Split(string(content), "\n")[0]
+ namesOrIds = append(namesOrIds, id)
+ }
sig, err := signal.ParseSignalNameOrNumber(options.Signal)
if err != nil {
return nil, err
@@ -246,6 +254,7 @@ func (ic *ContainerEngine) ContainerKill(ctx context.Context, namesOrIds []strin
}
return reports, nil
}
+
func (ic *ContainerEngine) ContainerRestart(ctx context.Context, namesOrIds []string, options entities.RestartOptions) ([]*entities.RestartReport, error) {
var (
ctrs []*libpod.Container
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index 5b983a3f4..4135e8882 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -226,7 +226,7 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
return nil, err
}
- specGen, err := kube.ToSpecGen(ctx, container, container.Image, newImage, volumes, pod.ID(), podName, podInfraID, configMaps, seccompPaths, ctrRestartPolicy)
+ specGen, err := kube.ToSpecGen(ctx, container, container.Image, newImage, volumes, pod.ID(), podName, podInfraID, configMaps, seccompPaths, ctrRestartPolicy, p.NetNS.IsHost())
if err != nil {
return nil, err
}
diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go
index 7704de210..0db985dff 100644
--- a/pkg/domain/infra/tunnel/containers.go
+++ b/pkg/domain/infra/tunnel/containers.go
@@ -125,6 +125,14 @@ func (ic *ContainerEngine) ContainerStop(ctx context.Context, namesOrIds []strin
}
func (ic *ContainerEngine) ContainerKill(ctx context.Context, namesOrIds []string, opts entities.KillOptions) ([]*entities.KillReport, error) {
+ for _, cidFile := range opts.CIDFiles {
+ content, err := ioutil.ReadFile(cidFile)
+ if err != nil {
+ return nil, errors.Wrap(err, "error reading CIDFile")
+ }
+ id := strings.Split(string(content), "\n")[0]
+ namesOrIds = append(namesOrIds, id)
+ }
ctrs, err := getContainersByContext(ic.ClientCtx, opts.All, false, namesOrIds)
if err != nil {
return nil, err
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index fe0af3509..b5956029e 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -30,7 +30,7 @@ func ToPodGen(ctx context.Context, podName string, podYAML *v1.PodTemplateSpec)
p.Hostname = podName
}
if podYAML.Spec.HostNetwork {
- p.NetNS.Value = "host"
+ p.NetNS.NSMode = specgen.Host
}
if podYAML.Spec.HostAliases != nil {
hosts := make([]string, 0, len(podYAML.Spec.HostAliases))
@@ -47,7 +47,7 @@ func ToPodGen(ctx context.Context, podName string, podYAML *v1.PodTemplateSpec)
return p, nil
}
-func ToSpecGen(ctx context.Context, containerYAML v1.Container, iid string, newImage *image.Image, volumes map[string]*KubeVolume, podID, podName, infraID string, configMaps []v1.ConfigMap, seccompPaths *KubeSeccompPaths, restartPolicy string) (*specgen.SpecGenerator, error) {
+func ToSpecGen(ctx context.Context, containerYAML v1.Container, iid string, newImage *image.Image, volumes map[string]*KubeVolume, podID, podName, infraID string, configMaps []v1.ConfigMap, seccompPaths *KubeSeccompPaths, restartPolicy string, hostNet bool) (*specgen.SpecGenerator, error) {
s := specgen.NewSpecGenerator(iid, false)
// podName should be non-empty for Deployment objects to be able to create
@@ -214,6 +214,10 @@ func ToSpecGen(ctx context.Context, containerYAML v1.Container, iid string, newI
s.RestartPolicy = restartPolicy
+ if hostNet {
+ s.NetNS.NSMode = specgen.Host
+ }
+
return s, nil
}
diff --git a/test/e2e/exists_test.go b/test/e2e/exists_test.go
index 7ff5d4207..480bfe5fc 100644
--- a/test/e2e/exists_test.go
+++ b/test/e2e/exists_test.go
@@ -38,7 +38,6 @@ var _ = Describe("Podman image|container exists", func() {
Expect(session).Should(Exit(0))
})
It("podman image exists in local storage by short name", func() {
- Skip("FIXME-8165: shortnames don't seem to work with quay (#8176)")
session := podmanTest.Podman([]string{"image", "exists", "alpine"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
diff --git a/test/e2e/kill_test.go b/test/e2e/kill_test.go
index 8a4828583..8b31cae72 100644
--- a/test/e2e/kill_test.go
+++ b/test/e2e/kill_test.go
@@ -1,6 +1,7 @@
package integration
import (
+ "io/ioutil"
"os"
