diff options
Diffstat (limited to 'pkg')
34 files changed, 253 insertions, 274 deletions
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index 2d296b5ce..6d4fe5513 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -16,7 +16,6 @@ import ( "github.com/containers/buildah" buildahDefine "github.com/containers/buildah/define" "github.com/containers/buildah/pkg/parse" - "github.com/containers/buildah/util" "github.com/containers/image/v5/types" "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/pkg/api/handlers/utils" @@ -74,6 +73,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { AdditionalCapabilities string `schema:"addcaps"` Annotations string `schema:"annotations"` AppArmor string `schema:"apparmor"` + AllPlatforms bool `schema:"allplatforms"` BuildArgs string `schema:"buildargs"` CacheFrom string `schema:"cachefrom"` Compression uint64 `schema:"compression"` @@ -122,6 +122,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { Target string `schema:"target"` Timestamp int64 `schema:"timestamp"` Ulimits string `schema:"ulimits"` + UnsetEnvs []string `schema:"unsetenv"` Secrets string `schema:"secrets"` }{ Dockerfile: "Dockerfile", @@ -491,16 +492,12 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { defer reporter.Close() runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime) - rtc, err := runtime.GetConfig() - if err != nil { - utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "Decode()")) - return - } buildOptions := buildahDefine.BuildOptions{ AddCapabilities: addCaps, AdditionalTags: additionalTags, Annotations: annotations, Args: buildArgs, + AllPlatforms: query.AllPlatforms, CommonBuildOpts: &buildah.CommonBuildOptions{ AddHost: addhosts, ApparmorProfile: apparmor, @@ -522,8 +519,6 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { Ulimit: ulimits, Secrets: secrets, }, - CNIConfigDir: rtc.Network.CNIPluginDirs[0], - CNIPluginPath: util.DefaultCNIPluginPath, Compression: compression, ConfigureNetwork: parseNetworkConfigurationPolicy(query.ConfigureNetwork), ContextDirectory: contextDirectory, @@ -556,6 +551,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { Squash: query.Squash, Target: query.Target, SystemContext: systemContext, + UnsetEnvs: query.UnsetEnvs, } for _, platformSpec := range query.Platform { diff --git a/pkg/api/handlers/compat/networks.go b/pkg/api/handlers/compat/networks.go index db3af7d0b..3345a9cfe 100644 --- a/pkg/api/handlers/compat/networks.go +++ b/pkg/api/handlers/compat/networks.go @@ -6,10 +6,10 @@ import ( "net" "net/http" + nettypes "github.com/containers/common/libnetwork/types" + netutil "github.com/containers/common/libnetwork/util" "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/libpod/define" - nettypes "github.com/containers/podman/v3/libpod/network/types" - netutil "github.com/containers/podman/v3/libpod/network/util" "github.com/containers/podman/v3/pkg/api/handlers/utils" api "github.com/containers/podman/v3/pkg/api/types" "github.com/containers/podman/v3/pkg/domain/entities" diff --git a/pkg/api/handlers/libpod/networks.go b/pkg/api/handlers/libpod/networks.go index a28c3c57c..d140ec07f 100644 --- a/pkg/api/handlers/libpod/networks.go +++ b/pkg/api/handlers/libpod/networks.go @@ -4,9 +4,9 @@ import ( "encoding/json" "net/http" + "github.com/containers/common/libnetwork/types" "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/libpod/define" - "github.com/containers/podman/v3/libpod/network/types" "github.com/containers/podman/v3/pkg/api/handlers/utils" api "github.com/containers/podman/v3/pkg/api/types" "github.com/containers/podman/v3/pkg/domain/entities" diff --git a/pkg/api/handlers/libpod/swagger.go b/pkg/api/handlers/libpod/swagger.go index 8d7058b1e..db93d7ac6 100644 --- a/pkg/api/handlers/libpod/swagger.go +++ b/pkg/api/handlers/libpod/swagger.go @@ -4,9 +4,9 @@ import ( "net/http" "os" + "github.com/containers/common/libnetwork/types" "github.com/containers/image/v5/manifest" "github.com/containers/podman/v3/libpod/define" - "github.com/containers/podman/v3/libpod/network/types" "github.com/containers/podman/v3/pkg/api/handlers/utils" "github.com/containers/podman/v3/pkg/domain/entities" "github.com/pkg/errors" diff --git a/pkg/api/server/register_images.go b/pkg/api/server/register_images.go index bf8eeef40..d9cda8579 100644 --- a/pkg/api/server/register_images.go +++ b/pkg/api/server/register_images.go @@ -1388,6 +1388,14 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error { // default: latest // description: A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default latest value is assumed. You can provide several t parameters. // - in: query + // name: allplatforms + // type: boolean + // default: false + // description: | + // Instead of building for a set of platforms specified using the platform option, inspect the build's base images, + // and build for all of the platforms that are available. Stages that use *scratch* as a starting point can not be inspected, + // so at least one non-*scratch* stage must be present for detection to work usefully. + // - in: query // name: extrahosts // type: string // default: @@ -1570,6 +1578,12 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error { // description: | // Inject http proxy environment variables into container // (As of version 2.0.0) + // - in: query + // name: unsetenv + // description: Unset environment variables from the final image. + // type: array + // items: + // type: string // produces: // - application/json // responses: diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go index 7bca43132..6b5159f52 100644 --- a/pkg/bindings/images/build.go +++ b/pkg/bindings/images/build.go @@ -62,6 +62,11 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO } params.Set("annotations", l) } + + if options.AllPlatforms { + params.Add("allplatforms", "1") + } + params.Add("t", options.Output) for _, tag := range options.AdditionalTags { params.Add("t", tag) @@ -289,6 +294,11 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO } params.Set("ulimits", string(ulimitsJSON)) } + + for _, uenv := range options.UnsetEnvs { + params.Add("unsetenv", uenv) + } + var ( headers map[string]string err error diff --git a/pkg/bindings/network/network.go b/pkg/bindings/network/network.go index 66e01a016..f3e7c3ef2 100644 --- a/pkg/bindings/network/network.go +++ b/pkg/bindings/network/network.go @@ -5,7 +5,7 @@ import ( "net/http" "strings" - "github.com/containers/podman/v3/libpod/network/types" + "github.com/containers/common/libnetwork/types" "github.com/containers/podman/v3/pkg/bindings" "github.com/containers/podman/v3/pkg/domain/entities" jsoniter "github.com/json-iterator/go" diff --git a/pkg/bindings/test/networks_test.go b/pkg/bindings/test/networks_test.go index d95862f6f..5924d865a 100644 --- a/pkg/bindings/test/networks_test.go +++ b/pkg/bindings/test/networks_test.go @@ -6,7 +6,7 @@ import ( "net/http" "time" - "github.com/containers/podman/v3/libpod/network/types" + "github.com/containers/common/libnetwork/types" "github.com/containers/podman/v3/pkg/bindings" "github.com/containers/podman/v3/pkg/bindings/containers" "github.com/containers/podman/v3/pkg/bindings/network" diff --git a/pkg/domain/entities/container_ps.go b/pkg/domain/entities/container_ps.go index d018d373f..d32a2eead 100644 --- a/pkg/domain/entities/container_ps.go +++ b/pkg/domain/entities/container_ps.go @@ -5,7 +5,7 @@ import ( "strings" "time" - "github.com/containers/podman/v3/libpod/network/types" + "github.com/containers/common/libnetwork/types" "github.com/containers/podman/v3/pkg/ps/define" "github.com/pkg/errors" ) diff --git a/pkg/domain/entities/containers.go b/pkg/domain/entities/containers.go index e3f8f1b7c..110265e59 100644 --- a/pkg/domain/entities/containers.go +++ b/pkg/domain/entities/containers.go @@ -6,9 +6,9 @@ import ( "os" "time" + nettypes "github.com/containers/common/libnetwork/types" "github.com/containers/image/v5/types" "github.com/containers/podman/v3/libpod/define" - nettypes "github.com/containers/podman/v3/libpod/network/types" "github.com/containers/podman/v3/pkg/specgen" "github.com/containers/storage/pkg/archive" ) diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go index 7ce4dd0f6..962782fd8 100644 --- a/pkg/domain/entities/engine_container.go +++ b/pkg/domain/entities/engine_container.go @@ -4,9 +4,9 @@ import ( "context" "io" + "github.com/containers/common/libnetwork/types" "github.com/containers/common/pkg/config" "github.com/containers/podman/v3/libpod/define" - "github.com/containers/podman/v3/libpod/network/types" "github.com/containers/podman/v3/pkg/domain/entities/reports" "github.com/containers/podman/v3/pkg/specgen" ) diff --git a/pkg/domain/entities/events.go b/pkg/domain/entities/events.go index 73a375b94..fa815d7b9 100644 --- a/pkg/domain/entities/events.go +++ b/pkg/domain/entities/events.go @@ -42,7 +42,7 @@ func ConvertToLibpodEvent(e Event) *libpodEvents.Event { Image: image, Name: name, Status: status, - Time: time.Unix(e.Time, e.TimeNano), + Time: time.Unix(0, e.TimeNano), Type: t, Details: libpodEvents.Details{ Attributes: details, diff --git a/pkg/domain/entities/network.go b/pkg/domain/entities/network.go index 34b89ae7d..79edc3227 100644 --- a/pkg/domain/entities/network.go +++ b/pkg/domain/entities/network.go @@ -3,7 +3,7 @@ package entities import ( "net" - "github.com/containers/podman/v3/libpod/network/types" + "github.com/containers/common/libnetwork/types" ) // NetworkListOptions describes options for listing networks in cli diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go index 1b5a1be51..cc9476d79 100644 --- a/pkg/domain/entities/pods.go +++ b/pkg/domain/entities/pods.go @@ -139,6 +139,7 @@ type PodCreateOptions struct { Volume []string `json:"volume,omitempty"` VolumesFrom []string `json:"volumes_from,omitempty"` SecurityOpt []string `json:"security_opt,omitempty"` + Sysctl []string `json:"sysctl,omitempty"` } // PodLogsOptions describes the options to extract pod logs. @@ -240,7 +241,7 @@ type ContainerCreateOptions struct { StorageOpts []string SubUIDName string SubGIDName string - Sysctl []string + Sysctl []string `json:"sysctl,omitempty"` Systemd string Timeout uint TLSVerify commonFlag.OptionalBool @@ -360,6 +361,15 @@ func ToPodSpecGen(s specgen.PodSpecGenerator, p *PodCreateOptions) (*specgen.Pod } } s.Userns = p.Userns + sysctl := map[string]string{} + if ctl := p.Sysctl; len(ctl) > 0 { + sysctl, err = util.ValidateSysctls(ctl) + if err != nil { + return nil, err + } + } + s.Sysctl = sysctl + return &s, nil } diff --git a/pkg/domain/entities/types.go b/pkg/domain/entities/types.go index 0348c0af5..ec30b6f9a 100644 --- a/pkg/domain/entities/types.go +++ b/pkg/domain/entities/types.go @@ -4,9 +4,9 @@ import ( "net" buildahDefine "github.com/containers/buildah/define" + "github.com/containers/common/libnetwork/types" "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/libpod/events" - "github.com/containers/podman/v3/libpod/network/types" "github.com/containers/podman/v3/pkg/specgen" "github.com/containers/storage/pkg/archive" ) diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go index a4522698e..afd25d313 100644 --- a/pkg/domain/infra/abi/containers.go +++ b/pkg/domain/infra/abi/containers.go @@ -357,24 +357,56 @@ func (ic *ContainerEngine) ContainerRm(ctx context.Context, namesOrIds []string, return rmReports, nil } + alreadyRemoved := make(map[string]bool) + addReports := func(newReports []*reports.RmReport) { + for i := range newReports { + alreadyRemoved[newReports[i].Id] = true + rmReports = append(rmReports, newReports[i]) + } + } if !options.All && options.Depend { // Add additional containers based on dependencies to container map for _, ctr := range ctrs { + if alreadyRemoved[ctr.ID()] { + continue + } reports, err := ic.Libpod.RemoveDepend(ctx, ctr, options.Force, options.Volumes, options.Timeout) if err != nil { return rmReports, err } - rmReports = append(rmReports, reports...) + addReports(reports) } return rmReports, nil } + + // If --all is set, make sure to remove the infra containers' + // dependencies before doing the parallel removal below. + if options.All { + for _, ctr := range ctrs { + if alreadyRemoved[ctr.ID()] || !ctr.IsInfra() { + continue + } + reports, err := ic.Libpod.RemoveDepend(ctx, ctr, options.Force, options.Volumes, options.Timeout) + if err != nil { + return rmReports, err + } + addReports(reports) + } + } + errMap, err := parallelctr.ContainerOp(ctx, ctrs, func(c *libpod.Container) error { + if alreadyRemoved[c.ID()] { + return nil + } return ic.removeContainer(ctx, c, options) }) if err != nil { return nil, err } for ctr, err := range errMap { + if alreadyRemoved[ctr.ID()] { + continue + } report := new(reports.RmReport) report.Id = ctr.ID() report.Err = err diff --git a/pkg/domain/infra/abi/network.go b/pkg/domain/infra/abi/network.go index c7b12663c..196fd3656 100644 --- a/pkg/domain/infra/abi/network.go +++ b/pkg/domain/infra/abi/network.go @@ -3,9 +3,9 @@ package abi import ( "context" + "github.com/containers/common/libnetwork/types" + netutil "github.com/containers/common/libnetwork/util" "github.com/containers/podman/v3/libpod/define" - "github.com/containers/podman/v3/libpod/network/types" - netutil "github.com/containers/podman/v3/libpod/network/util" "github.com/containers/podman/v3/pkg/domain/entities" "github.com/containers/podman/v3/pkg/util" "github.com/pkg/errors" diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index 40c31b163..25aae7019 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -13,11 +13,11 @@ import ( buildahDefine "github.com/containers/buildah/define" "github.com/containers/common/libimage" + nettypes "github.com/containers/common/libnetwork/types" "github.com/containers/common/pkg/config" "github.com/containers/image/v5/types" "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/libpod/define" - nettypes "github.com/containers/podman/v3/libpod/network/types" "github.com/containers/podman/v3/pkg/autoupdate" "github.com/containers/podman/v3/pkg/domain/entities" "github.com/containers/podman/v3/pkg/specgen" diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go index 4f72eab96..ae689f1f7 100644 --- a/pkg/domain/infra/tunnel/containers.go +++ b/pkg/domain/infra/tunnel/containers.go @@ -188,35 +188,53 @@ func (ic *ContainerEngine) ContainerRm(ctx context.Context, namesOrIds []string, if opts.Timeout != nil { options = options.WithTimeout(*opts.Timeout) } + + toRemove := []string{} + alreadyRemoved := make(map[string]bool) // Avoids trying to remove already removed containers if opts.All { - ctrs, err := getContainersByContext(ic.ClientCtx, opts.All, opts.Ignore, namesOrIds) + ctrs, err := getContainersByContext(ic.ClientCtx, opts.All, opts.Ignore, nil) if err != nil { return nil, err } - rmReports := make([]*reports.RmReport, 0, len(ctrs)) for _, c := range ctrs { - report, err := containers.Remove(ic.ClientCtx, c.ID, options) + toRemove = append(toRemove, c.ID) + } + } else { + for _, ctr := range namesOrIds { + // NOTE that we set ignore=true here to support + // removing external containers (e.g., Buildah + // containers). If we don't find the container, + // we'll use the raw input provided by the user + // instead of the ID. Since this can only happen + // with external containers, it poses no threat + // to the `alreadyRemoved` checks below. + ctrs, err := getContainersByContext(ic.ClientCtx, false, true, []string{ctr}) if err != nil { - return rmReports, err + return nil, err } - rmReports = append(rmReports, report...) + id := ctr + if len(ctrs) == 1 { + id = ctrs[0].ID + } + toRemove = append(toRemove, id) } - return rmReports, nil } - rmReports := make([]*reports.RmReport, 0, len(namesOrIds)) - for _, name := range namesOrIds { - report, err := containers.Remove(ic.ClientCtx, name, options) + rmReports := make([]*reports.RmReport, 0, len(toRemove)) + for _, nameOrID := range toRemove { + if alreadyRemoved[nameOrID] { + continue + } + newReports, err := containers.Remove(ic.ClientCtx, nameOrID, options) if err != nil { - rmReports = append(rmReports, &reports.RmReport{ - Id: name, - Err: err, - }) + rmReports = append(rmReports, &reports.RmReport{Id: nameOrID, Err: err}) continue } - rmReports = append(rmReports, report...) + for i := range newReports { + alreadyRemoved[newReports[i].Id] = true + rmReports = append(rmReports, newReports[i]) + } } - return rmReports, nil } diff --git a/pkg/domain/infra/tunnel/network.go b/pkg/domain/infra/tunnel/network.go index b5050345a..0f1430b1a 100644 --- a/pkg/domain/infra/tunnel/network.go +++ b/pkg/domain/infra/tunnel/network.go @@ -3,8 +3,8 @@ package tunnel import ( "context" + "github.com/containers/common/libnetwork/types" "github.com/containers/podman/v3/libpod/define" - "github.com/containers/podman/v3/libpod/network/types" "github.com/containers/podman/v3/pkg/bindings/network" "github.com/containers/podman/v3/pkg/domain/entities" "github.com/containers/podman/v3/pkg/errorhandling" diff --git a/pkg/machine/config.go b/pkg/machine/config.go index 27a7c1b1f..97237f5e5 100644 --- a/pkg/machine/config.go +++ b/pkg/machine/config.go @@ -29,6 +29,15 @@ type InitOptions struct { ReExec bool } +type QemuMachineStatus = string + +const ( + // Running indicates the qemu vm is running + Running QemuMachineStatus = "running" + // Stopped indicates the vm has stopped + Stopped QemuMachineStatus = "stopped" +) + type Provider interface { NewMachine(opts InitOptions) (VM, error) LoadVMByName(name string) (VM, error) diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go index a43d78665..560037542 100644 --- a/pkg/machine/qemu/machine.go +++ b/pkg/machine/qemu/machine.go @@ -386,8 +386,16 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error { } if len(v.Mounts) > 0 { - for !v.isRunning() || !v.isListening() { + running, err := v.isRunning() + if err != nil { + return err + } + for running || !v.isListening() { time.Sleep(100 * time.Millisecond) + running, err = v.isRunning() + if err != nil { + return err + } } } for _, mount := range v.Mounts { @@ -416,8 +424,48 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error { return nil } +func (v *MachineVM) checkStatus(monitor *qmp.SocketMonitor) (machine.QemuMachineStatus, error) { + // this is the format returned from the monitor + // {"return": {"status": "running", "singlestep": false, "running": true}} + + type statusDetails struct { + Status string `json:"status"` + Step bool `json:"singlestep"` + Running bool `json:"running"` + } + type statusResponse struct { + Response statusDetails `json:"return"` + } + var response statusResponse + + checkCommand := struct { + Execute string `json:"execute"` + }{ + Execute: "query-status", + } + input, err := json.Marshal(checkCommand) + if err != nil { + return "", err + } + b, err := monitor.Run(input) + if err != nil { + if errors.Cause(err) == os.ErrNotExist { + return machine.Stopped, nil + } + return "", err + } + if err := json.Unmarshal(b, &response); err != nil { + return "", err + } + if response.Response.Status == machine.Running { + return machine.Running, nil + } + return machine.Stopped, nil +} + // Stop uses the qmp monitor to call a system_powerdown func (v *MachineVM) Stop(name string, _ machine.StopOptions) error { + var disconnected bool // check if the qmp socket is there. if not, qemu instance is gone if _, err := os.Stat(v.QMPMonitor.Address); os.IsNotExist(err) { // Right now it is NOT an error to stop a stopped machine @@ -442,19 +490,22 @@ func (v *MachineVM) Stop(name string, _ machine.StopOptions) error { return err } defer func() { - if err := qmpMonitor.Disconnect(); err != nil { - logrus.Error(err) + if !disconnected { + if err := qmpMonitor.Disconnect(); err != nil { + logrus.Error(err) + } } }() + if _, err = qmpMonitor.Run(input); err != nil { return err } + qemuSocketFile, pidFile, err := v.getSocketandPid() if err != nil { return err } if _, err := os.Stat(pidFile); os.IsNotExist(err) { - logrus.Info(err) return nil } pidString, err := ioutil.ReadFile(pidFile) @@ -483,6 +534,24 @@ func (v *MachineVM) Stop(name string, _ machine.StopOptions) error { return err } + if err := qmpMonitor.Disconnect(); err != nil { + return nil + } + + disconnected = true + waitInternal := 250 * time.Millisecond + for i := 0; i < 5; i++ { + running, err := v.isRunning() + if err != nil { + return err + } + if !running { + break + } + time.Sleep(waitInternal) + waitInternal = waitInternal * 2 + } + return nil } @@ -519,7 +588,11 @@ func (v *MachineVM) Remove(name string, opts machine.RemoveOptions) (string, fun ) // cannot remove a running vm - if v.isRunning() { + running, err := v.isRunning() + if err != nil { + return "", nil, err + } + if running { return "", nil, errors.Errorf("running vm %q cannot be destroyed", v.Name) } @@ -578,16 +651,33 @@ func (v *MachineVM) Remove(name string, opts machine.RemoveOptions) (string, fun }, nil } -func (v *MachineVM) isRunning() bool { +func (v *MachineVM) isRunning() (bool, error) { // Check if qmp socket path exists if _, err := os.Stat(v.QMPMonitor.Address); os.IsNotExist(err) { - return false + return false, nil } // Check if we can dial it - if _, err := qmp.NewSocketMonitor(v.QMPMonitor.Network, v.QMPMonitor.Address, v.QMPMonitor.Timeout); err != nil { - return false + monitor, err := qmp.NewSocketMonitor(v.QMPMonitor.Network, v.QMPMonitor.Address, v.QMPMonitor.Timeout) + if err != nil { + return false, nil } - return true + if err := monitor.Connect(); err != nil { + return