aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.cirrus.yml2
-rw-r--r--Makefile2
-rw-r--r--cmd/podman/cliconfig/config.go1
-rw-r--r--cmd/podman/generate_systemd.go1
-rw-r--r--contrib/cirrus/lib.sh16
-rwxr-xr-xcontrib/cirrus/update_meta.sh22
-rw-r--r--docs/source/markdown/podman-create.1.md4
-rw-r--r--docs/source/markdown/podman-exec.1.md14
-rw-r--r--docs/source/markdown/podman-generate-systemd.1.md5
-rw-r--r--docs/source/markdown/podman-inspect.1.md120
-rw-r--r--docs/source/markdown/podman-run.1.md19
-rw-r--r--libpod/image/image.go1
-rw-r--r--pkg/adapter/containers.go15
-rw-r--r--pkg/inspect/inspect.go1
-rw-r--r--pkg/systemdgen/systemdgen.go63
-rw-r--r--pkg/systemdgen/systemdgen_test.go51
-rw-r--r--test/e2e/generate_systemd_test.go28
17 files changed, 296 insertions, 69 deletions
diff --git a/.cirrus.yml b/.cirrus.yml
index 3311d0ec0..abf3d0dd8 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -296,7 +296,7 @@ meta_task:
timeout_in: 10m
# Cirrus-CI ignores entrypoint defined in image
- script: '/usr/local/bin/entrypoint.sh |& ${TIMESTAMP}'
+ script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/update_meta.sh |& ${TIMESTAMP}'
# Remove old and disused images based on labels set by meta_task
diff --git a/Makefile b/Makefile
index 9ccada5a1..9a4bceb34 100644
--- a/Makefile
+++ b/Makefile
@@ -535,7 +535,7 @@ install.libseccomp.sudo:
cd ../../seccomp/libseccomp && git checkout --detach $(LIBSECCOMP_COMMIT) && ./autogen.sh && ./configure --prefix=/usr && make all && make install
-cmd/podman/varlink/iopodman.go: cmd/podman/varlink/io.podman.varlink
+cmd/podman/varlink/iopodman.go: .gopathok cmd/podman/varlink/io.podman.varlink
GO111MODULE=off $(GO) generate ./cmd/podman/varlink/...
API.md: cmd/podman/varlink/io.podman.varlink
diff --git a/cmd/podman/cliconfig/config.go b/cmd/podman/cliconfig/config.go
index 0e4315411..b261599e6 100644
--- a/cmd/podman/cliconfig/config.go
+++ b/cmd/podman/cliconfig/config.go
@@ -163,6 +163,7 @@ type GenerateKubeValues struct {
type GenerateSystemdValues struct {
PodmanCommand
Name bool
+ New bool
Files bool
RestartPolicy string
StopTimeout int
diff --git a/cmd/podman/generate_systemd.go b/cmd/podman/generate_systemd.go
index aa202a68d..a9775f9cb 100644
--- a/cmd/podman/generate_systemd.go
+++ b/cmd/podman/generate_systemd.go
@@ -45,6 +45,7 @@ func init() {
}
flags.IntVarP(&containerSystemdCommand.StopTimeout, "timeout", "t", -1, "stop timeout override")
flags.StringVar(&containerSystemdCommand.RestartPolicy, "restart-policy", "on-failure", "applicable systemd restart-policy")
+ flags.BoolVarP(&containerSystemdCommand.New, "new", "", false, "create a new container instead of starting an existing one")
}
func generateSystemdCmd(c *cliconfig.GenerateSystemdValues) error {
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index 2e43a59f6..1e237085f 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -64,8 +64,8 @@ export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-30,xfedora-30,
export UBUNTU_BASE_IMAGE="ubuntu-1904-disco-v20190724"
export PRIOR_UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20190722a"
# Manually produced base-image names (see $SCRIPT_BASE/README.md)
-export FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1565360543"
-export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1565360543"
+export FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1578586410"
+export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1541789245"
export BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}"
# IN_PODMAN container image
IN_PODMAN_IMAGE="quay.io/libpod/in_podman:latest"
@@ -430,6 +430,18 @@ remove_packaged_podman_files() {
sync && echo 3 > /proc/sys/vm/drop_caches
}
+canonicalize_image_names() {
+ req_env_var IMGNAMES
+ echo "Adding all current base images to \$IMGNAMES for timestamp update"
+ export IMGNAMES="\
+$IMGNAMES
+$UBUNTU_BASE_IMAGE
+$PRIOR_UBUNTU_BASE_IMAGE
+$FEDORA_BASE_IMAGE
+$PRIOR_FEDORA_BASE_IMAGE
+"
+}
+
systemd_banish() {
$GOSRC/$PACKER_BASE/systemd_banish.sh
}
diff --git a/contrib/cirrus/update_meta.sh b/contrib/cirrus/update_meta.sh
new file mode 100755
index 000000000..618cd670c
--- /dev/null
+++ b/contrib/cirrus/update_meta.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+source $(dirname $0)/lib.sh
+
+# N/B: This script is expected to wrap $ENTRYPOINT when executing under the
+# 'meta' Cirrus task on the libpod repo.
