diff options
160 files changed, 2163 insertions, 556 deletions
@@ -3,7 +3,7 @@ set -xeuo pipefail export GOPATH=/go export PATH=$HOME/gopath/bin:$PATH -export GOSRC=/$GOPATH/src/github.com/projectatomic/libpod +export GOSRC=/$GOPATH/src/github.com/containers/libpod # PAPR adds a merge commit, for testing, which fails the diff --git a/.papr_prepare.sh b/.papr_prepare.sh index 177a751a8..987dcc267 100644 --- a/.papr_prepare.sh +++ b/.papr_prepare.sh @@ -14,4 +14,4 @@ fi ${CONTAINER_RUNTIME} build -t ${IMAGE} -f Dockerfile.${DIST} . 2>build.log # Run the tests -${CONTAINER_RUNTIME} run --rm --privileged --net=host -v $PWD:/go/src/github.com/projectatomic/libpod --workdir /go/src/github.com/projectatomic/libpod -e CGROUP_MANAGER=cgroupfs -e PYTHON=$PYTHON -e STORAGE_OPTIONS="--storage-driver=vfs" -e CRIO_ROOT="/go/src/github.com/projectatomic/libpod" -e PODMAN_BINARY="/usr/bin/podman" -e CONMON_BINARY="/usr/libexec/podman/conmon" -e DIST=$DIST $IMAGE sh .papr.sh +${CONTAINER_RUNTIME} run --rm --privileged --net=host -v $PWD:/go/src/github.com/containers/libpod --workdir /go/src/github.com/containers/libpod -e CGROUP_MANAGER=cgroupfs -e PYTHON=$PYTHON -e STORAGE_OPTIONS="--storage-driver=vfs" -e CRIO_ROOT="/go/src/github.com/containers/libpod" -e PODMAN_BINARY="/usr/bin/podman" -e CONMON_BINARY="/usr/libexec/podman/conmon" -e DIST=$DIST $IMAGE sh .papr.sh diff --git a/.travis.yml b/.travis.yml index 32fa9242b..2ede77a93 100644 --- a/.travis.yml +++ b/.travis.yml @@ -53,7 +53,6 @@ jobs: env: ALLOWED_TO_FAIL=true - stage: Integration Test script: - - make all - make integration go: 1.9.x allow_failures: @@ -1,6 +1,6 @@ # io.podman Podman Service Interface and API description. The master version of this document can be found -in the [API.md](https://github.com/projectatomic/libpod/blob/master/API.md) file in the upstream libpod repository. +in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in the upstream libpod repository. ## Index [func AttachToContainer() NotImplemented](#AttachToContainer) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8b0e99549..fa95bfe3a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -13,7 +13,7 @@ that we follow. ## Reporting Issues Before reporting an issue, check our backlog of -[open issues](https://github.com/projectatomic/libpod/issues) +[open issues](https://github.com/containers/libpod/issues) to see if someone else has already reported it. If so, feel free to add your scenario, or additional information, to the discussion. Or simply "subscribe" to it to be notified when it is updated. @@ -128,9 +128,9 @@ For general questions and discussion, please use the IRC `#podman` channel on `irc.freenode.net`. For discussions around issues/bugs and features, you can use the github -[issues](https://github.com/projectatomic/libpod/issues) +[issues](https://github.com/containers/libpod/issues) and -[PRs](https://github.com/projectatomic/libpod/pulls) +[PRs](https://github.com/containers/libpod/pulls) tracking system. [owners]: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md#owners diff --git a/Dockerfile b/Dockerfile index 24be23e46..48988def4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -45,9 +45,9 @@ RUN apt-get update && apt-get install -y \ --no-install-recommends \ && apt-get clean -ADD . /go/src/github.com/projectatomic/libpod +ADD . /go/src/github.com/containers/libpod -RUN set -x && cd /go/src/github.com/projectatomic/libpod && make install.libseccomp.sudo +RUN set -x && cd /go/src/github.com/containers/libpod && make install.libseccomp.sudo # Install runc ENV RUNC_COMMIT ad0f5255060d36872be04de22f8731f38ef2d7b1 @@ -124,7 +124,7 @@ RUN pip3 install varlink COPY test/policy.json /etc/containers/policy.json COPY test/redhat_sigstore.yaml /etc/containers/registries.d/registry.access.redhat.com.yaml -WORKDIR /go/src/github.com/projectatomic/libpod +WORKDIR /go/src/github.com/containers/libpod # Wrap all commands in the "docker-in-docker" script to allow nested containers, # and allow testing of apparmor. diff --git a/Dockerfile.CentOS b/Dockerfile.CentOS index ccd4fd154..368f9255c 100644 --- a/Dockerfile.CentOS +++ b/Dockerfile.CentOS @@ -90,7 +90,7 @@ RUN mkdir -p /etc/containers COPY test/policy.json /etc/containers/policy.json COPY test/redhat_sigstore.yaml /etc/containers/registries.d/registry.access.redhat.com.yaml -WORKDIR /go/src/github.com/projectatomic/libpod +WORKDIR /go/src/github.com/containers/libpod # Wrap all commands in the "docker-in-docker" script to allow nested containers, # and allow testing of apparmor. diff --git a/Dockerfile.Fedora b/Dockerfile.Fedora index 983b754b9..74bae9eb0 100644 --- a/Dockerfile.Fedora +++ b/Dockerfile.Fedora @@ -95,7 +95,7 @@ COPY test/redhat_sigstore.yaml /etc/containers/registries.d/registry.access.redh # Install varlink stuff RUN pip3 install varlink -WORKDIR /go/src/github.com/projectatomic/libpod +WORKDIR /go/src/github.com/containers/libpod # Wrap all commands in the "docker-in-docker" script to allow nested containers, # and allow testing of apparmor. @@ -4,7 +4,7 @@ EPOCH_TEST_COMMIT ?= 7d116f5f73520e6db389f28e9963f0137a27d52d HEAD ?= HEAD CHANGELOG_BASE ?= HEAD~ CHANGELOG_TARGET ?= HEAD -PROJECT := github.com/projectatomic/libpod +PROJECT := github.com/containers/libpod GIT_BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null) GIT_BRANCH_CLEAN ?= $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g") LIBPOD_IMAGE ?= libpod_dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN)) @@ -31,7 +31,7 @@ BASHINSTALLDIR=${PREFIX}/share/bash-completion/completions OCIUMOUNTINSTALLDIR=$(PREFIX)/share/oci-umount/oci-umount.d SELINUXOPT ?= $(shell test -x /usr/sbin/selinuxenabled && selinuxenabled && echo -Z) -PACKAGES ?= $(shell $(GO) list -tags "${BUILDTAGS}" ./... | grep -v github.com/projectatomic/libpod/vendor | grep -v e2e) +PACKAGES ?= $(shell $(GO) list -tags "${BUILDTAGS}" ./... | grep -v github.com/containers/libpod/vendor | grep -v e2e) COMMIT_NO ?= $(shell git rev-parse HEAD 2> /dev/null || true) GIT_COMMIT ?= $(if $(shell git status --porcelain --untracked-files=no),"${COMMIT_NO}-dirty","${COMMIT_NO}") diff --git a/cmd/podman/attach.go b/cmd/podman/attach.go index f615ce026..91c5f654d 100644 --- a/cmd/podman/attach.go +++ b/cmd/podman/attach.go @@ -3,9 +3,9 @@ package main import ( "os" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" "github.com/urfave/cli" ) diff --git a/cmd/podman/build.go b/cmd/podman/build.go index b8e586811..e35fd10a4 100644 --- a/cmd/podman/build.go +++ b/cmd/podman/build.go @@ -6,11 +6,13 @@ import ( "path/filepath" "strings" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/pkg/rootless" "github.com/pkg/errors" + "github.com/projectatomic/buildah" "github.com/projectatomic/buildah/imagebuildah" buildahcli "github.com/projectatomic/buildah/pkg/cli" "github.com/projectatomic/buildah/pkg/parse" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) @@ -229,5 +231,9 @@ func buildCmd(c *cli.Context) error { options.ReportWriter = ioutil.Discard } + if rootless.IsRootless() { + options.Isolation = buildah.IsolationOCIRootless + } + return runtime.Build(getContext(), options, dockerfiles...) } diff --git a/cmd/podman/cleanup.go b/cmd/podman/cleanup.go index 33b0fad45..a71b3f48a 100644 --- a/cmd/podman/cleanup.go +++ b/cmd/podman/cleanup.go @@ -4,9 +4,9 @@ import ( "fmt" "os" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" "github.com/urfave/cli" ) diff --git a/cmd/podman/commit.go b/cmd/podman/commit.go index 8d3c124bf..03210dc35 100644 --- a/cmd/podman/commit.go +++ b/cmd/podman/commit.go @@ -7,12 +7,12 @@ import ( "strings" "github.com/containers/image/manifest" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" + "github.com/containers/libpod/libpod/image" + "github.com/containers/libpod/pkg/util" "github.com/pkg/errors" "github.com/projectatomic/buildah" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" - "github.com/projectatomic/libpod/libpod/image" - "github.com/projectatomic/libpod/pkg/util" "github.com/urfave/cli" ) diff --git a/cmd/podman/common.go b/cmd/podman/common.go index 93fa9653a..8ce3066c0 100644 --- a/cmd/podman/common.go +++ b/cmd/podman/common.go @@ -6,10 +6,10 @@ import ( "regexp" "strings" + "github.com/containers/libpod/libpod" "github.com/containers/storage" "github.com/fatih/camelcase" "github.com/pkg/errors" - "github.com/projectatomic/libpod/libpod" "github.com/urfave/cli" ) diff --git a/cmd/podman/create.go b/cmd/podman/create.go index ad6f53b55..96934560f 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -9,21 +9,21 @@ import ( "strings" "syscall" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" + "github.com/containers/libpod/libpod/image" + ann "github.com/containers/libpod/pkg/annotations" + "github.com/containers/libpod/pkg/apparmor" + "github.com/containers/libpod/pkg/inspect" + cc "github.com/containers/libpod/pkg/spec" + "github.com/containers/libpod/pkg/util" + libpodVersion "github.com/containers/libpod/version" "github.com/docker/docker/api/types/container" "github.com/docker/docker/pkg/signal" "github.com/docker/go-connections/nat" "github.com/docker/go-units" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" - "github.com/projectatomic/libpod/libpod/image" - ann "github.com/projectatomic/libpod/pkg/annotations" - "github.com/projectatomic/libpod/pkg/apparmor" - "github.com/projectatomic/libpod/pkg/inspect" - cc "github.com/projectatomic/libpod/pkg/spec" - "github.com/projectatomic/libpod/pkg/util" - libpodVersion "github.com/projectatomic/libpod/version" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/create_cli.go b/cmd/podman/create_cli.go index d0ad28595..812b62058 100644 --- a/cmd/podman/create_cli.go +++ b/cmd/podman/create_cli.go @@ -6,9 +6,9 @@ import ( "path/filepath" "strings" + cc "github.com/containers/libpod/pkg/spec" "github.com/docker/docker/pkg/sysinfo" "github.com/pkg/errors" - cc "github.com/projectatomic/libpod/pkg/spec" "github.com/sirupsen/logrus" ) diff --git a/cmd/podman/diff.go b/cmd/podman/diff.go index 9dca25050..f5a2d60ad 100644 --- a/cmd/podman/diff.go +++ b/cmd/podman/diff.go @@ -3,10 +3,10 @@ package main import ( "fmt" + "github.com/containers/libpod/cmd/podman/formats" + "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/storage/pkg/archive" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/formats" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/urfave/cli" ) diff --git a/cmd/podman/exec.go b/cmd/podman/exec.go index a42cdf63a..17a17f703 100644 --- a/cmd/podman/exec.go +++ b/cmd/podman/exec.go @@ -4,9 +4,9 @@ import ( "fmt" "strings" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" "github.com/urfave/cli" ) diff --git a/cmd/podman/export.go b/cmd/podman/export.go index 16c1f5c9b..20faac7d8 100644 --- a/cmd/podman/export.go +++ b/cmd/podman/export.go @@ -3,8 +3,8 @@ package main import ( "os" + "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/formats/formats_test.go b/cmd/podman/formats/formats_test.go index fc7f01f93..c75109d65 100644 --- a/cmd/podman/formats/formats_test.go +++ b/cmd/podman/formats/formats_test.go @@ -5,7 +5,7 @@ import ( "strings" "testing" - "github.com/projectatomic/libpod/pkg/inspect" + "github.com/containers/libpod/pkg/inspect" ) func TestSetJSONFormatEncoder(t *testing.T) { diff --git a/cmd/podman/history.go b/cmd/podman/history.go index 2570dcc7d..2ae0dff66 100644 --- a/cmd/podman/history.go +++ b/cmd/podman/history.go @@ -6,11 +6,11 @@ import ( "strings" "time" + "github.com/containers/libpod/cmd/podman/formats" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod/image" units "github.com/docker/go-units" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/formats" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod/image" "github.com/urfave/cli" ) diff --git a/cmd/podman/images.go b/cmd/podman/images.go index 364c8a91c..024b6e240 100644 --- a/cmd/podman/images.go +++ b/cmd/podman/images.go @@ -9,13 +9,13 @@ import ( "github.com/sirupsen/logrus" + "github.com/containers/libpod/cmd/podman/formats" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" + "github.com/containers/libpod/libpod/image" "github.com/docker/go-units" digest "github.com/opencontainers/go-digest" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/formats" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" - "github.com/projectatomic/libpod/libpod/image" "github.com/urfave/cli" ) diff --git a/cmd/podman/import.go b/cmd/podman/import.go index 8a50d4fb9..4f7786c42 100644 --- a/cmd/podman/import.go +++ b/cmd/podman/import.go @@ -8,11 +8,11 @@ import ( "net/url" "os" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod/image" + "github.com/containers/libpod/pkg/util" "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod/image" - "github.com/projectatomic/libpod/pkg/util" "github.com/urfave/cli" ) diff --git a/cmd/podman/info.go b/cmd/podman/info.go index f03d23c5b..cd66943a4 100644 --- a/cmd/podman/info.go +++ b/cmd/podman/info.go @@ -3,10 +3,10 @@ package main import ( "runtime" + "github.com/containers/libpod/cmd/podman/formats" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/formats" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" "github.com/urfave/cli" ) diff --git a/cmd/podman/inspect.go b/cmd/podman/inspect.go index 6aaf9b694..a36f8c7a1 100644 --- a/cmd/podman/inspect.go +++ b/cmd/podman/inspect.go @@ -4,12 +4,12 @@ import ( "context" "strings" + "github.com/containers/libpod/cmd/podman/formats" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/cmd/podman/shared" + "github.com/containers/libpod/libpod" + "github.com/containers/libpod/pkg/util" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/batchcontainer" - "github.com/projectatomic/libpod/cmd/podman/formats" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" - "github.com/projectatomic/libpod/pkg/util" "github.com/urfave/cli" ) @@ -121,7 +121,7 @@ func iterateInput(ctx context.Context, c *cli.Context, args []string, runtime *l inspectError = errors.Wrapf(err, "error getting libpod container inspect data %q", ctr.ID) break } - data, err = batchcontainer.GetCtrInspectInfo(ctr, libpodInspectData) + data, err = shared.GetCtrInspectInfo(ctr, libpodInspectData) if err != nil { inspectError = errors.Wrapf(err, "error parsing container data %q", ctr.ID()) break @@ -156,7 +156,7 @@ func iterateInput(ctx context.Context, c *cli.Context, args []string, runtime *l inspectError = errors.Wrapf(err, "error getting libpod container inspect data %q", ctr.ID) break } - data, err = batchcontainer.GetCtrInspectInfo(ctr, libpodInspectData) + data, err = shared.GetCtrInspectInfo(ctr, libpodInspectData) if err != nil { inspectError = errors.Wrapf(err, "error parsing container data %q", ctr.ID) break diff --git a/cmd/podman/kill.go b/cmd/podman/kill.go index 99e111177..388c779f6 100644 --- a/cmd/podman/kill.go +++ b/cmd/podman/kill.go @@ -5,9 +5,9 @@ import ( "syscall" "fmt" + "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/docker/docker/pkg/signal" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/urfave/cli" ) diff --git a/cmd/podman/libpodruntime/runtime.go b/cmd/podman/libpodruntime/runtime.go index f1f2b963c..e33b70e9a 100644 --- a/cmd/podman/libpodruntime/runtime.go +++ b/cmd/podman/libpodruntime/runtime.go @@ -5,10 +5,10 @@ import ( "os" "path/filepath" + "github.com/containers/libpod/libpod" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/storage" "github.com/pkg/errors" - "github.com/projectatomic/libpod/libpod" - "github.com/projectatomic/libpod/pkg/rootless" "github.com/urfave/cli" ) diff --git a/cmd/podman/load.go b/cmd/podman/load.go index ffef9f6a6..fbc1f3cd0 100644 --- a/cmd/podman/load.go +++ b/cmd/podman/load.go @@ -9,9 +9,9 @@ import ( "github.com/containers/image/directory" dockerarchive "github.com/containers/image/docker/archive" ociarchive "github.com/containers/image/oci/archive" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod/image" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod/image" "github.com/urfave/cli" ) diff --git a/cmd/podman/login.go b/cmd/podman/login.go index 113760318..92417e1a1 100644 --- a/cmd/podman/login.go +++ b/cmd/podman/login.go @@ -9,8 +9,8 @@ import ( "github.com/containers/image/docker" "github.com/containers/image/pkg/docker/config" + "github.com/containers/libpod/libpod/common" "github.com/pkg/errors" - "github.com/projectatomic/libpod/libpod/common" "github.com/urfave/cli" "golang.org/x/crypto/ssh/terminal" ) diff --git a/cmd/podman/logout.go b/cmd/podman/logout.go index c06c69073..97631f827 100644 --- a/cmd/podman/logout.go +++ b/cmd/podman/logout.go @@ -4,8 +4,8 @@ import ( "fmt" "github.com/containers/image/pkg/docker/config" + "github.com/containers/libpod/libpod/common" "github.com/pkg/errors" - "github.com/projectatomic/libpod/libpod/common" "github.com/urfave/cli" ) diff --git a/cmd/podman/logs.go b/cmd/podman/logs.go index 26ca2330f..67ec038c3 100644 --- a/cmd/podman/logs.go +++ b/cmd/podman/logs.go @@ -8,9 +8,9 @@ import ( "time" "bufio" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/main.go b/cmd/podman/main.go index 7a669b3fe..e72998c8f 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -7,12 +7,12 @@ import ( "runtime/pprof" "syscall" + "github.com/containers/libpod/pkg/hooks" + _ "github.com/containers/libpod/pkg/hooks/0.1.0" + "github.com/containers/libpod/pkg/rootless" + "github.com/containers/libpod/version" "github.com/containers/storage/pkg/reexec" "github.com/pkg/errors" - "github.com/projectatomic/libpod/pkg/hooks" - _ "github.com/projectatomic/libpod/pkg/hooks/0.1.0" - "github.com/projectatomic/libpod/pkg/rootless" - "github.com/projectatomic/libpod/version" "github.com/sirupsen/logrus" lsyslog "github.com/sirupsen/logrus/hooks/syslog" "github.com/urfave/cli" diff --git a/cmd/podman/mount.go b/cmd/podman/mount.go index df1bacc5f..6cda9dbd3 100644 --- a/cmd/podman/mount.go +++ b/cmd/podman/mount.go @@ -4,9 +4,9 @@ import ( js "encoding/json" "fmt" + of "github.com/containers/libpod/cmd/podman/formats" + "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/pkg/errors" - of "github.com/projectatomic/libpod/cmd/podman/formats" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/pause.go b/cmd/podman/pause.go index f97a1c61b..12ff747a7 100644 --- a/cmd/podman/pause.go +++ b/cmd/podman/pause.go @@ -4,8 +4,8 @@ import ( "fmt" "os" + "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/urfave/cli" ) diff --git a/cmd/podman/pod_create.go b/cmd/podman/pod_create.go index c14496f5a..568ace6e7 100644 --- a/cmd/podman/pod_create.go +++ b/cmd/podman/pod_create.go @@ -4,9 +4,9 @@ import ( "fmt" "os" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/pod_inspect.go b/cmd/podman/pod_inspect.go index 6935335a6..1370c9471 100644 --- a/cmd/podman/pod_inspect.go +++ b/cmd/podman/pod_inspect.go @@ -4,9 +4,9 @@ import ( "encoding/json" "fmt" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" "github.com/urfave/cli" ) diff --git a/cmd/podman/pod_kill.go b/cmd/podman/pod_kill.go index 48f4eaa7a..3cd9bf7c9 100644 --- a/cmd/podman/pod_kill.go +++ b/cmd/podman/pod_kill.go @@ -4,9 +4,9 @@ import ( "fmt" "syscall" + "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/docker/docker/pkg/signal" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/pod_pause.go b/cmd/podman/pod_pause.go index df51a037b..0e2e797f5 100644 --- a/cmd/podman/pod_pause.go +++ b/cmd/podman/pod_pause.go @@ -3,8 +3,8 @@ package main import ( "fmt" + "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/pod_ps.go b/cmd/podman/pod_ps.go index 0f5c7a51d..20beae53a 100644 --- a/cmd/podman/pod_ps.go +++ b/cmd/podman/pod_ps.go @@ -7,13 +7,13 @@ import ( "strings" "time" + "github.com/containers/libpod/cmd/podman/formats" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/cmd/podman/shared" + "github.com/containers/libpod/libpod" + "github.com/containers/libpod/pkg/util" "github.com/docker/go-units" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/batchcontainer" - "github.com/projectatomic/libpod/cmd/podman/formats" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" - "github.com/projectatomic/libpod/pkg/util" "github.com/urfave/cli" ) @@ -28,7 +28,7 @@ const ( ) var ( - bc_opts batchcontainer.PsOptions + bc_opts shared.PsOptions ) type podPsCtrInfo struct { @@ -324,7 +324,7 @@ func generatePodFilterFuncs(filter, filterValue string, runtime *libpod.Runtime) return nil, errors.Errorf("%s is not a valid pod status", filterValue) } return func(p *libpod.Pod) bool { - status, err := getPodStatus(p) + status, err := shared.GetPodStatus(p) if err != nil { return false } @@ -460,52 +460,6 @@ func getPodTemplateOutput(psParams []podPsJSONParams, opts podPsOptions) ([]podP return psOutput, nil } -func getPodStatus(pod *libpod.Pod) (string, error) { - ctr_statuses, err := pod.Status() - if err != nil { - return ERROR, err - } - ctrNum := len(ctr_statuses) - if ctrNum == 0 { - return CREATED, nil - } - statuses := map[string]int{ - STOPPED: 0, - RUNNING: 0, - PAUSED: 0, - CREATED: 0, - ERROR: 0, - } - for _, ctr_status := range ctr_statuses { - switch ctr_status { - case libpod.ContainerStateStopped: - statuses[STOPPED]++ - case libpod.ContainerStateRunning: - statuses[RUNNING]++ - case libpod.ContainerStatePaused: - statuses[PAUSED]++ - case libpod.ContainerStateCreated, libpod.ContainerStateConfigured: - statuses[CREATED]++ - default: - statuses[ERROR]++ - } - } - - if statuses[RUNNING] > 0 { - return RUNNING, nil - } else if statuses[PAUSED] == ctrNum { - return PAUSED, nil - } else if statuses[STOPPED] == ctrNum { - return EXITED, nil - } else if statuses[STOPPED] > 0 { - return STOPPED, nil - } else if statuses[ERROR] > 0 { - return ERROR, nil - } else { - return CREATED, nil - } -} - // getAndSortPodJSONOutput returns the container info in its raw, sorted form func getAndSortPodJSONParams(pods []*libpod.Pod, opts podPsOptions, runtime *libpod.Runtime) ([]podPsJSONParams, error) { var ( @@ -519,13 +473,13 @@ func getAndSortPodJSONParams(pods []*libpod.Pod, opts podPsOptions, runtime *lib return nil, err } ctrNum := len(ctrs) - status, err := getPodStatus(pod) + status, err := shared.GetPodStatus(pod) if err != nil { return nil, err } for _, ctr := range ctrs { - batchInfo, err := batchcontainer.BatchContainerOp(ctr, bc_opts) + batchInfo, err := shared.BatchContainerOp(ctr, bc_opts) if err != nil { return nil, err } diff --git a/cmd/podman/pod_restart.go b/cmd/podman/pod_restart.go index fe802fc9d..62e93b316 100644 --- a/cmd/podman/pod_restart.go +++ b/cmd/podman/pod_restart.go @@ -3,8 +3,8 @@ package main import ( "fmt" + "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/pod_rm.go b/cmd/podman/pod_rm.go index 983203374..549fa0290 100644 --- a/cmd/podman/pod_rm.go +++ b/cmd/podman/pod_rm.go @@ -3,8 +3,8 @@ package main import ( "fmt" + "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/pod_start.go b/cmd/podman/pod_start.go index e35ec7993..b6ba5719b 100644 --- a/cmd/podman/pod_start.go +++ b/cmd/podman/pod_start.go @@ -3,8 +3,8 @@ package main import ( "fmt" + "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/pod_stop.go b/cmd/podman/pod_stop.go