aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.github/workflows/multi-arch-build.yaml4
-rw-r--r--cmd/podman/containers/start.go10
-rw-r--r--docs/source/markdown/podman-start.1.md4
-rw-r--r--pkg/api/handlers/compat/containers.go5
-rw-r--r--pkg/domain/entities/containers.go1
-rw-r--r--pkg/domain/infra/abi/containers.go7
-rw-r--r--pkg/domain/infra/tunnel/containers.go12
-rw-r--r--test/apiv2/20-containers.at5
-rw-r--r--test/system/045-start.bats43
-rwxr-xr-xtest/system/build-testimage6
-rw-r--r--test/system/helpers.bash4
-rw-r--r--troubleshooting.md12
12 files changed, 94 insertions, 19 deletions
diff --git a/.github/workflows/multi-arch-build.yaml b/.github/workflows/multi-arch-build.yaml
index 2a86bab7e..0f8a3df7e 100644
--- a/.github/workflows/multi-arch-build.yaml
+++ b/.github/workflows/multi-arch-build.yaml
@@ -24,6 +24,8 @@ jobs:
# build several images (upstream, testing, stable) in parallel
strategy:
+ # By default, failure of one matrix item cancels all others
+ fail-fast: false
matrix:
# Builds are located under contrib/podmanimage/<source> directory
source:
@@ -178,7 +180,7 @@ jobs:
file: ./contrib/podmanimage/${{ matrix.source }}/Dockerfile
platforms: ${{ env.PLATFORMS }}
push: true
- tags: ${{ steps.podman_push.outputs.fqin }}
+ tags: ${{ steps.podman_reg.outputs.fqin }}
labels: |
${{ env.LABELS }}
diff --git a/cmd/podman/containers/start.go b/cmd/podman/containers/start.go
index 9b358db74..8d62dc12f 100644
--- a/cmd/podman/containers/start.go
+++ b/cmd/podman/containers/start.go
@@ -57,6 +57,8 @@ func startFlags(cmd *cobra.Command) {
flags.BoolVarP(&startOptions.Interactive, "interactive", "i", false, "Keep STDIN open even if not attached")
flags.BoolVar(&startOptions.SigProxy, "sig-proxy", false, "Proxy received signals to the process (default true if attaching, false otherwise)")
+ flags.BoolVar(&startOptions.All, "all", false, "Start all containers regardless of their state or configuration")
+
if registry.IsRemote() {
_ = flags.MarkHidden("sig-proxy")
}
@@ -79,7 +81,7 @@ func init() {
}
func validateStart(cmd *cobra.Command, args []string) error {
- if len(args) == 0 && !startOptions.Latest {
+ if len(args) == 0 && !startOptions.Latest && !startOptions.All {
return errors.New("start requires at least one argument")
}
if len(args) > 0 && startOptions.Latest {
@@ -88,6 +90,12 @@ func validateStart(cmd *cobra.Command, args []string) error {
if len(args) > 1 && startOptions.Attach {
return errors.Errorf("you cannot start and attach multiple containers at once")
}
+ if (len(args) > 0 || startOptions.Latest) && startOptions.All {
+ return errors.Errorf("either start all containers or the container(s) provided in the arguments")
+ }
+ if startOptions.Attach && startOptions.All {
+ return errors.Errorf("you cannot start and attach all containers at once")
+ }
return nil
}
diff --git a/docs/source/markdown/podman-start.1.md b/docs/source/markdown/podman-start.1.md
index 1822eab34..626e6e368 100644
--- a/docs/source/markdown/podman-start.1.md
+++ b/docs/source/markdown/podman-start.1.md
@@ -38,6 +38,10 @@ to run containers such as CRI-O, the last started container could be from either
Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true* when attaching, *false* otherwise.
+#### **\-\-all**
+
+Start all the containers created by Podman, default is only running containers.