+ENTRYPOINT=/usr/local/bin/entrypoint.sh
+
+req_env_var IMGNAMES BUILDID REPOREF GCPJSON GCPNAME GCPPROJECT CIRRUS_CI
+
+[[ -x "$ENTRYPOINT" ]] || \
+ die 2 "Expecting to find an installed entrypoint script $ENTRYPOINT."
+
+# A better way of checking isn't compatible with old but functional images
+# in-use by other repos.
+grep -q 'compute images update' "$ENTRYPOINT" || \
+ die 3 "Expecting to be running inside a specific imgts container image"
+
+canonicalize_image_names
+
+# Executing inside a container; proper hand-off for process control
+exec $ENTRYPOINT
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 84be23387..abde899bf 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -586,7 +586,7 @@ To make a pod with more granular options, use the `podman pod create` command be
Give extended privileges to this container. The default is *false*.
By default, Podman containers are
-“unprivileged” (=false) and cannot, for example, modify parts of the kernel.
+“unprivileged” (=false) and cannot, for example, modify parts of the operating system.
This is because by default a container is not allowed to access any devices.
A “privileged” container is given access to all devices.
@@ -595,6 +595,8 @@ to all devices on the host, turns off graphdriver mount options, as well as
turning off most of the security measures protecting the host from the
container.
+Rootless containers cannot have more privileges than the account that launched them.
+
**--publish**, **-p**=*port*
Publish a container's port, or range of ports, to the host
diff --git a/docs/source/markdown/podman-exec.1.md b/docs/source/markdown/podman-exec.1.md
index d46427c91..fc67211d1 100644
--- a/docs/source/markdown/podman-exec.1.md
+++ b/docs/source/markdown/podman-exec.1.md
@@ -43,7 +43,19 @@ Pass down to the process N additional file descriptors (in addition to 0, 1, 2).
**--privileged**
-Give the process extended Linux capabilities when running the command in container.
+Give extended privileges to this container. The default is *false*.
+
+By default, Podman containers are
+"unprivileged" and cannot, for example, modify parts of the operating system.
+This is because by default a container is only allowed limited access to devices.
+A "privileged" container is given the same access to devices as the user launching the container.
+
+A privileged container turns off the security features that isolate the
+container from the host. Dropped Capabilities, limited devices, read/only mount
+points, Apparmor/SELinux separation, and Seccomp filters are all disabled.
+
+Rootless containers cannot have more privileges than the account that launched them.
+
**--tty**, **-t**
diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md
index b81e68a46..4d3f9ba48 100644
--- a/docs/source/markdown/podman-generate-systemd.1.md
+++ b/docs/source/markdown/podman-generate-systemd.1.md
@@ -22,11 +22,16 @@ Generate files instead of printing to stdout. The generated files are named {co
Use the name of the container for the start, stop, and description in the unit file
+**--new**
+
+Create a new container via podman-run instead of starting an existing one. This option relies on container configuration files, which may not map directly to podman CLI flags; please review the generated output carefully before placing in production.
