4 files changed, 55 insertions, 93 deletions
diff --git a/pkg/api/handlers/compat/containers_attach.go b/pkg/api/handlers/compat/containers_attach.go
index 2d63ac56d..e20d48d86 100644
--- a/pkg/api/handlers/compat/containers_attach.go
+++ b/pkg/api/handlers/compat/containers_attach.go
@@ -1,12 +1,7 @@
 package compat
 
 import (
-	"bufio"
-	"fmt"
-	"io"
-	"net"
 	"net/http"
-	"strings"
 
 	"github.com/containers/podman/v2/libpod"
 	"github.com/containers/podman/v2/libpod/define"
@@ -97,75 +92,30 @@ func AttachContainer(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	connection, buffer, err := AttachConnection(w, r)
-	if err != nil {
-		utils.InternalServerError(w, err)
-		return
-	}
-	logrus.Debugf("Hijack for attach of container %s successful", ctr.ID())
+	idleTracker := r.Context().Value("idletracker").(*idletracker.IdleTracker)
+	hijackChan := make(chan bool, 1)
 
 	// Perform HTTP attach.
 	// HTTPAttach will handle everything about the connection from here on
 	// (including closing it and writing errors to it).
-	if err := ctr.HTTPAttach(connection, buffer, streams, detachKeys, nil, query.Stream, query.Logs); err != nil {
+	if err := ctr.HTTPAttach(r, w, streams, detachKeys, nil, query.Stream, query.Logs, hijackChan); err != nil {
+		hijackComplete := <-hijackChan
+
 		// We can't really do anything about errors anymore. HTTPAttach
 		// should be writing them to the connection.
 		logrus.Errorf("Error attaching to container %s: %v", ctr.ID(), err)
-	}
 
-	logrus.Debugf("Attach for container %s completed successfully", ctr.ID())
-}
-
-type HijackedConnection struct {
-	net.Conn                             // Connection
-	idleTracker *idletracker.IdleTracker // Connection tracker
-}
-
-func (c HijackedConnection) Close() error {
-	logrus.Debugf("Hijacked connection closed")
-
-	c.idleTracker.TrackHijackedClosed()
-	return c.Conn.Close()
-}
-
-func AttachConnection(w http.ResponseWriter, r *http.Request) (net.Conn, *bufio.ReadWriter, error) {
-	idleTracker := r.Context().Value("idletracker").(*idletracker.IdleTracker)
-
-	// Hijack the connection
-	hijacker, ok := w.(http.Hijacker)
-	if !ok {
-		return nil, nil, errors.Errorf("unable to hijack connection")
-	}
-
-	connection, buffer, err := hijacker.Hijack()
-	if err != nil {
-		return nil, nil, errors.Wrapf(err, "error hijacking connection")
-	}
-	trackedConnection := HijackedConnection{
-		Conn:        connection,
-		idleTracker: idleTracker,
+		if hijackComplete {
+			// We do need to tell the idle tracker that the
+			// connection has been closed, though. We can guarantee
+			// that is true after HTTPAttach exits.
+			idleTracker.TrackHijackedClosed()
+		} else {
+			// A hijack was not successfully completed. We need to
+			// report the error normally.
+			utils.InternalServerError(w, err)
+		}
 	}
 
-	WriteAttachHeaders(r, trackedConnection)
-
-	return trackedConnection, buffer, nil
-}
-
-func WriteAttachHeaders(r *http.Request, connection io.Writer) {
-	// AttachHeader is the literal header sent for upgraded/hijacked connections for
-	// attach, sourced from Docker at:
-	// https://raw.githubusercontent.com/moby/moby/b95fad8e51bd064be4f4e58a996924f343846c85/api/server/router/container/container_routes.go
-	// Using literally to ensure compatibility with existing clients.
-	c := r.Header.Get("Connection")
-	proto := r.Header.Get("Upgrade")
-	if len(proto) == 0 || !strings.EqualFold(c, "Upgrade") {
-		// OK - can't upgrade if not requested or protocol is not specified
-		fmt.Fprintf(connection,
-			"HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n")
-	} else {
-		// Upraded
-		fmt.Fprintf(connection,
-			"HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: %s\r\n\r\n",
-			proto)
-	}
+	logrus.Debugf("Attach for container %s completed successfully", ctr.ID())
 }
diff --git a/pkg/api/handlers/compat/exec.go b/pkg/api/handlers/compat/exec.go
index 7a62a2b58..1db950f85 100644
--- a/pkg/api/handlers/compat/exec.go
+++ b/pkg/api/handlers/compat/exec.go
@@ -10,6 +10,7 @@ import (
 	"github.com/containers/podman/v2/libpod/define"
 	"github.com/containers/podman/v2/pkg/api/handlers"
 	"github.com/containers/podman/v2/pkg/api/handlers/utils"
+	"github.com/containers/podman/v2/pkg/api/server/idletracker"
 	"github.com/containers/podman/v2/pkg/specgen/generate"
 	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
@@ -173,15 +174,24 @@ func ExecStartHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	connection, buffer, err := AttachConnection(w, r)
-	if err != nil {
-		utils.InternalServerError(w, err)
-		return
-	}
-	logrus.Debugf("Hijack for attach of container %s exec session %s successful", sessionCtr.ID(), sessionID)
+	idleTracker := r.Context().Value("idletracker").(*idletracker.IdleTracker)
+	hijackChan := make(chan bool, 1)
+
+	if err := sessionCtr.ExecHTTPStartAndAttach(sessionID, r, w, nil, nil, nil, hijackChan); err != nil {
+		hijackComplete := <-hijackChan
 