false, err + } + defer func() { + if err := monitor.Disconnect(); err != nil { + logrus.Error(err) + } + }() + // If there is a monitor, lets see if we can query state + state, err := v.checkStatus(monitor) + if err != nil { + return false, err + } + if state == machine.Running { + return true, nil + } + return false, nil } func (v *MachineVM) isListening() bool { @@ -603,7 +693,11 @@ func (v *MachineVM) isListening() bool { // SSH opens an interactive SSH session to the vm specified. // Added ssh function to VM interface: pkg/machine/config/go : line 58 func (v *MachineVM) SSH(name string, opts machine.SSHOptions) error { - if !v.isRunning() { + running, err := v.isRunning() + if err != nil { + return err + } + if !running { return errors.Errorf("vm %q is not running.", v.Name) } @@ -710,7 +804,11 @@ func GetVMInfos() ([]*machine.ListResponse, error) { return err } listEntry.LastUp = fi.ModTime() - if vm.isRunning() { + running, err := vm.isRunning() + if err != nil { + return err + } + if running { listEntry.Running = true } diff --git a/pkg/netns/netns_linux.go b/pkg/netns/netns_linux.go deleted file mode 100644 index 3e6e668b5..000000000 --- a/pkg/netns/netns_linux.go +++ /dev/null @@ -1,210 +0,0 @@ -// Copyright 2018 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// https://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// This file was originally a part of the containernetworking/plugins -// repository. -// It was copied here and modified for local use by the libpod maintainers. - -package netns - -import ( - "crypto/rand" - "fmt" - "os" - "path" - "path/filepath" - "runtime" - "strings" - "sync" - - "github.com/containernetworking/plugins/pkg/ns" - "github.com/containers/podman/v3/pkg/rootless" - "github.com/containers/podman/v3/pkg/util" - "github.com/sirupsen/logrus" - "golang.org/x/sys/unix" -) - -// GetNSRunDir returns the dir of where to create the netNS. When running -// rootless, it needs to be at a location writable by user. -func GetNSRunDir() (string, error) { - if rootless.IsRootless() { - rootlessDir, err := util.GetRuntimeDir() - if err != nil { - return "", err - } - return filepath.Join(rootlessDir, "netns"), nil - } - return "/run/netns", nil -} - -// NewNS creates a new persistent (bind-mounted) network namespace and returns -// an object representing that namespace, without switching to it. -func NewNS() (ns.NetNS, error) { - b := make([]byte, 16) - _, err := rand.Reader.Read(b) - if err != nil { - return nil, fmt.Errorf("failed to generate random netns name: %v", err) - } - nsName := fmt.Sprintf("cni-%x-%x-%x-%x-%x", b[0:4], b[4:6], b[6:8], b[8:10], b[10:]) - return NewNSWithName(nsName) -} - -// NewNSWithName creates a new persistent (bind-mounted) network namespace and returns -// an object representing that namespace, without switching to it. -func NewNSWithName(name string) (ns.NetNS, error) { - nsRunDir, err := GetNSRunDir() - if err != nil { - return nil, err - } - - // Create the directory for mounting network namespaces - // This needs to be a shared mountpoint in case it is mounted in to - // other namespaces (containers) - err = os.MkdirAll(nsRunDir, 0755) - if err != nil { - return nil, err - } - - // Remount the namespace directory shared. This will fail if it is not - // already a mountpoint, so bind-mount it on to itself to "upgrade" it - // to a mountpoint. - err = unix.Mount("", nsRunDir, "none", unix.MS_SHARED|unix.MS_REC, "") - if err != nil { - if err != unix.EINVAL { - return nil, fmt.Errorf("mount --make-rshared %s failed: %q", nsRunDir, err) - } - - // Recursively remount /run/netns on itself. The recursive flag is - // so that any existing netns bindmounts are carried over. - err = unix.Mount(nsRunDir, nsRunDir, "none", unix.MS_BIND|unix.MS_REC, "") - if err != nil { - return nil, fmt.Errorf("mount --rbind %s %s failed: %q", nsRunDir, nsRunDir, err) - } - - // Now we can make it shared - err = unix.Mount("", nsRunDir, "none", unix.MS_SHARED|unix.MS_REC, "") - if err != nil { - return nil, fmt.Errorf("mount --make-rshared %s failed: %q", nsRunDir, err) - } - } - - // create an empty file at the mount point - nsPath := path.Join(nsRunDir, name) - mountPointFd, err := os.Create(nsPath) - if err != nil { - return nil, err - } - if err := mountPointFd.Close(); err != nil { - return nil, err - } - - // Ensure the mount point is cleaned up on errors; if the namespace - // was successfully mounted this will have no effect because the file - // is in-use - defer func() { - _ = os.RemoveAll(nsPath) - }() - - var wg sync.WaitGroup - wg.Add(1) - - // do namespace work in a dedicated goroutine, so that we can safely - // Lock/Unlock OSThread without upsetting the lock/unlock state of - // the caller of this function - go (func() { - defer wg.Done() - runtime.LockOSThread() - // Don't unlock. By not unlocking, golang will kill the OS thread when the - // goroutine is done (for go1.10+) - - threadNsPath := getCurrentThreadNetNSPath() - - var origNS ns.NetNS - origNS, err = ns.GetNS(threadNsPath) - if err != nil { - logrus.Warnf("Cannot open current network namespace %s: %q", threadNsPath, err) - return - } - defer func() { - if err := origNS.Close(); err != nil { - logrus.Errorf("Unable to close namespace: %q", err) - } - }() - - // create a new netns on the current thread - err = unix.Unshare(unix.CLONE_NEWNET) - if err != nil { - logrus.Warnf("Cannot create a new network namespace: %q", err) - return - } - - // Put this thread back to the orig ns, since it might get reused (pre go1.10) - defer func() { - if err := origNS.Set(); err != nil { - if rootless.IsRootless() && strings.Contains(err.Error(), "operation not permitted") { - // When running in rootless mode it will fail to re-join - // the network namespace owned by root on the host. - return - } - logrus.Warnf("Unable to reset namespace: %q", err) - } - }() - - // bind mount the netns from the current thread (from /proc) onto the - // mount point. This causes the namespace to persist, even when there - // are no threads in the ns. Make this a shared mount; it needs to be - // back-propagated to the host - err = unix.Mount(threadNsPath, nsPath, "none", unix.MS_BIND|unix.MS_SHARED|unix.MS_REC, "") - if err != nil { - err = fmt.Errorf("failed to bind mount ns at %s: %v", nsPath, err) - } - })() - wg.Wait() - - if err != nil { - return nil, fmt.Errorf("failed to create namespace: %v", err) - } - - return ns.GetNS(nsPath) -} - -// UnmountNS unmounts the NS held by the netns object -func UnmountNS(ns ns.NetNS) error { - nsRunDir, err := GetNSRunDir() - if err != nil { - return err - } - - nsPath := ns.Path() - // Only unmount if it's been bind-mounted (don't touch namespaces in /proc...) - if strings.HasPrefix(nsPath, nsRunDir) { - if err := unix.Unmount(nsPath, unix.MNT_DETACH); err != nil { - return fmt.Errorf("failed to unmount NS: at %s: %v", nsPath, err) - } - - if err := os.Remove(nsPath); err != nil { - return fmt.Errorf("failed to remove ns path %s: %v", nsPath, err) - } - } - - return nil -} - -// getCurrentThreadNetNSPath copied from pkg/ns -func getCurrentThreadNetNSPath() string { - // /proc/self/ns/net returns the namespace of the main thread, not - // of whatever thread this goroutine is running on. Make sure we - // use the thread's net namespace since the thread is switching around - return fmt.Sprintf("/proc/%d/task/%d/ns/net", os.Getpid(), unix.Gettid()) -} diff --git a/pkg/rootlessport/rootlessport_linux.go b/pkg/rootlessport/rootlessport_linux.go index 7e6075789..b89a92d1e 100644 --- a/pkg/rootlessport/rootlessport_linux.go +++ b/pkg/rootlessport/rootlessport_linux.go @@ -12,7 +12,7 @@ package rootlessport import ( - "github.com/containers/podman/v3/libpod/network/types" + "github.com/containers/common/libnetwork/types" ) const ( diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index b41ee8db0..b4f633f31 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -9,11 +9,11 @@ import ( "time" "github.com/containers/common/libimage" + "github.com/containers/common/libnetwork/types" "github.com/containers/common/pkg/parse" "github.com/containers/common/pkg/secrets" "github.com/containers/image/v5/manifest" "github.com/containers/podman/v3/libpod/define" - "github.com/containers/podman/v3/libpod/network/types" ann "github.com/containers/podman/v3/pkg/annotations" "github.com/containers/podman/v3/pkg/domain/entities" "github.com/containers/podman/v3/pkg/specgen" diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index a2bc37e34..b04cf30f5 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -7,10 +7,10 @@ import ( "strings" "github.com/containers/common/libimage" + "github.com/containers/common/libnetwork/types" "github.com/containers/common/pkg/config" "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/libpod/define" - "github.com/containers/podman/v3/libpod/network/types" "github.com/containers/podman/v3/pkg/rootless" "github.com/containers/podman/v3/pkg/specgen" "github.com/containers/podman/v3/pkg/util" diff --git a/pkg/specgen/generate/ports.go b/pkg/specgen/generate/ports.go index 34b43a62e..a1cc1cf68 100644 --- a/pkg/specgen/generate/ports.go +++ b/pkg/specgen/generate/ports.go @@ -8,7 +8,7 @@ import ( "strings" "github.com/containers/common/libimage" - "github.com/containers/podman/v3/libpod/network/types" + "github.com/containers/common/libnetwork/types" "github.com/containers/podman/v3/utils" "github.com/containers/podman/v3/pkg/specgen" diff --git a/pkg/specgen/generate/ports_bench_test.go b/pkg/specgen/generate/ports_bench_test.go index 06f02acda..f208a34c5 100644 --- a/pkg/specgen/generate/ports_bench_test.go +++ b/pkg/specgen/generate/ports_bench_test.go @@ -4,7 +4,7 @@ import ( "fmt" "testing" - "github.com/containers/podman/v3/libpod/network/types" + "github.com/containers/common/libnetwork/types" ) func benchmarkParsePortMapping(b *testing.B, ports []types.PortMapping) { diff --git a/pkg/specgen/generate/ports_test.go b/pkg/specgen/generate/ports_test.go index 20d5d0166..40ac3a290 100644 --- a/pkg/specgen/generate/ports_test.go +++ b/pkg/specgen/generate/ports_test.go @@ -3,7 +3,7 @@ package generate import ( "testing" - "github.com/containers/podman/v3/libpod/network/types" + "github.com/containers/common/libnetwork/types" "github.com/stretchr/testify/assert" ) diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go index 15a8ece17..baf6cbec9 100644 --- a/pkg/specgen/namespaces.go +++ b/pkg/specgen/namespaces.go @@ -6,9 +6,9 @@ import ( "os" "strings" + "github.com/containers/common/libnetwork/types" "github.com/containers/common/pkg/cgroups" "github.com/containers/podman/v3/libpod/define" - "github.com/containers/podman/v3/libpod/network/types" "github.com/containers/podman/v3/pkg/rootless" "github.com/containers/podman/v3/pkg/util" "github.com/containers/storage" diff --git a/pkg/specgen/namespaces_test.go b/pkg/specgen/namespaces_test.go index 4f69e6b98..bb2fdd4c6 100644 --- a/pkg/specgen/namespaces_test.go +++ b/pkg/specgen/namespaces_test.go @@ -4,7 +4,7 @@ import ( "net" "testing" - "github.com/containers/podman/v3/libpod/network/types" + "github.com/containers/common/libnetwork/types" "github.com/containers/podman/v3/pkg/rootless" "github.com/stretchr/testify/assert" ) diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go index fdaa714da..b6f2d6bf0 100644 --- a/pkg/specgen/podspecgen.go +++ b/pkg/specgen/podspecgen.go @@ -3,7 +3,7 @@ package specgen import ( "net" - "github.com/containers/podman/v3/libpod/network/types" + "github.com/containers/common/libnetwork/types" spec "github.com/opencontainers/runtime-spec/specs-go" ) @@ -74,6 +74,8 @@ type PodBasicConfig struct { Userns Namespace `json:"userns,omitempty"` // Devices contains user specified Devices to be added to the Pod Devices []string `json:"pod_devices,omitempty"` + // Sysctl sets kernel parameters for the pod + Sysctl map[string]string `json:"sysctl,omitempty"` } // PodNetworkConfig contains networking configuration for a pod. diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go index 6c1011a78..82721ba92 100644 --- a/pkg/specgen/specgen.go +++ b/pkg/specgen/specgen.go @@ -6,8 +6,8 @@ import ( "syscall" "github.com/containers/common/libimage" + nettypes "github.com/containers/common/libnetwork/types" "github.com/containers/image/v5/manifest" - nettypes "github.com/containers/podman/v3/libpod/network/types" "github.com/containers/storage/types" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" diff --git a/pkg/specgenutil/util.go b/pkg/specgenutil/util.go index 6b564c60e..9389a98a5 100644 --- a/pkg/specgenutil/util.go +++ b/pkg/specgenutil/util.go @@ -7,8 +7,8 @@ import ( "strconv" "strings" + "github.com/containers/common/libnetwork/types" "github.com/containers/common/pkg/config" - "github.com/containers/podman/v3/libpod/network/types" storageTypes "github.com/containers/storage/types" "github.com/pkg/errors" "github.com/sirupsen/logrus" |