index 97d248b30..ac6781408 100644 --- a/cmd/podman/pod_stop.go +++ b/cmd/podman/pod_stop.go @@ -3,8 +3,8 @@ package main import ( "fmt" + "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/pod_unpause.go b/cmd/podman/pod_unpause.go index 5dd5c79e4..d599baba9 100644 --- a/cmd/podman/pod_unpause.go +++ b/cmd/podman/pod_unpause.go @@ -3,8 +3,8 @@ package main import ( "fmt" + "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/port.go b/cmd/podman/port.go index 9082ec25d..e3933f925 100644 --- a/cmd/podman/port.go +++ b/cmd/podman/port.go @@ -5,9 +5,9 @@ import ( "strconv" "strings" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" "github.com/urfave/cli" ) diff --git a/cmd/podman/ps.go b/cmd/podman/ps.go index a5f862f8f..0ad511217 100644 --- a/cmd/podman/ps.go +++ b/cmd/podman/ps.go @@ -8,14 +8,14 @@ import ( "strings" "time" + "github.com/containers/libpod/cmd/podman/formats" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/cmd/podman/shared" + "github.com/containers/libpod/libpod" + "github.com/containers/libpod/pkg/util" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/docker/go-units" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/batchcontainer" - "github.com/projectatomic/libpod/cmd/podman/formats" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" - "github.com/projectatomic/libpod/pkg/util" "github.com/sirupsen/logrus" "github.com/urfave/cli" "k8s.io/apimachinery/pkg/fields" @@ -52,25 +52,25 @@ type psTemplateParams struct { // psJSONParams will be populated by data from libpod.Container, // the members of the struct are the sama data types as their sources. type psJSONParams struct { - ID string `json:"id"` - Image string `json:"image"` - ImageID string `json:"image_id"` - Command []string `json:"command"` - ExitCode int32 `json:"exitCode"` - Exited bool `json:"exited"` - CreatedAt time.Time `json:"createdAt"` - StartedAt time.Time `json:"startedAt"` - ExitedAt time.Time `json:"exitedAt"` - Status string `json:"status"` - PID int `json:"PID"` - Ports []ocicni.PortMapping `json:"ports"` - Size *batchcontainer.ContainerSize `json:"size,omitempty"` - Names string `json:"names"` - Labels fields.Set `json:"labels"` - Mounts []string `json:"mounts"` - ContainerRunning bool `json:"ctrRunning"` - Namespaces *batchcontainer.Namespace `json:"namespace,omitempty"` - Pod string `json:"pod,omitempty"` + ID string `json:"id"` + Image string `json:"image"` + ImageID string `json:"image_id"` + Command []string `json:"command"` + ExitCode int32 `json:"exitCode"` + Exited bool `json:"exited"` + CreatedAt time.Time `json:"createdAt"` + StartedAt time.Time `json:"startedAt"` + ExitedAt time.Time `json:"exitedAt"` + Status string `json:"status"` + PID int `json:"PID"` + Ports []ocicni.PortMapping `json:"ports"` + Size *shared.ContainerSize `json:"size,omitempty"` + Names string `json:"names"` + Labels fields.Set `json:"labels"` + Mounts []string `json:"mounts"` + ContainerRunning bool `json:"ctrRunning"` + Namespaces *shared.Namespace `json:"namespace,omitempty"` + Pod string `json:"pod,omitempty"` } // Type declaration and functions for sorting the PS output @@ -218,7 +218,7 @@ func psCmd(c *cli.Context) error { format := genPsFormat(c.String("format"), c.Bool("quiet"), c.Bool("size"), c.Bool("namespace"), c.Bool("pod")) - opts := batchcontainer.PsOptions{ + opts := shared.PsOptions{ All: c.Bool("all"), Filter: c.String("filter"), Format: format, @@ -497,11 +497,11 @@ func sortPsOutput(sortBy string, psOutput psSorted) (psSorted, error) { } // getTemplateOutput returns the modified container information -func getTemplateOutput(psParams []psJSONParams, opts batchcontainer.PsOptions) ([]psTemplateParams, error) { +func getTemplateOutput(psParams []psJSONParams, opts shared.PsOptions) ([]psTemplateParams, error) { var ( psOutput []psTemplateParams pod, status, size string - ns *batchcontainer.Namespace + ns *shared.Namespace ) // If the user is trying to filter based on size, or opted to sort on size // the size bool must be set. @@ -589,13 +589,13 @@ func getTemplateOutput(psParams []psJSONParams, opts batchcontainer.PsOptions) ( } // getAndSortJSONOutput returns the container info in its raw, sorted form -func getAndSortJSONParams(containers []*libpod.Container, opts batchcontainer.PsOptions) ([]psJSONParams, error) { +func getAndSortJSONParams(containers []*libpod.Container, opts shared.PsOptions) ([]psJSONParams, error) { var ( psOutput psSorted - ns *batchcontainer.Namespace + ns *shared.Namespace ) for _, ctr := range containers { - batchInfo, err := batchcontainer.BatchContainerOp(ctr, opts) + batchInfo, err := shared.BatchContainerOp(ctr, opts) if err != nil { if errors.Cause(err) == libpod.ErrNoSuchCtr { logrus.Warn(err) @@ -605,7 +605,7 @@ func getAndSortJSONParams(containers []*libpod.Container, opts batchcontainer.Ps } if opts.Namespace { - ns = batchcontainer.GetNamespaces(batchInfo.Pid) + ns = shared.GetNamespaces(batchInfo.Pid) } params := psJSONParams{ ID: ctr.ID(), @@ -634,7 +634,7 @@ func getAndSortJSONParams(containers []*libpod.Container, opts batchcontainer.Ps return sortPsOutput(opts.Sort, psOutput) } -func generatePsOutput(containers []*libpod.Container, opts batchcontainer.PsOptions) error { +func generatePsOutput(containers []*libpod.Container, opts shared.PsOptions) error { if len(containers) == 0 && opts.Format != formats.JSONString { return nil } diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go index a1d685735..f1666113b 100644 --- a/cmd/podman/pull.go +++ b/cmd/podman/pull.go @@ -9,10 +9,10 @@ import ( dockerarchive "github.com/containers/image/docker/archive" "github.com/containers/image/transports/alltransports" "github.com/containers/image/types" + "github.com/containers/libpod/cmd/podman/libpodruntime" + image2 "github.com/containers/libpod/libpod/image" + "github.com/containers/libpod/pkg/util" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - image2 "github.com/projectatomic/libpod/libpod/image" - "github.com/projectatomic/libpod/pkg/util" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/push.go b/cmd/podman/push.go index 3c2e59e58..79758257a 100644 --- a/cmd/podman/push.go +++ b/cmd/podman/push.go @@ -9,11 +9,11 @@ import ( "github.com/containers/image/directory" "github.com/containers/image/manifest" "github.com/containers/image/types" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod/image" + "github.com/containers/libpod/pkg/util" imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod/image" - "github.com/projectatomic/libpod/pkg/util" "github.com/urfave/cli" ) diff --git a/cmd/podman/refresh.go b/cmd/podman/refresh.go index 8a1cee717..8e4fd9ae9 100644 --- a/cmd/podman/refresh.go +++ b/cmd/podman/refresh.go @@ -4,8 +4,8 @@ import ( "fmt" "os" + "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/urfave/cli" ) diff --git a/cmd/podman/restart.go b/cmd/podman/restart.go index 08e8b615b..89484f895 100644 --- a/cmd/podman/restart.go +++ b/cmd/podman/restart.go @@ -5,9 +5,9 @@ import ( "fmt" "os" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" "github.com/urfave/cli" ) diff --git a/cmd/podman/rm.go b/cmd/podman/rm.go index c0ec7d9f6..1d580ac7e 100644 --- a/cmd/podman/rm.go +++ b/cmd/podman/rm.go @@ -4,9 +4,9 @@ import ( "fmt" "os" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" "github.com/urfave/cli" ) diff --git a/cmd/podman/rmi.go b/cmd/podman/rmi.go index 95e98a038..c1c3869c8 100644 --- a/cmd/podman/rmi.go +++ b/cmd/podman/rmi.go @@ -4,10 +4,10 @@ import ( "fmt" "os" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod/image" "github.com/containers/storage" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod/image" "github.com/urfave/cli" ) @@ -97,7 +97,7 @@ func rmiCmd(c *cli.Context) error { // Note that we have to query the storage one-by-one to // always get the latest state for each image. Otherwise, we // run inconsistency issues, for instance, with repoTags. - // See https://github.com/projectatomic/libpod/issues/930 as + // See https://github.com/containers/libpod/issues/930 as // an exemplary inconsistency issue. for _, i := range images { newImage, err := runtime.ImageRuntime().NewFromLocal(i) diff --git a/cmd/podman/run.go b/cmd/podman/run.go index efc7f2dd0..997068a55 100644 --- a/cmd/podman/run.go +++ b/cmd/podman/run.go @@ -9,13 +9,13 @@ import ( "strconv" "strings" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" + "github.com/containers/libpod/libpod/image" + "github.com/containers/libpod/pkg/inspect" + cc "github.com/containers/libpod/pkg/spec" + "github.com/containers/libpod/pkg/util" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" - "github.com/projectatomic/libpod/libpod/image" - "github.com/projectatomic/libpod/pkg/inspect" - cc "github.com/projectatomic/libpod/pkg/spec" - "github.com/projectatomic/libpod/pkg/util" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/run_test.go b/cmd/podman/run_test.go index a421c4a20..397b3bb71 100644 --- a/cmd/podman/run_test.go +++ b/cmd/podman/run_test.go @@ -4,11 +4,11 @@ import ( "runtime" "testing" + "github.com/containers/libpod/pkg/inspect" + cc "github.com/containers/libpod/pkg/spec" units "github.com/docker/go-units" ociv1 "github.com/opencontainers/image-spec/specs-go/v1" spec "github.com/opencontainers/runtime-spec/specs-go" - "github.com/projectatomic/libpod/pkg/inspect" - cc "github.com/projectatomic/libpod/pkg/spec" "github.com/stretchr/testify/assert" "github.com/urfave/cli" ) diff --git a/cmd/podman/save.go b/cmd/podman/save.go index f5fd421a4..8186718d4 100644 --- a/cmd/podman/save.go +++ b/cmd/podman/save.go @@ -12,10 +12,10 @@ import ( "github.com/containers/image/manifest" ociarchive "github.com/containers/image/oci/archive" "github.com/containers/image/types" + "github.com/containers/libpod/cmd/podman/libpodruntime" + libpodImage "github.com/containers/libpod/libpod/image" imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - libpodImage "github.com/projectatomic/libpod/libpod/image" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/search.go b/cmd/podman/search.go index d71432fc6..cc18cd1de 100644 --- a/cmd/podman/search.go +++ b/cmd/podman/search.go @@ -7,12 +7,12 @@ import ( "strings" "github.com/containers/image/docker" + "github.com/containers/libpod/cmd/podman/formats" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod/common" + sysreg "github.com/containers/libpod/pkg/registries" "github.com/docker/distribution/reference" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/formats" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod/common" - sysreg "github.com/projectatomic/libpod/pkg/registries" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/batchcontainer/container.go b/cmd/podman/shared/container.go index e27914174..7a5455046 100644 --- a/cmd/podman/batchcontainer/container.go +++ b/cmd/podman/shared/container.go @@ -1,4 +1,4 @@ -package batchcontainer +package shared import ( "encoding/json" @@ -9,11 +9,11 @@ import ( "strings" "time" + "github.com/containers/libpod/libpod" + "github.com/containers/libpod/pkg/inspect" + cc "github.com/containers/libpod/pkg/spec" "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" - "github.com/projectatomic/libpod/libpod" - "github.com/projectatomic/libpod/pkg/inspect" - cc "github.com/projectatomic/libpod/pkg/spec" "github.com/sirupsen/logrus" ) diff --git a/cmd/podman/shared/pod.go b/cmd/podman/shared/pod.go new file mode 100644 index 000000000..c660bcf9e --- /dev/null +++ b/cmd/podman/shared/pod.go @@ -0,0 +1,62 @@ +package shared + +import ( + "github.com/containers/libpod/libpod" +) + +const ( + stopped = "Stopped" + running = "Running" + paused = "Paused" + exited = "Exited" + errored = "Error" + created = "Created" +) + +// GetPodStatus determines the status of the pod based on the +// statuses of the containers in the pod. +// Returns a string representation of the pod status +func GetPodStatus(pod *libpod.Pod) (string, error) { + ctrStatuses, err := pod.Status() + if err != nil { + return errored, err + } + ctrNum := len(ctrStatuses) + if ctrNum == 0 { + return created, nil + } + statuses := map[string]int{ + stopped: 0, + running: 0, + paused: 0, + created: 0, + errored: 0, + } + for _, ctrStatus := range ctrStatuses { + switch ctrStatus { + case libpod.ContainerStateStopped: + statuses[stopped]++ + case libpod.ContainerStateRunning: + statuses[running]++ + case libpod.ContainerStatePaused: + statuses[paused]++ + case libpod.ContainerStateCreated, libpod.ContainerStateConfigured: + statuses[created]++ + default: + statuses[errored]++ + } + } + + if statuses[running] > 0 { + return running, nil + } else if statuses[paused] == ctrNum { + return paused, nil + } else if statuses[stopped] == ctrNum { + return exited, nil + } else if statuses[stopped] > 0 { + return stopped, nil + } else if statuses[errored] > 0 { + return errored, nil + } + return created, nil +} diff --git a/cmd/podman/sigproxy.go b/cmd/podman/sigproxy.go index 388e23439..16861bad0 100644 --- a/cmd/podman/sigproxy.go +++ b/cmd/podman/sigproxy.go @@ -4,8 +4,8 @@ import ( "os" "syscall" + "github.com/containers/libpod/libpod" "github.com/docker/docker/pkg/signal" - "github.com/projectatomic/libpod/libpod" "github.com/sirupsen/logrus" ) diff --git a/cmd/podman/start.go b/cmd/podman/start.go index 3dde306d7..f0f205892 100644 --- a/cmd/podman/start.go +++ b/cmd/podman/start.go @@ -4,9 +4,9 @@ import ( "fmt" "os" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/stats.go b/cmd/podman/stats.go index d1015801f..cb89b8a9d 100644 --- a/cmd/podman/stats.go +++ b/cmd/podman/stats.go @@ -7,11 +7,11 @@ import ( "time" tm "github.com/buger/goterm" + "github.com/containers/libpod/cmd/podman/formats" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" "github.com/docker/go-units" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/formats" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" "github.com/urfave/cli" ) diff --git a/cmd/podman/stop.go b/cmd/podman/stop.go index 820d1acb2..d1fae56dd 100644 --- a/cmd/podman/stop.go +++ b/cmd/podman/stop.go @@ -4,9 +4,9 @@ import ( "fmt" "os" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" "github.com/urfave/cli" ) diff --git a/cmd/podman/tag.go b/cmd/podman/tag.go index d1d1693a3..5c81fe7f8 100644 --- a/cmd/podman/tag.go +++ b/cmd/podman/tag.go @@ -1,8 +1,8 @@ package main import ( + "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/urfave/cli" ) diff --git a/cmd/podman/top.go b/cmd/podman/top.go index ab29df3ab..43728893c 100644 --- a/cmd/podman/top.go +++ b/cmd/podman/top.go @@ -6,9 +6,9 @@ import ( "strings" "text/tabwriter" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" "github.com/urfave/cli" ) @@ -85,8 +85,9 @@ func topCmd(c *cli.Context) error { } if err != nil { - return errors.Wrapf(err, "unable to lookup %s", args[0]) + return errors.Wrapf(err, "unable to lookup requested container") } + conStat, err := container.State() if err != nil { return errors.Wrapf(err, "unable to look up state for %s", args[0]) diff --git a/cmd/podman/umount.go b/cmd/podman/umount.go index 1e364b48f..33556b2ea 100644 --- a/cmd/podman/umount.go +++ b/cmd/podman/umount.go @@ -3,10 +3,10 @@ package main import ( "fmt" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" "github.com/containers/storage" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - "github.com/projectatomic/libpod/libpod" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/cmd/podman/unpause.go b/cmd/podman/unpause.go index 6571dff4e..d0c622b8a 100644 --- a/cmd/podman/unpause.go +++ b/cmd/podman/unpause.go @@ -4,8 +4,8 @@ import ( "fmt" "os" + "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/urfave/cli" ) diff --git a/cmd/podman/utils.go b/cmd/podman/utils.go index 2d19e312c..89ec48dbe 100644 --- a/cmd/podman/utils.go +++ b/cmd/podman/utils.go @@ -6,10 +6,10 @@ import ( "os" gosignal "os/signal" + "github.com/containers/libpod/libpod" "github.com/docker/docker/pkg/signal" "github.com/docker/docker/pkg/term" "github.com/pkg/errors" - "github.com/projectatomic/libpod/libpod" "github.com/sirupsen/logrus" "github.com/urfave/cli" "golang.org/x/crypto/ssh/terminal" diff --git a/cmd/podman/varlink.go b/cmd/podman/varlink.go index 71cf86c74..4e6d76c7e 100644 --- a/cmd/podman/varlink.go +++ b/cmd/podman/varlink.go @@ -5,11 +5,11 @@ package main import ( "time" + "github.com/containers/libpod/cmd/podman/libpodruntime" + iopodman "github.com/containers/libpod/cmd/podman/varlink" + "github.com/containers/libpod/pkg/varlinkapi" + "github.com/containers/libpod/version" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" - iopodman "github.com/projectatomic/libpod/cmd/podman/varlink" - "github.com/projectatomic/libpod/pkg/varlinkapi" - "github.com/projectatomic/libpod/version" "github.com/sirupsen/logrus" "github.com/urfave/cli" "github.com/varlink/go/varlink" @@ -59,7 +59,7 @@ func varlinkCmd(c *cli.Context) error { "Atomic", "podman", version.Version, - "https://github.com/projectatomic/libpod", + "https://github.com/containers/libpod", ) if err != nil { return errors.Wrapf(err, "unable to create new varlink service") diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink index 336600b2f..3d4a8fa84 100644 --- a/cmd/podman/varlink/io.podman.varlink +++ b/cmd/podman/varlink/io.podman.varlink @@ -1,5 +1,5 @@ # Podman Service Interface and API description. The master version of this document can be found -# in the [API.md](https://github.com/projectatomic/libpod/blob/master/API.md) file in the upstream libpod repository. +# in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in the upstream libpod repository. interface io.podman @@ -334,6 +334,13 @@ type ListPodContainerInfo ( status: string ) +# PodCreate is an input structure for creating pods. +type PodCreate ( + name: string, + cgroupParent: string, + labels: [string]string +) + # ListPodData is the returned struct for an individual pod type ListPodData ( id: string, @@ -346,6 +353,11 @@ type ListPodData ( containersinfo: []ListPodContainerInfo ) +type PodContainerErrorData ( + containerid: string, + reason: string +) + # Ping provides a response for developers to ensure their varlink setup is working. # #### Example # ~~~ @@ -605,7 +617,7 @@ method DeleteUnusedImages() -> (images: []string) # container while it is being committed, pass a _true_ bool for the pause argument. If the container cannot # be found by the ID or name provided, a (ContainerNotFound)[#ContainerNotFound] error will be returned; otherwise, # the resulting image's ID will be returned as a string. -method Commit(name: string, image_name: string, changes: []string, author: string, message: string, pause: bool) -> (image: string) +method Commit(name: string, image_name: string, changes: []string, author: string, message: string, pause: bool, manifestType: string) -> (image: string) # ImportImage imports an image from a source (like tarball) into local storage. The image can have additional # descriptions added to it using the message and changes options. See also [ExportImage](ExportImage). @@ -629,114 +641,115 @@ method ExportImage(name: string, destination: string, compress: bool, tags: []st # ~~~ method PullImage(name: string) -> (id: string) -# CreatePod creates a new empty pod. It takes name and cgroup_parent args as strings, and a labels map +# CreatePod creates a new empty pod. It uses a [PodCreate](#PodCreate) type for input. # On success, the ID of the newly created pod will be returned. # #### Example # ~~~ -# $ varlink call unix:/run/podman/io.podman/io.podman.CreatePod '{"name": "test"}' +# $ varlink call unix:/run/podman/io.podman/io.podman.CreatePod '{"create": {"name": "test"}}' # { -# "pod": "8759dafbc0a4dc3bcfb57eeb72e4331eb73c5cc09ab968e65ce45b9ad5c4b6bb" +# "pod": "b05dee7bd4ccfee688099fe1588a7a898d6ddd6897de9251d4671c9b0feacb2a" # } +# # ~~~ -method CreatePod() -> (notimplemented: NotImplemented) +method CreatePod(create: PodCreate) -> (pod: string) # ListPods returns a list of pods in no particular order. They are # returned as an array of ListPodData structs. See also [GetPod](#GetPod). -method ListPods() -> (notimplemented: NotImplemented) +method ListPods() -> (pods: []ListPodData) # GetPod takes a name or ID of a pod and returns single [ListPodData](#ListPodData) # structure. A [PodNotFound](#PodNotFound) error will be returned if the pod cannot be found. # See also [ListPods](ListPods). -method GetPod() -> (notimplemented: NotImplemented) +method GetPod(name: string) -> (pod: ListPodData) # InspectPod takes the name or ID of an image and returns a string respresentation of data associated with the # pod. You must serialize the string into JSON to use it further. A [PodNotFound](#PodNotFound) error will # be returned if the pod cannot be found. -method InspectPod() -> (notimplemented: NotImplemented) +method InspectPod(name: string) -> (pod: string) # StartPod starts containers in a pod. It takes the name or ID of pod. If the pod cannot be found, a [PodNotFound](#PodNotFound) -# error will be returned. If the pod has no containers, a [PodNoContainers](#PodNoContainers) error will be returned. -# Containers in a pod are started independently. If there is an error starting one container, the ID of those containers -# will be returned in a list of [PodContainerError](#PodContainerError). The ID of the pod is returned if any containers were started. +# error will be returned. Containers in a pod are started independently. If there is an error starting one container, the ID of those containers +# will be returned in a list, along with the ID of the pod in a [PodContainerError](#PodContainerError). +# If the pod was started with no errors, the pod ID is returned. # See also [CreatePod](#CreatePod). # #### Example # ~~~ # $ varlink call -m unix:/run/podman/io.podman/io.podman.StartPod '{"name": "135d71b9495f"}' # { # "pod": "135d71b9495f7c3967f536edad57750bfdb569336cd107d8aabab45565ffcfb6", -# "error": [] # } # ~~~ -method StartPod() -> (notimplemented: NotImplemented) +method StartPod(name: string) -> (pod: string) # StopPod stops containers in a pod. It takes the name or ID of a pod. # If the pod cannot be found, a [PodNotFound](#PodNotFound) error will be returned instead. # Containers in a pod are stopped independently. If there is an error stopping one container, the ID of those containers -# will be returned in a list of [PodContainerError](#PodContainerError). The ID of the pod is returned if any containers were stopped. +# will be returned in a list, along with the ID of the pod in a [PodContainerError](#PodContainerError). +# If the pod was stopped with no errors, the pod ID is returned. # See also [KillPod](KillPod). # #### Example # ~~~ # $ varlink call -m unix:/run/podman/io.podman/io.podman.StopPod '{"name": "135d71b9495f"}' # { # "pod": "135d71b9495f7c3967f536edad57750bfdb569336cd107d8aabab45565ffcfb6" -# "error": [] # } # ~~~ -method StopPod() -> (notimplemented: NotImplemented) +method StopPod(name: string) -> (pod: string) # RestartPod will restart containers in a pod given a pod name or ID. Containers in # the pod that are running will