+
**--timeout**, **-t**=*value*
Override the default stop timeout for the container with the given value.
**--restart-policy**=*policy*
+
Set the systemd restart policy. The restart-policy must be one of: "no", "on-success", "on-failure", "on-abnormal",
"on-watchdog", "on-abort", or "always". The default policy is *on-failure*.
diff --git a/docs/source/markdown/podman-inspect.1.md b/docs/source/markdown/podman-inspect.1.md
index f1630c713..ad4d0659e 100644
--- a/docs/source/markdown/podman-inspect.1.md
+++ b/docs/source/markdown/podman-inspect.1.md
@@ -43,49 +43,83 @@ Display the total file size if the type is a container
```
# podman inspect fedora
-{
- "Id": "422dc563ca3260ad9ef5c47a1c246f5065d7f177ce51f4dd208efd82967ff182",
- "Digest": "sha256:1b9bfb4e634dc1e5c19d0fa1eb2e5a28a5c2b498e3d3e4ac742bd7f5dae08611",
- "RepoTags": [
- "docker.io/library/fedora:latest"
- ],
- "RepoDigests": [
- "docker.io/library/fedora@sha256:1b9bfb4e634dc1e5c19d0fa1eb2e5a28a5c2b498e3d3e4ac742bd7f5dae08611"
- ],
- "Parent": "",
- "Comment": "",
- "Created": "2017-11-14T21:07:08.475840838Z",
- "Config": {
- "Env": [
- "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
- "DISTTAG=f27container",
- "FGC=f27",
- "FBR=f27"
- ]
- },
- "Version": "17.06.2-ce",
- "Author": "[Adam Miller \u003cmaxamillion@fedoraproject.org\u003e] [Patrick Uiterwijk \u003cpatrick@puiterwijk.org\u003e]",
- "Architecture": "amd64",
- "Os": "linux",
- "Size": 251722732,
- "VirtualSize": 514895140,
- "GraphDriver": {
- "Name": "overlay",
- "Data": {
- "MergedDir": "/var/lib/containers/storage/overlay/d32459d9ce237564fb93573b85cbc707600d43fbe5e46e8eeef22cad914bb516/merged",
- "UpperDir": "/var/lib/containers/storage/overlay/d32459d9ce237564fb93573b85cbc707600d43fbe5e46e8eeef22cad914bb516/diff",
- "WorkDir": "/var/lib/containers/storage/overlay/d32459d9ce237564fb93573b85cbc707600d43fbe5e46e8eeef22cad914bb516/work"
- }
- },
- "RootFS": {
- "Type": "layers",
- "Layers": [
- "sha256:d32459d9ce237564fb93573b85cbc707600d43fbe5e46e8eeef22cad914bb516"
- ]
- },
- "Labels": null,
- "Annotations": {}
-}
+[
+ {
+ "Id": "f0858ad3febdf45bb2e5501cb459affffacef081f79eaa436085c3b6d9bd46ca",
+ "Digest": "sha256:d4f7df6b691d61af6cee7328f82f1d8afdef63bc38f58516858ae3045083924a",
+ "RepoTags": [
+ "docker.io/library/fedora:latest"
+ ],
+ "RepoDigests": [
+ "docker.io/library/fedora@sha256:8fa60b88e2a7eac8460b9c0104b877f1aa0cea7fbc03c701b7e545dacccfb433",
+ "docker.io/library/fedora@sha256:d4f7df6b691d61af6cee7328f82f1d8afdef63bc38f58516858ae3045083924a"
+ ],
+ "Parent": "",
+ "Comment": "",
+ "Created": "2019-10-29T03:23:37.695123423Z",
+ "Config": {
+ "Env": [
+ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+ "DISTTAG=f31-updates-candidatecontainer",
+ "FGC=f31-updates-candidate",
+ "FBR=f31-updates-candidate"
+ ],
+ "Cmd": [
+ "/bin/bash"
+ ],
+ "Labels": {
+ "maintainer": "Clement Verna \u003ccverna@fedoraproject.org\u003e"
+ }
+ },
+ "Version": "18.06.1-ce",
+ "Author": "",
+ "Architecture": "amd64",
+ "Os": "linux",
+ "Size": 201096840,
+ "VirtualSize": 201096840,
+ "GraphDriver": {
+ "Name": "overlay",
+ "Data": {
+ "UpperDir": "/home/user/.local/share/containers/storage/overlay/2ae3cee18c8ef9e0d448649747dab81c4f1ca2714a8c4550eff49574cab262c9/diff",
+ "WorkDir": "/home/user/.local/share/containers/storage/overlay/2ae3cee18c8ef9e0d448649747dab81c4f1ca2714a8c4550eff49574cab262c9/work"
+ }
+ },
+ "RootFS": {
+ "Type": "layers",
+ "Layers": [