+
## EXAMPLE
podman start mywebserver
diff --git a/pkg/api/handlers/compat/containers.go b/pkg/api/handlers/compat/containers.go
index d97a4d3bd..263d64a7b 100644
--- a/pkg/api/handlers/compat/containers.go
+++ b/pkg/api/handlers/compat/containers.go
@@ -22,6 +22,7 @@ import (
"github.com/containers/podman/v3/pkg/util"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/container"
+ "github.com/docker/docker/api/types/network"
"github.com/docker/go-connections/nat"
"github.com/docker/go-units"
"github.com/gorilla/schema"
@@ -526,6 +527,10 @@ func LibpodToContainerJSON(l *libpod.Container, sz bool) (*types.ContainerJSON,
if err := json.Unmarshal(n, &networkSettings); err != nil {
return nil, err
}
+ // do not report null instead use an empty map
+ if networkSettings.Networks == nil {
+ networkSettings.Networks = map[string]*network.EndpointSettings{}
+ }
c := types.ContainerJSON{
ContainerJSONBase: &cb,
diff --git a/pkg/domain/entities/containers.go b/pkg/domain/entities/containers.go
index 7d074f89d..4707ced85 100644
--- a/pkg/domain/entities/containers.go
+++ b/pkg/domain/entities/containers.go
@@ -265,6 +265,7 @@ type ContainerExistsOptions struct {
// ContainerStartOptions describes the val from the
// CLI needed to start a container
type ContainerStartOptions struct {
+ All bool
Attach bool
DetachKeys string
Interactive bool
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index 6f8845f10..82f2a2424 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -693,14 +693,17 @@ func (ic *ContainerEngine) ContainerExecDetached(ctx context.Context, nameOrID s
func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []string, options entities.ContainerStartOptions) ([]*entities.ContainerStartReport, error) {
reports := []*entities.ContainerStartReport{}
var exitCode = define.ExecErrorCodeGeneric
- ctrs, rawInputs, err := getContainersAndInputByContext(false, options.Latest, namesOrIds, ic.Libpod)
+ ctrs, rawInputs, err := getContainersAndInputByContext(options.All, options.Latest, namesOrIds, ic.Libpod)
if err != nil {
return nil, err
}
// There can only be one container if attach was used
for i := range ctrs {
ctr := ctrs[i]
- rawInput := rawInputs[i]
+ rawInput := ctr.ID()
+ if !options.All {
+ rawInput = rawInputs[i]
+ }
ctrState, err := ctr.State()
if err != nil {
return nil, err
diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go
index 4545d266b..aa26825e0 100644
--- a/pkg/domain/infra/tunnel/containers.go
+++ b/pkg/domain/infra/tunnel/containers.go
@@ -506,7 +506,7 @@ func startAndAttach(ic *ContainerEngine, name string, detachKeys *string, input,
func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []string, options entities.ContainerStartOptions) ([]*entities.ContainerStartReport, error) {
reports := []*entities.ContainerStartReport{}
var exitCode = define.ExecErrorCodeGeneric
- ctrs, err := getContainersByContext(ic.ClientCtx, false, false, namesOrIds)
+ ctrs, err := getContainersByContext(ic.ClientCtx, options.All, false, namesOrIds)
if err != nil {
return nil, err
}
@@ -514,9 +514,13 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
// There can only be one container if attach was used
for i, ctr := range ctrs {
name := ctr.ID
+ rawInput := ctr.ID
+ if !options.All {
+ rawInput = namesOrIds[i]
+ }
report := entities.ContainerStartReport{
Id: name,
- RawInput: namesOrIds[i],
+ RawInput: rawInput,
ExitCode: exitCode,
}
ctrRunning := ctr.State == define.ContainerStateRunning.String()
@@ -598,9 +602,9 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
reports = append(reports, &report)
continue
}
+ report.ExitCode = 0
+ reports = append(reports, &report)
}
- report.ExitCode = 0
- reports = append(reports, &report)
}
return reports, nil
}
diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at
index 58b2dff0a..66ba099e3 100644
--- a/test/apiv2/20-containers.at
+++ b/test/apiv2/20-containers.at
@@ -205,10 +205,15 @@ t GET containers/$cid/json 200 \
t POST containers/create Image=$IMAGE Entrypoint='["top"]' 201 \
.Id~[0-9a-f]\\{64\\}
cid_top=$(jq -r '.Id' <<<"$output")
+network_expect="{}"
+if root; then
+ network_expect='.podman.NetworkID=podman'
+fi
t GET containers/${cid_top}/json 200 \
.Config.Entrypoint[0]="top" \
.Config.Cmd='[]' \
.Path="top"
+ .NetworkSettings.Networks="$network_expect"
t POST containers/${cid_top}/start 204
# make sure the container is running
t GET containers/${cid_top}/json 200 \
diff --git a/test/system/045-start.bats b/test/system/045-start.bats
new file mode 100644
index 000000000..ff818e51d
--- /dev/null
+++ b/test/system/045-start.bats
@@ -0,0 +1,43 @@
+#!/usr/bin/env bats -*- bats -*-
+
+load helpers
+
+@test "podman start --all - start all containers" {
+ # Run a bunch of short-lived containers, with different --restart settings
+ run_podman run -d $IMAGE /bin/true
+ cid_none_implicit="$output"
+ run_podman run -d --restart=no $IMAGE /bin/false
+ cid_none_explicit="$output"
+ run_podman run -d --restart=on-failure $IMAGE /bin/true
+ cid_on_failure="$output"
+
+ # Run one longer-lived one.