-	if err := sessionCtr.ExecHTTPStartAndAttach(sessionID, connection, buffer, nil, nil, nil); err != nil {
 		logrus.Errorf("Error attaching to container %s exec session %s: %v", sessionCtr.ID(), sessionID, err)
+
+		if hijackComplete {
+			// We do need to tell the idle tracker that the
+			// connection has been closed, though. We can guarantee
+			// that is true after HTTPAttach exits.
+			idleTracker.TrackHijackedClosed()
+		} else {
+			// A hijack was not successfully completed. We need to
+			// report the error normally.
+			utils.InternalServerError(w, err)
+		}
 	}
 
 	logrus.Debugf("Attach for container %s exec session %s completed successfully", sessionCtr.ID(), sessionID)
diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go
index 51013acf1..8d3fc4e00 100644
--- a/pkg/api/handlers/libpod/images.go
+++ b/pkg/api/handlers/libpod/images.go
@@ -338,11 +338,12 @@ func ImagesPull(w http.ResponseWriter, r *http.Request) {
 	runtime := r.Context().Value("runtime").(*libpod.Runtime)
 	decoder := r.Context().Value("decoder").(*schema.Decoder)
 	query := struct {
-		Reference    string `schema:"reference"`
-		OverrideOS   string `schema:"overrideOS"`
-		OverrideArch string `schema:"overrideArch"`
-		TLSVerify    bool   `schema:"tlsVerify"`
-		AllTags      bool   `schema:"allTags"`
+		Reference       string `schema:"reference"`
+		OverrideOS      string `schema:"overrideOS"`
+		OverrideArch    string `schema:"overrideArch"`
+		OverrideVariant string `schema:"overrideVariant"`
+		TLSVerify       bool   `schema:"tlsVerify"`
+		AllTags         bool   `schema:"allTags"`
 	}{
 		TLSVerify: true,
 	}
@@ -393,6 +394,7 @@ func ImagesPull(w http.ResponseWriter, r *http.Request) {
 		DockerRegistryCreds: authConf,
 		OSChoice:            query.OverrideOS,
 		ArchitectureChoice:  query.OverrideArch,
+		VariantChoice:       query.OverrideVariant,
 	}
 	if _, found := r.URL.Query()["tlsVerify"]; found {
 		dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!query.TLSVerify)
diff --git a/pkg/api/handlers/libpod/pods.go b/pkg/api/handlers/libpod/pods.go
index 6e704fe65..8f8292567 100644
--- a/pkg/api/handlers/libpod/pods.go
+++ b/pkg/api/handlers/libpod/pods.go
@@ -135,8 +135,8 @@ func PodStop(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 	var errs []error //nolint
-	for _, err := range responses {
-		errs = append(errs, err)
+	for id, err := range responses {
+		errs = append(errs, errors.Wrapf(err, "error stopping container %s", id))
 	}
 	report := entities.PodStopReport{
 		Errs: errs,
@@ -164,12 +164,12 @@ func PodStart(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	responses, err := pod.Start(r.Context())
-	if err != nil {
+	if err != nil && errors.Cause(err) != define.ErrPodPartialFail {
 		utils.Error(w, "Something went wrong", http.StatusInternalServerError, err)
 		return
 	}
-	for _, err := range responses {
-		errs = append(errs, err)
+	for id, err := range responses {
+		errs = append(errs, errors.Wrapf(err, "error starting container %s", id))
 	}
 	report := entities.PodStartReport{
 		Errs: errs,
@@ -220,12 +220,12 @@ func PodRestart(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	responses, err := pod.Restart(r.Context())
-	if err != nil {
+	if err != nil && errors.Cause(err) != define.ErrPodPartialFail {
 		utils.Error(w, "Something went wrong", http.StatusInternalServerError, err)
 		return
 	}
-	for _, err := range responses {
-		errs = append(errs, err)
+	for id, err := range responses {
+		errs = append(errs, errors.Wrapf(err, "error restarting container %s", id))
 	}
 	report := entities.PodRestartReport{
 		Errs: errs,
@@ -271,12 +271,12 @@ func PodPause(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	responses, err := pod.Pause()
-	if err != nil {
+	if err != nil && errors.Cause(err) != define.ErrPodPartialFail {
 		utils.Error(w, "Something went wrong", http.StatusInternalServerError, err)
 		return
 	}
-	for _, v := range responses {
-		errs = append(errs, v)
+	for id, v := range responses {
+		errs = append(errs, errors.Wrapf(v, "error pausing container %s", id))
 	}
 	report := entities.PodPauseReport{
 		Errs: errs,
@@ -295,12 +295,12 @@ func PodUnpause(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	responses, err := pod.Unpause()
-	if err != nil {
+	if err != nil && errors.Cause(err) != define.ErrPodPartialFail {
 		utils.Error(w, "failed to pause pod", http.StatusInternalServerError, err)
 		return
 	}
-	for _, v := range responses {
-		errs = append(errs, v)
+	for id, v := range responses {
+		errs = append(errs, errors.Wrapf(v, "error unpausing container %s", id))
 	}
 	report := entities.PodUnpauseReport{
 		Errs: errs,
@@ -403,7 +403,7 @@ func PodKill(w http.ResponseWriter, r *http.Request) {
 	}
 
 	responses, err := pod.Kill(uint(sig))
-	if err != nil {
+	if err != nil && errors.Cause(err) != define.ErrPodPartialFail {
 		utils.Error(w, "failed to kill pod", http.StatusInternalServerError, err)
 		return
 	}