+ "sha256:2ae3cee18c8ef9e0d448649747dab81c4f1ca2714a8c4550eff49574cab262c9"
+ ]
+ },
+ "Labels": {
+ "maintainer": "Clement Verna \u003ccverna@fedoraproject.org\u003e"
+ },
+ "Annotations": {},
+ "ManifestType": "application/vnd.docker.distribution.manifest.v2+json",
+ "User": "",
+ "History": [
+ {
+ "created": "2019-01-16T21:21:55.569693599Z",
+ "created_by": "/bin/sh -c #(nop) LABEL maintainer=Clement Verna \u003ccverna@fedoraproject.org\u003e",
+ "empty_layer": true
+ },
+ {
+ "created": "2019-09-27T21:21:07.784469821Z",
+ "created_by": "/bin/sh -c #(nop) ENV DISTTAG=f31-updates-candidatecontainer FGC=f31-updates-candidate FBR=f31-updates-candidate",
+ "empty_layer": true
+ },
+ {
+ "created": "2019-10-29T03:23:37.355187998Z",
+ "created_by": "/bin/sh -c #(nop) ADD file:298f828afc880ccde9205fc4418435d5e696ad165e283f0530d0b1a74326d6dc in / "
+ },
+ {
+ "created": "2019-10-29T03:23:37.695123423Z",
+ "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]",
+ "empty_layer": true
+ }
+ ],
+ "NamesHistory": []
+ }
+]
```
```
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 0f471f7e6..9484ad347 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -599,15 +599,16 @@ If a container is run with a pod, and the pod has an infra-container, the infra-
Give extended privileges to this container. The default is *false*.
-By default, Podman containers are “unprivileged” (=false) and cannot,
-for example, modify parts of the kernel. This is because by default a
-container is not allowed to access any devices. A “privileged” container
-is given access to all devices.
-
-When the operator executes **podman run --privileged**, Podman enables access
-to all devices on the host, turns off graphdriver mount options, as well as
-turning off most of the security measures protecting the host from the
-container.
+By default, Podman containers are “unprivileged” (=false) and cannot, for
+example, modify parts of the operating system. This is because by default a
+container is only allowed limited access to devices. A "privileged" container
+is given the same access to devices as the user launching the container.
+
+A privileged container turns off the security features that isolate the
+container from the host. Dropped Capabilities, limited devices, read/only mount
+points, Apparmor/SELinux separation, and Seccomp filters are all disabled.
+
+Rootless containers cannot have more privileges than the account that launched them.
**--publish**, **-p**=*port*
diff --git a/libpod/image/image.go b/libpod/image/image.go
index 9a4663bac..503282156 100644
--- a/libpod/image/image.go
+++ b/libpod/image/image.go
@@ -1011,6 +1011,7 @@ func (i *Image) Inspect(ctx context.Context) (*inspect.ImageData, error) {
ManifestType: manifestType,
User: ociv1Img.Config.User,
History: ociv1Img.History,
+ NamesHistory: i.NamesHistory(),
}
return data, nil
}
diff --git a/pkg/adapter/containers.go b/pkg/adapter/containers.go
index fe7e0e521..4228c3dca 100644
--- a/pkg/adapter/containers.go
+++ b/pkg/adapter/containers.go
@@ -1230,6 +1230,7 @@ func (r *LocalRuntime) generateSystemdgenContainerInfo(c *cliconfig.GenerateSyst
PIDFile: conmonPidFile,
StopTimeout: timeout,
GenerateTimestamp: true,
+ CreateCommand: config.CreateCommand,
}
return info, true, nil
@@ -1237,11 +1238,21 @@ func (r *LocalRuntime) generateSystemdgenContainerInfo(c *cliconfig.GenerateSyst
// GenerateSystemd creates a unit file for a container or pod.