be stopped, then all stopped containers will be run. -# If the pod cannot be found by name or ID, a [PodNotFound](#PodNotFound) error will be -# returned. If the pod has no containers, a [PodNoContainers](#PodNoContainers) -# error will be returned. +# If the pod cannot be found by name or ID, a [PodNotFound](#PodNotFound) error will be returned. # Containers in a pod are restarted independently. If there is an error restarting one container, the ID of those containers -# will be returned in a list of [PodContainerError](#PodContainerError). The ID of the pod is returned if any containers were restarted. +# will be returned in a list, along with the ID of the pod in a [PodContainerError](#PodContainerError). +# If the pod was restarted with no errors, the pod ID is returned. # #### Example # ~~~ # $ varlink call -m unix:/run/podman/io.podman/io.podman.RestartPod '{"name": "135d71b9495f"}' # { # "pod": "135d71b9495f7c3967f536edad57750bfdb569336cd107d8aabab45565ffcfb6" -# "error": [] # } # ~~~ -method RestartPod() -> (notimplemented: NotImplemented) +method RestartPod(name: string) -> (pod: string) # KillPod takes the name or ID of a pod as well as a signal to be applied to the pod. If the pod cannot be found, a # [PodNotFound](#PodNotFound) error is returned. # Containers in a pod are killed independently. If there is an error killing one container, the ID of those containers -# will be returned in a list of [PodContainerError](#PodContainerError). The ID of the pod is returned if any containers were killed. +# will be returned in a list, along with the ID of the pod in a [PodContainerError](#PodContainerError). +# If the pod was killed with no errors, the pod ID is returned. # See also [StopPod](StopPod). -method KillPod() -> (notimplemented: NotImplemented) +method KillPod(name: string, signal: int) -> (pod: string) # PausePod takes the name or ID of a pod and pauses the running containers associated with it. If the pod cannot be found, # a [PodNotFound](#PodNotFound) error will be returned. # Containers in a pod are paused independently. If there is an error pausing one container, the ID of those containers -# will be returned in a list of [PodContainerError](#PodContainerError). The ID of the pod is returned if any containers were paused. +# will be returned in a list, along with the ID of the pod in a [PodContainerError](#PodContainerError). +# If the pod was paused with no errors, the pod ID is returned. # See also [UnpausePod](#UnpausePod). -method PausePod() -> (notimplemented: NotImplemented) +method PausePod(name: string) -> (pod: string) # UnpausePod takes the name or ID of a pod and unpauses the paused containers associated with it. If the pod cannot be # found, a [PodNotFound](#PodNotFound) error will be returned. -# Containers in a pod are unpaused independently. If there is an error pausing one container, the ID of those containers -# will be returned in a list of [PodContainerError](#PodContainerError). The ID of the pod is returned if any containers were unpaused. +# Containers in a pod are unpaused independently. If there is an error unpausing one container, the ID of those containers +# will be returned in a list, along with the ID of the pod in a [PodContainerError](#PodContainerError). +# If the pod was unpaused with no errors, the pod ID is returned. # See also [PausePod](#PausePod). -method UnpausePod() -> (notimplemented: NotImplemented) +method UnpausePod(name: string) -> (pod: string) # RemovePod takes the name or ID of a pod as well a boolean representing whether a running # container in the pod can be stopped and removed. If a pod has containers associated with it, and force is not true, -# a [PodHasContainer](#PodHasContainer) error will be returned. +# an error will occur. # If the pod cannot be found by name or ID, a [PodNotFound](#PodNotFound) error will be returned. # Containers in a pod are removed independently. If there is an error removing any container, the ID of those containers -# will be returned in a list of [PodContainerError](#PodContainerError). The ID of the pod is returned if any containers were removed. +# will be returned in a list, along with the ID of the pod in a [PodContainerError](#PodContainerError). +# If the pod was removed with no errors, the pod ID is returned. # #### Example # ~~~ -# $ varlink call -m unix:/run/podman/io.podman/io.podman.RemovePod '{"name": "62f4fd98cb57"}' +# $ varlink call -m unix:/run/podman/io.podman/io.podman.RemovePod '{"name": "62f4fd98cb57", "force": "true"}' # { # "pod": "62f4fd98cb57f529831e8f90610e54bba74bd6f02920ffb485e15376ed365c20" -# "error": [] # } # ~~~ -method RemovePod() -> (notimplemented: NotImplemented) +method RemovePod(name: string, force: bool) -> (pod: string) # This method has not be implemented yet. method WaitPod() -> (notimplemented: NotImplemented) @@ -756,15 +769,9 @@ error ContainerNotFound (name: string) # PodNotFound means the pod could not be found by the provided name or ID in local storage. error PodNotFound (name: string) -# PodNoContainers means the pod does not have any containers associated and cannot be started or restarted. -error PodNoContainers (name: string) - -# PodHasContainers means the pod has containers associated and cannot be stopped without the force boolean set as true. -error PodHasContainers (name: string) - # PodContainerError means a container associated with a pod failed to preform an operation. It contains # a container ID of the container that failed. -error PodContainerError (names: string) +error PodContainerError (podname: string, errors: []PodContainerErrorData) # ErrorOccurred is a generic error for an error that occurs during the execution. The actual error message # is includes as part of the error's text. diff --git a/cmd/podman/version.go b/cmd/podman/version.go index 952cf32d3..f896229c4 100644 --- a/cmd/podman/version.go +++ b/cmd/podman/version.go @@ -4,8 +4,8 @@ import ( "fmt" "time" + "github.com/containers/libpod/libpod" "github.com/pkg/errors" - "github.com/projectatomic/libpod/libpod" "github.com/urfave/cli" ) diff --git a/cmd/podman/wait.go b/cmd/podman/wait.go index 142e0e599..929b66761 100644 --- a/cmd/podman/wait.go +++ b/cmd/podman/wait.go @@ -4,8 +4,8 @@ import ( "fmt" "os" + "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/urfave/cli" ) diff --git a/contrib/python/podman/README.md b/contrib/python/podman/README.md index ec4a0480b..3254064b0 100644 --- a/contrib/python/podman/README.md +++ b/contrib/python/podman/README.md @@ -2,7 +2,7 @@ ## Status: Active Development -See [libpod](https://github.com/projectatomic/libpod) +See [libpod](https://github.com/containers/libpod) ## Releases diff --git a/contrib/python/podman/setup.py b/contrib/python/podman/setup.py index a342c05fd..2953ba0dc 100644 --- a/contrib/python/podman/setup.py +++ b/contrib/python/podman/setup.py @@ -25,7 +25,7 @@ setup( packages=find_packages(exclude=['test']), python_requires='>=3', zip_safe=True, - url='http://github.com/projectatomic/libpod', + url='http://github.com/containers/libpod', keywords='varlink libpod podman', classifiers=[ 'Development Status :: 3 - Alpha', diff --git a/contrib/python/pypodman/README.md b/contrib/python/pypodman/README.md index 935f6a631..6991daffa 100644 --- a/contrib/python/pypodman/README.md +++ b/contrib/python/pypodman/README.md @@ -2,7 +2,7 @@ ## Status: Active Development -See [libpod](https://github.com/projectatomic/libpod/contrib/python/pypodman) +See [libpod](https://github.com/containers/libpod/contrib/python/pypodman) ## Releases diff --git a/contrib/python/pypodman/pypodman/lib/actions/__init__.py b/contrib/python/pypodman/pypodman/lib/actions/__init__.py index 4719f5d5c..f594f05e5 100644 --- a/contrib/python/pypodman/pypodman/lib/actions/__init__.py +++ b/contrib/python/pypodman/pypodman/lib/actions/__init__.py @@ -1,7 +1,16 @@ """Module to export all the podman subcommands.""" +from pypodman.lib.actions.create_action import Create from pypodman.lib.actions.images_action import Images from pypodman.lib.actions.ps_action import Ps +from pypodman.lib.actions.pull_action import Pull from pypodman.lib.actions.rm_action import Rm from pypodman.lib.actions.rmi_action import Rmi -__all__ = ['Images', 'Ps', 'Rm', 'Rmi'] +__all__ = [ + 'Create', + 'Images', + 'Ps', + 'Pull', + 'Rm', + 'Rmi', +] diff --git a/contrib/python/pypodman/pypodman/lib/actions/create_action.py b/contrib/python/pypodman/pypodman/lib/actions/create_action.py new file mode 100644 index 000000000..94dd33061 --- /dev/null +++ b/contrib/python/pypodman/pypodman/lib/actions/create_action.py @@ -0,0 +1,458 @@ +"""Remote client command for creating container from image.""" +import argparse +import sys +from builtins import vars + +import podman +from pypodman.lib import AbstractActionBase + + +class UnitAction(argparse.Action): + """Validate number given is positive integer, with optional suffix.""" + + def __call__(self, parser, namespace, values, option_string=None): + """Validate input.""" + if isinstance(values, str): + if not values[:-1].isdigit(): + msg = 'unit must be a positive integer, with optional suffix' + raise argparse.ArgumentError(self, msg) + if not values[-1] in ('b', 'k', 'm', 'g'): + msg = 'unit only supports suffices of: b, k, m, g' + raise argparse.ArgumentError(self, msg) + elif values <= 0: + msg = 'number must be a positive integer.' + raise argparse.ArgumentError(self, msg) + + setattr(namespace, self.dest, values) + + +def add_options(parser): + """Add options for Create command.""" + parser.add_argument( + '--add-host', + action='append', + metavar='HOST', + help=('Add a line to /etc/hosts. The format is hostname:ip.' + ' The option can be set multiple times.'), + ) + parser.add_argument( + '--attach', + '-a', + action='append', + metavar='FD', + help=('Attach to STDIN, STDOUT or STDERR. The option can be set' + ' for each of stdin, stdout, and stderr.')) + parser.add_argument( + '--annotation', + action='append', + help=('Add an annotation to the container. The format is' + ' key=value. The option can be set multiple times.')) + parser.add_argument( + '--blkio-weight', + choices=range(10, 1000), + metavar='[10-1000]', + help=('Block IO weight (relative weight) accepts a' + ' weight value between 10 and 1000.')) + parser.add_argument( + '--blkio-weight-device', + action='append', + metavar='WEIGHT', + help=('Block IO weight (relative device weight,' + ' format: DEVICE_NAME:WEIGHT).')) + parser.add_argument( + '--cap-add', + action='append', + metavar='CAP', + help=('Add Linux capabilities' + 'The option can be set multiple times.')) + parser.add_argument( + '--cap-drop', + action='append', + metavar='CAP', + help=('Drop Linux capabilities' + 'The option can be set multiple times.')) + parser.add_argument( + '--cgroup-parent', + metavar='PATH', + help=('Path to cgroups under which the cgroup for the' + ' container will be created. If the path is not' + ' absolute, the path is considered to be relative' + ' to the cgroups path of the init process. Cgroups' + ' will be created if they do not already exist.')) + parser.add_argument( + '--cidfile', + metavar='PATH', + help='Write the container ID to the file, on the remote host.') + parser.add_argument( + '--conmon-pidfile', + metavar='PATH', + help=('Write the pid of the conmon process to a file,' + ' on the remote host.')) + parser.add_argument( + '--cpu-count', + type=int, + metavar='COUNT', + help=('Limit the number of CPUs available' + ' for execution by the container.')) + parser.add_argument( + '--cpu-period', + type=int, + metavar='PERIOD', + help=('Limit the CPU CFS (Completely Fair Scheduler) period.')) + parser.add_argument( + '--cpu-quota', + type=int, + metavar='QUOTA', + help=('Limit the CPU CFS (Completely Fair Scheduler) quota.')) + parser.add_argument( + '--cpu-rt-period', + type=int, + metavar='PERIOD', + help=('Limit the CPU real-time period in microseconds.')) + parser.add_argument( + '--cpu-rt-runtime', + type=int, + metavar='LIMIT', + help=('Limit the CPU real-time runtime in microseconds.')) + parser.add_argument( + '--cpu-shares', + type=int, + metavar='SHARES', + help=('CPU shares (relative weight)')) + parser.add_argument( + '--cpus', + type=int, + help=('Number of CPUs. The default is 0 which means no limit')) + parser.add_argument( + '--cpuset-cpus', + metavar='LIST', + help=('CPUs in which to allow execution (0-3, 0,1)')) + parser.add_argument( + '--cpuset-mems', + metavar='NODES', + help=('Memory nodes (MEMs) in which to allow execution (0-3, 0,1).' + ' Only effective on NUMA systems')) + parser.add_argument( + '--detach', + '-d', + choices=['True', 'False'], + help=('Detached mode: run the container in the background and' + ' print the new container ID. The default is false.')) + parser.add_argument( + '--detach-keys', + metavar='KEY(s)', + help=('Override the key sequence for detaching a container.' + ' Format is a single character [a-Z] or ctrl-<value> where' + ' <value> is one of: a-z, @, ^, [, , or _.')) + parser.add_argument( + '--device', + action='append', + help=('Add a host device to the container' + 'The option can be set multiple times.'), + ) + parser.add_argument( + '--device-read-bps', + action='append', + metavar='LIMIT', + help=('Limit read rate (bytes per second) from a device' + ' (e.g. --device-read-bps=/dev/sda:1mb)' + 'The option can be set multiple times.'), + ) + parser.add_argument( + '--device-read-iops', + action='append', + metavar='LIMIT', + help=('Limit read rate (IO per second) from a device' + ' (e.g. --device-read-iops=/dev/sda:1000)' + 'The option can be set multiple times.'), + ) + parser.add_argument( + '--device-write-bps', + action='append', + metavar='LIMIT', + help=('Limit write rate (bytes per second) to a device' + ' (e.g. --device-write-bps=/dev/sda:1mb)' + 'The option can be set multiple times.'), + ) + parser.add_argument( + '--device-write-iops', + action='append', + metavar='LIMIT', + help=('Limit write rate (IO per second) to a device' + ' (e.g. --device-write-iops=/dev/sda:1000)' + 'The option can be set multiple times.'), + ) + parser.add_argument( + '--dns', + action='append', + metavar='SERVER', + help=('Set custom DNS servers.' + 'The option can be set multiple times.'), + ) + parser.add_argument( + '--dns-option', + action='append', + metavar='OPT', + help=('Set custom DNS options.' + 'The option can be set multiple times.'), + ) + parser.add_argument( + '--dns-search', + action='append', + metavar='DOMAIN', + help=('Set custom DNS search domains.' + 'The option can be set multiple times.'), + ) + parser.add_argument( + '--entrypoint', + help=('Overwrite the default ENTRYPOINT of the image.'), + ) + parser.add_argument( + '--env', + '-e', + action='append', + help=('Set environment variables.'), + ) + parser.add_argument( + '--env-file', + help=('Read in a line delimited file of environment variables,' + ' on the remote host.'), + ) + parser.add_argument( + '--expose', + metavar='PORT(s)', + help=('Expose a port, or a range of ports' + ' (e.g. --expose=3300-3310) to set up port redirection.'), + ) + parser.add_argument( + '--gidmap', + metavar='MAP', + help=('GID map for the user namespace'), + ) + parser.add_argument( + '--group-add', + action='append', + metavar='GROUP', + help=('Add additional groups to run as')) + parser.add_argument('--hostname', help='Container host name') + + volume_group = parser.add_mutually_exclusive_group() + volume_group.add_argument( + '--image-volume', + choices=['bind', 'tmpfs', 'ignore'], + metavar='MODE', + help='Tells podman how to handle the builtin image volumes') + volume_group.add_argument( + '--builtin-volume', + choices=['bind', 'tmpfs', 'ignore'], + metavar='MODE', + help='Tells podman how to handle the builtin image volumes') + parser.add_argument( + '--interactive', + '-i', + choices=['True', 'False'], + help='Keep STDIN open even if not attached. The default is false') + parser.add_argument('--ipc', help='Create namespace') + parser.add_argument( + '--kernel-memory', + action=UnitAction, + metavar='UNIT', + help=('Kernel memory limit (format: <number>[<unit>],' + ' where unit = b, k, m or g)')) + parser.add_argument( + '--label', + '-l', + help=('Add metadata to a container' + ' (e.g., --label com.example.key=value)')) + parser.add_argument( + '--label-file', help='Read in a line delimited file of labels') + parser.add_argument( + '--log-driver', + choices=['json-file', 'journald'], + help='Logging driver for the container.') + parser.add_argument( + '--log-opt', action='append', help='Logging driver specific options') + parser.add_argument( + '--mac-address', help='Container MAC address (e.g. 92:d0:c6:0a:29:33)') + parser.add_argument( + '--memory', + '-m', + action=UnitAction, + metavar='UNIT', + help='Memory limit (format: [], where unit = b, k, m or g)') + parser.add_argument( + '--memory-reservation', + action=UnitAction, + metavar='UNIT', + help='Memory soft limit (format: [], where unit = b, k, m or g)') + parser.add_argument( + '--memory-swap', + action=UnitAction, + metavar='UNIT', + help=('A limit value equal to memory plus swap.' + 'Must be used with the --memory flag')) + parser.add_argument( + '--memory-swappiness', + choices=range(0, 100), + metavar='[0-100]', + help="Tune a container's memory swappiness behavior") + parser.add_argument('--name', help='Assign a name to the container') + parser.add_argument( + '--network', + metavar='BRIDGE', + help=('Set the Network mode for the container.')) + parser.add_argument( + '--oom-kill-disable', + choices=['True', 'False'], + help='Whether to disable OOM Killer for the container or not') + parser.add_argument( + '--oom-score-adj', + choices=range(-1000, 1000), + metavar='[-1000-1000]', + help="Tune the host's OOM preferences for containers") + parser.add_argument('--pid', help='Set the PID mode for the container') + parser.add_argument( + '--pids-limit', + type=int, + metavar='LIMIT', + help=("Tune the container's pids limit." + " Set -1 to have unlimited pids for the container.")) + parser.add_argument('--pod', help='Run container in an existing pod') + parser.add_argument( + '--privileged', + choices=['True', 'False'], + help='Give extended privileges to this container.') + parser.add_argument( + '--publish', + '-p', + metavar='PORT(s)', + help="Publish a container's port, or range of ports, to the host") + parser.add_argument( + '--publish-all', + '-P', + action='store_true', + help=("Publish all exposed ports to random" + " ports on the host interfaces")) + parser.add_argument( + '--quiet', + '-q', + action='store_true', + help='Suppress output information when pulling images') + parser.add_argument( + '--read-only', + choices=['True', 'False'], + help="Mount the container's root filesystem as read only.") + parser.add_argument( + '--rm', + choices=['True', 'False'], + help='Automatically remove the container when it exits.') + parser.add_argument( + '--rootfs', + action='store_true', + help=('If specified, the first argument refers to an' + ' exploded container on the file system of remote host.')) + parser.add_argument( + '--security-opt', + action='append', + metavar='OPT', + help='Set security options.') + parser.add_argument( + '--shm-size', + action=UnitAction, + metavar='UNIT', + help='Size of /dev/shm') + parser.add_argument( + '--stop-signal', metavar='SIGTERM', help='Signal to stop a container') + parser.add_argument( + '--stop-timeout', + metavar='TIMEOUT', + help='Seconds to wait on stopping container.') + parser.add_argument( + '--subgidname', + metavar='MAP', + help='Name for GID map from the /etc/subgid file') + parser.add_argument( + '--subuidname', + metavar='MAP', + help='Name for UID map from the /etc/subuid file') + parser.add_argument( + '--sysctl', + action='append', + help='Configure namespaced kernel parameters at runtime') + parser.add_argument('--tmpfs', help='Create a tmpfs mount') + parser.add_argument( + '--tty', + '-t', + choices=['True', 'False'], + help='Allocate a pseudo-TTY for standard input of container.') + parser.add_argument( + '--uidmap', metavar='MAP', help='UID map for the user namespace') + parser.add_argument('--ulimit', metavar='OPT', help='Ulimit options') + parser.add_argument( + '--user', + '-u', + help=('Sets the username or UID used and optionally' + ' the groupname or GID for the specified command.')) + parser.add_argument( + '--userns', + choices=['host', 'ns'], + help='Set the usernamespace mode for the container') + parser.add_argument( + '--uts', + choices=['host', 'ns'], + help='Set the UTS mode for the container') + parser.add_argument('--volume', '-v', help='Create a bind mount.') + parser.add_argument( + '--volumes-from', + action='append', + help='Mount volumes from the specified container(s).') + parser.add_argument( + '--workdir', '-w', help='Working directory inside the container') + + +class Create(AbstractActionBase): + """Class for creating container from image.""" + + @classmethod + def subparser(cls, parent): + """Add Create command to parent parser.""" + parser = parent.add_parser( + 'create', help='create container from image') + + add_options(parser) + + parser.add_argument('image', nargs='*', help='source image id.') + parser.set_defaults(class_=cls, method='create') + + def __init__(self, args): + """Construct Create class.""" + super().__init__(args) + if not args.image: + raise ValueError('You must supply at least one image id' + ' or name to be retrieved.') + + def create(self): + """Create container.""" + # Dump all unset arguments before transmitting to service + opts = {k: v for k, v in vars(self._args).items() if v is not None} + + # image id(s) used only on client + del opts['image'] + + for ident in self._args.image: + try: + img = self.client.images.get(ident) + img.container(**opts) + print(ident) + except podman.ImageNotFound as e: + sys.stdout.flush() + print( + 'Image {} not found.'.format(e.name), + file=sys.stderr, + flush=True) + except podman.ErrorOccurred as e: + sys.stdout.flush() + print( + '{}'.format(e.reason).capitalize(), + file=sys.stderr, + flush=True) diff --git a/contrib/python/pypodman/pypodman/lib/actions/pull_action.py b/contrib/python/pypodman/pypodman/lib/actions/pull_action.py new file mode 100644 index 000000000..d609eac28 --- /dev/null +++ b/contrib/python/pypodman/pypodman/lib/actions/pull_action.py @@ -0,0 +1,49 @@ +"""Remote client command for pulling images.""" +import sys + +import podman +from pypodman.lib import AbstractActionBase + + +class Pull(AbstractActionBase): + """Class for retrieving images from repository.""" + + @classmethod + def subparser(cls, parent): + """Add Pull command to parent parser.""" + parser = parent.add_parser( + 'pull', + help='retrieve image from repository', + ) + parser.add_argument( + 'targets', + nargs='*', + help='image id(s) to retrieve.', + ) + parser.set_defaults(class_=cls, method='pull') + + def __init__(self, args): + """Construct Pull class.""" + super().