+ run_podman run -d --restart=always $IMAGE sleep 20
+ cid_always="$output"
+
+ run_podman wait $cid_none_implicit $cid_none_explicit $cid_on_failure
+
+ run_podman start --all
+ is "$output" ".*$cid_none_implicit" "started: container with no --restart"
+ is "$output" ".*$cid_none_explicit" "started: container with --restart=no"
+ is "$output" ".*$cid_on_failure" "started: container with --restart=on-failure"
+ if [[ $output =~ $cid_always ]]; then
+ die "podman start --all restarted a running container"
+ fi
+
+ run_podman rm $cid_none_implicit $cid_none_explicit $cid_on_failure
+ run_podman stop -t 1 $cid_always
+ run_podman rm $cid_always
+}
+
+@test "podman start --all with incompatible options" {
+ expected="Error: either start all containers or the container(s) provided in the arguments"
+ run_podman 125 start --all 12333
+ is "$output" "$expected" "start --all, with args, throws error"
+ if ! is_remote; then
+ run_podman 125 start --all --latest
+ is "$output" "$expected" "podman start --all --latest"
+ fi
+}
+
+# vim: filetype=sh
diff --git a/test/system/build-testimage b/test/system/build-testimage
index aac08e307..3e5b982ce 100755
--- a/test/system/build-testimage
+++ b/test/system/build-testimage
@@ -78,7 +78,7 @@ podman rmi -f testimage &> /dev/null || true
# and because Dan says arch emulation is not currently working on podman
# (no further details).
# Arch emulation on Fedora requires the qemu-user-static package.
-for arch in amd64 ppc64le s390x;do
+for arch in amd64 arm64v8 ppc64le s390x;do
${BUILDAH} bud \
--arch=$arch \
--build-arg ARCH=$arch \
@@ -106,9 +106,9 @@ ${BUILDAH} manifest push --all ${remote_tag} docker://${remote_tag}
# As of 2021-02-24 it is simply busybox, because it is super small,
# but it's complicated because of multiarch:
#
-# img=quay.io/libpod/testimage:00000001
+# img=quay.io/libpod/testimage:0000000<current+1>
# buildah manifest create $img
-# for arch in amd64 ppc64le s390x;do
+# for arch in amd64 arm64v8 ppc64le s390x;do
# buildah pull --arch $arch docker.io/$arch/busybox:1.32.0
# buildah manifest add $img docker.io/$arch/busybox:1.32.0
# done
diff --git a/test/system/helpers.bash b/test/system/helpers.bash
index b109248ff..e0c208f57 100644
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@@ -7,14 +7,14 @@ PODMAN=${PODMAN:-podman}
PODMAN_TEST_IMAGE_REGISTRY=${PODMAN_TEST_IMAGE_REGISTRY:-"quay.io"}
PODMAN_TEST_IMAGE_USER=${PODMAN_TEST_IMAGE_USER:-"libpod"}
PODMAN_TEST_IMAGE_NAME=${PODMAN_TEST_IMAGE_NAME:-"testimage"}
-PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20210223"}
+PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20210427"}
PODMAN_TEST_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:$PODMAN_TEST_IMAGE_TAG"
PODMAN_TEST_IMAGE_ID=
# Remote image that we *DO NOT* fetch or keep by default; used for testing pull
# This changed from 0 to 1 on 2021-02-24 due to multiarch considerations; it
# should change only very rarely.
-PODMAN_NONLOCAL_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:00000001"
+PODMAN_NONLOCAL_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:00000002"
# Because who wants to spell that out each time?
IMAGE=$PODMAN_TEST_IMAGE_FQN
diff --git a/troubleshooting.md b/troubleshooting.md
index 1e21edab4..e320f20e7 100644
--- a/troubleshooting.md
+++ b/troubleshooting.md
@@ -495,10 +495,10 @@ $ podman unshare cat /proc/self/uid_map
Reference [subuid](http://man7.org/linux/man-pages/man5/subuid.5.html) and [subgid](http://man7.org/linux/man-pages/man5/subgid.5.html) man pages for more detail.
-### 20) Passed-in device can't be accessed in rootless container
+### 20) Passed-in devices or files can't be accessed in rootless container
-As a non-root user you have group access rights to a device that you want to
-pass into a rootless container with `--device=...`.
+As a non-root user you have group access rights to a device or files that you
+want to pass into a rootless container with `--device=...` or `--volume=...`
#### Symptom
@@ -507,9 +507,9 @@ Any access inside the container is rejected with "Permission denied".
#### Solution
The runtime uses `setgroups(2)` hence the process looses all additional groups
-the non-root user has. If you use the `crun` runtime, 0.10.4 or newer,
-then you can enable a workaround by adding `--annotation io.crun.keep_original_groups=1`
-to the `podman` command line.
+the non-root user has. Use the `--group-add keep-groups` flag to pass the
+user's supplementary group access into the container. Currently only available
+with the `crun` OCI runtime.
### 21) A rootless container running in detached mode is closed at logout