diff options
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container_exec.go | 79 | ||||
| -rw-r--r-- | libpod/container_inspect.go | 652 | ||||
| -rw-r--r-- | libpod/define/config.go | 2 | ||||
| -rw-r--r-- | libpod/define/container_inspect.go | 624 | ||||
| -rw-r--r-- | libpod/define/inspect.go | 54 | ||||
| -rw-r--r-- | libpod/healthcheck.go | 32 | ||||
| -rw-r--r-- | libpod/networking_linux.go | 45 | ||||
| -rw-r--r-- | libpod/networking_unsupported.go | 2 | ||||
| -rw-r--r-- | libpod/oci_conmon_linux.go | 1 | ||||
| -rw-r--r-- | libpod/options.go | 2 | ||||
| -rw-r--r-- | libpod/runtime_ctr.go | 18 | ||||
| -rw-r--r-- | libpod/runtime_volume.go | 11 |
12 files changed, 786 insertions, 736 deletions
diff --git a/libpod/container_exec.go b/libpod/container_exec.go index 7ed7a3343..5469462f8 100644 --- a/libpod/container_exec.go +++ b/libpod/container_exec.go @@ -94,67 +94,14 @@ func (e *ExecSession) ContainerID() string { return e.ContainerId } -// InspectExecSession contains information about a given exec session. -type InspectExecSession struct { - // CanRemove is legacy and used purely for compatibility reasons. - // Will always be set to true, unless the exec session is running. - CanRemove bool `json:"CanRemove"` - // ContainerID is the ID of the container this exec session is attached - // to. - ContainerID string `json:"ContainerID"` - // DetachKeys are the detach keys used by the exec session. - // If set to "" the default keys are being used. - // Will show "<none>" if no detach keys are set. - DetachKeys string `json:"DetachKeys"` - // ExitCode is the exit code of the exec session. Will be set to 0 if - // the exec session has not yet exited. - ExitCode int `json:"ExitCode"` - // ID is the ID of the exec session. - ID string `json:"ID"` - // OpenStderr is whether the container's STDERR stream will be attached. - // Always set to true if the exec session created a TTY. - OpenStderr bool `json:"OpenStderr"` - // OpenStdin is whether the container's STDIN stream will be attached - // to. - OpenStdin bool `json:"OpenStdin"` - // OpenStdout is whether the container's STDOUT stream will be attached. - // Always set to true if the exec session created a TTY. - OpenStdout bool `json:"OpenStdout"` - // Running is whether the exec session is running. - Running bool `json:"Running"` - // Pid is the PID of the exec session's process. - // Will be set to 0 if the exec session is not running. - Pid int `json:"Pid"` - // ProcessConfig contains information about the exec session's process. - ProcessConfig *InspectExecProcess `json:"ProcessConfig"` -} - -// InspectExecProcess contains information about the process in a given exec -// session. -type InspectExecProcess struct { - // Arguments are the arguments to the entrypoint command of the exec - // session. - Arguments []string `json:"arguments"` - // Entrypoint is the entrypoint for the exec session (the command that - // will be executed in the container). - Entrypoint string `json:"entrypoint"` - // Privileged is whether the exec session will be started with elevated - // privileges. - Privileged bool `json:"privileged"` - // Tty is whether the exec session created a terminal. - Tty bool `json:"tty"` - // User is the user the exec session was started as. - User string `json:"user"` -} - // Inspect inspects the given exec session and produces detailed output on its // configuration and current state. -func (e *ExecSession) Inspect() (*InspectExecSession, error) { +func (e *ExecSession) Inspect() (*define.InspectExecSession, error) { if e.Config == nil { return nil, errors.Wrapf(define.ErrInternal, "given exec session does not have a configuration block") } - output := new(InspectExecSession) + output := new(define.InspectExecSession) output.CanRemove = e.State != define.ExecStateRunning output.ContainerID = e.ContainerId if e.Config.DetachKeys != nil { @@ -167,7 +114,7 @@ func (e *ExecSession) Inspect() (*InspectExecSession, error) { output.OpenStdout = e.Config.AttachStdout output.Running = e.State == define.ExecStateRunning output.Pid = e.PID - output.ProcessConfig = new(InspectExecProcess) + output.ProcessConfig = new(define.InspectExecProcess) if len(e.Config.Command) > 0 { output.ProcessConfig.Entrypoint = e.Config.Command[0] if len(e.Config.Command) > 1 { @@ -213,6 +160,11 @@ func (c *Container) ExecCreate(config *ExecConfig) (string, error) { return "", errors.Wrapf(define.ErrInvalidArg, "cannot specify streams to attach to when exec session has a pseudoterminal") } + // Verify that we are in a good state to continue + if !c.ensureState(define.ContainerStateRunning) { + return "", errors.Wrapf(define.ErrCtrStateInvalid, "can only create exec sessions on running containers") + } + // Generate an ID for our new exec session sessionID := stringid.GenerateNonCryptoID() found := true @@ -279,6 +231,11 @@ func (c *Container) ExecStartAndAttach(sessionID string, streams *AttachStreams) } } + // Verify that we are in a good state to continue + if !c.ensureState(define.ContainerStateRunning) { + return errors.Wrapf(define.ErrCtrStateInvalid, "can only start exec sessions when their container is running") + } + session, ok := c.state.ExecSessions[sessionID] if !ok { return errors.Wrapf(define.ErrNoSuchExecSession, "container %s has no exec session with ID %s", c.ID(), sessionID) @@ -575,7 +532,7 @@ func (c *Container) ExecResize(sessionID string, newSize remotecommand.TerminalS return errors.Wrapf(define.ErrNoSuchExecSession, "container %s has no exec session with ID %s", c.ID(), sessionID) } - logrus.Infof("Removing container %s exec session %s", c.ID(), session.ID()) + logrus.Infof("Resizing container %s exec session %s to %+v", c.ID(), session.ID(), newSize) if session.State != define.ExecStateRunning { return errors.Wrapf(define.ErrExecSessionStateInvalid, "cannot resize container %s exec session %s as it is not running", c.ID(), session.ID()) @@ -592,9 +549,6 @@ func (c *Container) Exec(config *ExecConfig, streams *AttachStreams, resize <-ch if err != nil { return -1, err } - if err := c.ExecStartAndAttach(sessionID, streams); err != nil { - return -1, err - } // Start resizing if we have a resize channel. // This goroutine may likely leak, given that we cannot close it here. @@ -605,6 +559,7 @@ func (c *Container) Exec(config *ExecConfig, streams *AttachStreams, resize <-ch // session. if resize != nil { go func() { + logrus.Debugf("Sending resize events to exec session %s", sessionID) for resizeRequest := range resize { if err := c.ExecResize(sessionID, resizeRequest); err != nil { // Assume the exec session went down. @@ -615,6 +570,10 @@ func (c *Container) Exec(config *ExecConfig, streams *AttachStreams, resize <-ch }() } + if err := c.ExecStartAndAttach(sessionID, streams); err != nil { + return -1, err + } + session, err := c.ExecSession(sessionID) if err != nil { return -1, err diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index 50ae72499..7552eb483 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -3,13 +3,10 @@ package libpod import ( "fmt" "strings" - "time" - "github.com/containers/image/v5/manifest" "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/libpod/driver" "github.com/containers/libpod/pkg/util" - "github.com/cri-o/ocicni/pkg/ocicni" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/runtime-tools/validate" @@ -85,602 +82,9 @@ const ( InspectResponseFalse = "FALSE" ) -// InspectContainerData provides a detailed record of a container's configuration -// and state as viewed by Libpod. -// Large portions of this structure are defined such that the output is -// compatible with `docker inspect` JSON, but additional fields have been added -// as required to share information not in the original output. -type InspectContainerData struct { - ID string `json:"Id"` - Created time.Time `json:"Created"` - Path string `json:"Path"` - Args []string `json:"Args"` - State *InspectContainerState `json:"State"` - Image string `json:"Image"` - ImageName string `json:"ImageName"` - Rootfs string `json:"Rootfs"` - Pod string `json:"Pod"` - ResolvConfPath string `json:"ResolvConfPath"` - HostnamePath string `json:"HostnamePath"` - HostsPath string `json:"HostsPath"` - StaticDir string `json:"StaticDir"` - OCIConfigPath string `json:"OCIConfigPath,omitempty"` - OCIRuntime string `json:"OCIRuntime,omitempty"` - LogPath string `json:"LogPath"` - LogTag string `json:"LogTag"` - ConmonPidFile string `json:"ConmonPidFile"` - Name string `json:"Name"` - RestartCount int32 `json:"RestartCount"` - Driver string `json:"Driver"` - MountLabel string `json:"MountLabel"` - ProcessLabel string `json:"ProcessLabel"` - AppArmorProfile string `json:"AppArmorProfile"` - EffectiveCaps []string `json:"EffectiveCaps"` - BoundingCaps []string `json:"BoundingCaps"` - ExecIDs []string `json:"ExecIDs"` - GraphDriver *driver.Data `json:"GraphDriver"` - SizeRw *int64 `json:"SizeRw,omitempty"` - SizeRootFs int64 `json:"SizeRootFs,omitempty"` - Mounts []InspectMount `json:"Mounts"` - Dependencies []string `json:"Dependencies"` - NetworkSettings *InspectNetworkSettings `json:"NetworkSettings"` //TODO - ExitCommand []string `json:"ExitCommand"` - Namespace string `json:"Namespace"` - IsInfra bool `json:"IsInfra"` - Config *InspectContainerConfig `json:"Config"` - HostConfig *InspectContainerHostConfig `json:"HostConfig"` -} - -// InspectContainerConfig holds further data about how a container was initially -// configured. -type InspectContainerConfig struct { - // Container hostname - Hostname string `json:"Hostname"` - // Container domain name - unused at present - DomainName string `json:"Domainname"` - // User the container was launched with - User string `json:"User"` - // Unused, at present - AttachStdin bool `json:"AttachStdin"` - // Unused, at present - AttachStdout bool `json:"AttachStdout"` - // Unused, at present - AttachStderr bool `json:"AttachStderr"` - // Whether the container creates a TTY - Tty bool `json:"Tty"` - // Whether the container leaves STDIN open - OpenStdin bool `json:"OpenStdin"` - // Whether STDIN is only left open once. - // Presently not supported by Podman, unused. - StdinOnce bool `json:"StdinOnce"` - // Container environment variables - Env []string `json:"Env"` - // Container command - Cmd []string `json:"Cmd"` - // Container image - Image string `json:"Image"` - // Unused, at present. I've never seen this field populated. - Volumes map[string]struct{} `json:"Volumes"` - // Container working directory - WorkingDir string `json:"WorkingDir"` - // Container entrypoint - Entrypoint string `json:"Entrypoint"` - // On-build arguments - presently unused. More of Buildah's domain. - OnBuild *string `json:"OnBuild"` - // Container labels - Labels map[string]string `json:"Labels"` - // Container annotations - Annotations map[string]string `json:"Annotations"` - // Container stop signal - StopSignal uint `json:"StopSignal"` - // Configured healthcheck for the container - Healthcheck *manifest.Schema2HealthConfig `json:"Healthcheck,omitempty"` - // CreateCommand is the full command plus arguments of the process the - // container has been created with. - CreateCommand []string `json:"CreateCommand,omitempty"` -} - -// InspectContainerHostConfig holds information used when the container was -// created. -// It's very much a Docker-specific struct, retained (mostly) as-is for -// compatibility. We fill individual fields as best as we can, inferring as much -// as possible from the spec and container config. -// Some things cannot be inferred. These will be populated by spec annotations -// (if available). -// Field names are fixed for compatibility and cannot be changed. -// As such, silence lint warnings about them. -//nolint -type InspectContainerHostConfig struct { - // Binds contains an array of user-added mounts. - // Both volume mounts and named volumes are included. - // Tmpfs mounts are NOT included. - // In 'docker inspect' this is separated into 'Binds' and 'Mounts' based - // on how a mount was added. We do not make this distinction and do not - // include a Mounts field in inspect. - // Format: <src>:<destination>[:<comma-separated options>] - Binds []string `json:"Binds"` - // ContainerIDFile is a file created during container creation to hold - // the ID of the created container. - // This is not handled within libpod and is stored in an annotation. - ContainerIDFile string `json:"ContainerIDFile"` - // LogConfig contains information on the container's logging backend - LogConfig *InspectLogConfig `json:"LogConfig"` - // NetworkMode is the configuration of the container's network - // namespace. - // Populated as follows: - // default - A network namespace is being created and configured via CNI - // none - A network namespace is being created, not configured via CNI - // host - No network namespace created - // container:<id> - Using another container's network namespace - // ns:<path> - A path to a network namespace has been specified - NetworkMode string `json:"NetworkMode"` - // PortBindings contains the container's port bindings. - // It is formatted as map[string][]InspectHostPort. - // The string key here is formatted as <integer port number>/<protocol> - // and represents the container port. A single container port may be - // bound to multiple host ports (on different IPs). - PortBindings map[string][]InspectHostPort `json:"PortBindings"` - // RestartPolicy contains the container's restart policy. - RestartPolicy *InspectRestartPolicy `json:"RestartPolicy"` - // AutoRemove is whether the container will be automatically removed on - // exiting. - // It is not handled directly within libpod and is stored in an - // annotation. - AutoRemove bool `json:"AutoRemove"` - // VolumeDriver is presently unused and is retained for Docker - // compatibility. - VolumeDriver string `json:"VolumeDriver"` - // VolumesFrom is a list of containers which this container uses volumes - // from. This is not handled directly within libpod and is stored in an - // annotation. - // It is formatted as an array of container names and IDs. - VolumesFrom []string `json:"VolumesFrom"` - // CapAdd is a list of capabilities added to the container. - // It is not directly stored by Libpod, and instead computed from the - // capabilities listed in the container's spec, compared against a set - // of default capabilities. - CapAdd []string `json:"CapAdd"` - // CapDrop is a list of capabilities removed from the container. - // It is not directly stored by libpod, and instead computed from the - // capabilities listed in the container's spec, compared against a set - // of default capabilities. - CapDrop []string `json:"CapDrop"` - // Dns is a list of DNS nameservers that will be added to the - // container's resolv.conf - Dns []string `json:"Dns"` - // DnsOptions is a list of DNS options that will be set in the - // container's resolv.conf - DnsOptions []string `json:"DnsOptions"` - // DnsSearch is a list of DNS search domains that will be set in the - // container's resolv.conf - DnsSearch []string `json:"DnsSearch"` - // ExtraHosts contains hosts that will be aded to the container's - // /etc/hosts. - ExtraHosts []string `json:"ExtraHosts"` - // GroupAdd contains groups that the user inside the container will be - // added to. - GroupAdd []string `json:"GroupAdd"` - // IpcMode represents the configuration of the container's IPC - // namespace. - // Populated as follows: - // "" (empty string) - Default, an IPC namespace will be created - // host - No IPC namespace created - // container:<id> - Using another container's IPC namespace - // ns:<path> - A path to an IPC namespace has been specified - IpcMode string `json:"IpcMode"` - // Cgroup contains the container's cgroup. It is presently not - // populated. - // TODO. - Cgroup string `json:"Cgroup"` - // Cgroups contains the container's CGroup mode. - // Allowed values are "default" (container is creating CGroups) and - // "disabled" (container is not creating CGroups). - // This is Libpod-specific and not included in `docker inspect`. - Cgroups string `json:"Cgroups"` - // Links is unused, and provided purely for Docker compatibility. - Links []string `json:"Links"` - // OOMScoreAdj is an adjustment that will be made to the container's OOM - // score. - OomScoreAdj int `json:"OomScoreAdj"` - // PidMode represents the configuration of the container's PID - // namespace. - // Populated as follows: - // "" (empty string) - Default, a PID namespace will be created - // host - No PID namespace created - // container:<id> - Using another container's PID namespace - // ns:<path> - A path to a PID namespace has been specified - PidMode string `json:"PidMode"` - // Privileged indicates whether the container is running with elevated - // privileges. - // This has a very specific meaning in the Docker sense, so it's very - // difficult to decode from the spec and config, and so is stored as an - // annotation. - Privileged bool `json:"Privileged"` - // PublishAllPorts indicates whether image ports are being published. - // This is not directly stored in libpod and is saved as an annotation. - PublishAllPorts bool `json:"PublishAllPorts"` - // ReadonlyRootfs is whether the container will be mounted read-only. - ReadonlyRootfs bool `json:"ReadonlyRootfs"` - // SecurityOpt is a list of security-related options that are set in the - // container. - SecurityOpt []string `json:"SecurityOpt"` - // Tmpfs is a list of tmpfs filesystems that will be mounted into the - // container. - // It is a map of destination path to options for the mount. - Tmpfs map[string]string `json:"Tmpfs"` - // UTSMode represents the configuration of the container's UID - // namespace. - // Populated as follows: - // "" (empty string) - Default, a UTS namespace will be created - // host - no UTS namespace created - // container:<id> - Using another container's UTS namespace - // ns:<path> - A path to a UTS namespace has been specified - UTSMode string `json:"UTSMode"` - // UsernsMode represents the configuration of the container's user - // namespace. - // When running rootless, a user namespace is created outside of libpod - // to allow some privileged operations. This will not be reflected here. - // Populated as follows: - // "" (empty string) - No user namespace will be created - // private - The container will be run in a user namespace - // container:<id> - Using another container's user namespace - // ns:<path> - A path to a user namespace has been specified - // TODO Rootless has an additional 'keep-id' option, presently not - // reflected here. - UsernsMode string `json:"UsernsMode"` - // ShmSize is the size of the container's SHM device. - ShmSize int64 `json:"ShmSize"` - // Runtime is provided purely for Docker compatibility. - // It is set unconditionally to "oci" as Podman does not presently - // support non-OCI runtimes. - Runtime string `json:"Runtime"` - // ConsoleSize is an array of 2 integers showing the size of the - // container's console. - // It is only set if the container is creating a terminal. - // TODO. - ConsoleSize []uint `json:"ConsoleSize"` - // Isolation is presently unused and provided solely for Docker - // compatibility. - Isolation string `json:"Isolation"` - // CpuShares indicates the CPU resources allocated to the container. - // It is a relative weight in the scheduler for assigning CPU time - // versus other CGroups. - CpuShares uint64 `json:"CpuShares"` - // Memory indicates the memory resources allocated to the container. - // This is the limit (in bytes) of RAM the container may use. - Memory int64 `json:"Memory"` - // NanoCpus indicates number of CPUs allocated to the container. - // It is an integer where one full CPU is indicated by 1000000000 (one - // billion). - // Thus, 2.5 CPUs (fractional portions of CPUs are allowed) would be - // 2500000000 (2.5 billion). - // In 'docker inspect' this is set exclusively of two further options in - // the output (CpuPeriod and CpuQuota) which are both used to implement - // this functionality. - // We can't distinguish here, so if CpuQuota is set to the default of - // 100000, we will set both CpuQuota, CpuPeriod, and NanoCpus. If - // CpuQuota is not the default, we will not set NanoCpus. - NanoCpus int64 `json:"NanoCpus"` - // CgroupParent is the CGroup parent of the container. - // Only set if not default. - CgroupParent string `json:"CgroupParent"` - // BlkioWeight indicates the I/O resources allocated to the container. - // It is a relative weight in the scheduler for assigning I/O time - // versus other CGroups. - BlkioWeight uint16 `json:"BlkioWeight"` - // BlkioWeightDevice is an array of I/O resource priorities for - // individual device nodes. - // Unfortunately, the spec only stores the device's Major/Minor numbers - // and not the path, which is used here. - // Fortunately, the kernel provides an interface for retrieving the path - // of a given node by major:minor at /sys/dev/. However, the exact path - // in use may not be what was used in the original CLI invocation - - // though it is guaranteed that the device node will be the same, and - // using the given path will be functionally identical. - BlkioWeightDevice []InspectBlkioWeightDevice `json:"BlkioWeightDevice"` - // BlkioDeviceReadBps is an array of I/O throttle parameters for - // individual device nodes. - // This specifically sets read rate cap in bytes per second for device - // nodes. - // As with BlkioWeightDevice, we pull the path from /sys/dev, and we - // don't guarantee the path will be identical to the original (though - // the