__init__(args) + if not args.targets: + raise ValueError('You must supply at least one container id' + ' or name to be retrieved.') + + def pull(self): + """Retrieve image.""" + for ident in self._args.targets: + try: + self.client.images.pull(ident) + print(ident) + except podman.ImageNotFound as e: + sys.stdout.flush() + print( + 'Image {} not found.'.format(e.name), + file=sys.stderr, + flush=True) + except podman.ErrorOccurred as e: + sys.stdout.flush() + print( + '{}'.format(e.reason).capitalize(), + file=sys.stderr, + flush=True) diff --git a/contrib/python/pypodman/pypodman/lib/actions/rm_action.py b/contrib/python/pypodman/pypodman/lib/actions/rm_action.py index ae3a42245..62c0b8599 100644 --- a/contrib/python/pypodman/pypodman/lib/actions/rm_action.py +++ b/contrib/python/pypodman/pypodman/lib/actions/rm_action.py @@ -2,7 +2,6 @@ import sys import podman - from pypodman.lib import AbstractActionBase @@ -32,11 +31,11 @@ class Rm(AbstractActionBase): def remove(self): """Remove container(s).""" - for id_ in self._args.targets: + for ident in self._args.targets: try: - ctnr = self.client.containers.get(id_) + ctnr = self.client.containers.get(ident) ctnr.remove(self._args.force) - print(id_) + print(ident) except podman.ContainerNotFound as e: sys.stdout.flush() print( diff --git a/contrib/python/pypodman/pypodman/lib/actions/rmi_action.py b/contrib/python/pypodman/pypodman/lib/actions/rmi_action.py index 8d9fcbb58..9ff533821 100644 --- a/contrib/python/pypodman/pypodman/lib/actions/rmi_action.py +++ b/contrib/python/pypodman/pypodman/lib/actions/rmi_action.py @@ -2,7 +2,6 @@ import sys import podman - from pypodman.lib import AbstractActionBase @@ -31,11 +30,11 @@ class Rmi(AbstractActionBase): def remove(self): """Remove image(s).""" - for id_ in self._args.targets: + for ident in self._args.targets: try: - img = self.client.images.get(id_) + img = self.client.images.get(ident) img.remove(self._args.force) - print(id_) + print(ident) except podman.ImageNotFound as e: sys.stdout.flush() print( diff --git a/contrib/python/pypodman/pypodman/lib/config.py b/contrib/python/pypodman/pypodman/lib/config.py index 0d5004b9d..2f0cbf8ae 100644 --- a/contrib/python/pypodman/pypodman/lib/config.py +++ b/contrib/python/pypodman/pypodman/lib/config.py @@ -229,12 +229,13 @@ class PodmanArgumentParser(argparse.ArgumentParser): args.local_uri = "unix:{}".format(args.local_socket_path) - components = ['ssh://', args.user, '@', args.host] - if args.port: - components.extend((':', str(args.port))) - components.append(args.remote_socket_path) + if args.host: + components = ['ssh://', args.user, '@', args.host] + if args.port: + components.extend((':', str(args.port))) + components.append(args.remote_socket_path) - args.remote_uri = ''.join(components) + args.remote_uri = ''.join(components) return args def exit(self, status=0, message=None): diff --git a/contrib/python/pypodman/pypodman/main.py b/contrib/python/pypodman/pypodman/main.py index 5e0ef0750..047edfa0d 100755 --- a/contrib/python/pypodman/pypodman/main.py +++ b/contrib/python/pypodman/pypodman/main.py @@ -42,6 +42,9 @@ def main(): returncode = None try: obj = args.class_(args) + except AttributeError: + parser.print_help(sys.stderr) + sys.exit(1) except Exception as e: # pylint: disable=broad-except logging.critical(repr(e), exc_info=want_tb()) logging.warning('See subparser "%s" configuration.', @@ -59,6 +62,7 @@ def main(): returncode = 3 except ( CalledProcessError, + ConnectionError, ConnectionRefusedError, ConnectionResetError, TimeoutError, diff --git a/contrib/python/pypodman/setup.py b/contrib/python/pypodman/setup.py index 0509bf942..0f80d4060 100644 --- a/contrib/python/pypodman/setup.py +++ b/contrib/python/pypodman/setup.py @@ -27,7 +27,7 @@ setup( packages=find_packages(exclude=['test']), python_requires='>=3', zip_safe=True, - url='http://github.com/projectatomic/libpod', + url='http://github.com/containers/libpod', keywords='varlink libpod podman pypodman', classifiers=[ 'Development Status :: 3 - Alpha', diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index be9d71ee2..9ca148310 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -23,9 +23,9 @@ %global provider github %global provider_tld com -%global project projectatomic +%global project containers %global repo libpod -# https://github.com/projectatomic/libpod +# https://github.com/containers/libpod %global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} %global import_path %{provider_prefix} %global git0 https://%{provider}.%{provider_tld}/%{project}/%{repo} diff --git a/contrib/spec/python-podman.spec.in b/contrib/spec/python-podman.spec.in index 04b6039ad..6296586dd 100644 --- a/contrib/spec/python-podman.spec.in +++ b/contrib/spec/python-podman.spec.in @@ -16,9 +16,9 @@ %global provider github %global provider_tld com -%global project projectatomic +%global project containers %global repo libpod -# https://github.com/projectatomic/libpod +# https://github.com/containers/libpod %global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} %global import_path %{provider_prefix} %global commit #COMMIT# diff --git a/docs/podman.1.md b/docs/podman.1.md index b5331a45d..26a5a0ae0 100644 --- a/docs/podman.1.md +++ b/docs/podman.1.md @@ -58,11 +58,14 @@ Path to the OCI compatible binary used to run containers **--storage-driver, -s**=**value** -Select which storage driver is used to manage storage of images and containers (default is overlay) +Storage driver. The default storage driver for UID 0 is configured in /etc/containers/storage.conf, and is *vfs* for other users. The `STORAGE_DRIVER` environment variable overrides the default. The --storage-driver specified driver overrides all. + +Overriding this option will cause the *storage-opt* settings in /etc/containers/storage.conf to be ignored. The user must +specify additional options via the `--storage-opt` flag. **--storage-opt**=**value** -Used to pass an option to the storage driver +Storage driver option, Default storage driver options are configured in /etc/containers/storage.conf. The `STORAGE_OPTS` environment variable overrides the default. The --storage-opt specified options overrides all. **--syslog** diff --git a/docs/tutorials/README.md b/docs/tutorials/README.md index 5cf60303d..ad0c5ae88 100644 --- a/docs/tutorials/README.md +++ b/docs/tutorials/README.md @@ -4,6 +4,6 @@ ## Links to a number of useful tutorials for the Podman utility. -**[Introduction Tutorial](https://github.com/projectatomic/libpod/tree/master/docs/tutorials/podman_tutorial.md)** +**[Introduction Tutorial](https://github.com/containers/libpod/tree/master/docs/tutorials/podman_tutorial.md)** Learn how to setup Podman and perform some basic commands with the utility. diff --git a/docs/tutorials/podman_tutorial.md b/docs/tutorials/podman_tutorial.md index 31203aec2..89e3968f6 100644 --- a/docs/tutorials/podman_tutorial.md +++ b/docs/tutorials/podman_tutorial.md @@ -31,8 +31,8 @@ and make libpod. ```console $ export GOPATH=~/go $ mkdir -p $GOPATH -$ git clone https://github.com/projectatomic/libpod/ $GOPATH/src/github.com/projectatomic/libpod -$ cd $GOPATH/src/github.com/projectatomic/libpod +$ git clone https://github.com/containers/libpod/ $GOPATH/src/github.com/containers/libpod +$ cd $GOPATH/src/github.com/containers/libpod $ make $ sudo make install PREFIX=/usr ``` @@ -91,8 +91,8 @@ $ sudo cp runc /usr/bin/runc ### Building and installing Podman ```console -$ git clone https://github.com/projectatomic/libpod/ $GOPATH/src/github.com/projectatomic/libpod -$ cd $GOPATH/src/github.com/projectatomic/libpod +$ git clone https://github.com/containers/libpod/ $GOPATH/src/github.com/containers/libpod +$ cd $GOPATH/src/github.com/containers/libpod $ make $ sudo make install PREFIX=/usr ``` diff --git a/install.md b/install.md index 6c9681166..f0353faeb 100644 --- a/install.md +++ b/install.md @@ -73,15 +73,15 @@ apt-get install -y \ Debian, Ubuntu, and related distributions will also need to do the following setup: * A copy of the development libraries for `ostree`, either in the form of the `libostree-dev` package from the [flatpak](https://launchpad.net/~alexlarsson/+archive/ubuntu/flatpak) PPA, or built [from source](https://github.com/ostreedev/ostree) (more on that [here](https://ostree.readthedocs.io/en/latest/#building)). - * [Add required configuration files](https://github.com/projectatomic/libpod/blob/master/docs/tutorials/podman_tutorial.md#adding-required-configuration-files) + * [Add required configuration files](https://github.com/containers/libpod/blob/master/docs/tutorials/podman_tutorial.md#adding-required-configuration-files) * Install conmon, CNI plugins and runc - * [Install conmon](https://github.com/projectatomic/libpod/blob/master/docs/tutorials/podman_tutorial.md#building-and-installing-conmon) - * [Install CNI plugins](https://github.com/projectatomic/libpod/blob/master/docs/tutorials/podman_tutorial.md#installing-cni-plugins) - * [runc Installation](https://github.com/projectatomic/libpod/blob/master/docs/tutorials/podman_tutorial.md#installing-runc) - Although installable, the latest runc is not available in the Ubuntu repos. Version 1.0.0-rc4 is the minimal requirement. + * [Install conmon](https://github.com/containers/libpod/blob/master/docs/tutorials/podman_tutorial.md#building-and-installing-conmon) + * [Install CNI plugins](https://github.com/containers/libpod/blob/master/docs/tutorials/podman_tutorial.md#installing-cni-plugins) + * [runc Installation](https://github.com/containers/libpod/blob/master/docs/tutorials/podman_tutorial.md#installing-runc) - Although installable, the latest runc is not available in the Ubuntu repos. Version 1.0.0-rc4 is the minimal requirement. **NOTE** -If using an older release or a long-term support release, be careful to double-check that the version of `runc` is new enough (running `runc --version` should produce `spec: 1.0.0`), or else [build](https://github.com/projectatomic/libpod/blob/master/docs/tutorials/podman_tutorial.md#installing-runc) your own. +If using an older release or a long-term support release, be careful to double-check that the version of `runc` is new enough (running `runc --version` should produce `spec: 1.0.0`), or else [build](https://github.com/containers/libpod/blob/master/docs/tutorials/podman_tutorial.md#installing-runc) your own. Be careful to double-check that the version of golang is new enough, version 1.8.x or higher is required. If needed, golang kits are available at https://golang.org/dl/ @@ -122,7 +122,7 @@ Next, clone the source code using: ```bash mkdir -p $GOPATH/src/github.com/projectatomic cd $_ # or cd $GOPATH/src/github.com/projectatomic -git clone https://github.com/projectatomic/libpod # or your fork +git clone https://github.com/containers/libpod # or your fork cd libpod ``` diff --git a/libpod/container.go b/libpod/container.go index 9f72bbe53..b79258c43 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -43,7 +43,7 @@ const CgroupfsDefaultCgroupParent = "/libpod_parent" // SystemdDefaultCgroupParent is the cgroup parent for the systemd cgroup // manager in libpod -const SystemdDefaultCgroupParent = "system.slice" +const SystemdDefaultCgroupParent = "machine.slice" // LinuxNS represents a Linux namespace type LinuxNS int diff --git a/libpod/container_api.go b/libpod/container_api.go index 62281218f..3e5b6ea53 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -8,11 +8,11 @@ import ( "strings" "time" + "github.com/containers/libpod/libpod/driver" + "github.com/containers/libpod/pkg/inspect" "github.com/containers/storage/pkg/stringid" "github.com/docker/docker/daemon/caps" "github.com/pkg/errors" - "github.com/projectatomic/libpod/libpod/driver" - "github.com/projectatomic/libpod/pkg/inspect" "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/tools/remotecommand" diff --git a/libpod/container_attach.go b/libpod/container_attach.go index 5bfea3a0e..3c4e0775d 100644 --- a/libpod/container_attach.go +++ b/libpod/container_attach.go @@ -7,10 +7,10 @@ import ( "os" "path/filepath" + "github.com/containers/libpod/pkg/kubeutils" + "github.com/containers/libpod/utils" "github.com/docker/docker/pkg/term" "github.com/pkg/errors" - "github.com/projectatomic/libpod/pkg/kubeutils" - "github.com/projectatomic/libpod/utils" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" "k8s.io/client-go/tools/remotecommand" diff --git a/libpod/container_commit.go b/libpod/container_commit.go index 929850cbe..de659c982 100644 --- a/libpod/container_commit.go +++ b/libpod/container_commit.go @@ -5,10 +5,10 @@ import ( "strings" is "github.com/containers/image/storage" + "github.com/containers/libpod/libpod/image" "github.com/pkg/errors" "github.com/projectatomic/buildah" "github.com/projectatomic/buildah/util" - "github.com/projectatomic/libpod/libpod/image" "github.com/sirupsen/logrus" ) diff --git a/libpod/container_ffjson.go b/libpod/container_ffjson.go index 2af9d63f5..4ae77eb0c 100644 --- a/libpod/container_ffjson.go +++ b/libpod/container_ffjson.go @@ -1,5 +1,5 @@ // Code generated by ffjson <https://github.com/pquerna/ffjson>. DO NOT EDIT. -// source: /home/mcs/code/gopath//src/github.com/projectatomic/libpod/libpod/container.go +// source: /home/mcs/code/gopath//src/github.com/containers/libpod/libpod/container.go package libpod diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index dec0b47b4..a7ee911a6 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -1,8 +1,8 @@ package libpod import ( + "github.com/containers/libpod/pkg/inspect" "github.com/cri-o/ocicni/pkg/ocicni" - "github.com/projectatomic/libpod/pkg/inspect" "github.com/sirupsen/logrus" ) diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 535f34200..32036ca7a 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -13,6 +13,12 @@ import ( "syscall" "time" + "github.com/containers/libpod/pkg/chrootuser" + "github.com/containers/libpod/pkg/hooks" + "github.com/containers/libpod/pkg/hooks/exec" + "github.com/containers/libpod/pkg/rootless" + "github.com/containers/libpod/pkg/secrets" + "github.com/containers/libpod/pkg/util" "github.com/containers/storage" "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/chrootarchive" @@ -22,12 +28,6 @@ import ( "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" - "github.com/projectatomic/libpod/pkg/chrootuser" - "github.com/projectatomic/libpod/pkg/hooks" - "github.com/projectatomic/libpod/pkg/hooks/exec" - "github.com/projectatomic/libpod/pkg/rootless" - "github.com/projectatomic/libpod/pkg/secrets" - "github.com/projectatomic/libpod/pkg/util" "github.com/sirupsen/logrus" "github.com/ulule/deepcopier" "golang.org/x/text/language" diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 59fb6af87..2aba1abde 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -10,14 +10,14 @@ import ( "syscall" "time" + crioAnnotations "github.com/containers/libpod/pkg/annotations" + "github.com/containers/libpod/pkg/chrootuser" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/storage/pkg/idtools" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" - crioAnnotations "github.com/projectatomic/libpod/pkg/annotations" - "github.com/projectatomic/libpod/pkg/chrootuser" - "github.com/projectatomic/libpod/pkg/rootless" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) diff --git a/libpod/diff.go b/libpod/diff.go index 6e07f3049..e86a186ed 100644 --- a/libpod/diff.go +++ b/libpod/diff.go @@ -1,9 +1,9 @@ package libpod import ( + "github.com/containers/libpod/libpod/layers" "github.com/containers/storage/pkg/archive" "github.com/pkg/errors" - "github.com/projectatomic/libpod/libpod/layers" ) // GetDiff returns the differences between the two images, layers, or containers diff --git a/libpod/driver/driver.go b/libpod/driver/driver.go index d84ce8d3c..717ac2a4d 100644 --- a/libpod/driver/driver.go +++ b/libpod/driver/driver.go @@ -1,8 +1,8 @@ package driver import ( + "github.com/containers/libpod/pkg/inspect" cstorage "github.com/containers/storage" - "github.com/projectatomic/libpod/pkg/inspect" ) // GetDriverName returns the name of the driver for the given store diff --git a/libpod/image/filters.go b/libpod/image/filters.go index 95ef3b44a..d0c3adfb5 100644 --- a/libpod/image/filters.go +++ b/libpod/image/filters.go @@ -5,7 +5,7 @@ import ( "strings" "time" - "github.com/projectatomic/libpod/pkg/inspect" + "github.com/containers/libpod/pkg/inspect" ) // ResultFilter is a mock function for image filtering diff --git a/libpod/image/image.go b/libpod/image/image.go index 57891a463..2c70c6316 100644 --- a/libpod/image/image.go +++ b/libpod/image/image.go @@ -18,16 +18,16 @@ import ( "github.com/containers/image/transports" "github.com/containers/image/transports/alltransports" "github.com/containers/image/types" + "github.com/containers/libpod/libpod/common" + "github.com/containers/libpod/libpod/driver" + "github.com/containers/libpod/pkg/inspect" + "github.com/containers/libpod/pkg/registries" + "github.com/containers/libpod/pkg/util" "github.com/containers/storage" "github.com/containers/storage/pkg/reexec" "github.com/opencontainers/go-digest" ociv1 "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" - "github.com/projectatomic/libpod/libpod/common" - "github.com/projectatomic/libpod/libpod/driver" - "github.com/projectatomic/libpod/pkg/inspect" - "github.com/projectatomic/libpod/pkg/registries" - "github.com/projectatomic/libpod/pkg/util" "github.com/sirupsen/logrus" ) diff --git a/libpod/image/pull.go b/libpod/image/pull.go index 6c470b552..d8483878e 100644 --- a/libpod/image/pull.go +++ b/libpod/image/pull.go @@ -18,9 +18,9 @@ import ( "github.com/containers/image/transports" "github.com/containers/image/transports/alltransports" "github.com/containers/image/types" + "github.com/containers/libpod/pkg/registries" + "github.com/containers/libpod/pkg/util" "github.com/pkg/errors" - "github.com/projectatomic/libpod/pkg/registries" - "github.com/projectatomic/libpod/pkg/util" "github.com/sirupsen/logrus" ) diff --git a/libpod/in_memory_state.go b/libpod/in_memory_state.go index 0327b331e..78e765ccd 100644 --- a/libpod/in_memory_state.go +++ b/libpod/in_memory_state.go @@ -3,9 +3,9 @@ package libpod import ( "strings" + "github.com/containers/libpod/pkg/registrar" "github.com/containers/storage/pkg/truncindex" "github.com/pkg/errors" - "github.com/projectatomic/libpod/pkg/registrar" ) // TODO: Maybe separate idIndex for pod/containers diff --git a/libpod/info.go b/libpod/info.go index 1108845ea..3add1ce0f 100644 --- a/libpod/info.go +++ b/libpod/info.go @@ -10,9 +10,9 @@ import ( "strings" "time" + "github.com/containers/libpod/utils" "github.com/containers/storage/pkg/system" "github.com/pkg/errors" - "github.com/projectatomic/libpod/utils" ) // InfoData holds the info type, i.e store, host etc and the data for each type diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 2186b4ac9..e5f935e30 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -14,11 +14,11 @@ import ( cnitypes "github.com/containernetworking/cni/pkg/types/current" "github.com/containernetworking/plugins/pkg/ns" + "github.com/containers/libpod/pkg/inspect" + "github.com/containers/libpod/pkg/netns" + "github.com/containers/libpod/utils" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/pkg/errors" - "github.com/projectatomic/libpod/pkg/inspect" - "github.com/projectatomic/libpod/pkg/netns" - "github.com/projectatomic/libpod/utils" "github.com/sirupsen/logrus" "github.com/vishvananda/netlink" "golang.org/x/sys/unix" diff --git a/libpod/networking_unsupported.go b/libpod/networking_unsupported.go index 070985c47..3a8ac4455 100644 --- a/libpod/networking_unsupported.go +++ b/libpod/networking_unsupported.go @@ -3,7 +3,7 @@ package libpod import ( - "github.com/projectatomic/libpod/pkg/inspect" + "github.com/containers/libpod/pkg/inspect" ) func (r *Runtime) setupRootlessNetNS(ctr *Container) (err error) { diff --git a/libpod/oci.go b/libpod/oci.go index d98ab433f..9021a522b 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -15,21 +15,21 @@ import ( "syscall" "time" + "github.com/containers/libpod/pkg/ctime" + "github.com/containers/libpod/pkg/rootless" "github.com/coreos/go-systemd/activation" "github.com/cri-o/ocicni/pkg/ocicni" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/selinux/go-selinux" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" - "github.com/projectatomic/libpod/pkg/ctime" - "github.com/projectatomic/libpod/pkg/rootless" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" kwait "k8s.io/apimachinery/pkg/util/wait" // TODO import these functions into libpod and remove the import // Trying to keep libpod from depending on CRI-O code - "github.com/projectatomic/libpod/utils" + "github.com/containers/libpod/utils" ) // OCI code is undergoing heavy rewrite diff --git a/libpod/oci_linux.go b/libpod/oci_linux.go index bdf859d7d..335a7eec3 100644 --- a/libpod/oci_linux.go +++ b/libpod/oci_linux.go @@ -12,9 +12,9 @@ import ( "sync" "github.com/containerd/cgroups" + "github.com/containers/libpod/utils" "github.com/containers/storage/pkg/idtools" spec "github.com/opencontainers/runtime-spec/specs-go" - "github.com/projectatomic/libpod/utils" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -24,8 +24,14 @@ func (r *OCIRuntime) moveConmonToCgroup(ctr *Container, cgroupParent string, cmd if r.cgroupManager == SystemdCgroupsManager { unitName := createUnitName("libpod-conmon", ctr.ID()) - logrus.Infof("Running conmon under slice %s and unitName %s", cgroupParent, unitName) - if err := utils.RunUnderSystemdScope(cmd.Process.Pid, cgroupParent, unitName); err != nil { + realCgroupParent := cgroupParent + splitParent := strings.Split(cgroupParent, "/") + if strings.HasSuffix(cgroupParent, ".slice") && len(splitParent) > 1 { + realCgroupParent = splitParent[len(splitParent)-1] + } + + logrus.Infof("Running conmon under slice %s and unitName %s", realCgroupParent, unitName) + if err := utils.RunUnderSystemdScope(cmd.Process.Pid, realCgroupParent, unitName); err != nil { logrus.Warnf("Failed to add conmon to systemd sandbox cgroup: %v", err) } } else { diff --git a/libpod/pod_api.go b/libpod/pod_api.go index 82cf7b727..d1e19063c 100644 --- a/libpod/pod_api.go +++ b/libpod/pod_api.go @@ -55,7 +55,11 @@ func (p *Pod) Start(ctx context.Context) (map[string]error, error) { startNode(ctx, node, false, ctrErrors, ctrsVisited, false) } - return ctrErrors, nil + if len(ctrErrors) > 0 { + return ctrErrors, errors.Wrapf(ErrCtrExists, "error starting some containers") + } + + return nil, nil } // Stop stops all containers within a pod that are not already stopped @@ -352,7 +356,7 @@ func (p *Pod) Kill(signal uint) (map[string]error, error) { } if len(ctrErrors) > 0 { - return ctrErrors, nil + return ctrErrors, errors.Wrapf(ErrCtrExists, "error killing some containers") } return nil, nil diff --git a/libpod/pod_ffjson.go b/libpod/pod_ffjson.go index 58b08d61b..a244dadbc 100644 --- a/libpod/pod_ffjson.go +++ b/libpod/pod_ffjson.go @@ -1,5 +1,5 @@ // Code generated by ffjson <https://github.com/pquerna/ffjson>. DO NOT EDIT. -// source: /home/mcs/code/gopath//src/github.com/projectatomic/libpod/libpod/pod.go +// source: /home/dwalsh/go/src/github.com/containers/libpod/libpod/pod.go package libpod diff --git a/libpod/pod_internal.go b/libpod/pod_internal.go index c8d8405bb..1ba4487ab 100644 --- a/libpod/pod_internal.go +++ b/libpod/pod_internal.go @@ -2,6 +2,7 @@ package libpod import ( "context" + "fmt" "path/filepath" "strings" "time" @@ -67,8 +68,11 @@ func (p *Pod) refresh() error { if p.config.UsePodCgroup { switch p.runtime.config.CgroupManager { case SystemdCgroupsManager: - // NOOP for now, until proper systemd cgroup management - // is implemented + cgroupPath, err := systemdSliceFromPath(p.config.CgroupParent, fmt.Sprintf("libpod_pod_%s", p.ID())) + if err != nil { + logrus.Errorf("Error creating CGroup for pod %s: %v", p.ID(), err) + } + p.state.CgroupPath = cgroupPath case CgroupfsCgroupsManager: p.state.CgroupPath = filepath.Join(p.config.CgroupParent, p.ID()) diff --git a/libpod/runtime.go b/libpod/runtime.go index cd5501de1..73f516cd5 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -11,14 +11,14 @@ import ( "github.com/BurntSushi/toml" is "github.com/containers/image/storage" "github.com/containers/image/types" + "github.com/containers/libpod/libpod/image" + "github.com/containers/libpod/pkg/hooks" + sysreg "github.com/containers/libpod/pkg/registries" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/storage" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/docker/docker/pkg/namesgenerator" "github.com/pkg/errors" - "github.com/projectatomic/libpod/libpod/image" - "github.com/projectatomic/libpod/pkg/hooks" - sysreg "github.com/projectatomic/libpod/pkg/registries" - "github.com/projectatomic/libpod/pkg/rootless" "github.com/sirupsen/logrus" "github.com/ulule/deepcopier" ) diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go index 47dad41da..2e4e1b26f 100644 --- a/libpod/runtime_img.go +++ b/libpod/runtime_img.go @@ -5,13 +5,13 @@ import ( "fmt" "io" + "github.com/containers/libpod/libpod/common" + "github.com/containers/libpod/libpod/image" "github.com/containers/storage" "github.com/containers/storage/pkg/archive" ociv1 "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" "github.com/projectatomic/buildah/imagebuildah" - "github.com/projectatomic/libpod/libpod/common" - "github.com/projectatomic/libpod/libpod/image" ) // Runtime API diff --git a/libpod/runtime_img_test.go b/libpod/runtime_img_test.go index c608c1b25..2bccb2752 100644 --- a/libpod/runtime_img_test.go +++ b/libpod/runtime_img_test.go @@ -6,7 +6,7 @@ import ( "reflect" "testing" - sysreg "github.com/projectatomic/libpod/pkg/registries" + sysreg "github.com/containers/libpod/pkg/registries" "github.com/stretchr/testify/assert" ) diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go index 58affa45f..3592c2fee 100644 --- a/libpod/runtime_pod_linux.go +++ b/libpod/runtime_pod_linux.go @@ -4,6 +4,7 @@ package libpod import ( "context" + "fmt" "path" "path/filepath" "strings" @@ -70,12 +71,23 @@ func (r *Runtime) NewPod(options ...PodCreateOption) (*Pod, error) { } else if len(pod.config.CgroupParent) < 6 || !strings.HasSuffix(path.Base(pod.config.CgroupParent), ".slice") { return nil, errors.Wrapf(ErrInvalidArg, "did not receive systemd slice as cgroup parent when using systemd to manage cgroups") } - // Creating CGroup path is currently a NOOP until proper systemd - // cgroup management is merged + // If we are set to use pod cgroups, set the cgroup parent that + // all containers in the pod will share + if pod.config.UsePodCgroup { + cgroupPath, err := systemdSliceFromPath(pod.config.CgroupParent, fmt.Sprintf("libpod_pod_%s", pod.ID())) + if err != nil { + return nil, errors.Wrapf(err, "unable to create pod cgroup for pod %s", pod.ID()) + } + pod.state.CgroupPath = cgroupPath + } default: return nil, errors.Wrapf(ErrInvalidArg, "unsupported CGroup manager: %s - cannot validate cgroup parent", r.config.CgroupManager) } + if pod.config.UsePodCgroup { + logrus.Debugf("Got pod cgroup as %s", pod.state.CgroupPath) + } + if err := r.state.AddPod(pod); err != nil { return nil, errors.Wrapf(err, "error adding pod to state") } @@ -91,11 +103,20 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) return ErrRuntimeStopped } + if !p.valid { + if ok, _ := r.state.HasPod(p.ID()); !ok { + // Pod was either already removed, or never existed to + // begin with + return nil + } + } + p.lock.Lock() defer p.lock.Unlock() - if !p.valid { - return ErrPodRemoved + // Force a pod update + if err := p.updatePod(); err != nil { + return err } ctrs, err := r.state.PodContainers(p) @@ -216,20 +237,27 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) // Remove pod cgroup, if present if p.state.CgroupPath != "" { + logrus.Debugf("Removing pod cgroup %s", p.state.CgroupPath) + switch p.runtime.config.CgroupManager { case SystemdCgroupsManager: - // NOOP for now, until proper systemd cgroup management - // is implemented + if err := deleteSystemdCgroup(p.state.CgroupPath); err != nil { + // The pod is already almost gone. + // No point in hard-failing if we fail + // this bit of cleanup. + logrus.Errorf("Error deleting pod %s cgroup %s: %v", p.ID(), p.state.CgroupPath, err) + } case CgroupfsCgroupsManager: // Delete the cgroupfs cgroup - logrus.Debugf("Removing pod cgroup %s", p.state.CgroupPath) - cgroup, err := cgroups.Load(cgroups.V1, cgroups.StaticPath(p.state.CgroupPath)) if err != nil && err != cgroups.ErrCgroupDeleted { return err } else if err == nil { if err := cgroup.Delete(); err != nil { - return err + // The pod is already almost gone. + // No point in hard-failing if we fail + // this bit of cleanup. + logrus.Errorf("Error deleting pod %s cgroup %s: %v", p.ID(), p.state.CgroupPath, err) } } default: diff --git a/libpod/util_linux.go b/libpod/util_linux.go new file mode 100644 index 000000000..0cd486379 --- /dev/null +++ b/libpod/util_linux.go @@ -0,0 +1,69 @@ +// +build linux + +package libpod + +import ( + "fmt" + "strings" + + "github.com/containerd/cgroups" + spec "github.com/opencontainers/runtime-spec/specs-go" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" +) + +// systemdSliceFromPath makes a new systemd slice under the given parent with +// the given name. +// The parent must be a slice. The name must NOT include ".slice" +func systemdSliceFromPath(parent, name string) (string, error) { + cgroupPath, err := assembleSystemdCgroupName(parent, name) + if err != nil { + return "", err + } + + logrus.Debugf("Created cgroup path %s for parent %s and name %s", cgroupPath, parent, name) + + if err := makeSystemdCgroup(cgroupPath); err != nil { + return "", errors.Wrapf(err, "error creating cgroup %s", cgroupPath) + } + + logrus.Debugf("Created cgroup %s", cgroupPath) + + return cgroupPath, nil +} + +// makeSystemdCgroup creates a systemd CGroup at the given location. +func makeSystemdCgroup(path string) error { + controller, err := cgroups.NewSystemd(SystemdDefaultCgroupParent) + if err != nil { + return err + } + + return controller.Create(path, &spec.LinuxResources{}) +} + +// deleteSystemdCgroup deletes the systemd cgroup at the given location +func deleteSystemdCgroup(path string) error { + controller, err := cgroups.NewSystemd(SystemdDefaultCgroupParent) + if err != nil { + return err + } + + return controller.Delete(path) +} + +// assembleSystemdCgroupName creates a systemd cgroup path given a base and +// a new component to add. +// The base MUST be systemd slice (end in .slice) +func assembleSystemdCgroupName(baseSlice, newSlice string) (string, error) { + const sliceSuffix = ".slice" + + if !strings.HasSuffix(baseSlice, sliceSuffix) { + return "", errors.Wrapf(ErrInvalidArg, "cannot assemble cgroup path with base %q - must end in .slice", baseSlice) + } + + noSlice := strings.TrimSuffix(baseSlice, sliceSuffix) + final := fmt.Sprintf("%s/%s-%s%s", baseSlice, noSlice, newSlice, sliceSuffix) + + return final, nil +} diff --git a/libpod/util_unsupported.go b/libpod/util_unsupported.go new file mode 100644 index 000000000..d598b465f --- /dev/null +++ b/libpod/util_unsupported.go @@ -0,0 +1,23 @@ +// +build !linux + +package libpod + +import ( + "github.com/pkg/errors" +) + +func systemdSliceFromPath(parent, name string) (string, error) { + return "", errors.Wrapf(ErrOSNotSupported, "cgroups are not supported on non-linux OSes") +} + +func makeSystemdCgroup(path string) error { + return errors.Wrapf(ErrOSNotSupported, "cgroups are not supported on non-linux OSes") +} + +func deleteSystemdCgroup(path string) error { + return errors.Wrapf(ErrOSNotSupported, "cgroups are not supported on non-linux OSes") +} + +func assembleSystemdCgroupName(baseSlice, newSlice string) (string, error) { + return "", errors.Wrapf(ErrOSNotSupported, "cgroups are not supported on non-linux OSes") +} diff --git a/libpod/version.go b/libpod/version.go index cb3e6b16d..5e7cd83c9 100644 --- a/libpod/version.go +++ b/libpod/version.go @@ -4,7 +4,7 @@ import ( "runtime" "strconv" - podmanVersion "github.com/projectatomic/libpod/version" + podmanVersion "github.com/containers/libpod/version" ) // Overwritten at build time diff --git a/pkg/hooks/0.1.0/hook.go b/pkg/hooks/0.1.0/hook.go index e10c3d254..4ebc5ff9d 100644 --- a/pkg/hooks/0.1.0/hook.go +++ b/pkg/hooks/0.1.0/hook.go @@ -6,9 +6,9 @@ import ( "errors" "strings" + hooks "github.com/containers/libpod/pkg/hooks" + current "github.com/containers/libpod/pkg/hooks/1.0.0" rspec "github.com/opencontainers/runtime-spec/specs-go" - hooks "github.com/projectatomic/libpod/pkg/hooks" - current "github.com/projectatomic/libpod/pkg/hooks/1.0.0" ) // Version is the hook configuration version defined in this package. diff --git a/pkg/hooks/0.1.0/hook_test.go b/pkg/hooks/0.1.0/hook_test.go index 44cb21e3a..66774075e 100644 --- a/pkg/hooks/0.1.0/hook_test.go +++ b/pkg/hooks/0.1.0/hook_test.go @@ -3,8 +3,8 @@ package hook import ( "testing" + current "github.com/containers/libpod/pkg/hooks/1.0.0" rspec "github.com/opencontainers/runtime-spec/specs-go" - current "github.com/projectatomic/libpod/pkg/hooks/1.0.0" "github.com/stretchr/testify/assert" ) diff --git a/pkg/hooks/hooks.go b/pkg/hooks/hooks.go index fdc8a6c46..8a44a4982 100644 --- a/pkg/hooks/hooks.go +++ b/pkg/hooks/hooks.go @@ -7,9 +7,9 @@ import ( "path/filepath" "sync" + current "github.com/containers/libpod/pkg/hooks/1.0.0" rspec "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" - current "github.com/projectatomic/libpod/pkg/hooks/1.0.0" "github.com/sirupsen/logrus" "golang.org/x/text/collate" "golang.org/x/text/language" diff --git a/pkg/hooks/hooks_test.go b/pkg/hooks/hooks_test.go index b93a1d54d..2925a99e4 100644 --- a/pkg/hooks/hooks_test.go +++ b/pkg/hooks/hooks_test.go @@ -9,8 +9,8 @@ import ( "runtime" "testing" + current "github.com/containers/libpod/pkg/hooks/1.0.0" rspec "github.com/opencontainers/runtime-spec/specs-go" - current "github.com/projectatomic/libpod/pkg/hooks/1.0.0" "github.com/stretchr/testify/assert" "golang.org/x/text/language" ) diff --git a/pkg/hooks/read.go b/pkg/hooks/read.go index 20431bdf1..d3995a0be 100644 --- a/pkg/hooks/read.go +++ b/pkg/hooks/read.go @@ -9,8 +9,8 @@ import ( "path/filepath" "strings" + current "github.com/containers/libpod/pkg/hooks/1.0.0" "github.com/pkg/errors" - current "github.com/projectatomic/libpod/pkg/hooks/1.0.0" "github.com/sirupsen/logrus" ) diff --git a/pkg/hooks/read_test.go b/pkg/hooks/read_test.go index 811cace23..606c25df4 100644 --- a/pkg/hooks/read_test.go +++ b/pkg/hooks/read_test.go @@ -7,8 +7,8 @@ import ( "path/filepath" "testing" + current "github.com/containers/libpod/pkg/hooks/1.0.0" rspec "github.com/opencontainers/runtime-spec/specs-go" - current "github.com/projectatomic/libpod/pkg/hooks/1.0.0" "github.com/stretchr/testify/assert" ) diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go index c84bb21f6..73aa93d68 100644 --- a/pkg/registries/registries.go +++ b/pkg/registries/registries.go @@ -6,8 +6,8 @@ import ( "github.com/containers/image/pkg/sysregistries" "github.com/containers/image/types" + "github.com/containers/libpod/pkg/rootless" "github.com/pkg/errors" - "github.com/projectatomic/libpod/pkg/rootless" ) // userRegistriesFile is the path to the per user registry configuration file. diff --git a/pkg/secrets/secrets.go b/pkg/secrets/secrets.go index bc63ece00..6f38f1fd5 100644 --- a/pkg/secrets/secrets.go +++ b/pkg/secrets/secrets.go @@ -7,10 +7,10 @@ import ( "path/filepath" "strings" + "github.com/containers/libpod/pkg/rootless" rspec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" - "github.com/projectatomic/libpod/pkg/rootless" "github.com/sirupsen/logrus" ) diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go index fb45f042b..6df6fb480 100644 --- a/pkg/spec/createconfig.go +++ b/pkg/spec/createconfig.go @@ -7,6 +7,8 @@ import ( "strings" "syscall" + "github.com/containers/libpod/libpod" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/storage" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/docker/docker/api/types/container" @@ -15,8 +17,6 @@ import ( "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" - "github.com/projectatomic/libpod/libpod" - "github.com/projectatomic/libpod/pkg/rootless" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index d9888e999..97305610a 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -1,15 +1,16 @@ package createconfig import ( + "os" "strings" + "github.com/containers/libpod/pkg/rootless" "github.com/docker/docker/daemon/caps" "github.com/docker/docker/pkg/mount" "github.com/docker/go-units" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/pkg/errors" - "github.com/projectatomic/libpod/pkg/rootless" "github.com/sirupsen/logrus" ) @@ -73,6 +74,14 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint g.AddAnnotation(key, val) } g.SetRootReadonly(config.ReadOnlyRootfs) + if config.Hostname == "" { + if config.NetMode.IsHost() { + config.Hostname, err = os.Hostname() + if err != nil { + return nil, errors.Wrap(err, "unable to retrieve hostname") + } + } + } g.SetHostname(config.Hostname) if config.Hostname != "" { g.AddProcessEnv("HOSTNAME", config.Hostname) diff --git a/pkg/varlinkapi/config.go b/pkg/varlinkapi/config.go index fa1983463..8dd217b77 100644 --- a/pkg/varlinkapi/config.go +++ b/pkg/varlinkapi/config.go @@ -1,8 +1,8 @@ package varlinkapi import ( - iopodman "github.com/projectatomic/libpod/cmd/podman/varlink" - "github.com/projectatomic/libpod/libpod" + iopodman "github.com/containers/libpod/cmd/podman/varlink" + "github.com/containers/libpod/libpod" "github.com/urfave/cli" ) diff --git a/pkg/varlinkapi/containers.go b/pkg/varlinkapi/containers.go index f42386194..58452716a 100644 --- a/pkg/varlinkapi/containers.go +++ b/pkg/varlinkapi/containers.go @@ -9,11 +9,11 @@ import ( "syscall" "time" + "github.com/containers/libpod/cmd/podman/shared" + "github.com/containers/libpod/cmd/podman/varlink" + "github.com/containers/libpod/libpod" "github.com/containers/storage/pkg/archive" "github.com/pkg/errors" - "github.com/projectatomic/libpod/cmd/podman/batchcontainer" - "github.com/projectatomic/libpod/cmd/podman/varlink" - "github.com/projectatomic/libpod/libpod" ) // ListContainers ... @@ -26,12 +26,12 @@ func (i *LibpodAPI) ListContainers(call iopodman.VarlinkCall) error { if err != nil { return call.ReplyErrorOccurred(err.Error()) } - opts := batchcontainer.PsOptions{ + opts := shared.PsOptions{ Namespace: true, Size: true, } for _, ctr := range containers { - batchInfo, err := batchcontainer.BatchContainerOp(ctr, opts) + batchInfo, err := shared.BatchContainerOp(ctr, opts) if err != nil { return call.ReplyErrorOccurred(err.Error()) } @@ -47,11 +47,11 @@ func (i *LibpodAPI) GetContainer(call iopodman.VarlinkCall, name string) error { if err != nil { return call.ReplyContainerNotFound(name) } - opts := batchcontainer.PsOptions{ + opts := shared.PsOptions{ Namespace: true, Size: true, } - batchInfo, err := batchcontainer.BatchContainerOp(ctr, opts) + batchInfo, err := shared.BatchContainerOp(ctr, opts) if err != nil { return call.ReplyErrorOccurred(err.Error()) } @@ -68,7 +68,7 @@ func (i *LibpodAPI) InspectContainer(call iopodman.VarlinkCall, name string) err if err != nil { return call.ReplyErrorOccurred(err.Error()) } - data, err := batchcontainer.GetCtrInspectInfo(ctr, inspectInfo) + data, err := shared.GetCtrInspectInfo(ctr, inspectInfo) if err != nil { return call.ReplyErrorOccurred(err.Error()) } diff --git a/pkg/varlinkapi/containers_create.go b/pkg/varlinkapi/containers_create.go index 5f69a8205..e57f51cc1 100644 --- a/pkg/varlinkapi/containers_create.go +++ b/pkg/varlinkapi/containers_create.go @@ -8,14 +8,14 @@ import ( "strings" "syscall" + "github.com/containers/libpod/cmd/podman/varlink" + "github.com/containers/libpod/libpod" + "github.com/containers/libpod/libpod/image" + "github.com/containers/libpod/pkg/inspect" + cc "github.com/containers/libpod/pkg/spec" + "github.com/containers/libpod/pkg/util" "github.com/docker/docker/api/types/container" "github.com/docker/docker/pkg/signal" - "github.com/projectatomic/libpod/cmd/podman/varlink" - "github.com/projectatomic/libpod/libpod" - "github.com/projectatomic/libpod/libpod/image" - "github.com/projectatomic/libpod/pkg/inspect" - cc "github.com/projectatomic/libpod/pkg/spec" - "github.com/projectatomic/libpod/pkg/util" "github.com/sirupsen/logrus" ) diff --git a/pkg/varlinkapi/images.go b/pkg/varlinkapi/images.go index da19483b3..7953c1fc6 100644 --- a/pkg/varlinkapi/images.go +++ b/pkg/varlinkapi/images.go @@ -10,18 +10,19 @@ import ( "time" "github.com/containers/image/docker" + "github.com/containers/image/manifest" "github.com/containers/image/types" + "github.com/containers/libpod/cmd/podman/varlink" + "github.com/containers/libpod/libpod" + "github.com/containers/libpod/libpod/image" + sysreg "github.com/containers/libpod/pkg/registries" + "github.com/containers/libpod/pkg/util" "github.com/docker/go-units" "github.com/opencontainers/image-spec/specs-go/v1" "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" "github.com/projectatomic/buildah" "github.com/projectatomic/buildah/imagebuildah" - "github.com/projectatomic/libpod/cmd/podman/varlink" - "github.com/projectatomic/libpod/libpod" - "github.com/projectatomic/libpod/libpod/image" - sysreg "github.com/projectatomic/libpod/pkg/registries" - "github.com/projectatomic/libpod/pkg/util" ) // ListImages lists all the images in the store @@ -126,18 +127,17 @@ func (i *LibpodAPI) BuildImage(call iopodman.VarlinkCall, config iopodman.BuildI if config.Pull_always { pullPolicy = imagebuildah.PullAlways } - - format := "oci" + manifestType := "oci" if config.Image_format != "" { - format = config.Image_format + manifestType = config.Image_format } - if strings.HasPrefix(format, "oci") { - format = imagebuildah.OCIv1ImageFormat - } else if strings.HasPrefix(format, "docker") { - format = imagebuildah.Dockerv2ImageFormat + if strings.HasPrefix(manifestType, "oci") { + manifestType = imagebuildah.OCIv1ImageFormat + } else if strings.HasPrefix(manifestType, "docker") { + manifestType = imagebuildah.Dockerv2ImageFormat } else { - return call.ReplyErrorOccurred(fmt.Sprintf("unrecognized image type %q", format)) + return call.ReplyErrorOccurred(fmt.Sprintf("unrecognized image type %q", manifestType)) } if config.Memory != "" { @@ -187,7 +187,7 @@ func (i *LibpodAPI) BuildImage(call iopodman.VarlinkCall, config iopodman.BuildI AdditionalTags: config.Tags, //Runtime: runtime. //RuntimeArgs: , - OutputFormat: format, + OutputFormat: manifestType, SystemContext: &systemContext, CommonBuildOpts: commonOpts, Squash: config.Squash, @@ -413,17 +413,26 @@ func (i *LibpodAPI) DeleteUnusedImages(call iopodman.VarlinkCall) error { } // Commit ... -func (i *LibpodAPI) Commit(call iopodman.VarlinkCall, name, imageName string, changes []string, author, message string, pause bool) error { +func (i *LibpodAPI) Commit(call iopodman.VarlinkCall, name, imageName string, changes []string, author, message string, pause bool, manifestType string) error { ctr, err := i.Runtime.LookupContainer(name) if err != nil { return call.ReplyContainerNotFound(name) } sc := image.GetSystemContext(i.Runtime.GetConfig().SignaturePolicyPath, "", false) + var mimeType string + switch manifestType { + case "oci", "": + mimeType = buildah.OCIv1ImageManifest + case "docker": + mimeType = manifest.DockerV2Schema2MediaType + default: + return call.ReplyErrorOccurred(fmt.Sprintf("unrecognized image format %q", manifestType)) + } coptions := buildah.CommitOptions{ SignaturePolicyPath: i.Runtime.GetConfig().SignaturePolicyPath, ReportWriter: nil, SystemContext: sc, - PreferredManifestType: buildah.OCIv1ImageManifest, + PreferredManifestType: mimeType, } options := libpod.ContainerCommitOptions{ CommitOptions: coptions, diff --git a/pkg/varlinkapi/pods.go b/pkg/varlinkapi/pods.go new file mode 100644 index 000000000..640dd665e --- /dev/null +++ b/pkg/varlinkapi/pods.go @@ -0,0 +1,189 @@ +package varlinkapi + +import ( + "encoding/json" + "syscall" + + "github.com/containers/libpod/cmd/podman/shared" + "github.com/containers/libpod/cmd/podman/varlink" + "github.com/containers/libpod/libpod" +) + +// CreatePod ... +func (i *LibpodAPI) CreatePod(call iopodman.VarlinkCall, create iopodman.PodCreate) error { + var options []libpod.PodCreateOption + if create.CgroupParent != "" { + options = append(options, libpod.WithPodCgroupParent(create.CgroupParent)) + } + if len(create.Labels) > 0 { + options = append(options, libpod.WithPodLabels(create.Labels)) + } + if create.Name != "" { + options = append(options, libpod.WithPodName(create.Name)) + } + options = append(options, libpod.WithPodCgroups()) + + pod, err := i.Runtime.NewPod(options...) + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + return call.ReplyCreatePod(pod.ID()) +} + +// ListPods ... +func (i *LibpodAPI) ListPods(call iopodman.VarlinkCall) error { + var ( + listPods []iopodman.ListPodData + ) + + pods, err := i.Runtime.GetAllPods() + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + opts := shared.PsOptions{} + for _, pod := range pods { + listPod, err := makeListPod(pod, opts) + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + listPods = append(listPods, listPod) + } + return call.ReplyListPods(listPods) +} + +// GetPod ... +func (i *LibpodAPI) GetPod(call iopodman.VarlinkCall, name string) error { + pod, err := i.Runtime.LookupPod(name) + if err != nil { + return call.ReplyPodNotFound(name) + } + opts := shared.PsOptions{} + + listPod, err := makeListPod(pod, opts) + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + + return call.ReplyGetPod(listPod) +} + +// InspectPod ... +func (i *LibpodAPI) InspectPod(call iopodman.VarlinkCall, name string) error { + pod, err := i.Runtime.LookupPod(name) + if err != nil { + return call.ReplyPodNotFound(name) + } + inspectData, err := pod.Inspect() + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + b, err := json.Marshal(&inspectData) + if err != nil { + return call.ReplyErrorOccurred("unable to serialize") + } + return call.ReplyInspectPod(string(b)) +} + +// StartPod ... +func (i *LibpodAPI) StartPod(call iopodman.VarlinkCall, name string) error { + pod, err := i.Runtime.LookupPod(name) + if err != nil { + return call.ReplyPodNotFound(name) + } + ctrErrs, err := pod.Start(getContext()) + callErr := handlePodCall(call, pod, ctrErrs, err) + if callErr != nil { + return err + } + return call.ReplyStartPod(pod.ID()) +} + +// StopPod ... +func (i *LibpodAPI) StopPod(call iopodman.VarlinkCall, name string) error { + pod, err := i.Runtime.LookupPod(name) + if err != nil { + return call.ReplyPodNotFound(name) + } + ctrErrs, err := pod.Stop(true) + callErr := handlePodCall(call, pod, ctrErrs, err) + if callErr != nil { + return err + } + return call.ReplyStopPod(pod.ID()) +} + +// RestartPod ... +func (i *LibpodAPI) RestartPod(call iopodman.VarlinkCall, name string) error { + pod, err := i.Runtime.LookupPod(name) + if err != nil { + return call.ReplyPodNotFound(name) + } + ctrErrs, err := pod.Restart(getContext()) + callErr := handlePodCall(call, pod, ctrErrs, err) + if callErr != nil { + return err + } + return call.ReplyRestartPod(pod.ID()) +} + +// KillPod kills the running containers in a pod. If you want to use the default SIGTERM signal, +// just send a -1 for the signal arg. +func (i *LibpodAPI) KillPod(call iopodman.VarlinkCall, name string, signal int64) error { + killSignal := uint(syscall.SIGTERM) + if signal != -1 { + killSignal = uint(signal) + } + + pod, err := i.Runtime.LookupPod(name) + if err != nil { + return call.ReplyPodNotFound(name) + } + ctrErrs, err := pod.Kill(killSignal) + callErr := handlePodCall(call, pod, ctrErrs, err) + if callErr != nil { + return err + } + return call.ReplyKillPod(pod.ID()) +} + +// PausePod ... +func (i *LibpodAPI) PausePod(call iopodman.VarlinkCall, name string) error { + pod, err := i.Runtime.LookupPod(name) + if err != nil { + return call.ReplyPodNotFound(name) + } + ctrErrs, err := pod.Pause() + callErr := handlePodCall(call, pod, ctrErrs, err) + if callErr != nil { + return err + } + return call.ReplyPausePod(pod.ID()) +} + +// UnpausePod ... +func (i *LibpodAPI) UnpausePod(call iopodman.VarlinkCall, name string) error { + pod, err := i.Runtime.LookupPod(name) + if err != nil { + return call.ReplyPodNotFound(name) + } + ctrErrs, err := pod.Unpause() + callErr := handlePodCall(call, pod, ctrErrs, err) + if callErr != nil { + return err + } + return call.ReplyUnpausePod(pod.ID()) +} + +// RemovePod ... +func (i *LibpodAPI) RemovePod(call iopodman.VarlinkCall, name string, force bool) error { + ctx := getContext() + pod, err := i.Runtime.LookupPod(name) + if err != nil { + return call.ReplyPodNotFound(name) + } + if err = i.Runtime.RemovePod(ctx, pod, force, force); err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + + return call.ReplyRemovePod(pod.ID()) +} diff --git a/pkg/varlinkapi/system.go b/pkg/varlinkapi/system.go index 042aef942..a90b72a6d 100644 --- a/pkg/varlinkapi/system.go +++ b/pkg/varlinkapi/system.go @@ -4,8 +4,8 @@ import ( goruntime "runtime" "strings" - "github.com/projectatomic/libpod/cmd/podman/varlink" - "github.com/projectatomic/libpod/libpod" + "github.com/containers/libpod/cmd/podman/varlink" + "github.com/containers/libpod/libpod" ) // GetVersion ... diff --git a/pkg/varlinkapi/util.go b/pkg/varlinkapi/util.go index 667c09562..a80c8db41 100644 --- a/pkg/varlinkapi/util.go +++ b/pkg/varlinkapi/util.go @@ -5,9 +5,9 @@ import ( "strconv" "time" - "github.com/projectatomic/libpod/cmd/podman/batchcontainer" - "github.com/projectatomic/libpod/cmd/podman/varlink" - "github.com/projectatomic/libpod/libpod" + "github.com/containers/libpod/cmd/podman/shared" + "github.com/containers/libpod/cmd/podman/varlink" + "github.com/containers/libpod/libpod" ) // getContext returns a non-nil, empty context @@ -15,12 +15,12 @@ func getContext() context.Context { return context.TODO() } -func makeListContainer(containerID string, batchInfo batchcontainer.BatchContainerStruct) iopodman.ListContainerData { +func makeListContainer(containerID string, batchInfo shared.BatchContainerStruct) iopodman.ListContainerData { var ( mounts []iopodman.ContainerMount ports []iopodman.ContainerPortMappings ) - ns := batchcontainer.GetNamespaces(batchInfo.Pid) + ns := shared.GetNamespaces(batchInfo.Pid) for _, mount := range batchInfo.ConConfig.Spec.Mounts { m := iopodman.ContainerMount{ @@ -77,3 +77,59 @@ func makeListContainer(containerID string, batchInfo batchcontainer.BatchContain } return lc } + +func makeListPodContainers(containerID string, batchInfo shared.BatchContainerStruct) iopodman.ListPodContainerInfo { + lc := iopodman.ListPodContainerInfo{ + Id: containerID, + Status: batchInfo.ConState.String(), + Name: batchInfo.ConConfig.Name, + } + return lc +} + +func makeListPod(pod *libpod.Pod, batchInfo shared.PsOptions) (iopodman.ListPodData, error) { + var listPodsContainers []iopodman.ListPodContainerInfo + var errPodData = iopodman.ListPodData{} + status, err := shared.GetPodStatus(pod) + if err != nil { + return errPodData, err + } + containers, err := pod.AllContainers() + if err != nil { + return errPodData, err + } + for _, ctr := range containers { + batchInfo, err := shared.BatchContainerOp(ctr, batchInfo) + if err != nil { + return errPodData, err + } + + listPodsContainers = append(listPodsContainers, makeListPodContainers(ctr.ID(), batchInfo)) + } + listPod := iopodman.ListPodData{ + Createdat: pod.CreatedTime().String(), + Id: pod.ID(), + Name: pod.Name(), + Status: status, + Cgroup: pod.CgroupParent(), + Numberofcontainers: strconv.Itoa(len(listPodsContainers)), + Containersinfo: listPodsContainers, + } + return listPod, nil +} + +func handlePodCall(call iopodman.VarlinkCall, pod *libpod.Pod, ctrErrs map[string]error, err error) error { + if err != nil && ctrErrs == nil { + return call.ReplyErrorOccurred(err.Error()) + } + if ctrErrs != nil { + containerErrs := make([]iopodman.PodContainerErrorData, len(ctrErrs)) + for ctr, reason := range ctrErrs { + ctrErr := iopodman.PodContainerErrorData{Containerid: ctr, Reason: reason.Error()} + containerErrs = append(containerErrs, ctrErr) + } + return call.ReplyPodContainerError(pod.ID(), containerErrs) + } + + return nil +} diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go index 1b0c16e4a..466f79ae9 100644 --- a/test/e2e/libpod_suite_test.go +++ b/test/e2e/libpod_suite_test.go @@ -14,13 +14,13 @@ import ( "testing" "time" + "github.com/containers/libpod/libpod" + "github.com/containers/libpod/pkg/inspect" "github.com/containers/storage/pkg/parsers/kernel" "github.com/containers/storage/pkg/reexec" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" "github.com/onsi/gomega/gexec" - "github.com/projectatomic/libpod/libpod" - "github.com/projectatomic/libpod/pkg/inspect" ) var ( diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index f7a7f8d67..a4bdcdf89 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -10,9 +10,10 @@ import ( var _ = Describe("Podman rmi", func() { var ( - tempdir string - err error - podmanTest PodmanTest + tempdir string + err error + podmanTest PodmanTest + hostname, _ = os.Hostname() ) BeforeEach(func() { @@ -98,4 +99,35 @@ var _ = Describe("Podman rmi", func() { Expect(containerConfig[0].NetworkSettings.Ports[0].HostPort).ToNot(Equal("80")) }) + It("podman run hostname test", func() { + session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "printenv", "HOSTNAME"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString(hostname) + Expect(match).Should(BeFalse()) + }) + + It("podman run --net host hostname test", func() { + session := podmanTest.Podman([]string{"run", "--rm", "--net", "host", ALPINE, "printenv", "HOSTNAME"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString(hostname) + Expect(match).Should(BeTrue()) + }) + + It("podman run --net host --hostname ... hostname test", func() { + session := podmanTest.Podman([]string{"run", "--rm", "--net", "host", "--hostname", "foobar", ALPINE, "printenv", "HOSTNAME"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString("foobar") + Expect(match).Should(BeTrue()) + }) + + It("podman run --hostname ... hostname test", func() { + session := podmanTest.Podman([]string{"run", "--rm", "--hostname", "foobar", ALPINE, "printenv", "HOSTNAME"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString("foobar") + Expect(match).Should(BeTrue()) + }) }) diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go index ae0785378..f2a9af6bf 100644 --- a/test/e2e/run_userns_test.go +++ b/test/e2e/run_userns_test.go @@ -48,7 +48,7 @@ var _ = Describe("Podman UserNS support", func() { // It essentially repeats the test above but with the `-it` short option // that broke execution at: - // https://github.com/projectatomic/libpod/pull/1066#issuecomment-403562116 + // https://github.com/containers/libpod/pull/1066#issuecomment-403562116 // To avoid a potential future regression, use this as a test. It("podman uidmapping and gidmapping with short-opts", func() { if os.Getenv("SKIP_USERNS") != "" { diff --git a/vendor.conf b/vendor.conf index 816c2dbe8..a2dd39d36 100644 --- a/vendor.conf +++ b/vendor.conf @@ -12,7 +12,7 @@ github.com/containernetworking/cni v0.7.0-alpha1 github.com/containernetworking/plugins 1562a1e60ed101aacc5e08ed9dbeba8e9f3d4ec1 github.com/containers/image 134f99bed228d6297dc01d152804f6f09f185418 github.com/containers/storage 17c7d1fee5603ccf6dd97edc14162fc1510e7e23 -github.com/containers/psgo 382fc951fe0a8aba62043862ce1a56f77524db87 +github.com/containers/psgo master github.com/coreos/go-systemd v14 github.com/cri-o/ocicni master github.com/cyphar/filepath-securejoin v0.2.1 @@ -49,7 +49,7 @@ github.com/opencontainers/go-digest v1.0.0-rc0 github.com/opencontainers/image-spec v1.0.0 github.com/opencontainers/runc b4e2ecb452d9ee4381137cc0a7e6715b96bed6de github.com/opencontainers/runtime-spec v1.0.0 -github.com/opencontainers/runtime-tools 625e2322645b151a7cbb93a8b42920933e72167f +github.com/opencontainers/runtime-tools master github.com/opencontainers/selinux b6fa367ed7f534f9ba25391cc2d467085dbb445a github.com/ostreedev/ostree-go master github.com/pkg/errors v0.8.0 @@ -90,7 +90,7 @@ k8s.io/kube-openapi 275e2ce91dec4c05a4094a7b1daee5560b555ac9 https://github.com/ k8s.io/utils 258e2a2fa64568210fbd6267cf1d8fd87c3cb86e https://github.com/kubernetes/utils github.com/mrunalp/fileutils master github.com/varlink/go master -github.com/projectatomic/buildah 35a37f36d37bf84397d7f79f6bb8649f728c19f1 +github.com/projectatomic/buildah master github.com/Nvveen/Gotty master github.com/fsouza/go-dockerclient master github.com/openshift/imagebuilder master diff --git a/vendor/github.com/containers/image/pkg/sysregistriesv2/system_registries_v2.go b/vendor/github.com/containers/image/pkg/sysregistriesv2/system_registries_v2.go new file mode 100644 index 000000000..9509c6024 --- /dev/null +++ b/vendor/github.com/containers/image/pkg/sysregistriesv2/system_registries_v2.go @@ -0,0 +1,369 @@ +package sysregistriesv2 + +import ( + "fmt" + "io/ioutil" + "net/url" + "path/filepath" + "strings" + "sync" + + "github.com/BurntSushi/toml" + "github.com/containers/image/types" +) + +// systemRegistriesConfPath is the path to the system-wide registry +// configuration file and is used to add/subtract potential registries for +// obtaining images. You can override this at build time with +// -ldflags '-X github.com/containers/image/sysregistries.systemRegistriesConfPath=$your_path' +var systemRegistriesConfPath = builtinRegistriesConfPath + +// builtinRegistriesConfPath is the path to the registry configuration file. +// DO NOT change this, instead see systemRegistriesConfPath above. +const builtinRegistriesConfPath = "/etc/containers/registries.conf" + +// Mirror represents a mirror. Mirrors can be used as pull-through caches for +// registries. +type Mirror struct { + // The mirror's URL. + URL string `toml:"url"` + // If true, certs verification will be skipped and HTTP (non-TLS) + // connections will be allowed. + Insecure bool `toml:"insecure"` +} + +// Registry represents a registry. +type Registry struct { + // Serializable registry URL. + URL string `toml:"url"` + // The registry's mirrors. + Mirrors []Mirror `toml:"mirror"` + // If true, pulling from the registry will be blocked. + Blocked bool `toml:"blocked"` + // If true, certs verification will be skipped and HTTP (non-TLS) + // connections will be allowed. + Insecure bool `toml:"insecure"` + // If true, the registry can be used when pulling an unqualified image. + Search bool `toml:"unqualified-search"` + // Prefix is used for matching images, and to translate one namespace to + // another. If `Prefix="example.com/bar"`, `URL="example.com/foo/bar"` + // and we pull from "example.com/bar/myimage:latest", the image will + // effectively be pulled from "example.com/foo/bar/myimage:latest". + // If no Prefix is specified, it defaults to the specified URL. + Prefix string `toml:"prefix"` +} + +// backwards compatability to sysregistries v1 +type v1TOMLregistries struct { + Registries []string `toml:"registries"` +} + +// tomlConfig is the data type used to unmarshal the toml config. +type tomlConfig struct { + Registries []Registry `toml:"registry"` + // backwards compatability to sysregistries v1 + V1Registries struct { + Search v1TOMLregistries `toml:"search"` + Insecure v1TOMLregistries `toml:"insecure"` + Block v1TOMLregistries `toml:"block"` + } `toml:"registries"` +} + +// InvalidRegistries represents an invalid registry configurations. An example +// is when "registry.com" is defined multiple times in the configuration but +// with conflicting security settings. +type InvalidRegistries struct { + s string +} + +// Error returns the error string. +func (e *InvalidRegistries) Error() string { + return e.s +} + +// parseURL parses the input string, performs some sanity checks and returns +// the sanitized input string. An error is returned in case parsing fails or +// or if URI scheme or user is set. +func parseURL(input string) (string, error) { + trimmed := strings.TrimRight(input, "/") + + if trimmed == "" { + return "", &InvalidRegistries{s: "invalid URL: cannot be empty"} + } + + // Ultimately, we expect input of the form example.com[/namespace/…], a prefix + // of a fully-expended reference (containers/image/docker/Reference.String()). + // c/image/docker/Reference does not currently provide such a parser. + // So, we use url.Parse("http://"+trimmed) below to ~verify the format, possibly + // letting some invalid input in, trading that off for a simpler parser. + // + // url.Parse("http://"+trimmed) is, sadly, too permissive, notably for + // trimmed == "http://example.com/…", url.Parse("http://http://example.com/…") + // is accepted and parsed as + // {Scheme: "http", Host: "http:", Path: "//example.com/…"}. + // + // So, first we do an explicit check for an unwanted scheme prefix: + + // This will parse trimmed=="http://example.com/…" with Scheme: "http". Perhaps surprisingly, + // it also succeeds for the input we want to accept, in different ways: + // "example.com" -> {Scheme:"", Opaque:"", Path:"example.com"} + // "example.com/repo" -> {Scheme:"", Opaque:"", Path:"example.com/repo"} + // "example.com:5000" -> {Scheme:"example.com", Opaque:"5000"} + // "example.com:5000/repo" -> {Scheme:"example.com", Opaque:"5000/repo"} + uri, err := url.Parse(trimmed) + if err != nil { + return "", &InvalidRegistries{s: fmt.Sprintf("invalid URL '%s': %v", input, err)} + } + + // Check if a URI Scheme is set. + // Note that URLs that do not start with a slash after the scheme are + // interpreted as `scheme:opaque[?query][#fragment]`; see above for examples. + if uri.Scheme != "" && uri.Opaque == "" { + msg := fmt.Sprintf("invalid URL '%s': URI schemes are not supported", input) + return "", &InvalidRegistries{s: msg} + } + + uri, err = url.Parse("http://" + trimmed) + if err != nil { + msg := fmt.Sprintf("invalid URL '%s': sanitized URL did not parse: %v", input, err) + return "", &InvalidRegistries{s: msg} + } + + if uri.User != nil { + msg := fmt.Sprintf("invalid URL '%s': user/password are not supported", trimmed) + return "", &InvalidRegistries{s: msg} + } + + return trimmed, nil +} + +// getV1Registries transforms v1 registries in the config into an array of v2 +// registries of type Registry. +func getV1Registries(config *tomlConfig) ([]Registry, error) { + regMap := make(map[string]*Registry) + + getRegistry := func(url string) (*Registry, error) { // Note: _pointer_ to a long-lived object + var err error + url, err = parseURL(url) + if err != nil { + return nil, err + } + reg, exists := regMap[url] + if !exists { + reg = &Registry{ + URL: url, + Mirrors: []Mirror{}, + Prefix: url, + } + regMap[url] = reg + } + return reg, nil + } + + for _, search := range config.V1Registries.Search.Registries { + reg, err := getRegistry(search) + if err != nil { + return nil, err + } + reg.Search = true + } + for _, blocked := range config.V1Registries.Block.Registries { + reg, err := getRegistry(blocked) + if err != nil { + return nil, err + } + reg.Blocked = true + } + for _, insecure := range config.V1Registries.Insecure.Registries { + reg, err := getRegistry(insecure) + if err != nil { + return nil, err + } + reg.Insecure = true + } + + registries := []Registry{} + for _, reg := range regMap { + registries = append(registries, *reg) + } + return registries, nil +} + +// postProcessRegistries checks the consistency of all registries (e.g., set +// the Prefix to URL if not set) and applies conflict checks. It returns an +// array of cleaned registries and error in case of conflicts. +func postProcessRegistries(regs []Registry) ([]Registry, error) { + var registries []Registry + regMap := make(map[string][]Registry) + + for _, reg := range regs { + var err error + + // make sure URL and Prefix are valid + reg.URL, err = parseURL(reg.URL) + if err != nil { + return nil, err + } + + if reg.Prefix == "" { + reg.Prefix = reg.URL + } else { + reg.Prefix, err = parseURL(reg.Prefix) + if err != nil { + return nil, err + } + } + + // make sure mirrors are valid + for _, mir := range reg.Mirrors { + mir.URL, err = parseURL(mir.URL) + if err != nil { + return nil, err + } + } + registries = append(registries, reg) + regMap[reg.URL] = append(regMap[reg.URL], reg) + } + + // Given a registry can be mentioned multiple times (e.g., to have + // multiple prefixes backed by different mirrors), we need to make sure + // there are no conflicts among them. + // + // Note: we need to iterate over the registries array to ensure a + // deterministic behavior which is not guaranteed by maps. + for _, reg := range registries { + others, _ := regMap[reg.URL] + for _, other := range others { + if reg.Insecure != other.Insecure { + msg := fmt.Sprintf("registry '%s' is defined multiple times with conflicting 'insecure' setting", reg.URL) + + return nil, &InvalidRegistries{s: msg} + } + if reg.Blocked != other.Blocked { + msg := fmt.Sprintf("registry '%s' is defined multiple times with conflicting 'blocked' setting", reg.URL) + return nil, &InvalidRegistries{s: msg} + } + } + } + + return registries, nil +} + +// getConfigPath returns the system-registries config path if specified. +// Otherwise, systemRegistriesConfPath is returned. +func getConfigPath(ctx *types.SystemContext) string { + confPath := systemRegistriesConfPath + if ctx != nil { + if ctx.SystemRegistriesConfPath != "" { + confPath = ctx.SystemRegistriesConfPath + } else if ctx.RootForImplicitAbsolutePaths != "" { + confPath = filepath.Join(ctx.RootForImplicitAbsolutePaths, systemRegistriesConfPath) + } + } + return confPath +} + +// configMutex is used to synchronize concurrent accesses to configCache. +var configMutex = sync.Mutex{} + +// configCache caches already loaded configs with config paths as keys and is +// used to avoid redudantly parsing configs. Concurrent accesses to the cache +// are synchronized via configMutex. +var configCache = make(map[string][]Registry) + +// GetRegistries loads and returns the registries specified in the config. +func GetRegistries(ctx *types.SystemContext) ([]Registry, error) { + configPath := getConfigPath(ctx) + + configMutex.Lock() + defer configMutex.Unlock() + // if the config has already been loaded, return the cached registries + if registries, inCache := configCache[configPath]; inCache { + return registries, nil + } + + // load the config + config, err := loadRegistryConf(configPath) + if err != nil { + return nil, err + } + + registries := config.Registries + + // backwards compatibility for v1 configs + v1Registries, err := getV1Registries(config) + if err != nil { + return nil, err + } + if len(v1Registries) > 0 { + if len(registries) > 0 { + return nil, &InvalidRegistries{s: "mixing sysregistry v1/v2 is not supported"} + } + registries = v1Registries + } + + registries, err = postProcessRegistries(registries) + if err != nil { + return nil, err + } + + // populate the cache + configCache[configPath] = registries + + return registries, err +} + +// FindUnqualifiedSearchRegistries returns all registries that are configured +// for unqualified image search (i.e., with Registry.Search == true). +func FindUnqualifiedSearchRegistries(registries []Registry) []Registry { + unqualified := []Registry{} + for _, reg := range registries { + if reg.Search { + unqualified = append(unqualified, reg) + } + } + return unqualified +} + +// FindRegistry returns the Registry with the longest prefix for ref. If no +// Registry prefixes the image, nil is returned. +func FindRegistry(ref string, registries []Registry) *Registry { + reg := Registry{} + prefixLen := 0 + for _, r := range registries { + if strings.HasPrefix(ref, r.Prefix) { + length := len(r.Prefix) + if length > prefixLen { + reg = r + prefixLen = length + } + } + } + if prefixLen != 0 { + return ® + } + return nil +} + +// Reads the global registry file from the filesystem. Returns a byte array. +func readRegistryConf(configPath string) ([]byte, error) { + configBytes, err := ioutil.ReadFile(configPath) + return configBytes, err +} + +// Used in unittests to parse custom configs without a types.SystemContext. +var readConf = readRegistryConf + +// Loads the registry configuration file from the filesystem and then unmarshals +// it. Returns the unmarshalled object. +func loadRegistryConf(configPath string) (*tomlConfig, error) { + config := &tomlConfig{} + + configBytes, err := readConf(configPath) + if err != nil { + return nil, err + } + + err = toml.Unmarshal(configBytes, &config) + return config, err +} diff --git a/vendor/github.com/containers/psgo/README.md b/vendor/github.com/containers/psgo/README.md index 7b779b539..6b0f1dab3 100644 --- a/vendor/github.com/containers/psgo/README.md +++ b/vendor/github.com/containers/psgo/README.md @@ -46,6 +46,8 @@ root 1 0 0.000 17.249905587s ? 