func (r *LocalRuntime) GenerateSystemd(c *cliconfig.GenerateSystemdValues) (string, error) {
+ opts := systemdgen.Options{
+ Files: c.Files,
+ New: c.New,
+ }
+
// First assume it's a container.
if info, found, err := r.generateSystemdgenContainerInfo(c, c.InputArgs[0], nil); found && err != nil {
return "", err
} else if found && err == nil {
- return systemdgen.CreateContainerSystemdUnit(info, c.Files)
+ return systemdgen.CreateContainerSystemdUnit(info, opts)
+ }
+
+ // --new does not support pods.
+ if c.New {
+ return "", errors.Errorf("error generating systemd unit files: cannot generate generic files for a pod")
}
// We're either having a pod or garbage.
@@ -1312,7 +1323,7 @@ func (r *LocalRuntime) GenerateSystemd(c *cliconfig.GenerateSystemdValues) (stri
if i > 0 {
builder.WriteByte('\n')
}
- out, err := systemdgen.CreateContainerSystemdUnit(info, c.Files)
+ out, err := systemdgen.CreateContainerSystemdUnit(info, opts)
if err != nil {
return "", err
}
diff --git a/pkg/inspect/inspect.go b/pkg/inspect/inspect.go
index ec3d98613..8249dc4aa 100644
--- a/pkg/inspect/inspect.go
+++ b/pkg/inspect/inspect.go
@@ -31,6 +31,7 @@ type ImageData struct {
ManifestType string `json:"ManifestType"`
User string `json:"User"`
History []v1.History `json:"History"`
+ NamesHistory []string `json:"NamesHistory"`
}
// RootFS holds the root fs information of an image
diff --git a/pkg/systemdgen/systemdgen.go b/pkg/systemdgen/systemdgen.go
index 09d3c6fd5..b6167a23e 100644
--- a/pkg/systemdgen/systemdgen.go
+++ b/pkg/systemdgen/systemdgen.go
@@ -7,6 +7,7 @@ import (
"os"
"path/filepath"
"sort"
+ "strings"
"text/template"
"time"
@@ -48,6 +49,14 @@ type ContainerInfo struct {
Executable string
// TimeStamp at the time of creating the unit file. Will be set internally.
TimeStamp string
+ // New controls if a new container is created or if an existing one is started.
+ New bool
+ // CreateCommand is the full command plus arguments of the process the
+ // container has been created with.
+ CreateCommand []string
+ // RunCommand is a post-processed variant of CreateCommand and used for
+ // the ExecStart field in generic unit files.
+ RunCommand string
}
var restartPolicies = []string{"no", "on-success", "on-failure", "on-abnormal", "on-watchdog", "on-abort", "always"}
@@ -84,17 +93,35 @@ Before={{- range $index, $value := .RequiredServices -}}{{if $index}} {{end}}{{
[Service]
Restart={{.RestartPolicy}}
+{{- if .New}}
+ExecStartPre=/usr/bin/rm -f /%t/%n-pid /%t/%n-cid
+ExecStart={{.RunCommand}}
+ExecStop={{.Executable}} stop --cidfile /%t/%n-cid {{if (ge .StopTimeout 0)}}-t {{.StopTimeout}}{{end}}
+ExecStopPost={{.Executable}} rm -f --cidfile /%t/%n-cid
+PIDFile=/%t/%n-pid
+{{- else}}
ExecStart={{.Executable}} start {{.ContainerName}}
ExecStop={{.Executable}} stop {{if (ge .StopTimeout 0)}}-t {{.StopTimeout}}{{end}} {{.ContainerName}}
+PIDFile={{.PIDFile}}
+{{- end}}
KillMode=none
Type=forking
-PIDFile={{.PIDFile}}
[Install]
WantedBy=multi-user.target`
+// Options include different options to control the unit file generation.