node will be). - BlkioDeviceReadBps []InspectBlkioThrottleDevice `json:"BlkioDeviceReadBps"` - // BlkioDeviceWriteBps is an array of I/O throttle parameters for - // individual device nodes. - // this specifically sets write rate cap in bytes per second for device - // nodes. - // as with BlkioWeightDevice, we pull the path from /sys/dev, and we - // don't guarantee the path will be identical to the original (though - // the node will be). - BlkioDeviceWriteBps []InspectBlkioThrottleDevice `json:"BlkioDeviceWriteBps"` - // BlkioDeviceReadIOps is an array of I/O throttle parameters for - // individual device nodes. - // This specifically sets the read rate cap in iops per second for - // device nodes. - // As with BlkioWeightDevice, we pull the path from /sys/dev, and we - // don't guarantee the path will be identical to the original (though - // the node will be). - BlkioDeviceReadIOps []InspectBlkioThrottleDevice `json:"BlkioDeviceReadIOps"` - // BlkioDeviceWriteIOps is an array of I/O throttle parameters for - // individual device nodes. - // This specifically sets the write rate cap in iops per second for - // device nodes. - // As with BlkioWeightDevice, we pull the path from /sys/dev, and we - // don't guarantee the path will be identical to the original (though - // the node will be). - BlkioDeviceWriteIOps []InspectBlkioThrottleDevice `json:"BlkioDeviceWriteIOps"` - // CpuPeriod is the length of a CPU period in microseconds. - // It relates directly to CpuQuota. - CpuPeriod uint64 `json:"CpuPeriod"` - // CpuPeriod is the amount of time (in microseconds) that a container - // can use the CPU in every CpuPeriod. - CpuQuota int64 `json:"CpuQuota"` - // CpuRealtimePeriod is the length of time (in microseconds) of the CPU - // realtime period. If set to 0, no time will be allocated to realtime - // tasks. - CpuRealtimePeriod uint64 `json:"CpuRealtimePeriod"` - // CpuRealtimeRuntime is the length of time (in microseconds) allocated - // for realtime tasks within every CpuRealtimePeriod. - CpuRealtimeRuntime int64 `json:"CpuRealtimeRuntime"` - // CpusetCpus is the is the set of CPUs that the container will execute - // on. Formatted as `0-3` or `0,2`. Default (if unset) is all CPUs. - CpusetCpus string `json:"CpusetCpus"` - // CpusetMems is the set of memory nodes the container will use. - // Formatted as `0-3` or `0,2`. Default (if unset) is all memory nodes. - CpusetMems string `json:"CpusetMems"` - // Devices is a list of device nodes that will be added to the - // container. - // These are stored in the OCI spec only as type, major, minor while we - // display the host path. We convert this with /sys/dev, but we cannot - // guarantee that the host path will be identical - only that the actual - // device will be. - Devices []InspectDevice `json:"Devices"` - // DiskQuota is the maximum amount of disk space the container may use - // (in bytes). - // Presently not populated. - // TODO. - DiskQuota uint64 `json:"DiskQuota"` - // KernelMemory is the maximum amount of memory the kernel will devote - // to the container. - KernelMemory int64 `json:"KernelMemory"` - // MemoryReservation is the reservation (soft limit) of memory available - // to the container. Soft limits are warnings only and can be exceeded. - MemoryReservation int64 `json:"MemoryReservation"` - // MemorySwap is the total limit for all memory available to the - // container, including swap. 0 indicates that there is no limit to the - // amount of memory available. - MemorySwap int64 `json:"MemorySwap"` - // MemorySwappiness is the willingness of the kernel to page container - // memory to swap. It is an integer from 0 to 100, with low numbers - // being more likely to be put into swap. - // -1, the default, will not set swappiness and use the system defaults. - MemorySwappiness int64 `json:"MemorySwappiness"` - // OomKillDisable indicates whether the kernel OOM killer is disabled - // for the container. - OomKillDisable bool `json:"OomKillDisable"` - // Init indicates whether the container has an init mounted into it. - Init bool `json:"Init,omitempty"` - // PidsLimit is the maximum number of PIDs what may be created within - // the container. 0, the default, indicates no limit. - PidsLimit int64 `json:"PidsLimit"` - // Ulimits is a set of ulimits that will be set within the container. - Ulimits []InspectUlimit `json:"Ulimits"` - // CpuCount is Windows-only and not presently implemented. - CpuCount uint64 `json:"CpuCount"` - // CpuPercent is Windows-only and not presently implemented. - CpuPercent uint64 `json:"CpuPercent"` - // IOMaximumIOps is Windows-only and not presently implemented. - IOMaximumIOps uint64 `json:"IOMaximumIOps"` - // IOMaximumBandwidth is Windows-only and not presently implemented. - IOMaximumBandwidth uint64 `json:"IOMaximumBandwidth"` -} - -// InspectLogConfig holds information about a container's configured log driver -// and is presently unused. It is retained for Docker compatibility. -type InspectLogConfig struct { - Type string `json:"Type"` - Config map[string]string `json:"Config"` //idk type, TODO -} - -// InspectRestartPolicy holds information about the container's restart policy. -type InspectRestartPolicy struct { - // Name contains the container's restart policy. - // Allowable values are "no" or "" (take no action), - // "on-failure" (restart on non-zero exit code, with an optional max - // retry count), and "always" (always restart on container stop, unless - // explicitly requested by API). - // Note that this is NOT actually a name of any sort - the poor naming - // is for Docker compatibility. - Name string `json:"Name"` - // MaximumRetryCount is the maximum number of retries allowed if the - // "on-failure" restart policy is in use. Not used if "on-failure" is - // not set. - MaximumRetryCount uint `json:"MaximumRetryCount"` -} - -// InspectBlkioWeightDevice holds information about the relative weight -// of an individual device node. Weights are used in the I/O scheduler to give -// relative priority to some accesses. -type InspectBlkioWeightDevice struct { - // Path is the path to the device this applies to. - Path string `json:"Path"` - // Weight is the relative weight the scheduler will use when scheduling - // I/O. - Weight uint16 `json:"Weight"` -} - -// InspectBlkioThrottleDevice holds information about a speed cap for a device -// node. This cap applies to a specific operation (read, write, etc) on the given -// node. -type InspectBlkioThrottleDevice struct { - // Path is the path to the device this applies to. - Path string `json:"Path"` - // Rate is the maximum rate. It is in either bytes per second or iops - // per second, determined by where it is used - documentation will - // indicate which is appropriate. - Rate uint64 `json:"Rate"` -} - -// InspectUlimit is a ulimit that will be applied to the container. -type InspectUlimit struct { - // Name is the name (type) of the ulimit. - Name string `json:"Name"` - // Soft is the soft limit that will be applied. - Soft uint64 `json:"Soft"` - // Hard is the hard limit that will be applied. - Hard uint64 `json:"Hard"` -} - -// InspectMount provides a record of a single mount in a container. It contains -// fields for both named and normal volumes. Only user-specified volumes will be -// included, and tmpfs volumes are not included even if the user specified them. -type InspectMount struct { - // Whether the mount is a volume or bind mount. Allowed values are - // "volume" and "bind". - Type string `json:"Type"` - // The name of the volume. Empty for bind mounts. - Name string `json:"Name,omptempty"` - // The source directory for the volume. - Source string `json:"Source"` - // The destination directory for the volume. Specified as a path within - // the container, as it would be passed into the OCI runtime. - Destination string `json:"Destination"` - // The driver used for the named volume. Empty for bind mounts. - Driver string `json:"Driver"` - // Contains SELinux :z/:Z mount options. Unclear what, if anything, else - // goes in here. - Mode string `json:"Mode"` - // All remaining mount options. Additional data, not present in the - // original output. - Options []string `json:"Options"` - // Whether the volume is read-write - RW bool `json:"RW"` - // Mount propagation for the mount. Can be empty if not specified, but - // is always printed - no omitempty. - Propagation string `json:"Propagation"` -} - -// InspectDevice is a single device that will be mounted into the container. -type InspectDevice struct { - // PathOnHost is the path of the device on the host. - PathOnHost string `json:"PathOnHost"` - // PathInContainer is the path of the device within the container. - PathInContainer string `json:"PathInContainer"` - // CgroupPermissions is the permissions of the mounted device. - // Presently not populated. - // TODO. - CgroupPermissions string `json:"CgroupPermissions"` -} - -// InspectHostPort provides information on a port on the host that a container's -// port is bound to. -type InspectHostPort struct { - // IP on the host we are bound to. "" if not specified (binding to all - // IPs). - HostIP string `json:"HostIp"` - // Port on the host we are bound to. No special formatting - just an - // integer stuffed into a string. - HostPort string `json:"HostPort"` -} - -// InspectContainerState provides a detailed record of a container's current -// state. It is returned as part of InspectContainerData. -// As with InspectContainerData, many portions of this struct are matched to -// Docker, but here we see more fields that are unused (nonsensical in the -// context of Libpod). -type InspectContainerState struct { - OciVersion string `json:"OciVersion"` - Status string `json:"Status"` - Running bool `json:"Running"` - Paused bool `json:"Paused"` - Restarting bool `json:"Restarting"` // TODO - OOMKilled bool `json:"OOMKilled"` - Dead bool `json:"Dead"` - Pid int `json:"Pid"` - ConmonPid int `json:"ConmonPid,omitempty"` - ExitCode int32 `json:"ExitCode"` - Error string `json:"Error"` // TODO - StartedAt time.Time `json:"StartedAt"` - FinishedAt time.Time `json:"FinishedAt"` - Healthcheck HealthCheckResults `json:"Healthcheck,omitempty"` -} - -// InspectBasicNetworkConfig holds basic configuration information (e.g. IP -// addresses, MAC address, subnet masks, etc) that are common for all networks -// (both additional and main). -type InspectBasicNetworkConfig struct { - // EndpointID is unused, maintained exclusively for compatibility. - EndpointID string `json:"EndpointID"` - // Gateway is the IP address of the gateway this network will use. - Gateway string `json:"Gateway"` - // IPAddress is the IP address for this network. - IPAddress string `json:"IPAddress"` - // IPPrefixLen is the length of the subnet mask of