0s sleep ### Format descriptors The ps library is compatible with all AIX format descriptors of the ps command-line utility (see `man 1 ps` for details) but it also supports some additional descriptors that can be useful when seeking specific process-related information. +- **capamb** + - Set of ambient capabilities. See capabilities(7) for more information. - **capbnd** - Set of bounding capabilities. See capabilities(7) for more information. - **capeff** diff --git a/vendor/github.com/containers/psgo/internal/proc/ns.go b/vendor/github.com/containers/psgo/internal/proc/ns.go index 61b4b2b58..fbfbd4894 100644 --- a/vendor/github.com/containers/psgo/internal/proc/ns.go +++ b/vendor/github.com/containers/psgo/internal/proc/ns.go @@ -13,3 +13,12 @@ func ParsePIDNamespace(pid string) (string, error) { } return pidNS, nil } + +// ParseUserNamespace returns the content of /proc/$pid/ns/user. +func ParseUserNamespace(pid string) (string, error) { + userNS, err := os.Readlink(fmt.Sprintf("/proc/%s/ns/user", pid)) + if err != nil { + return "", err + } + return userNS, nil +} diff --git a/vendor/github.com/containers/psgo/internal/proc/status.go b/vendor/github.com/containers/psgo/internal/proc/status.go index b8e06dd6b..364d9e9a2 100644 --- a/vendor/github.com/containers/psgo/internal/proc/status.go +++ b/vendor/github.com/containers/psgo/internal/proc/status.go @@ -4,8 +4,10 @@ import ( "bufio" "fmt" "os" + "os/exec" "strings" + "github.com/containers/psgo/internal/types" "github.com/pkg/errors" ) @@ -160,8 +162,24 @@ type Status struct { NonvoluntaryCtxtSwitches string } -// readStatus is used for mocking in unit tests. -var readStatus = func(path string) ([]string, error) { +// readStatusUserNS joins the user namespace of pid and returns the content of +// /proc/pid/status as a string slice. +func readStatusUserNS(pid string) ([]string, error) { + path := fmt.Sprintf("/proc/%s/status", pid) + args := []string{"nsenter", "-U", "-t", pid, "cat", path} + + c := exec.Command(args[0], args[1:]...) + output, err := c.CombinedOutput() + if err != nil { + return nil, fmt.Errorf("error executing %q: %v", strings.Join(args, " "), err) + } + + return strings.Split(string(output), "\n"), nil +} + +// readStatusDefault returns the content of /proc/pid/status as a string slice. +func readStatusDefault(pid string) ([]string, error) { + path := fmt.Sprintf("/proc/%s/status", pid) f, err := os.Open(path) if err != nil { return nil, err @@ -175,15 +193,26 @@ var readStatus = func(path string) ([]string, error) { } // ParseStatus parses the /proc/$pid/status file and returns a *Status. -func ParseStatus(pid string) (*Status, error) { - path := fmt.Sprintf("/proc/%s/status", pid) - lines, err := readStatus(path) +func ParseStatus(ctx *types.PsContext, pid string) (*Status, error) { + var lines []string + var err error + + if ctx.JoinUserNS { + lines, err = readStatusUserNS(pid) + } else { + lines, err = readStatusDefault(pid) + } + if err != nil { return nil, err } + return parseStatus(pid, lines) +} +// parseStatus extracts data from lines and returns a *Status. +func parseStatus(pid string, lines []string) (*Status, error) { s := Status{} - errUnexpectedInput := errors.New(fmt.Sprintf("unexpected input from %s", path)) + errUnexpectedInput := fmt.Errorf("unexpected input from /proc/%s/status", pid) for _, line := range lines { fields := strings.Fields(line) if len(fields) < 2 { diff --git a/vendor/github.com/containers/psgo/internal/process/process.go b/vendor/github.com/containers/psgo/internal/process/process.go index b1ea076b5..6a8dfb0c0 100644 --- a/vendor/github.com/containers/psgo/internal/process/process.go +++ b/vendor/github.com/containers/psgo/internal/process/process.go @@ -7,6 +7,7 @@ import ( "github.com/containers/psgo/internal/host" "github.com/containers/psgo/internal/proc" + "github.com/containers/psgo/internal/types" "github.com/opencontainers/runc/libcontainer/user" "github.com/pkg/errors" ) @@ -61,13 +62,13 @@ func LookupUID(uid string) (string, error) { // New returns a new Process with the specified pid and parses the relevant // data from /proc and /dev. -func New(pid string) (*Process, error) { +func New(ctx *types.PsContext, pid string) (*Process, error) { p := Process{Pid: pid} if err := p.parseStat(); err != nil { return nil, err } - if err := p.parseStatus(); err != nil { + if err := p.parseStatus(ctx); err != nil { return nil, err } if err := p.parseCmdLine(); err != nil { @@ -88,10 +89,10 @@ func New(pid string) (*Process, error) { } // FromPIDs creates a new Process for each pid. -func FromPIDs(pids []string) ([]*Process, error) { +func FromPIDs(ctx *types.PsContext, pids []string) ([]*Process, error) { processes := []*Process{} for _, pid := range pids { - p, err := New(pid) + p, err := New(ctx, pid) if err != nil { if os.IsNotExist(err) { // proc parsing is racy @@ -116,8 +117,8 @@ func (p *Process) parseStat() error { } // parseStatus parses /proc/$pid/status. -func (p *Process) parseStatus() error { - s, err := proc.ParseStatus(p.Pid) +func (p *Process) parseStatus(ctx *types.PsContext) error { + s, err := proc.ParseStatus(ctx, p.Pid) if err != nil { return err } @@ -135,7 +136,7 @@ func (p *Process) parseCmdLine() error { return nil } -// parsePIDNamespace parses all host-related data fields. +// parsePIDNamespace sets the PID namespace. func (p *Process) parsePIDNamespace() error { pidNS, err := proc.ParsePIDNamespace(p.Pid) if err != nil { diff --git a/vendor/github.com/containers/psgo/internal/types/types.go b/vendor/github.com/containers/psgo/internal/types/types.go new file mode 100644 index 000000000..9069e8000 --- /dev/null +++ b/vendor/github.com/containers/psgo/internal/types/types.go @@ -0,0 +1,8 @@ +package types + +// PsContext controls some internals of the psgo library. +type PsContext struct { + // JoinUserNS will force /proc and /dev parsing from within each PIDs + // user namespace. + JoinUserNS bool +} diff --git a/vendor/github.com/containers/psgo/psgo.go b/vendor/github.com/containers/psgo/psgo.go index e52089b3c..2ea9a322b 100644 --- a/vendor/github.com/containers/psgo/psgo.go +++ b/vendor/github.com/containers/psgo/psgo.go @@ -25,6 +25,7 @@ import ( "github.com/containers/psgo/internal/dev" "github.com/containers/psgo/internal/proc" "github.com/containers/psgo/internal/process" + "github.com/containers/psgo/internal/types" "github.com/pkg/errors" "golang.org/x/sys/unix" ) @@ -183,23 +184,28 @@ var ( procFn: processVSZ, }, { + normal: "capamb", + header: "AMBIENT CAPS", + procFn: processCAPAMB, + }, + { normal: "capinh", - header: "CAPABILITIES", + header: "INHERITED CAPS", procFn: processCAPINH, }, { normal: "capprm", - header: "CAPABILITIES", + header: "PERMITTED CAPS", procFn: processCAPPRM, }, { normal: "capeff", - header: "CAPABILITIES", + header: "EFFECTIVE CAPS", procFn: processCAPEFF, }, { normal: "capbnd", - header: "CAPABILITIES", + header: "BOUNDING CAPS", procFn: processCAPBND, }, { @@ -276,6 +282,19 @@ func JoinNamespaceAndProcessInfo(pid string, descriptors []string) ([][]string, defer wg.Done() runtime.LockOSThread() + // extract user namespaces prior to joining the mount namespace + currentUserNs, err := proc.ParseUserNamespace("self") + if err != nil { + dataErr = errors.Wrapf(err, "error determining user namespace") + return + } + + pidUserNs, err := proc.ParseUserNamespace(pid) + if err != nil { + dataErr = errors.Wrapf(err, "error determining user namespace of PID %s", pid) + } + + // join the mount namespace of pid fd, err := os.Open(fmt.Sprintf("/proc/%s/ns/mnt", pid)) if err != nil { dataErr = err @@ -290,12 +309,19 @@ func JoinNamespaceAndProcessInfo(pid string, descriptors []string) ([][]string, } unix.Setns(int(fd.Fd()), unix.CLONE_NEWNS) + // extract all pids mentioned in pid's mount namespace pids, err := proc.GetPIDs() if err != nil { dataErr = err return } - processes, err := process.FromPIDs(pids) + + ctx := types.PsContext{ + // join the user NS if the pid's user NS is different + // to the caller's user NS. + JoinUserNS: currentUserNs != pidUserNs, + } + processes, err := process.FromPIDs(&ctx, pids) if err != nil { dataErr = err return @@ -324,7 +350,9 @@ func ProcessInfo(descriptors []string) ([][]string, error) { if err != nil { return nil, err } - processes, err := process.FromPIDs(pids) + + ctx := types.PsContext{JoinUserNS: false} + processes, err := process.FromPIDs(&ctx, pids) if err != nil { return nil, err } @@ -340,7 +368,8 @@ func setHostProcesses(pid string) error { return err } - processes, err := process.FromPIDs(pids) + ctx := types.PsContext{JoinUserNS: false} + processes, err := process.FromPIDs(&ctx, pids) if err != nil { return err } @@ -421,14 +450,14 @@ func processPPID(p *process.Process) (string, error) { } // processUSER returns the effective user name of the process. This will be -// the textual group ID, if it can be optained, or a decimal representation +// the textual user ID, if it can be optained, or a decimal representation // otherwise. func processUSER(p *process.Process) (string, error) { return process.LookupUID(p.Status.Uids[1]) } // processRUSER returns the effective user name of the process. This will be -// the textual group ID, if it can be optained, or a decimal representation +// the textual user ID, if it can be optained, or a decimal representation // otherwise. func processRUSER(p *process.Process) (string, error) { return process.LookupUID(p.Status.Uids[0]) @@ -557,6 +586,13 @@ func parseCAP(cap string) (string, error) { return strings.Join(caps, ","), nil } +// processCAPAMB returns the set of ambient capabilties associated with +// process p. If all capabilties are set, "full" is returned. If no +// capability is enabled, "none" is returned. +func processCAPAMB(p *process.Process) (string, error) { + return parseCAP(p.Status.CapAmb) +} + // processCAPINH returns the set of inheritable capabilties associated with // process p. If all capabilties are set, "full" is returned. If no // capability is enabled, "none" is returned. diff --git a/vendor/github.com/opencontainers/runtime-tools/README.md b/vendor/github.com/opencontainers/runtime-tools/README.md index 93c901f05..11f613cf9 100644 --- a/vendor/github.com/opencontainers/runtime-tools/README.md +++ b/vendor/github.com/opencontainers/runtime-tools/README.md @@ -69,7 +69,7 @@ validation/linux_cgroups_hugetlb.t .................... 0/1 validation/linux_cgroups_memory.t ..................... 9/9 validation/linux_rootfs_propagation_shared.t ...... 252/282 - not ok shared root propogation exposes "/target348456609/mount892511628/example376408222" + not ok shared root propagation exposes "/target348456609/mount892511628/example376408222" Skipped: 29 /dev/null (default device) has unconfigured permissions diff --git a/vendor/github.com/projectatomic/buildah/add.go b/vendor/github.com/projectatomic/buildah/add.go index 93ecba9f4..1aad8ad37 100644 --- a/vendor/github.com/projectatomic/buildah/add.go +++ b/vendor/github.com/projectatomic/buildah/add.go @@ -11,12 +11,12 @@ import ( "syscall" "time" + "github.com/containers/libpod/pkg/chrootuser" "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/idtools" "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" "github.com/projectatomic/buildah/util" - "github.com/projectatomic/libpod/pkg/chrootuser" "github.com/sirupsen/logrus" ) diff --git a/vendor/github.com/projectatomic/buildah/buildah.go b/vendor/github.com/projectatomic/buildah/buildah.go index 1f5212362..32785a26f 100644 --- a/vendor/github.com/projectatomic/buildah/buildah.go +++ b/vendor/github.com/projectatomic/buildah/buildah.go @@ -24,7 +24,7 @@ const ( Package = "buildah" // Version for the Package. Bump version in contrib/rpm/buildah.spec // too. - Version = "1.3-dev" + Version = "1.4-dev" // The value we use to identify what type of information, currently a // serialized Builder structure, we are using as per-container state. // This should only be changed when we make incompatible changes to @@ -146,7 +146,6 @@ type Builder struct { // Image metadata and runtime settings, in multiple formats. OCIv1 v1.Image `json:"ociv1,omitempty"` Docker docker.V2Image `json:"docker,omitempty"` - // DefaultMountsFilePath is the file path holding the mounts to be mounted in "host-path:container-path" format. DefaultMountsFilePath string `json:"defaultMountsFilePath,omitempty"` @@ -292,7 +291,6 @@ type CommonBuildOptions struct { // BuilderOptions are used to initialize a new Builder. type BuilderOptions struct { - // Args define variables that users can pass at build-time to the builder Args map[string]string // FromImage is the name of the image which should be used as the @@ -360,9 +358,7 @@ type BuilderOptions struct { // after processing the AddCapabilities set, when running commands in the // container. If a capability appears in both lists, it will be dropped. DropCapabilities []string - // ImageOnly is a boolean designating that we wish to only pull the image and - // to not create a container from it. Used by pull command. - ImageOnly bool + CommonBuildOpts *CommonBuildOptions } diff --git a/vendor/github.com/projectatomic/buildah/chroot/run.go b/vendor/github.com/projectatomic/buildah/chroot/run.go index 77709c52d..2cae5b9da 100644 --- a/vendor/github.com/projectatomic/buildah/chroot/run.go +++ b/vendor/github.com/projectatomic/buildah/chroot/run.go @@ -551,9 +551,7 @@ func runUsingChroot(spec *specs.Spec, bundlePath string, ctty *os.File, stdin io cmd.Setsid = true cmd.Ctty = ctty } - if spec.Process.OOMScoreAdj != nil { - cmd.OOMScoreAdj = *spec.Process.OOMScoreAdj - } + cmd.OOMScoreAdj = spec.Process.OOMScoreAdj cmd.ExtraFiles = append([]*os.File{preader}, cmd.ExtraFiles...) cmd.Hook = func(int) error { for _, f := range closeOnceRunning { @@ -935,7 +933,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( } logrus.Debugf("bind mounted %q to %q", "/dev", filepath.Join(spec.Root.Path, "/dev")) - // Bind /proc read-write. + // Bind /proc read-only. subProc := filepath.Join(spec.Root.Path, "/proc") if err := unix.Mount("/proc", subProc, "bind", procFlags, ""); err != nil { if os.IsNotExist(err) { @@ -1133,6 +1131,15 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( } } + // Create an empty directory for to use for masking directories. + roEmptyDir := filepath.Join(bundlePath, "empty") + if len(spec.Linux.MaskedPaths) > 0 { + if err := os.Mkdir(roEmptyDir, 0700); err != nil { + return undoBinds, errors.Wrapf(err, "error creating empty directory %q", roEmptyDir) + } + removes = append(removes, roEmptyDir) + } + // Set up any masked paths that we need to. If we're running inside of // a container, some of these locations will already be read-only tmpfs // filesystems or bind mounted to os.DevNull. If we're not running @@ -1220,10 +1227,10 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( } } } - // The target's a directory, so mount a read-only tmpfs on it. - roFlags := uintptr(syscall.MS_NOSUID | syscall.MS_NODEV | syscall.MS_NOEXEC | syscall.MS_RDONLY) + // The target's a directory, so read-only bind mount an empty directory on it. + roFlags := uintptr(syscall.MS_BIND | syscall.MS_NOSUID | syscall.MS_NODEV | syscall.MS_NOEXEC | syscall.MS_RDONLY) if !isReadOnly || (hasContent && isAccessible) { - if err = unix.Mount("none", target, "tmpfs", roFlags, "size=0"); err != nil { + if err = unix.Mount(roEmptyDir, target, "bind", roFlags, ""); err != nil { return undoBinds, errors.Wrapf(err, "error masking directory %q in mount namespace", target) } if err = unix.Statfs(target, &fs); err != nil { diff --git a/vendor/github.com/projectatomic/buildah/config.go b/vendor/github.com/projectatomic/buildah/config.go index b39d2b6c6..731e3b80a 100644 --- a/vendor/github.com/projectatomic/buildah/config.go +++ b/vendor/github.com/projectatomic/buildah/config.go @@ -3,6 +3,7 @@ package buildah import ( "context" "encoding/json" + "os" "path/filepath" "runtime" "strings" @@ -260,11 +261,21 @@ func (b *Builder) Env() []string { // built using an image built from this container. func (b *Builder) SetEnv(k string, v string) { reset := func(s *[]string) { + getenv := func(name string) string { + for i := range *s { + val := strings.SplitN((*s)[i], "=", 2) + if len(val) == 2 && val[0] == name { + return val[1] + } + } + return name + } n := []string{} for i := range *s { if !strings.HasPrefix((*s)[i], k+"=") { n = append(n, (*s)[i]) } + v = os.Expand(v, getenv) } n = append(n, k+"="+v) *s = n diff --git a/vendor/github.com/projectatomic/buildah/imagebuildah/build.go b/vendor/github.com/projectatomic/buildah/imagebuildah/build.go index 42e51878e..bcdcfb678 100644 --- a/vendor/github.com/projectatomic/buildah/imagebuildah/build.go +++ b/vendor/github.com/projectatomic/buildah/imagebuildah/build.go @@ -96,6 +96,8 @@ type BuildOptions struct { // is supplied, the message will be sent to Err (or os.Stderr, if Err // is nil) by default. Log func(format string, args ...interface{}) + // In is connected to stdin for RUN instructions. + In io.Reader // Out is a place where non-error log messages are sent. Out io.Writer // Err is a place where error log messages should be sent. @@ -190,6 +192,7 @@ type Executor struct { outputFormat string additionalTags []string log func(format string, args ...interface{}) + in io.Reader out io.Writer err io.Writer signaturePolicyPath string @@ -471,11 +474,15 @@ func (b *Executor) Run(run imagebuilder.Run, config docker.Config) error { if b.builder == nil { return errors.Errorf("no build container available") } - devNull, err := os.Open(os.DevNull) - if err != nil { - return errors.Errorf("error opening %q for reading: %v", os.DevNull, err) + stdin := b.in + if stdin == nil { + devNull, err := os.Open(os.DevNull) + if err != nil { + return errors.Errorf("error opening %q for reading: %v", os.DevNull, err) + } + defer devNull.Close() + stdin = devNull } - defer devNull.Close() options := buildah.RunOptions{ Hostname: config.Hostname, Runtime: b.runtime, @@ -486,7 +493,7 @@ func (b *Executor) Run(run imagebuilder.Run, config docker.Config) error { WorkingDir: config.WorkingDir, Entrypoint: config.Entrypoint, Cmd: config.Cmd, - Stdin: devNull, + Stdin: stdin, Stdout: b.out, Stderr: b.err, Quiet: b.quiet, @@ -504,7 +511,7 @@ func (b *Executor) Run(run imagebuilder.Run, config docker.Config) error { if err := b.volumeCacheSave(); err != nil { return err } - err = b.builder.Run(args, options) + err := b.builder.Run(args, options) if err2 := b.volumeCacheRestore(); err2 != nil { if err == nil { return err2 @@ -557,6 +564,7 @@ func NewExecutor(store storage.Store, options BuildOptions) (*Executor, error) { volumeCache: make(map[string]string), volumeCacheInfo: make(map[string]os.FileInfo), log: options.Log, + in: options.In, out: options.Out, err: options.Err, reportWriter: options.ReportWriter, @@ -1203,8 +1211,9 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options BuildOpt } data = resp.Body } else { - if !filepath.IsAbs(dfile) { - logrus.Debugf("resolving local Dockerfile %q", dfile) + // If the Dockerfile isn't found try prepending the + // context directory to it. + if _, err := os.Stat(dfile); os.IsNotExist(err) { dfile = filepath.Join(options.ContextDirectory, dfile) } logrus.Debugf("reading local Dockerfile %q", dfile) diff --git a/vendor/github.com/projectatomic/buildah/new.go b/vendor/github.com/projectatomic/buildah/new.go index 60d217552..1895bae48 100644 --- a/vendor/github.com/projectatomic/buildah/new.go +++ b/vendor/github.com/projectatomic/buildah/new.go @@ -66,7 +66,13 @@ func reserveSELinuxLabels(store storage.Store, id string) error { } func pullAndFindImage(ctx context.Context, store storage.Store, imageName string, options BuilderOptions, sc *types.SystemContext) (*storage.Image, types.ImageReference, error) { - ref, err := pullImage(ctx, store, imageName, options, sc) + pullOptions := PullOptions{ + ReportWriter: options.ReportWriter, + Store: store, + SystemContext: options.SystemContext, + Transport: options.Transport, + } + ref, err := pullImage(ctx, store, imageName, pullOptions, sc) if err != nil { logrus.Debugf("error pulling image %q: %v", imageName, err) return nil, nil, err @@ -248,15 +254,6 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions defer src.Close() } - // If the pull command was used, we only pull the image, - // we don't create a container. - if options.ImageOnly { - imgBuilder := &Builder{ - FromImageID: imageID, - } - return imgBuilder, nil - } - name := "working-container" if options.Container != "" { name = options.Container diff --git a/vendor/github.com/projectatomic/buildah/pkg/cli/common.go b/vendor/github.com/projectatomic/buildah/pkg/cli/common.go index de3326842..39a1773e4 100644 --- a/vendor/github.com/projectatomic/buildah/pkg/cli/common.go +++ b/vendor/github.com/projectatomic/buildah/pkg/cli/common.go @@ -176,10 +176,6 @@ var ( Name: "squash", Usage: "Squash newly built layers into a single new layer. The build process does not currently support caching so this is a NOOP.", }, - cli.BoolTFlag{ - Name: "stream", - Usage: "There is no daemon in use, so this command is a NOOP.", - }, cli.StringSliceFlag{ Name: "tag, t", Usage: "tagged `name` to apply to the built image", diff --git a/vendor/github.com/projectatomic/buildah/pkg/parse/parse.go b/vendor/github.com/projectatomic/buildah/pkg/parse/parse.go index bd333a2cc..2dff18818 100644 --- a/vendor/github.com/projectatomic/buildah/pkg/parse/parse.go +++ b/vendor/github.com/projectatomic/buildah/pkg/parse/parse.go @@ -545,6 +545,8 @@ func defaultIsolation() (buildah.Isolation, error) { if isSet { if strings.HasPrefix(strings.ToLower(isolation), "oci") { return buildah.IsolationOCI, nil + } else if strings.HasPrefix(strings.ToLower(isolation), "rootless") { + return buildah.IsolationOCIRootless, nil } else if strings.HasPrefix(strings.ToLower(isolation), "chroot") { return buildah.IsolationChroot, nil } @@ -558,6 +560,8 @@ func IsolationOption(c *cli.Context) (buildah.Isolation, error) { if c.String("isolation") != "" { if strings.HasPrefix(strings.ToLower(c.String("isolation")), "oci") { return buildah.IsolationOCI, nil + } else if strings.HasPrefix(strings.ToLower(c.String("isolation")), "rootless") { + return buildah.IsolationOCIRootless, nil } else if strings.HasPrefix(strings.ToLower(c.String("isolation")), "chroot") { return buildah.IsolationChroot, nil } else { diff --git a/vendor/github.com/projectatomic/buildah/pull.go b/vendor/github.com/projectatomic/buildah/pull.go index e9ce03f02..48d7f76ed 100644 --- a/vendor/github.com/projectatomic/buildah/pull.go +++ b/vendor/github.com/projectatomic/buildah/pull.go @@ -2,6 +2,7 @@ package buildah import ( "context" + "io" "strings" cp "github.com/containers/image/copy" @@ -20,6 +21,28 @@ import ( "github.com/sirupsen/logrus" ) +// PullOptions can be used to alter how an image is copied in from somewhere. +type PullOptions struct { + // SignaturePolicyPath specifies an override location for the signature + // policy which should be used for verifying the new image as it is + // being written. Except in specific circumstances, no value should be + // specified, indicating that the shared, system-wide default policy + // should be used. + SignaturePolicyPath string + // ReportWriter is an io.Writer which will be used to log the writing + // of the new image. + ReportWriter io.Writer + // Store is the local storage store which holds the