. "github.com/containers/podman/v2/test/utils"
@@ -112,4 +113,58 @@ var _ = Describe("Podman kill", func() {
Expect(result.ExitCode()).To(Equal(0))
Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
})
+
+ It("podman kill --cidfile", func() {
+ tmpDir, err := ioutil.TempDir("", "")
+ Expect(err).To(BeNil())
+ tmpFile := tmpDir + "cid"
+ defer os.RemoveAll(tmpDir)
+
+ session := podmanTest.Podman([]string{"run", "-dt", "--cidfile", tmpFile, ALPINE, "top"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ cid := session.OutputToStringArray()[0]
+
+ kill := podmanTest.Podman([]string{"kill", "--cidfile", tmpFile})
+ kill.WaitWithDefaultTimeout()
+ Expect(kill.ExitCode()).To(BeZero())
+
+ wait := podmanTest.Podman([]string{"wait", "--condition", "exited", cid})
+ wait.WaitWithDefaultTimeout()
+ Expect(wait.ExitCode()).To(BeZero())
+ })
+
+ It("podman kill multiple --cidfile", func() {
+ tmpDir1, err := ioutil.TempDir("", "")
+ Expect(err).To(BeNil())
+ tmpFile1 := tmpDir1 + "cid"
+ defer os.RemoveAll(tmpDir1)
+
+ tmpDir2, err := ioutil.TempDir("", "")
+ Expect(err).To(BeNil())
+ tmpFile2 := tmpDir2 + "cid"
+ defer os.RemoveAll(tmpDir2)
+
+ session := podmanTest.Podman([]string{"run", "-dt", "--cidfile", tmpFile1, ALPINE, "top"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ cid1 := session.OutputToStringArray()[0]
+
+ session2 := podmanTest.Podman([]string{"run", "-dt", "--cidfile", tmpFile2, ALPINE, "top"})
+ session2.WaitWithDefaultTimeout()
+ Expect(session2.ExitCode()).To(Equal(0))
+ cid2 := session2.OutputToStringArray()[0]
+
+ kill := podmanTest.Podman([]string{"kill", "--cidfile", tmpFile1, "--cidfile", tmpFile2})
+ kill.WaitWithDefaultTimeout()
+ Expect(kill.ExitCode()).To(BeZero())
+
+ wait := podmanTest.Podman([]string{"wait", "--condition", "exited", cid1})
+ wait.WaitWithDefaultTimeout()
+ Expect(wait.ExitCode()).To(BeZero())
+ wait = podmanTest.Podman([]string{"wait", "--condition", "exited", cid2})
+ wait.WaitWithDefaultTimeout()
+ Expect(wait.ExitCode()).To(BeZero())
+ })
+
})
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go
index ff3189038..f009e333e 100644
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@@ -62,6 +62,7 @@ metadata:
spec:
restartPolicy: {{ .RestartPolicy }}
hostname: {{ .Hostname }}
+ hostNetwork: {{ .HostNetwork }}
hostAliases:
{{ range .HostAliases }}
- hostnames:
@@ -220,6 +221,7 @@ spec:
spec:
restartPolicy: {{ .RestartPolicy }}
hostname: {{ .Hostname }}
+ hostNetwork: {{ .HostNetwork }}
containers:
{{ with .Ctrs }}
{{ range . }}
@@ -376,6 +378,7 @@ type Pod struct {
Name string
RestartPolicy string
Hostname string
+ HostNetwork bool
HostAliases []HostAlias
Ctrs []*Ctr
Volumes []*Volume
@@ -396,6 +399,7 @@ func getPod(options ...podOption) *Pod {
Name: defaultPodName,
RestartPolicy: "Never",
Hostname: "",
+ HostNetwork: false,
HostAliases: nil,
Ctrs: make([]*Ctr, 0),
Volumes: make([]*Volume, 0),
@@ -464,6 +468,12 @@ func withVolume(v *Volume) podOption {
}
}
+func withHostNetwork() podOption {
+ return func(pod *Pod) {
+ pod.HostNetwork = true
+ }
+}
+
// Deployment describes the options a kube yaml can be configured at deployment level
type Deployment struct {
Name string
@@ -1587,4 +1597,23 @@ MemoryReservation: {{ .HostConfig.MemoryReservation }}`})
Expect(inspect.ExitCode()).To(Equal(0))
Expect(inspect.OutputToString()).To(Equal("false"))
})
+
+ It("podman play kube test with HostNetwork", func() {
+ if !strings.Contains(podmanTest.OCIRuntime, "crun") {
+ Skip("Test only works on crun")
+ }
+
+ pod := getPod(withHostNetwork())
+ err := generateKubeYaml("pod", pod, kubeYaml)
+ Expect(err).To(BeNil())
+
+ kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
+ kube.WaitWithDefaultTimeout()
+ Expect(kube.ExitCode()).To(Equal(0))
+
+ inspect := podmanTest.Podman([]string{"inspect", pod.Name, "--format", "{{ .InfraConfig.HostNetwork }}"})
+ inspect.WaitWithDefaultTimeout()
+ Expect(inspect.ExitCode()).To(Equal(0))
+ Expect(inspect.OutputToString()).To(Equal("true"))
+ })
})
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-10-25 15:37:39 +0000