this network. - IPPrefixLen int `json:"IPPrefixLen"` - // SecondaryIPAddresses is a list of extra IP Addresses that the - // container has been assigned in this network. - SecondaryIPAddresses []string `json:"SecondaryIPAddresses,omitempty"` - // IPv6Gateway is the IPv6 gateway this network will use. - IPv6Gateway string `json:"IPv6Gateway"` - // GlobalIPv6Address is the global-scope IPv6 Address for this network. - GlobalIPv6Address string `json:"GlobalIPv6Address"` - // GlobalIPv6PrefixLen is the length of the subnet mask of this network. - GlobalIPv6PrefixLen int `json:"GlobalIPv6PrefixLen"` - // SecondaryIPv6Addresses is a list of extra IPv6 Addresses that the - // container has been assigned in this networ. - SecondaryIPv6Addresses []string `json:"SecondaryIPv6Addresses,omitempty"` - // MacAddress is the MAC address for the interface in this network. - MacAddress string `json:"MacAddress"` - // AdditionalMacAddresses is a set of additional MAC Addresses beyond - // the first. CNI may configure more than one interface for a single - // network, which can cause this. - AdditionalMacAddresses []string `json:"AdditionalMACAddresses,omitempty"` -} - -// InspectNetworkSettings holds information about the network settings of the -// container. -// Many fields are maintained only for compatibility with `docker inspect` and -// are unused within Libpod. -type InspectNetworkSettings struct { - InspectBasicNetworkConfig - - Bridge string `json:"Bridge"` - SandboxID string `json:"SandboxID"` - HairpinMode bool `json:"HairpinMode"` - LinkLocalIPv6Address string `json:"LinkLocalIPv6Address"` - LinkLocalIPv6PrefixLen int `json:"LinkLocalIPv6PrefixLen"` - Ports []ocicni.PortMapping `json:"Ports"` - SandboxKey string `json:"SandboxKey"` - // Networks contains information on non-default CNI networks this - // container has joined. - // It is a map of network name to network information. - Networks map[string]*InspectAdditionalNetwork `json:"Networks,omitempty"` -} - -// InspectAdditionalNetwork holds information about non-default CNI networks the -// container has been connected to. -// As with InspectNetworkSettings, many fields are unused and maintained only -// for compatibility with Docker. -type InspectAdditionalNetwork struct { - InspectBasicNetworkConfig - - // Name of the network we're connecting to. - NetworkID string `json:"NetworkID,omitempty"` - // DriverOpts is presently unused and maintained exclusively for - // compatibility. - DriverOpts map[string]string `json:"DriverOpts"` - // IPAMConfig is presently unused and maintained exclusively for - // compatibility. - IPAMConfig map[string]string `json:"IPAMConfig"` - // Links is presently unused and maintained exclusively for - // compatibility. - Links []string `json:"Links"` -} - // inspectLocked inspects a container for low-level information. // The caller must held c.lock. -func (c *Container) inspectLocked(size bool) (*InspectContainerData, error) { +func (c *Container) inspectLocked(size bool) (*define.InspectContainerData, error) { storeCtr, err := c.runtime.store.Container(c.ID()) if err != nil { return nil, errors.Wrapf(err, "error getting container from store %q", c.ID()) @@ -697,7 +101,7 @@ func (c *Container) inspectLocked(size bool) (*InspectContainerData, error) { } // Inspect a container for low-level information -func (c *Container) Inspect(size bool) (*InspectContainerData, error) { +func (c *Container) Inspect(size bool) (*define.InspectContainerData, error) { if !c.batched { c.lock.Lock() defer c.lock.Unlock() @@ -710,7 +114,7 @@ func (c *Container) Inspect(size bool) (*InspectContainerData, error) { return c.inspectLocked(size) } -func (c *Container) getContainerInspectData(size bool, driverData *driver.Data) (*InspectContainerData, error) { +func (c *Container) getContainerInspectData(size bool, driverData *driver.Data) (*define.InspectContainerData, error) { config := c.config runtimeInfo := c.state ctrSpec, err := c.specFromState() @@ -757,12 +161,12 @@ func (c *Container) getContainerInspectData(size bool, driverData *driver.Data) return nil, err } - data := &InspectContainerData{ + data := &define.InspectContainerData{ ID: config.ID, Created: config.CreatedTime, Path: path, Args: args, - State: &InspectContainerState{ + State: &define.InspectContainerState{ OciVersion: ctrSpec.Version, Status: runtimeInfo.State.String(), Running: runtimeInfo.State == define.ContainerStateRunning, @@ -857,8 +261,8 @@ func (c *Container) getContainerInspectData(size bool, driverData *driver.Data) // Get inspect-formatted mounts list. // Only includes user-specified mounts. Only includes bind mounts and named // volumes, not tmpfs volumes. -func (c *Container) getInspectMounts(ctrSpec *spec.Spec, namedVolumes []*ContainerNamedVolume, mounts []spec.Mount) ([]InspectMount, error) { - inspectMounts := []InspectMount{} +func (c *Container) getInspectMounts(ctrSpec *spec.Spec, namedVolumes []*ContainerNamedVolume, mounts []spec.Mount) ([]define.InspectMount, error) { + inspectMounts := []define.InspectMount{} // No mounts, return early if len(c.config.UserVolumes) == 0 { @@ -866,7 +270,7 @@ func (c *Container) getInspectMounts(ctrSpec *spec.Spec, namedVolumes []*Contain } for _, volume := range namedVolumes { - mountStruct := InspectMount{} + mountStruct := define.InspectMount{} mountStruct.Type = "volume" mountStruct.Destination = volume.Dest mountStruct.Name = volume.Name @@ -891,7 +295,7 @@ func (c *Container) getInspectMounts(ctrSpec *spec.Spec, namedVolumes []*Contain continue } - mountStruct := InspectMount{} + mountStruct := define.InspectMount{} mountStruct.Type = "bind" mountStruct.Source = mount.Source mountStruct.Destination = mount.Destination @@ -906,7 +310,7 @@ func (c *Container) getInspectMounts(ctrSpec *spec.Spec, namedVolumes []*Contain // Parse mount options so we can populate them in the mount structure. // The mount passed in will be modified. -func parseMountOptionsForInspect(options []string, mount *InspectMount) { +func parseMountOptionsForInspect(options []string, mount *define.InspectMount) { isRW := true mountProp := "" zZ := "" @@ -940,8 +344,8 @@ func parseMountOptionsForInspect(options []string, mount *InspectMount) { } // Generate the InspectContainerConfig struct for the Config field of Inspect. -func (c *Container) generateInspectContainerConfig(spec *spec.Spec) (*InspectContainerConfig, error) { - ctrConfig := new(InspectContainerConfig) +func (c *Container) generateInspectContainerConfig(spec *spec.Spec) (*define.InspectContainerConfig, error) { + ctrConfig := new(define.InspectContainerConfig) ctrConfig.Hostname = c.Hostname() ctrConfig.User = c.config.User @@ -992,14 +396,14 @@ func (c *Container) generateInspectContainerConfig(spec *spec.Spec) (*InspectCon // Generate the InspectContainerHostConfig struct for the HostConfig field of // Inspect. -func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, namedVolumes []*ContainerNamedVolume, mounts []spec.Mount) (*InspectContainerHostConfig, error) { - hostConfig := new(InspectContainerHostConfig) +func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, namedVolumes []*ContainerNamedVolume, mounts []spec.Mount) (*define.InspectContainerHostConfig, error) { + hostConfig := new(define.InspectContainerHostConfig) - logConfig := new(InspectLogConfig) + logConfig := new(define.InspectLogConfig) logConfig.Type = c.config.LogDriver hostConfig.LogConfig = logConfig - restartPolicy := new(InspectRestartPolicy) + restartPolicy := new(define.InspectRestartPolicy) restartPolicy.Name = c.config.RestartPolicy restartPolicy.MaximumRetryCount = c.config.RestartRetries hostConfig.RestartPolicy = restartPolicy @@ -1126,7 +530,7 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named if ctrSpec.Linux.Resources.BlockIO.Weight != nil { hostConfig.BlkioWeight = *ctrSpec.Linux.Resources.BlockIO.Weight } - hostConfig.BlkioWeightDevice = []InspectBlkioWeightDevice{} + hostConfig.BlkioWeightDevice = []define.InspectBlkioWeightDevice{} for _, dev := range ctrSpec.Linux.Resources.BlockIO.WeightDevice { key := fmt.Sprintf("%d:%d", dev.Major, dev.Minor) // TODO: how do we handle LeafWeight vs @@ -1148,14 +552,14 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named logrus.Warnf("Could not locate weight device %s in system devices", key) continue } - weightDev := InspectBlkioWeightDevice{} + weightDev := define.InspectBlkioWeightDevice{} weightDev.Path = path weightDev.Weight = *dev.Weight hostConfig.BlkioWeightDevice = append(hostConfig.BlkioWeightDevice, weightDev) } - handleThrottleDevice := func(devs []spec.LinuxThrottleDevice) ([]InspectBlkioThrottleDevice, error) { - out := []InspectBlkioThrottleDevice{} + handleThrottleDevice := func(devs []spec.LinuxThrottleDevice) ([]define.InspectBlkioThrottleDevice, error) { + out := []define.InspectBlkioThrottleDevice{} for _, dev := range devs { key := fmt.Sprintf("%d:%d", dev.Major, dev.Minor) if deviceNodes == nil { @@ -1170,7 +574,7 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named logrus.Warnf("Could not locate throttle device %s in system devices", key) continue } - throttleDev := InspectBlkioThrottleDevice{} + throttleDev := define.InspectBlkioThrottleDevice{} throttleDev.Path = path throttleDev.Rate = dev.Rate out = append(out, throttleDev) @@ -1272,15 +676,15 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named // Port bindings. // Only populate if we're using CNI to configure the network. - portBindings := make(map[string][]InspectHostPort) + portBindings := make(map[string][]define.InspectHostPort) if c.config.CreateNetNS { for _, port := range c.config.PortMappings { key := fmt.Sprintf("%d/%s", port.ContainerPort, port.Protocol) hostPorts := portBindings[key] if hostPorts == nil { - hostPorts = []InspectHostPort{} + hostPorts = []define.InspectHostPort{} } - hostPorts = append(hostPorts, InspectHostPort{ + hostPorts = append(hostPorts, define.InspectHostPort{ HostIP: port.HostIP, HostPort: fmt.Sprintf("%d", port.HostPort), }) @@ -1449,7 +853,7 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named // Devices // Do not include if privileged - assumed that all devices will be // included. - hostConfig.Devices = []InspectDevice{} + hostConfig.Devices = []define.InspectDevice{} if ctrSpec.Linux != nil && !hostConfig.Privileged { for _, dev := range ctrSpec.Linux.Devices { key := fmt.Sprintf("%d:%d", dev.Major, dev.Minor) @@ -1465,7 +869,7 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named logrus.Warnf("Could not locate device %s on host", key) continue } - newDev := InspectDevice{} + newDev := define.InspectDevice{} newDev.PathOnHost = path newDev.PathInContainer = dev.Path hostConfig.Devices = append(hostConfig.Devices, newDev) @@ -1473,10 +877,10 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named } // Ulimits - hostConfig.Ulimits = []InspectUlimit{} + hostConfig.Ulimits = []define.InspectUlimit{} if ctrSpec.Process != nil { for _, limit := range ctrSpec.Process.Rlimits { - newLimit := InspectUlimit{} + newLimit := define.InspectUlimit{} newLimit.Name = limit.Type newLimit.Soft = limit.Soft newLimit.Hard = limit.Hard diff --git a/libpod/define/config.go b/libpod/define/config.go index 8bd59be75..c06c32471 100644 --- a/libpod/define/config.go +++ b/libpod/define/config.go @@ -4,7 +4,7 @@ var ( // DefaultInitPath is the default path to the container-init binary DefaultInitPath = "/usr/libexec/podman/catatonit" // DefaultInfraImage to use for infra container - DefaultInfraImage = "k8s.gcr.io/pause:3.1" + DefaultInfraImage = "k8s.gcr.io/pause:3.2" // DefaultInfraCommand to be run in an infra container DefaultInfraCommand = "/pause" // DefaultSHMLockPath is the default path for SHM locks diff --git a/libpod/define/container_inspect.go b/libpod/define/container_inspect.go new file mode 100644 index 000000000..e6a19e5b4 --- /dev/null +++ b/libpod/define/container_inspect.go @@ -0,0 +1,624 @@ +package define + +import ( + "time" + + "github.com/containers/image/v5/manifest" + "github.com/containers/libpod/libpod/driver" + "github.com/cri-o/ocicni/pkg/ocicni" +) + +// InspectContainerConfig holds further data about how a container was initially +// configured. +type InspectContainerConfig struct { + // Container hostname + Hostname string `json:"Hostname"` + // Container domain name - unused at present + DomainName string `json:"Domainname"` + // User the container was launched with + User string `json:"User"` + // Unused, at present + AttachStdin bool `json:"AttachStdin"` + // Unused, at present + AttachStdout bool `json:"AttachStdout"` + // Unused, at present + AttachStderr bool `json:"AttachStderr"` + // Whether the container creates a TTY + Tty bool `json:"Tty"` + // Whether the container leaves STDIN open + OpenStdin bool `json:"OpenStdin"` + // Whether STDIN is only left open once. + // Presently not supported by Podman, unused. + StdinOnce bool `json:"StdinOnce"` + // Container environment variables + Env []string `json:"Env"` + // Container command + Cmd []string `json:"Cmd"` + // Container image + Image string `json:"Image"` + // Unused, at present. I've never seen this field populated. + Volumes map[string]struct{} `json:"Volumes"` + // Container working directory + WorkingDir string `json:"WorkingDir"` + // Container entrypoint + Entrypoint string `json:"Entrypoint"` + // On-build arguments - presently unused. More of Buildah's domain. + OnBuild *string `json:"OnBuild"` + // Container labels + Labels map[string]string `json:"Labels"` + // Container annotations + Annotations map[string]string `json:"Annotations"` + // Container stop signal + StopSignal uint `json:"StopSignal"` + // Configured healthcheck for the container + Healthcheck *manifest.Schema2HealthConfig `json:"Healthcheck,omitempty"` + // CreateCommand is the full command plus arguments of the process the + // container has been created with. + CreateCommand []string `json:"CreateCommand,omitempty"` +} + +// InspectRestartPolicy holds information about the container's restart policy. +type InspectRestartPolicy struct { + // Name contains the container's restart policy. + // Allowable values are "no" or "" (take no action), + // "on-failure" (restart on non-zero exit code, with an optional max + // retry count), and "always" (always restart on container stop, unless + // explicitly requested by API). + // Note that this is NOT actually a name of any sort - the poor naming + // is for Docker compatibility. + Name string `json:"Name"` + // MaximumRetryCount is the maximum number of retries allowed if the + // "on-failure" restart policy is in use. Not used if "on-failure" is + // not set. + MaximumRetryCount uint `json:"MaximumRetryCount"` +} + +// InspectLogConfig holds information about a container's configured log driver +// and is presently unused. It is retained for Docker compatibility. +type InspectLogConfig struct { + Type string `json:"Type"` + Config map[string]string `json:"Config"` //idk type, TODO +} + +// InspectBlkioWeightDevice holds information about the relative weight +// of an individual device node. Weights are used in the I/O scheduler to give +// relative priority to some accesses. +type InspectBlkioWeightDevice struct { + // Path is the path to the device this applies to. + Path string `json:"Path"` + // Weight is the relative weight the scheduler will use when scheduling + // I/O. + Weight uint16 `json:"Weight"` +} + +// InspectBlkioThrottleDevice holds information about a speed cap for a device +// node. This cap applies to a specific operation (read, write, etc) on the given +// node. +type InspectBlkioThrottleDevice struct { + // Path is the path to the device this applies to. + Path string `json:"Path"` + // Rate is the maximum rate. It is in either bytes per second or iops + // per second, determined by where it is used - documentation will + // indicate which is appropriate. + Rate uint64 `json:"Rate"` +} + +// InspectUlimit is a ulimit that will be applied to the container. +type InspectUlimit struct { + // Name is the name (type) of the ulimit. + Name string `json:"Name"` + // Soft is the soft limit that will be applied. + Soft uint64 `json:"Soft"` + // Hard is the hard limit that will be applied. + Hard uint64 `json:"Hard"` +} + +// InspectDevice is a single device that will be mounted into the container. +type InspectDevice struct { + // PathOnHost is the path of the device on the host. + PathOnHost string `json:"PathOnHost"` + // PathInContainer is the path of the device within the container. + PathInContainer string `json:"PathInContainer"` + // CgroupPermissions is the permissions of the mounted device. + // Presently not populated. + // TODO. + CgroupPermissions string `json:"CgroupPermissions"` +} + +// InspectHostPort provides information on a port on the host that a container's +// port is bound to. +type InspectHostPort struct { + // IP on the host we are bound to. "" if not specified (binding to all + // IPs). + HostIP string `json:"HostIp"` + // Port on the host we are bound to. No special formatting - just an + // integer stuffed into a string. + HostPort string `json:"HostPort"` +} + +// InspectMount provides a record of a single mount in a container. It contains +// fields for both named and normal volumes. Only user-specified volumes will be +// included, and tmpfs volumes are not included even if the user specified them. +type InspectMount struct { + // Whether the mount is a volume or bind mount. Allowed values are + // "volume" and "bind". + Type string `json:"Type"` + // The name of the volume. Empty for bind mounts. + Name string `json:"Name,omptempty"` + // The source directory for the volume. + Source string `json:"Source"` + // The destination directory for the volume. Specified as a path within + // the container, as it would be passed into the OCI runtime. + Destination string `json:"Destination"` + // The driver used for the named volume. Empty for bind mounts. + Driver string `json:"Driver"` + // Contains SELinux :z/:Z mount options. Unclear what, if anything, else + // goes in here. + Mode string `json:"Mode"` + // All remaining mount options. Additional data, not present in the + // original output. + Options []string `json:"Options"` + // Whether the volume is read-write + RW bool `json:"RW"` + // Mount propagation for the mount. Can be empty if not specified, but + // is always printed - no omitempty. + Propagation string `json:"Propagation"` +} + +// InspectContainerState provides a detailed record of a container's current +// state. It is returned as part of InspectContainerData. +// As with InspectContainerData, many portions of this struct are matched to +// Docker, but here we see more fields that are unused (nonsensical in the +// context of Libpod). +type InspectContainerState struct { + OciVersion string `json:"OciVersion"` + Status string `json:"Status"` + Running bool `json:"Running"` + Paused bool `json:"Paused"` + Restarting bool `json:"Restarting"` // TODO + OOMKilled bool `json:"OOMKilled"` + Dead bool `json:"Dead"` + Pid int `json:"Pid"` + ConmonPid int `json:"ConmonPid,omitempty"` + ExitCode int32 `json:"ExitCode"` + Error string `json:"Error"` // TODO + StartedAt time.Time `json:"StartedAt"` + FinishedAt time.Time `json:"FinishedAt"` + Healthcheck HealthCheckResults `json:"Healthcheck,omitempty"` +} + +// HealthCheckResults describes the results/logs from a healthcheck +type HealthCheckResults struct { + // Status healthy or unhealthy + Status string `json:"Status"` + // FailingStreak is the number of consecutive failed healthchecks + FailingStreak int `json:"FailingStreak"` + // Log describes healthcheck attempts and results + Log []HealthCheckLog `json:"Log"` +} + +// HealthCheckLog describes the results of a single healthcheck +type HealthCheckLog struct { + // Start time as string + Start string `json:"Start"` + // End time as a string + End string `json:"End"` + // Exitcode is 0 or 1 + ExitCode int `json:"ExitCode"` + // Output is the stdout/stderr from the healthcheck command + Output string `json:"Output"` +} + +// InspectContainerHostConfig holds information used when the container was +// created. +// It's very much a Docker-specific struct, retained (mostly) as-is for +// compatibility. We fill individual fields as best as we can, inferring as much +// as possible from the spec and container config. +// Some things cannot be inferred. These will be populated by spec annotations +// (if available). +// Field names are fixed for compatibility and cannot be changed. +// As such, silence lint warnings about them. +//nolint +type InspectContainerHostConfig struct { + // Binds contains an array of user-added mounts. + // Both volume mounts and named volumes are included. + // Tmpfs mounts are NOT included. + // In 'docker inspect' this is separated into 'Binds' and 'Mounts' based + // on how a mount was added. We do not make this distinction and do not + // include a Mounts field in inspect. + // Format: <src>:<destination>[:<comma-separated options>] + Binds []string `json:"Binds"` + // ContainerIDFile is a file created during container creation to hold + // the ID of the created container. + // This is not handled within libpod and is stored in an annotation. + ContainerIDFile string `json:"ContainerIDFile"` + // LogConfig contains information on the container's logging backend + LogConfig *InspectLogConfig `json:"LogConfig"` + // NetworkMode is the configuration of the container's network + // namespace. + // Populated as follows: + // default - A network namespace is being created and configured via CNI + // none - A network namespace is being created, not configured via CNI + // host - No network namespace created + // container:<id> - Using another container's network namespace + // ns:<path> - A path to a network namespace has been specified + NetworkMode string `json:"NetworkMode"` + // PortBindings contains the container's port bindings. + // It is formatted as map[string][]InspectHostPort. + // The string key here is formatted as <integer port number>/<protocol> + // and represents the container port. A single container port may be + // bound to multiple host ports (on different IPs). + PortBindings map[string][]InspectHostPort `json:"PortBindings"` + // RestartPolicy contains the container's restart policy. + RestartPolicy *InspectRestartPolicy `json:"RestartPolicy"` + // AutoRemove is whether the container will be automatically removed on + // exiting. + // It is not handled directly within libpod and is stored in an + // annotation. + AutoRemove bool `json:"AutoRemove"` + // VolumeDriver is presently unused and is retained for Docker + // compatibility. + VolumeDriver string `json:"VolumeDriver"` + // VolumesFrom is a list of containers which this container uses volumes + // from. This is not handled directly within libpod and is stored in an + // annotation. + // It is formatted as an array of container names and IDs. + VolumesFrom []string `json:"VolumesFrom"` + // CapAdd is a list of capabilities added to the container. + // It is not directly stored by Libpod, and instead computed from the + // capabilities listed in the container's spec, compared against a set + // of default capabilities. + CapAdd []string `json:"CapAdd"` + // CapDrop is a list of capabilities removed from the container. + // It is not directly stored by libpod, and instead computed from the + // capabilities listed in the container's spec, compared against a set + // of default capabilities. + CapDrop []string `json:"CapDrop"` + // Dns is a list of DNS nameservers that will be added to the + // container's resolv.conf + Dns []string `json:"Dns"` + // DnsOptions is a list of DNS options that will be set in the + // container's resolv.conf + DnsOptions []string `json:"DnsOptions"` + // DnsSearch is a list of DNS search domains that will be set in the + // container's resolv.conf + DnsSearch []string `json:"DnsSearch"` + // ExtraHosts contains hosts that will be aded to the container's + // /etc/hosts. + ExtraHosts []string `json:"ExtraHosts"` + // GroupAdd contains groups that the user inside the container will be + // added to. + GroupAdd []string `json:"GroupAdd"` + // IpcMode represents the configuration of the container's IPC + // namespace. + // Populated as follows: + // "" (empty string) - Default, an IPC namespace will be created + // host - No IPC namespace created + // container:<id> - Using another container's IPC namespace + // ns:<path> - A path to an IPC namespace has been specified + IpcMode string `json:"IpcMode"` + // Cgroup contains the container's cgroup. It is presently not + // populated. + // TODO. + Cgroup string `json:"Cgroup"` + // Cgroups contains the container's CGroup mode. + // Allowed values are "default" (container is creating CGroups) and + // "disabled" (container is not creating CGroups). + // This is Libpod-specific and not included in `docker inspect`. + Cgroups string `json:"Cgroups"` + // Links is unused, and provided purely for Docker compatibility. + Links []string `json:"Links"` + // OOMScoreAdj is an adjustment that will be made to the container's OOM + // score. + OomScoreAdj int `json:"OomScoreAdj"` + // PidMode represents the configuration of the container's PID + // namespace. + // Populated as follows: + // "" (empty string) - Default, a PID namespace will be created + // host - No PID namespace created + // container:<id> - Using another container's PID namespace + // ns:<path> - A path to a PID namespace has been specified + PidMode string `json:"PidMode"` + // Privileged indicates whether the container is running with elevated + // privileges. + // This has a very specific meaning in the Docker sense, so it's very + // difficult to decode from the spec and config, and so is stored as an + // annotation. + Privileged bool `json:"Privileged"` + // PublishAllPorts indicates whether image ports are being published. + // This is not directly stored in libpod and is saved as an annotation. + PublishAllPorts bool `json:"PublishAllPorts"` + // ReadonlyRootfs is whether the container will be mounted read-only. + ReadonlyRootfs bool `json:"ReadonlyRootfs"` + // SecurityOpt is a list of security-related options that are set in the + // container. + SecurityOpt []string `json:"SecurityOpt"` + // Tmpfs is a list of tmpfs filesystems that will be mounted into the + // container. + // It is a map of destination path to options for the mount. + Tmpfs map[string]string `json:"Tmpfs"` + // UTSMode represents the configuration of the container's UID + // namespace. + // Populated as follows: + // "" (empty string) - Default, a UTS namespace will be created + // host - no UTS namespace created + // container:<id> - Using another container's UTS namespace + // ns:<path> - A path to a UTS namespace has been specified + UTSMode string `json:"UTSMode"` + // UsernsMode represents the configuration of the container's user + // namespace. + // When running rootless, a user namespace is created outside of libpod + // to allow some privileged operations. This will not be reflected here. + // Populated as follows: + // "" (empty string) - No user namespace will be created + // private - The container will be run in a user namespace + // container:<id> - Using another container's user namespace + // ns:<path> - A path to a user namespace has been specified + // TODO Rootless has an additional 'keep-id' option, presently not + // reflected here. + UsernsMode string `json:"UsernsMode"` + // ShmSize is the size of the container's SHM device. + ShmSize int64 `json:"ShmSize"` + // Runtime is provided purely for Docker compatibility. + // It is set unconditionally to "oci" as Podman does not presently + // support non-OCI runtimes. + Runtime string `json:"Runtime"` + // ConsoleSize is an array of 2 integers showing the size of the + // container's console. + // It is only set if the container is creating a terminal. + // TODO. + ConsoleSize []uint `json:"ConsoleSize"` + // Isolation is presently unused and provided solely for Docker + // compatibility. + Isolation string `json:"Isolation"` + // CpuShares indicates the CPU resources allocated to the container. + // It is a relative weight in the scheduler for assigning CPU time + // versus other CGroups. + CpuShares uint64 `json:"CpuShares"` + // Memory indicates the memory resources allocated to the container. + // This is the limit (in bytes) of RAM the container may use. + Memory int64 `json:"Memory"` + // NanoCpus indicates number of CPUs allocated to the container. + // It is an integer where one full CPU is indicated by 1000000000 (one + // billion). + // Thus, 2.5 CPUs (fractional portions of CPUs are allowed) would be + // 2500000000 (2.5 billion). + // In 'docker inspect' this is set exclusively of two further options in + // the output (CpuPeriod and CpuQuota) which are both used to implement + // this functionality. + // We can't distinguish here, so if CpuQuota is set to the default of + // 100000, we will set both CpuQuota, CpuPeriod, and NanoCpus. If + // CpuQuota is not the default, we will not set NanoCpus. + NanoCpus int64 `json:"NanoCpus"` + // CgroupParent is the CGroup parent of the container. + // Only set if not default. + CgroupParent string `json:"CgroupParent"` + // BlkioWeight indicates the I/O resources allocated to the container. + // It is a relative weight in the scheduler for assigning I/O time + // versus other CGroups. + BlkioWeight uint16 `json:"BlkioWeight"` + // BlkioWeightDevice is an array of I/O resource priorities for + // individual device nodes. + // Unfortunately, the spec only stores the device's Major/Minor numbers + // and not the path, which is used here. + // Fortunately, the kernel provides an interface for retrieving the path + // of a given node by major:minor at /sys/dev/. However, the exact path + // in use may not be what was used in the original CLI invocation - + // though it is guaranteed that the device node will be the same, and + // using the given path will be functionally identical. + BlkioWeightDevice []InspectBlkioWeightDevice `json:"BlkioWeightDevice"` + // BlkioDeviceReadBps is an array of I/O throttle parameters for + // individual device nodes. + // This specifically sets read rate cap in bytes per second for device + // nodes. + // As with BlkioWeightDevice, we pull the path from /sys/dev, and we + // don't guarantee the path will be identical to the original (though + // the node will be). + BlkioDeviceReadBps []InspectBlkioThrottleDevice `json:"BlkioDeviceReadBps"` + // BlkioDeviceWriteBps is an array of I/O throttle parameters for + // individual device nodes. + // this specifically sets write rate cap in bytes per second for device + // nodes. + // as with BlkioWeightDevice, we pull the path from /sys/dev, and we + // don't guarantee the path will be identical to the original (though + // the node will be). + BlkioDeviceWriteBps []InspectBlkioThrottleDevice `json:"BlkioDeviceWriteBps"` + // BlkioDeviceReadIOps is an array of I/O throttle parameters for + // individual device nodes. + // This specifically sets the read rate cap in iops per second for + // device nodes. + // As with BlkioWeightDevice, we pull the path from /sys/dev, and we + // don't guarantee the path will be identical to the original (though + // the node will be). + BlkioDeviceReadIOps []InspectBlkioThrottleDevice `json:"BlkioDeviceReadIOps"` + // BlkioDeviceWriteIOps is an array of I/O throttle parameters for + // individual device nodes. + // This specifically sets the write rate cap in iops per second for + // device nodes. + // As with BlkioWeightDevice, we pull the path from /sys/dev, and we + // don't guarantee the path will be identical to the original (though + // the node will be). + BlkioDeviceWriteIOps []InspectBlkioThrottleDevice `json:"BlkioDeviceWriteIOps"` + // CpuPeriod is the length of a CPU period in microseconds. + // It relates directly to CpuQuota. + CpuPeriod uint64 `json:"CpuPeriod"` + // CpuPeriod is the amount of time (in microseconds) that a container + // can use the CPU in every CpuPeriod. + CpuQuota int64 `json:"CpuQuota"` + // CpuRealtimePeriod is the length of time (in microseconds) of the CPU + // realtime period. If set to 0, no time will be allocated to realtime + // tasks. + CpuRealtimePeriod uint64 `json:"CpuRealtimePeriod"` + // CpuRealtimeRuntime is the length