+type Options struct {
+ // When set, generate service files in the current working directory and
+ // return the paths to these files instead of returning all contents in one
+ // big string.
+ Files bool
+ // New controls if a new container is created or if an existing one is started.
+ New bool
+}
+
// CreateContainerSystemdUnit creates a systemd unit file for a container.
-func CreateContainerSystemdUnit(info *ContainerInfo, generateFiles bool) (string, error) {
+func CreateContainerSystemdUnit(info *ContainerInfo, opts Options) (string, error) {
if err := validateRestartPolicy(info.RestartPolicy); err != nil {
return "", err
}
@@ -109,6 +136,36 @@ func CreateContainerSystemdUnit(info *ContainerInfo, generateFiles bool) (string
info.Executable = executable
}
+ // Assemble the ExecStart command when creating a new container.
+ //
+ // Note that we cannot catch all corner cases here such that users
+ // *must* manually check the generated files. A container might have
+ // been created via a Python script, which would certainly yield an
+ // invalid `info.CreateCommand`. Hence, we're doing a best effort unit
+ // generation and don't try aiming at completeness.
+ if opts.New {
+ // The create command must at least have three arguments:
+ // /usr/bin/podman run $IMAGE
+ index := 2
+ if info.CreateCommand[1] == "container" {
+ index = 3
+ }
+ if len(info.CreateCommand) < index+1 {
+ return "", errors.Errorf("container's create command is too short or invalid: %v", info.CreateCommand)
+ }
+ // We're hard-coding the first four arguments and append the
+ // CreatCommand with a stripped command and subcomand.
+ command := []string{
+ info.Executable,
+ "run",
+ "--conmon-pidfile", "/%t/%n-pid",
+ "--cidfile", "/%t/%n-cid",
+ }
+ command = append(command, info.CreateCommand[index:]...)
+ info.RunCommand = strings.Join(command, " ")
+ info.New = true
+ }
+
if info.PodmanVersion == "" {
info.PodmanVersion = version.Version
}
@@ -131,7 +188,7 @@ func CreateContainerSystemdUnit(info *ContainerInfo, generateFiles bool) (string
return "", err
}
- if !generateFiles {
+ if !opts.Files {
return buf.String(), nil
}
diff --git a/pkg/systemdgen/systemdgen_test.go b/pkg/systemdgen/systemdgen_test.go
index 1ddb0c514..e1da7e8e0 100644
--- a/pkg/systemdgen/systemdgen_test.go
+++ b/pkg/systemdgen/systemdgen_test.go
@@ -44,9 +44,9 @@ Documentation=man:podman-generate-systemd(1)
Restart=always
ExecStart=/usr/bin/podman start 639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401
ExecStop=/usr/bin/podman stop -t 10 639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401
+PIDFile=/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
KillMode=none
Type=forking
-PIDFile=/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
[Install]
WantedBy=multi-user.target`
@@ -62,9 +62,9 @@ Documentation=man:podman-generate-systemd(1)
Restart=always
ExecStart=/usr/bin/podman start foobar
ExecStop=/usr/bin/podman stop -t 10 foobar
+PIDFile=/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
KillMode=none
Type=forking
-PIDFile=/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
[Install]
WantedBy=multi-user.target`
@@ -84,9 +84,9 @@ After=a.service b.service c.service pod.service
Restart=always
ExecStart=/usr/bin/podman start foobar
ExecStop=/usr/bin/podman stop -t 10 foobar
+PIDFile=/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
KillMode=none
Type=forking
-PIDFile=/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