source image. + Store storage.Store + // github.com/containers/image/types SystemContext to hold credentials + // and other authentication/authorization information. + SystemContext *types.SystemContext + // Transport is a value which is prepended to the image's name, if the + // image name alone can not be resolved to a reference to a source + // image. No separator is implicitly added. + Transport string +} + func localImageNameForReference(ctx context.Context, store storage.Store, srcRef types.ImageReference, spec string) (string, error) { if srcRef == nil { return "", errors.Errorf("reference to image is empty") @@ -112,7 +135,13 @@ func localImageNameForReference(ctx context.Context, store storage.Store, srcRef return name, nil } -func pullImage(ctx context.Context, store storage.Store, imageName string, options BuilderOptions, sc *types.SystemContext) (types.ImageReference, error) { +// Pull copies the contents of the image from somewhere else. +func Pull(ctx context.Context, imageName string, options PullOptions) (types.ImageReference, error) { + systemContext := getSystemContext(options.SystemContext, options.SignaturePolicyPath) + return pullImage(ctx, options.Store, imageName, options, systemContext) +} + +func pullImage(ctx context.Context, store storage.Store, imageName string, options PullOptions, sc *types.SystemContext) (types.ImageReference, error) { spec := imageName srcRef, err := alltransports.ParseImageName(spec) if err != nil { @@ -144,12 +173,6 @@ func pullImage(ctx context.Context, store storage.Store, imageName string, optio return nil, errors.Wrapf(err, "error parsing image name %q", destName) } - img, err := srcRef.NewImageSource(ctx, sc) - if err != nil { - return nil, errors.Wrapf(err, "error initializing %q as an image source", spec) - } - img.Close() - policy, err := signature.DefaultPolicy(sc) if err != nil { return nil, errors.Wrapf(err, "error obtaining default signature policy") diff --git a/vendor/github.com/projectatomic/buildah/run.go b/vendor/github.com/projectatomic/buildah/run.go index b6a21cdad..71a76862e 100644 --- a/vendor/github.com/projectatomic/buildah/run.go +++ b/vendor/github.com/projectatomic/buildah/run.go @@ -19,6 +19,7 @@ import ( "time" "github.com/containernetworking/cni/libcni" + "github.com/containers/libpod/pkg/secrets" "github.com/containers/storage/pkg/idtools" "github.com/containers/storage/pkg/ioutils" "github.com/containers/storage/pkg/reexec" @@ -31,7 +32,6 @@ import ( "github.com/projectatomic/buildah/bind" "github.com/projectatomic/buildah/chroot" "github.com/projectatomic/buildah/util" - "github.com/projectatomic/libpod/pkg/secrets" "github.com/sirupsen/logrus" "golang.org/x/crypto/ssh/terminal" "golang.org/x/sys/unix" @@ -116,6 +116,8 @@ const ( // IsolationChroot is a more chroot-like environment: less isolation, // but with fewer requirements. IsolationChroot + // IsolationOCIRootless is a proper OCI runtime in rootless mode. + IsolationOCIRootless ) // String converts a Isolation into a string. @@ -127,6 +129,8 @@ func (i Isolation) String() string { return "IsolationOCI" case IsolationChroot: return "IsolationChroot" + case IsolationOCIRootless: + return "IsolationOCIRootless" } return fmt.Sprintf("unrecognized isolation type %d", i) } @@ -135,7 +139,7 @@ func (i Isolation) String() string { type RunOptions struct { // Hostname is the hostname we set for the running container. Hostname string - // Isolation is either IsolationDefault, IsolationOCI, or IsolationChroot. + // Isolation is either IsolationDefault, IsolationOCI, IsolationChroot, or IsolationOCIRootless. Isolation Isolation // Runtime is the name of the runtime to run. It should accept the // same arguments that runc does, and produce similar output. @@ -350,6 +354,13 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath st return false } + ipc := namespaceOptions.Find(string(specs.IPCNamespace)) + hostIPC := ipc == nil || ipc.Host + net := namespaceOptions.Find(string(specs.NetworkNamespace)) + hostNetwork := net == nil || net.Host + user := namespaceOptions.Find(string(specs.UserNamespace)) + hostUser := user == nil || user.Host + // Copy mounts from the generated list. mountCgroups := true specMounts := []specs.Mount{} @@ -357,9 +368,7 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath st // Override some of the mounts from the generated list if we're doing different things with namespaces. if specMount.Destination == "/dev/shm" { specMount.Options = []string{"nosuid", "noexec", "nodev", "mode=1777", "size=" + shmSize} - user := namespaceOptions.Find(string(specs.UserNamespace)) - ipc := namespaceOptions.Find(string(specs.IPCNamespace)) - if (ipc == nil || ipc.Host) && (user != nil && !user.Host) { + if hostIPC && !hostUser { if _, err := os.Stat("/dev/shm"); err != nil && os.IsNotExist(err) { continue } @@ -372,9 +381,7 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath st } } if specMount.Destination == "/dev/mqueue" { - user := namespaceOptions.Find(string(specs.UserNamespace)) - ipc := namespaceOptions.Find(string(specs.IPCNamespace)) - if (ipc == nil || ipc.Host) && (user != nil && !user.Host) { + if hostIPC && !hostUser { if _, err := os.Stat("/dev/mqueue"); err != nil && os.IsNotExist(err) { continue } @@ -387,9 +394,7 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath st } } if specMount.Destination == "/sys" { - user := namespaceOptions.Find(string(specs.UserNamespace)) - net := namespaceOptions.Find(string(specs.NetworkNamespace)) - if (net == nil || net.Host) && (user != nil && !user.Host) { + if hostNetwork && !hostUser { mountCgroups = false if _, err := os.Stat("/sys"); err != nil && os.IsNotExist(err) { continue @@ -715,7 +720,6 @@ func setupTerminal(g *generate.Generator, terminalPolicy TerminalPolicy, termina func setupNamespaces(g *generate.Generator, namespaceOptions NamespaceOptions, idmapOptions IDMappingOptions, policy NetworkConfigurationPolicy) (configureNetwork bool, configureNetworks []string, configureUTS bool, err error) { // Set namespace options in the container configuration. - hostPidns := false configureUserns := false specifiedNetwork := false for _, namespaceOption := range namespaceOptions { @@ -725,8 +729,6 @@ func setupNamespaces(g *generate.Generator, namespaceOptions NamespaceOptions, i if !namespaceOption.Host && namespaceOption.Path == "" { configureUserns = true } - case string(specs.PIDNamespace): - hostPidns = namespaceOption.Host case string(specs.NetworkNamespace): specifiedNetwork = true configureNetwork = false @@ -754,11 +756,9 @@ func setupNamespaces(g *generate.Generator, namespaceOptions NamespaceOptions, i return false, nil, false, errors.Wrapf(err, "error adding %q namespace %q for run", namespaceOption.Name, namespaceOption.Path) } } + // If we've got mappings, we're going to have to create a user namespace. if len(idmapOptions.UIDMap) > 0 || len(idmapOptions.GIDMap) > 0 || configureUserns { - if hostPidns { - return false, nil, false, errors.New("unable to mix host PID namespace with user namespace") - } if err := g.AddOrReplaceLinuxNamespace(specs.UserNamespace, ""); err != nil { return false, nil, false, errors.Wrapf(err, "error adding new %q namespace for run", string(specs.UserNamespace)) } @@ -940,26 +940,26 @@ func (b *Builder) Run(command []string, options RunOptions) error { logrus.Errorf("error removing %q: %v", path, err2) } }() + gp, err := generate.New("linux") if err != nil { return err } - g := &gp - b.configureEnvironment(g, options) - - if os.Getuid() != 0 { - g.RemoveMount("/dev/pts") - devPts := specs.Mount{ - Destination: "/dev/pts", - Type: "devpts", - Source: "devpts", - Options: []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620"}, + isolation := options.Isolation + if isolation == IsolationDefault { + isolation = b.Isolation + if isolation == IsolationDefault { + isolation = IsolationOCI } - g.AddMount(devPts) + } + if err := checkAndOverrideIsolationOptions(isolation, &options); err != nil { + return err } + b.configureEnvironment(g, options) + if b.CommonBuildOpts == nil { return errors.Errorf("Invalid format on container you must recreate the container") } @@ -1070,24 +1070,139 @@ func (b *Builder) Run(command []string, options RunOptions) error { } } - isolation := options.Isolation - if isolation == IsolationDefault { - isolation = b.Isolation - if isolation == IsolationDefault { - isolation = IsolationOCI - } - } switch isolation { case IsolationOCI: - err = b.runUsingRuntimeSubproc(options, configureNetwork, configureNetworks, spec, mountPoint, path, Package+"-"+filepath.Base(path)) + // The default is --rootless=auto, which makes troubleshooting a bit harder. + // rootlessFlag := []string{"--rootless=false"} + // for _, arg := range options.Args { + // if strings.HasPrefix(arg, "--rootless") { + // rootlessFlag = nil + // } + // } + // options.Args = append(options.Args, rootlessFlag...) + err = b.runUsingRuntimeSubproc(options, configureNetwork, configureNetworks, nil, spec, mountPoint, path, Package+"-"+filepath.Base(path)) case IsolationChroot: err = chroot.RunUsingChroot(spec, path, options.Stdin, options.Stdout, options.Stderr) + case IsolationOCIRootless: + if err := setupRootlessSpecChanges(spec, path, rootUID, rootGID); err != nil { + return err + } + rootlessFlag := []string{"--rootless=true"} + for _, arg := range options.Args { + if strings.HasPrefix(arg, "--rootless") { + rootlessFlag = nil + } + } + options.Args = append(options.Args, rootlessFlag...) + err = b.runUsingRuntimeSubproc(options, configureNetwork, configureNetworks, []string{"--no-new-keyring"}, spec, mountPoint, path, Package+"-"+filepath.Base(path)) default: err = errors.Errorf("don't know how to run this command") } return err } +func checkAndOverrideIsolationOptions(isolation Isolation, options *RunOptions) error { + switch isolation { + case IsolationOCIRootless: + if ns := options.NamespaceOptions.Find(string(specs.IPCNamespace)); ns == nil || ns.Host { + logrus.Debugf("Forcing use of an IPC namespace.") + } + options.NamespaceOptions.AddOrReplace(NamespaceOption{Name: string(specs.IPCNamespace)}) + if ns := options.NamespaceOptions.Find(string(specs.NetworkNamespace)); ns != nil && !ns.Host { + logrus.Debugf("Disabling network namespace.") + } + options.NamespaceOptions.AddOrReplace(NamespaceOption{Name: string(specs.NetworkNamespace), Host: true}) + if ns := options.NamespaceOptions.Find(string(specs.PIDNamespace)); ns == nil || ns.Host { + logrus.Debugf("Forcing use of a PID namespace.") + } + options.NamespaceOptions.AddOrReplace(NamespaceOption{Name: string(specs.PIDNamespace), Host: false}) + if ns := options.NamespaceOptions.Find(string(specs.UserNamespace)); ns == nil || ns.Host { + logrus.Debugf("Forcing use of a user namespace.") + } + options.NamespaceOptions.AddOrReplace(NamespaceOption{Name: string(specs.UserNamespace)}) + if ns := options.NamespaceOptions.Find(string(specs.UTSNamespace)); ns != nil && !ns.Host { + logrus.Debugf("Disabling UTS namespace.") + } + options.NamespaceOptions.AddOrReplace(NamespaceOption{Name: string(specs.UTSNamespace), Host: true}) + case IsolationOCI: + pidns := options.NamespaceOptions.Find(string(specs.PIDNamespace)) + userns := options.NamespaceOptions.Find(string(specs.UserNamespace)) + if (pidns == nil || pidns.Host) && (userns != nil && !userns.Host) { + return fmt.Errorf("not allowed to mix host PID namespace with container user namespace") + } + } + return nil +} + +func setupRootlessSpecChanges(spec *specs.Spec, bundleDir string, rootUID, rootGID uint32) error { + spec.Hostname = "" + spec.Process.User.AdditionalGids = nil + spec.Linux.Resources = nil + + emptyDir := filepath.Join(bundleDir, "empty") + if err := os.Mkdir(emptyDir, 0); err != nil { + return errors.Wrapf(err, "error creating %q", emptyDir) + } + + // Replace /sys with a read-only bind mount. + mounts := []specs.Mount{ + { + Source: "/dev", + Destination: "/dev", + Type: "tmpfs", + Options: []string{"private", "strictatime", "noexec", "nosuid", "mode=755", "size=65536k"}, + }, + { + Source: "mqueue", + Destination: "/dev/mqueue", + Type: "mqueue", + Options: []string{"private", "nodev", "noexec", "nosuid"}, + }, + { + Source: "pts", + Destination: "/dev/pts", + Type: "devpts", + Options: []string{"private", "noexec", "nosuid", "newinstance", "ptmxmode=0666", "mode=0620"}, + }, + { + Source: "shm", + Destination: "/dev/shm", + Type: "tmpfs", + Options: []string{"private", "nodev", "noexec", "nosuid", "mode=1777", "size=65536k"}, + }, + { + Source: "/proc", + Destination: "/proc", + Type: "proc", + Options: []string{"private", "nodev", "noexec", "nosuid"}, + }, + { + Source: "/sys", + Destination: "/sys", + Type: "bind", + Options: []string{bind.NoBindOption, "rbind", "private", "nodev", "noexec", "nosuid", "ro"}, + }, + } + // Cover up /sys/fs/cgroup and /sys/fs/selinux, if they exist in our source for /sys. + if _, err := os.Stat("/sys/fs/cgroup"); err == nil { + spec.Linux.MaskedPaths = append(spec.Linux.MaskedPaths, "/sys/fs/cgroup") + } + if _, err := os.Stat("/sys/fs/selinux"); err == nil { + spec.Linux.MaskedPaths = append(spec.Linux.MaskedPaths, "/sys/fs/selinux") + } + // Keep anything that isn't under /dev, /proc, or /sys. + for i := range spec.Mounts { + if spec.Mounts[i].Destination == "/dev" || strings.HasPrefix(spec.Mounts[i].Destination, "/dev/") || + spec.Mounts[i].Destination == "/proc" || strings.HasPrefix(spec.Mounts[i].Destination, "/proc/") || + spec.Mounts[i].Destination == "/sys" || strings.HasPrefix(spec.Mounts[i].Destination, "/sys/") { + continue + } + mounts = append(mounts, spec.Mounts[i]) + } + spec.Mounts = mounts + return nil +} + type runUsingRuntimeSubprocOptions struct { Options RunOptions Spec *specs.Spec @@ -1095,10 +1210,11 @@ type runUsingRuntimeSubprocOptions struct { BundlePath string ConfigureNetwork bool ConfigureNetworks []string + MoreCreateArgs []string ContainerName string } -func (b *Builder) runUsingRuntimeSubproc(options RunOptions, configureNetwork bool, configureNetworks []string, spec *specs.Spec, rootPath, bundlePath, containerName string) (err error) { +func (b *Builder) runUsingRuntimeSubproc(options RunOptions, configureNetwork bool, configureNetworks, moreCreateArgs []string, spec *specs.Spec, rootPath, bundlePath, containerName string) (err error) { var confwg sync.WaitGroup config, conferr := json.Marshal(runUsingRuntimeSubprocOptions{ Options: options, @@ -1107,6 +1223,7 @@ func (b *Builder) runUsingRuntimeSubproc(options RunOptions, configureNetwork bo BundlePath: bundlePath, ConfigureNetwork: configureNetwork, ConfigureNetworks: configureNetworks, + MoreCreateArgs: moreCreateArgs, ContainerName: containerName, }) if conferr != nil { @@ -1177,7 +1294,7 @@ func runUsingRuntimeMain() { os.Exit(1) } // Run the container, start to finish. - status, err := runUsingRuntime(options.Options, options.ConfigureNetwork, options.ConfigureNetworks, options.Spec, options.RootPath, options.BundlePath, options.ContainerName) + status, err := runUsingRuntime(options.Options, options.ConfigureNetwork, options.ConfigureNetworks, options.MoreCreateArgs, options.Spec, options.RootPath, options.BundlePath, options.ContainerName) if err != nil { fmt.Fprintf(os.Stderr, "error running container: %v\n", err) os.Exit(1) @@ -1192,7 +1309,7 @@ func runUsingRuntimeMain() { os.Exit(1) } -func runUsingRuntime(options RunOptions, configureNetwork bool, configureNetworks []string, spec *specs.Spec, rootPath, bundlePath, containerName string) (wstatus unix.WaitStatus, err error) { +func runUsingRuntime(options RunOptions, configureNetwork bool, configureNetworks, moreCreateArgs []string, spec *specs.Spec, rootPath, bundlePath, containerName string) (wstatus unix.WaitStatus, err error) { // Lock the caller to a single OS-level thread. runtime.LockOSThread() @@ -1226,8 +1343,6 @@ func runUsingRuntime(options RunOptions, configureNetwork bool, configureNetwork runtime = util.Runtime() } - // Default to not specifying a console socket location. - var moreCreateArgs []string // Default to just passing down our stdio. getCreateStdio := func() (io.ReadCloser, io.WriteCloser, io.WriteCloser) { return os.Stdin, os.Stdout, os.Stderr @@ -1313,6 +1428,7 @@ func runUsingRuntime(options RunOptions, configureNetwork bool, configureNetwork del.Stderr = os.Stderr // Actually create the container. + logrus.Debugf("Running %q", create.Args) err = create.Run() if err != nil { return 1, errors.Wrapf(err, "error creating container for %v: %s", spec.Process.Args, runCollectOutput(errorFds, closeBeforeReadingErrorFds)) @@ -1373,6 +1489,7 @@ func runUsingRuntime(options RunOptions, configureNetwork bool, configureNetwork go runCopyStdio(&stdio, copyPipes, stdioPipe, copyConsole, consoleListener, finishCopy, finishedCopy, spec) // Start the container. + logrus.Debugf("Running %q", start.Args) err = start.Run() if err != nil { return 1, errors.Wrapf(err, "error starting container") diff --git a/vendor/github.com/projectatomic/buildah/unshare/unshare.go b/vendor/github.com/projectatomic/buildah/unshare/unshare.go index ed2a97934..4eea74956 100644 --- a/vendor/github.com/projectatomic/buildah/unshare/unshare.go +++ b/vendor/github.com/projectatomic/buildah/unshare/unshare.go @@ -33,7 +33,7 @@ type Cmd struct { Setsid bool Setpgrp bool Ctty *os.File - OOMScoreAdj int + OOMScoreAdj *int Hook func(pid int) error } @@ -234,18 +234,18 @@ func (c *Cmd) Start() error { } } - // Adjust the process's OOM score. - oomScoreAdj, err := os.OpenFile(fmt.Sprintf("/proc/%s/oom_score_adj", pidString), os.O_TRUNC|os.O_WRONLY, 0) - if err != nil { - fmt.Fprintf(continueWrite, "error opening oom_score_adj: %v", err) - return errors.Wrapf(err, "error opening /proc/%s/oom_score_adj", pidString) - } - if _, err := fmt.Fprintf(oomScoreAdj, "%d\n", c.OOMScoreAdj); err != nil { - fmt.Fprintf(continueWrite, "error writing \"%d\" to oom_score_adj: %v", c.OOMScoreAdj, err) - return errors.Wrapf(err, "error writing \"%d\" to /proc/%s/oom_score_adj", c.OOMScoreAdj, pidString) + if c.OOMScoreAdj != nil { + oomScoreAdj, err := os.OpenFile(fmt.Sprintf("/proc/%s/oom_score_adj", pidString), os.O_TRUNC|os.O_WRONLY, 0) + if err != nil { + fmt.Fprintf(continueWrite, "error opening oom_score_adj: %v", err) + return errors.Wrapf(err, "error opening /proc/%s/oom_score_adj", pidString) + } + defer oomScoreAdj.Close() + if _, err := fmt.Fprintf(oomScoreAdj, "%d\n", *c.OOMScoreAdj); err != nil { + fmt.Fprintf(continueWrite, "error writing \"%d\" to oom_score_adj: %v", c.OOMScoreAdj, err) + return errors.Wrapf(err, "error writing \"%d\" to /proc/%s/oom_score_adj", c.OOMScoreAdj, pidString) + } } - defer oomScoreAdj.Close() - // Run any additional setup that we want to do before the child starts running proper. if c.Hook != nil { if err = c.Hook(pid); err != nil { diff --git a/vendor/github.com/projectatomic/buildah/util.go b/vendor/github.com/projectatomic/buildah/util.go index 4aa19b384..ef9be87fb 100644 --- a/vendor/github.com/projectatomic/buildah/util.go +++ b/vendor/github.com/projectatomic/buildah/util.go @@ -7,7 +7,7 @@ import ( "sync" "github.com/containers/image/docker/reference" - "github.com/containers/image/pkg/sysregistries" + "github.com/containers/image/pkg/sysregistriesv2" "github.com/containers/image/types" "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/chrootarchive" @@ -166,12 +166,18 @@ func (b *Builder) tarPath() func(path string) (io.ReadCloser, error) { } } -// getRegistries obtains the list of registries defined in the global registries file. +// getRegistries obtains the list of search registries defined in the global registries file. func getRegistries(sc *types.SystemContext) ([]string, error) { - searchRegistries, err := sysregistries.GetRegistries(sc) + var searchRegistries []string + registries, err := sysregistriesv2.GetRegistries(sc) if err != nil { return nil, errors.Wrapf(err, "unable to parse the registries.conf file") } + for _, registry := range sysregistriesv2.FindUnqualifiedSearchRegistries(registries) { + if !registry.Blocked { + searchRegistries = append(searchRegistries, registry.URL) + } + } return searchRegistries, nil } diff --git a/vendor/github.com/projectatomic/buildah/util/util.go b/vendor/github.com/projectatomic/buildah/util/util.go index 2617a27b7..1e7361462 100644 --- a/vendor/github.com/projectatomic/buildah/util/util.go +++ b/vendor/github.com/projectatomic/buildah/util/util.go @@ -15,7 +15,7 @@ import ( dockerarchive "github.com/containers/image/docker/archive" "github.com/containers/image/docker/reference" ociarchive "github.com/containers/image/oci/archive" - "github.com/containers/image/pkg/sysregistries" + "github.com/containers/image/pkg/sysregistriesv2" "github.com/containers/image/signature" is "github.com/containers/image/storage" "github.com/containers/image/tarball" @@ -114,11 +114,17 @@ func ResolveName(name string, firstRegistry string, sc *types.SystemContext, sto } // Figure out the list of registries. - registries, err := sysregistries.GetRegistries(sc) + var registries []string + allRegistries, err := sysregistriesv2.GetRegistries(sc) if err != nil { logrus.Debugf("unable to read configured registries to complete %q: %v", name, err) registries = []string{} } + for _, registry := range sysregistriesv2.FindUnqualifiedSearchRegistries(allRegistries) { + if !registry.Blocked { + registries = append(registries, registry.URL) + } + } // Create all of the combinations. Some registries need an additional component added, so // use our lookaside map to keep track of them. If there are no configured registries, we'll diff --git a/vendor/github.com/projectatomic/buildah/vendor.conf b/vendor/github.com/projectatomic/buildah/vendor.conf index 5a99b0cbf..3fec2d1f1 100644 --- a/vendor/github.com/projectatomic/buildah/vendor.conf +++ b/vendor/github.com/projectatomic/buildah/vendor.conf @@ -4,10 +4,10 @@ github.com/BurntSushi/toml master github.com/containerd/continuity master github.com/containernetworking/cni v0.6.0 github.com/seccomp/containers-golang master -github.com/containers/image 134f99bed228d6297dc01d152804f6f09f185418 +github.com/containers/image 216acb1bcd2c1abef736ee322e17147ee2b7d76c github.com/containers/storage 17c7d1fee5603ccf6dd97edc14162fc1510e7e23 github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716 -github.com/docker/docker b8571fd81c7d2223c9ecbf799c693e3ef1daaea9 +github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00 github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1 github.com/docker/engine-api master github.com/docker/go-connections 3ede32e2033de7505e6500d6c868c2b9ed9f169d @@ -42,7 +42,8 @@ github.com/ostreedev/ostree-go aeb02c6b6aa2889db3ef62f7855650755befd460 github.com/pborman/uuid master github.com/pkg/errors master github.com/pquerna/ffjson d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac -github.com/projectatomic/libpod master +github.com/containers/libpod master +github.com/containers/libpod master github.com/sirupsen/logrus master github.com/syndtr/gocapability master github.com/tchap/go-patricia master |