of time (in microseconds) allocated + // for realtime tasks within every CpuRealtimePeriod. + CpuRealtimeRuntime int64 `json:"CpuRealtimeRuntime"` + // CpusetCpus is the is the set of CPUs that the container will execute + // on. Formatted as `0-3` or `0,2`. Default (if unset) is all CPUs. + CpusetCpus string `json:"CpusetCpus"` + // CpusetMems is the set of memory nodes the container will use. + // Formatted as `0-3` or `0,2`. Default (if unset) is all memory nodes. + CpusetMems string `json:"CpusetMems"` + // Devices is a list of device nodes that will be added to the + // container. + // These are stored in the OCI spec only as type, major, minor while we + // display the host path. We convert this with /sys/dev, but we cannot + // guarantee that the host path will be identical - only that the actual + // device will be. + Devices []InspectDevice `json:"Devices"` + // DiskQuota is the maximum amount of disk space the container may use + // (in bytes). + // Presently not populated. + // TODO. + DiskQuota uint64 `json:"DiskQuota"` + // KernelMemory is the maximum amount of memory the kernel will devote + // to the container. + KernelMemory int64 `json:"KernelMemory"` + // MemoryReservation is the reservation (soft limit) of memory available + // to the container. Soft limits are warnings only and can be exceeded. + MemoryReservation int64 `json:"MemoryReservation"` + // MemorySwap is the total limit for all memory available to the + // container, including swap. 0 indicates that there is no limit to the + // amount of memory available. + MemorySwap int64 `json:"MemorySwap"` + // MemorySwappiness is the willingness of the kernel to page container + // memory to swap. It is an integer from 0 to 100, with low numbers + // being more likely to be put into swap. + // -1, the default, will not set swappiness and use the system defaults. + MemorySwappiness int64 `json:"MemorySwappiness"` + // OomKillDisable indicates whether the kernel OOM killer is disabled + // for the container. + OomKillDisable bool `json:"OomKillDisable"` + // Init indicates whether the container has an init mounted into it. + Init bool `json:"Init,omitempty"` + // PidsLimit is the maximum number of PIDs what may be created within + // the container. 0, the default, indicates no limit. + PidsLimit int64 `json:"PidsLimit"` + // Ulimits is a set of ulimits that will be set within the container. + Ulimits []InspectUlimit `json:"Ulimits"` + // CpuCount is Windows-only and not presently implemented. + CpuCount uint64 `json:"CpuCount"` + // CpuPercent is Windows-only and not presently implemented. + CpuPercent uint64 `json:"CpuPercent"` + // IOMaximumIOps is Windows-only and not presently implemented. + IOMaximumIOps uint64 `json:"IOMaximumIOps"` + // IOMaximumBandwidth is Windows-only and not presently implemented. + IOMaximumBandwidth uint64 `json:"IOMaximumBandwidth"` +} + +// InspectBasicNetworkConfig holds basic configuration information (e.g. IP +// addresses, MAC address, subnet masks, etc) that are common for all networks +// (both additional and main). +type InspectBasicNetworkConfig struct { + // EndpointID is unused, maintained exclusively for compatibility. + EndpointID string `json:"EndpointID"` + // Gateway is the IP address of the gateway this network will use. + Gateway string `json:"Gateway"` + // IPAddress is the IP address for this network. + IPAddress string `json:"IPAddress"` + // IPPrefixLen is the length of the subnet mask of this network. + IPPrefixLen int `json:"IPPrefixLen"` + // SecondaryIPAddresses is a list of extra IP Addresses that the + // container has been assigned in this network. + SecondaryIPAddresses []string `json:"SecondaryIPAddresses,omitempty"` + // IPv6Gateway is the IPv6 gateway this network will use. + IPv6Gateway string `json:"IPv6Gateway"` + // GlobalIPv6Address is the global-scope IPv6 Address for this network. + GlobalIPv6Address string `json:"GlobalIPv6Address"` + // GlobalIPv6PrefixLen is the length of the subnet mask of this network. + GlobalIPv6PrefixLen int `json:"GlobalIPv6PrefixLen"` + // SecondaryIPv6Addresses is a list of extra IPv6 Addresses that the + // container has been assigned in this networ. + SecondaryIPv6Addresses []string `json:"SecondaryIPv6Addresses,omitempty"` + // MacAddress is the MAC address for the interface in this network. + MacAddress string `json:"MacAddress"` + // AdditionalMacAddresses is a set of additional MAC Addresses beyond + // the first. CNI may configure more than one interface for a single + // network, which can cause this. + AdditionalMacAddresses []string `json:"AdditionalMACAddresses,omitempty"` +} + +// InspectAdditionalNetwork holds information about non-default CNI networks the +// container has been connected to. +// As with InspectNetworkSettings, many fields are unused and maintained only +// for compatibility with Docker. +type InspectAdditionalNetwork struct { + InspectBasicNetworkConfig + + // Name of the network we're connecting to. + NetworkID string `json:"NetworkID,omitempty"` + // DriverOpts is presently unused and maintained exclusively for + // compatibility. + DriverOpts map[string]string `json:"DriverOpts"` + // IPAMConfig is presently unused and maintained exclusively for + // compatibility. + IPAMConfig map[string]string `json:"IPAMConfig"` + // Links is presently unused and maintained exclusively for + // compatibility. + Links []string `json:"Links"` +} + +// InspectNetworkSettings holds information about the network settings of the +// container. +// Many fields are maintained only for compatibility with `docker inspect` and +// are unused within Libpod. +type InspectNetworkSettings struct { + InspectBasicNetworkConfig + + Bridge string `json:"Bridge"` + SandboxID string `json:"SandboxID"` + HairpinMode bool `json:"HairpinMode"` + LinkLocalIPv6Address string `json:"LinkLocalIPv6Address"` + LinkLocalIPv6PrefixLen int `json:"LinkLocalIPv6PrefixLen"` + Ports []ocicni.PortMapping `json:"Ports"` + SandboxKey string `json:"SandboxKey"` + // Networks contains information on non-default CNI networks this + // container has joined. + // It is a map of network name to network information. + Networks map[string]*InspectAdditionalNetwork `json:"Networks,omitempty"` +} + +// InspectContainerData provides a detailed record of a container's configuration +// and state as viewed by Libpod. +// Large portions of this structure are defined such that the output is +// compatible with `docker inspect` JSON, but additional fields have been added +// as required to share information not in the original output. +type InspectContainerData struct { + ID string `json:"Id"` + Created time.Time `json:"Created"` + Path string `json:"Path"` + Args []string `json:"Args"` + State *InspectContainerState `json:"State"` + Image string `json:"Image"` + ImageName string `json:"ImageName"` + Rootfs string `json:"Rootfs"` + Pod string `json:"Pod"` + ResolvConfPath string `json:"ResolvConfPath"` + HostnamePath string `json:"HostnamePath"` + HostsPath string `json:"HostsPath"` + StaticDir string `json:"StaticDir"` + OCIConfigPath string `json:"OCIConfigPath,omitempty"` + OCIRuntime string `json:"OCIRuntime,omitempty"` + LogPath string `json:"LogPath"` + LogTag string `json:"LogTag"` + ConmonPidFile string `json:"ConmonPidFile"` + Name string `json:"Name"` + RestartCount int32 `json:"RestartCount"` + Driver string `json:"Driver"` + MountLabel string `json:"MountLabel"` + ProcessLabel string `json:"ProcessLabel"` + AppArmorProfile string `json:"AppArmorProfile"` + EffectiveCaps []string `json:"EffectiveCaps"` + BoundingCaps []string `json:"BoundingCaps"` + ExecIDs []string `json:"ExecIDs"` + GraphDriver *driver.Data `json:"GraphDriver"` + SizeRw *int64 `json:"SizeRw,omitempty"` + SizeRootFs int64 `json:"SizeRootFs,omitempty"` + Mounts []InspectMount `json:"Mounts"` + Dependencies []string `json:"Dependencies"` + NetworkSettings *InspectNetworkSettings `json:"NetworkSettings"` //TODO + ExitCommand []string `json:"ExitCommand"` + Namespace string `json:"Namespace"` + IsInfra bool `json:"IsInfra"` + Config *InspectContainerConfig `json:"Config"` + HostConfig *InspectContainerHostConfig `json:"HostConfig"` +} diff --git a/libpod/define/inspect.go b/libpod/define/inspect.go new file mode 100644 index 000000000..b7cd13f82 --- /dev/null +++ b/libpod/define/inspect.go @@ -0,0 +1,54 @@ +package define + +// InspectExecSession contains information about a given exec session. +type InspectExecSession struct { + // CanRemove is legacy and used purely for compatibility reasons. + // Will always be set to true, unless the exec session is running. + CanRemove bool `json:"CanRemove"` + // ContainerID is the ID of the container this exec session is attached + // to. + ContainerID string `json:"ContainerID"` + // DetachKeys are the detach keys used by the exec session. + // If set to "" the default keys are being used. + // Will show "<none>" if no detach keys are set. + DetachKeys string `json:"DetachKeys"` + // ExitCode is the exit code of the exec session. Will be set to 0 if + // the exec session has not yet exited. + ExitCode int `json:"ExitCode"` + // ID is the ID of the exec session. + ID string `json:"ID"` + // OpenStderr is whether the container's STDERR stream will be attached. + // Always set to true if the exec session created a TTY. + OpenStderr bool `json:"OpenStderr"` + // OpenStdin is whether the container's STDIN stream will be attached + // to. + OpenStdin bool `json:"OpenStdin"` + // OpenStdout is whether the container's STDOUT stream will be attached. + // Always set to true if the exec session created a TTY. + OpenStdout bool `json:"OpenStdout"` + // Running is whether the exec session is running. + Running bool `json:"Running"` + // Pid is the PID of the exec session's process. + // Will be set to 0 if the exec session is not running. + Pid int `json:"Pid"` + // ProcessConfig contains information about the exec session's process. + ProcessConfig *InspectExecProcess `json:"ProcessConfig"` +} + +// InspectExecProcess contains information about the process in a given exec +// session. +type InspectExecProcess struct { + // Arguments are the arguments to the entrypoint command of the exec + // session. + Arguments []string `json:"arguments"` + // Entrypoint is the entrypoint for the exec session (the command that + // will be executed in the container). + Entrypoint string `json:"entrypoint"` + // Privileged is whether the exec session will be started with elevated + // privileges. + Privileged bool `json:"privileged"` + // Tty is whether the exec session created a terminal. + Tty bool `json:"tty"` + // User is the user the exec session was started as. + User string `json:"user"` +} diff --git a/libpod/healthcheck.go b/libpod/healthcheck.go index 