[Install]
WantedBy=multi-user.target`
@@ -104,9 +104,29 @@ Before=container-1.service container-2.service
Restart=always
ExecStart=/usr/bin/podman start jadda-jadda-infra
ExecStop=/usr/bin/podman stop -t 10 jadda-jadda-infra
+PIDFile=/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
+KillMode=none
+Type=forking
+
+[Install]
+WantedBy=multi-user.target`
+
+ goodNameNew := `# jadda-jadda.service
+# autogenerated by Podman CI
+
+[Unit]
+Description=Podman jadda-jadda.service
+Documentation=man:podman-generate-systemd(1)
+
+[Service]
+Restart=always
+ExecStartPre=/usr/bin/rm -f /%t/%n-pid /%t/%n-cid
+ExecStart=/usr/bin/podman run --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid --name jadda-jadda --hostname hello-world awesome-image:latest command arg1 ... argN
+ExecStop=/usr/bin/podman stop --cidfile /%t/%n-cid -t 42
+ExecStopPost=/usr/bin/podman rm -f --cidfile /%t/%n-cid
+PIDFile=/%t/%n-pid
KillMode=none
Type=forking
-PIDFile=/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
[Install]
WantedBy=multi-user.target`
@@ -184,16 +204,35 @@ WantedBy=multi-user.target`
"",
true,
},
+ {"good with name and generic",
+ ContainerInfo{
+ Executable: "/usr/bin/podman",
+ ServiceName: "jadda-jadda",
+ ContainerName: "jadda-jadda",
+ RestartPolicy: "always",
+ PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid",
+ StopTimeout: 42,
+ PodmanVersion: "CI",
+ New: true,
+ CreateCommand: []string{"I'll get stripped", "container", "run", "--name", "jadda-jadda", "--hostname", "hello-world", "awesome-image:latest", "command", "arg1", "...", "argN"},
+ },
+ goodNameNew,
+ false,
+ },
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
- got, err := CreateContainerSystemdUnit(&tt.info, false)
+ opts := Options{
+ Files: false,
+ New: tt.info.New,
+ }
+ got, err := CreateContainerSystemdUnit(&tt.info, opts)
if (err != nil) != tt.wantErr {
t.Errorf("CreateContainerSystemdUnit() error = \n%v, wantErr \n%v", err, tt.wantErr)
return
}
if got != tt.want {
- t.Errorf("CreateContainerSystemdUnit() = \n%v, want \n%v", got, tt.want)
+ t.Errorf("CreateContainerSystemdUnit() = \n%v\n---------> want\n%v", got, tt.want)
}
})
}
diff --git a/test/e2e/generate_systemd_test.go b/test/e2e/generate_systemd_test.go
index 91072b023..f0fef41a4 100644
--- a/test/e2e/generate_systemd_test.go
+++ b/test/e2e/generate_systemd_test.go
@@ -177,4 +177,32 @@ var _ = Describe("Podman generate systemd", func() {
found, _ = session.GrepString("/container-foo-1.service")
Expect(found).To(BeTrue())
})
+
+ It("podman generate systemd --new", func() {
+ n := podmanTest.Podman([]string{"create", "--name", "foo", "alpine", "top"})
+ n.WaitWithDefaultTimeout()
+ Expect(n.ExitCode()).To(Equal(0))
+
+ session := podmanTest.Podman([]string{"generate", "systemd", "--timeout", "42", "--name", "--new", "foo"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ // Grepping the output (in addition to unit tests)
+ found, _ := session.GrepString("# container-foo.service")
+ Expect(found).To(BeTrue())
+
+ found, _ = session.GrepString("stop --cidfile /%t/%n-cid -t 42")
+ Expect(found).To(BeTrue())
+ })
+
+ It("podman generate systemd --new pod", func() {
+ n := podmanTest.Podman([]string{"pod", "create", "--name", "foo"})
+ n.WaitWithDefaultTimeout()
+ Expect(n.ExitCode()).To(Equal(0))
+
+ session := podmanTest.Podman([]string{"generate", "systemd", "--timeout", "42", "--name", "--new", "foo"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(125))
+ })
+
})