76b7a1fcf..08a613dfe 100644 --- a/libpod/healthcheck.go +++ b/libpod/healthcheck.go @@ -53,28 +53,6 @@ const ( HealthCheckStarting string = "starting" ) -// HealthCheckResults describes the results/logs from a healthcheck -type HealthCheckResults struct { - // Status healthy or unhealthy - Status string `json:"Status"` - // FailingStreak is the number of consecutive failed healthchecks - FailingStreak int `json:"FailingStreak"` - // Log describes healthcheck attempts and results - Log []HealthCheckLog `json:"Log"` -} - -// HealthCheckLog describes the results of a single healthcheck -type HealthCheckLog struct { - // Start time as string - Start string `json:"Start"` - // End time as a string - End string `json:"End"` - // Exitcode is 0 or 1 - ExitCode int `json:"ExitCode"` - // Output is the stdout/stderr from the healthcheck command - Output string `json:"Output"` -} - // hcWriteCloser allows us to use bufio as a WriteCloser type hcWriteCloser struct { *bufio.Writer @@ -200,8 +178,8 @@ func checkHealthCheckCanBeRun(c *Container) (HealthCheckStatus, error) { return HealthCheckDefined, nil } -func newHealthCheckLog(start, end time.Time, exitCode int, log string) HealthCheckLog { - return HealthCheckLog{ +func newHealthCheckLog(start, end time.Time, exitCode int, log string) define.HealthCheckLog { + return define.HealthCheckLog{ Start: start.Format(time.RFC3339Nano), End: end.Format(time.RFC3339Nano), ExitCode: exitCode, @@ -225,7 +203,7 @@ func (c *Container) updateHealthStatus(status string) error { } // UpdateHealthCheckLog parses the health check results and writes the log -func (c *Container) updateHealthCheckLog(hcl HealthCheckLog, inStartPeriod bool) error { +func (c *Container) updateHealthCheckLog(hcl define.HealthCheckLog, inStartPeriod bool) error { healthCheck, err := c.GetHealthCheckLog() if err != nil { return err @@ -266,8 +244,8 @@ func (c *Container) healthCheckLogPath() string { // GetHealthCheckLog returns HealthCheck results by reading the container's // health check log file. If the health check log file does not exist, then // an empty healthcheck struct is returned -func (c *Container) GetHealthCheckLog() (HealthCheckResults, error) { - var healthCheck HealthCheckResults +func (c *Container) GetHealthCheckLog() (define.HealthCheckResults, error) { + var healthCheck define.HealthCheckResults if _, err := os.Stat(c.healthCheckLogPath()); os.IsNotExist(err) { return healthCheck, nil } diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index f1bf79ce7..ab6ec4439 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -154,13 +154,25 @@ func (r *Runtime) createNetNS(ctr *Container) (n ns.NetNS, q []*cnitypes.Result, return ctrNS, networkStatus, err } -func checkSlirpFlags(path string) (bool, bool, bool, error) { +type slirpFeatures struct { + HasDisableHostLoopback bool + HasMTU bool + HasEnableSandbox bool + HasEnableSeccomp bool +} + +func checkSlirpFlags(path string) (*slirpFeatures, error) { cmd := exec.Command(path, "--help") out, err := cmd.CombinedOutput() if err != nil { - return false, false, false, errors.Wrapf(err, "slirp4netns %q", out) - } - return strings.Contains(string(out), "--disable-host-loopback"), strings.Contains(string(out), "--mtu"), strings.Contains(string(out), "--enable-sandbox"), nil + return nil, errors.Wrapf(err, "slirp4netns %q", out) + } + return &slirpFeatures{ + HasDisableHostLoopback: strings.Contains(string(out), "--disable-host-loopback"), + HasMTU: strings.Contains(string(out), "--mtu"), + HasEnableSandbox: strings.Contains(string(out), "--enable-sandbox"), + HasEnableSeccomp: strings.Contains(string(out), "--enable-seccomp"), + }, nil } // Configure the network namespace for a rootless container @@ -187,19 +199,22 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) (err error) { logPath := filepath.Join(ctr.runtime.config.TmpDir, fmt.Sprintf("slirp4netns-%s.log", ctr.config.ID)) cmdArgs := []string{} - dhp, mtu, sandbox, err := checkSlirpFlags(path) + slirpFeatures, err := checkSlirpFlags(path) if err != nil { return errors.Wrapf(err, "error checking slirp4netns binary %s: %q", path, err) } - if dhp { + if slirpFeatures.HasDisableHostLoopback { cmdArgs = append(cmdArgs, "--disable-host-loopback") } - if mtu { + if slirpFeatures.HasMTU { cmdArgs = append(cmdArgs, "--mtu", "65520") } - if sandbox { + if slirpFeatures.HasEnableSandbox { cmdArgs = append(cmdArgs, "--enable-sandbox") } + if slirpFeatures.HasEnableSeccomp { + cmdArgs = append(cmdArgs, "--enable-seccomp") + } // the slirp4netns arguments being passed are describes as follows: // from the slirp4netns documentation: https://github.com/rootless-containers/slirp4netns @@ -230,7 +245,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) (err error) { } // workaround for https://github.com/rootless-containers/slirp4netns/pull/153 - if sandbox { + if slirpFeatures.HasEnableSandbox { cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWNS cmd.SysProcAttr.Unshareflags = syscall.CLONE_NEWNS } @@ -558,8 +573,8 @@ func getContainerNetIO(ctr *Container) (*netlink.LinkStatistics, error) { // Produce an InspectNetworkSettings containing information on the container // network. -func (c *Container) getContainerNetworkInfo() (*InspectNetworkSettings, error) { - settings := new(InspectNetworkSettings) +func (c *Container) getContainerNetworkInfo() (*define.InspectNetworkSettings, error) { + settings := new(define.InspectNetworkSettings) settings.Ports = []ocicni.PortMapping{} if c.config.PortMappings != nil { // TODO: This may not be safe. @@ -585,13 +600,13 @@ func (c *Container) getContainerNetworkInfo() (*InspectNetworkSettings, error) { return nil, errors.Wrapf(define.ErrInternal, "network inspection mismatch: asked to join %d CNI networks but have information on %d networks", len(c.config.Networks), len(c.state.NetworkStatus)) } - settings.Networks = make(map[string]*InspectAdditionalNetwork) + settings.Networks = make(map[string]*define.InspectAdditionalNetwork) // CNI results should be in the same order as the list of // networks we pass into CNI. for index, name := range c.config.Networks { cniResult := c.state.NetworkStatus[index] - addedNet := new(InspectAdditionalNetwork) + addedNet := new(define.InspectAdditionalNetwork) addedNet.NetworkID = name basicConfig, err := resultToBasicNetworkConfig(cniResult) @@ -625,8 +640,8 @@ func (c *Container) getContainerNetworkInfo() (*InspectNetworkSettings, error) { // resultToBasicNetworkConfig produces an InspectBasicNetworkConfig from a CNI // result -func resultToBasicNetworkConfig(result *cnitypes.Result) (InspectBasicNetworkConfig, error) { - config := InspectBasicNetworkConfig{} +func resultToBasicNetworkConfig(result *cnitypes.Result) (define.InspectBasicNetworkConfig, error) { + config := define.InspectBasicNetworkConfig{} for _, ctrIP := range result.IPs { size, _ := ctrIP.Address.Mask.Size() diff --git a/libpod/networking_unsupported.go b/libpod/networking_unsupported.go index 32b354a44..1ef8fe2dc 100644 --- a/libpod/networking_unsupported.go +++ b/libpod/networking_unsupported.go @@ -20,7 +20,7 @@ func (r *Runtime) createNetNS(ctr *Container) (err error) { return define.ErrNotImplemented } -func (c *Container) getContainerNetworkInfo() (*InspectNetworkSettings, error) { +func (c *Container) getContainerNetworkInfo() (*define.InspectNetworkSettings, error) { return nil, define.ErrNotImplemented } diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index 82c5d7020..6d9a976cb 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -793,7 +793,6 @@ func (r *ConmonOCIRuntime) ExecAttachResize(ctr *Container, sessionID string, ne } defer controlFile.Close() - logrus.Debugf("Received a resize event for container %s exec session %s: %+v", ctr.ID(), sessionID, newSize) if _, err = fmt.Fprintf(controlFile, "%d %d %d\n", 1, newSize.Height, newSize.Width); err != nil { return errors.Wrapf(err, "failed to write to ctl file to resize terminal") } diff --git a/libpod/options.go b/libpod/options.go index 9b61d7947..74f9c485e 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -21,6 +21,8 @@ import ( var ( // NameRegex is a regular expression to validate container/pod names. + // This must NOT be changed from outside of Libpod. It should be a + // constant, but Go won't let us do that. NameRegex = regexp.MustCompile("^[a-zA-Z0-9][a-zA-Z0-9_.-]*$") // RegexError is thrown in presence of an invalid container/pod name. RegexError = errors.Wrapf(define.ErrInvalidArg, "names must match [a-zA-Z0-9][a-zA-Z0-9_.-]*") diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 0b18436ca..b99e6df84 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -830,6 +830,24 @@ func (r *Runtime) GetLatestContainer() (*Container, error) { return ctrs[lastCreatedIndex], nil } +// GetExecSessionContainer gets the container that a given exec session ID is +// attached to. +func (r *Runtime) GetExecSessionContainer(id string) (*Container, error) { + r.lock.RLock() + defer r.lock.RUnlock() + + if !r.valid { + return nil, define.ErrRuntimeStopped + } + + ctrID, err := r.state.GetExecSession(id) + if err != nil { + return nil, err + } + + return r.state.Container(ctrID) +} + // PruneContainers removes stopped and exited containers from localstorage. A set of optional filters // can be provided to be more granular. func (r *Runtime) PruneContainers(filterFuncs []ContainerFilter) (map[string]int64, map[string]error, error) { diff --git a/libpod/runtime_volume.go b/libpod/runtime_volume.go index d522ffb6c..d5fede1d1 100644 --- a/libpod/runtime_volume.go +++ b/libpod/runtime_volume.go @@ -5,7 +5,6 @@ import ( "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/libpod/events" - "github.com/containers/libpod/pkg/domain/entities" "github.com/pkg/errors" ) @@ -130,10 +129,8 @@ func (r *Runtime) GetAllVolumes() ([]*Volume, error) { } // PruneVolumes removes unused volumes from the system -func (r *Runtime) PruneVolumes(ctx context.Context) ([]*entities.VolumePruneReport, error) { - var ( - reports []*entities.VolumePruneReport - ) +func (r *Runtime) PruneVolumes(ctx context.Context) (map[string]error, error) { + reports := make(map[string]error) vols, err := r.GetAllVolumes() if err != nil { return nil, err @@ -142,12 +139,12 @@ func (r *Runtime) PruneVolumes(ctx context.Context) ([]*entities.VolumePruneRepo for _, vol := range vols { if err := r.RemoveVolume(ctx, vol, false); err != nil { if errors.Cause(err) != define.ErrVolumeBeingUsed && errors.Cause(err) != define.ErrVolumeRemoved { - reports = append(reports, &entities.VolumePruneReport{Id: vol.Name(), Err: err}) + reports[vol.Name()] = err } continue } vol.newVolumeEvent(events.Prune) - reports = append(reports, &entities.VolumePruneReport{Id: vol.Name()}) + reports[vol.Name()] = nil } return reports, nil } |