aboutsummaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/autoupdate/autoupdate.go25
-rw-r--r--pkg/bindings/test/containers_test.go141
-rw-r--r--pkg/domain/entities/auto-update.go6
-rw-r--r--pkg/domain/entities/engine_container.go2
-rw-r--r--pkg/domain/infra/abi/auto-update.go8
-rw-r--r--pkg/domain/infra/tunnel/auto-update.go2
-rw-r--r--pkg/spec/spec.go20
7 files changed, 184 insertions, 20 deletions
diff --git a/pkg/autoupdate/autoupdate.go b/pkg/autoupdate/autoupdate.go
index 78d5ac474..1b0419892 100644
--- a/pkg/autoupdate/autoupdate.go
+++ b/pkg/autoupdate/autoupdate.go
@@ -63,6 +63,12 @@ func LookupPolicy(s string) (Policy, error) {
return "", errors.Errorf("invalid auto-update policy %q: valid policies are %+q", s, keys)
}
+// Options include parameters for auto updates.
+type Options struct {
+ // Authfile to use when contacting registries.
+ Authfile string
+}
+
// ValidateImageReference checks if the specified imageName is a fully-qualified
// image reference to the docker transport (without digest). Such a reference
// includes a domain, name and tag (e.g., quay.io/podman/stable:latest). The
@@ -96,7 +102,7 @@ func ValidateImageReference(imageName string) error {
//
// It returns a slice of successfully restarted systemd units and a slice of
// errors encountered during auto update.
-func AutoUpdate(runtime *libpod.Runtime) ([]string, []error) {
+func AutoUpdate(runtime *libpod.Runtime, options Options) ([]string, []error) {
// Create a map from `image ID -> []*Container`.
containerMap, errs := imageContainersMap(runtime)
if len(containerMap) == 0 {
@@ -138,7 +144,7 @@ func AutoUpdate(runtime *libpod.Runtime) ([]string, []error) {
if rawImageName == "" {
errs = append(errs, errors.Errorf("error auto-updating container %q: raw-image name is empty", ctr.ID()))
}
- needsUpdate, err := newerImageAvailable(runtime, image, rawImageName)
+ needsUpdate, err := newerImageAvailable(runtime, image, rawImageName, options)
if err != nil {
errs = append(errs, errors.Wrapf(err, "error auto-updating container %q: image check for %q failed", ctr.ID(), rawImageName))
continue
@@ -148,7 +154,7 @@ func AutoUpdate(runtime *libpod.Runtime) ([]string, []error) {
}
logrus.Infof("Auto-updating container %q using image %q", ctr.ID(), rawImageName)
if _, updated := updatedRawImages[rawImageName]; !updated {
- _, err = updateImage(runtime, rawImageName)
+ _, err = updateImage(runtime, rawImageName, options)
if err != nil {
errs = append(errs, errors.Wrapf(err, "error auto-updating container %q: image update for %q failed", ctr.ID(), rawImageName))
continue
@@ -230,13 +236,15 @@ func imageContainersMap(runtime *libpod.Runtime) (map[string][]*libpod.Container
// newerImageAvailable returns true if there corresponding image on the remote
// registry is newer.
-func newerImageAvailable(runtime *libpod.Runtime, img *image.Image, origName string) (bool, error) {
+func newerImageAvailable(runtime *libpod.Runtime, img *image.Image, origName string, options Options) (bool, error) {
remoteRef, err := docker.ParseReference("//" + origName)
if err != nil {
return false, err
}
- remoteImg, err := remoteRef.NewImage(context.Background(), runtime.SystemContext())
+ sys := runtime.SystemContext()
+ sys.AuthFilePath = options.Authfile
+ remoteImg, err := remoteRef.NewImage(context.Background(), sys)
if err != nil {
return false, err
}
@@ -255,25 +263,22 @@ func newerImageAvailable(runtime *libpod.Runtime, img *image.Image, origName str
}
// updateImage pulls the specified image.
-func updateImage(runtime *libpod.Runtime, name string) (*image.Image, error) {
+func updateImage(runtime *libpod.Runtime, name string, options Options) (*image.Image, error) {
sys := runtime.SystemContext()
registryOpts := image.DockerRegistryOptions{}
signaturePolicyPath := ""
- authFilePath := ""
if sys != nil {
registryOpts.OSChoice = sys.OSChoice
registryOpts.ArchitectureChoice = sys.OSChoice
registryOpts.DockerCertPath = sys.DockerCertPath
-
signaturePolicyPath = sys.SignaturePolicyPath
- authFilePath = sys.AuthFilePath
}
newImage, err := runtime.ImageRuntime().New(context.Background(),
docker.Transport.Name()+"://"+name,
signaturePolicyPath,
- authFilePath,
+ options.Authfile,
os.Stderr,
&registryOpts,
image.SigningOptions{},
diff --git a/pkg/bindings/test/containers_test.go b/pkg/bindings/test/containers_test.go
index f40d8ce46..328691df2 100644
--- a/pkg/bindings/test/containers_test.go
+++ b/pkg/bindings/test/containers_test.go
@@ -596,4 +596,145 @@ var _ = Describe("Podman containers ", func() {
Expect(err).To(BeNil())
Expect(len(pruneResponse.ID)).To(Equal(0))
})
+
+ It("podman inspect bogus container", func() {
+ _, err := containers.Inspect(bt.conn, "foobar", nil)
+ Expect(err).ToNot(BeNil())
+ code, _ := bindings.CheckResponseCode(err)
+ Expect(code).To(BeNumerically("==", http.StatusNotFound))
+ })
+
+ It("podman inspect running container", func() {
+ var name = "top"
+ _, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+ Expect(err).To(BeNil())
+ // Inspecting running container should succeed
+ _, err = containers.Inspect(bt.conn, name, nil)
+ Expect(err).To(BeNil())
+ })
+
+ It("podman inspect stopped container", func() {
+ var name = "top"
+ _, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+ Expect(err).To(BeNil())
+ err = containers.Stop(bt.conn, name, nil)
+ Expect(err).To(BeNil())
+ // Inspecting stopped container should succeed
+ _, err = containers.Inspect(bt.conn, name, nil)
+ Expect(err).To(BeNil())
+ })
+
+ It("podman inspect running container with size", func() {
+ var name = "top"
+ _, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+ Expect(err).To(BeNil())
+ _, err = containers.Inspect(bt.conn, name, &bindings.PTrue)
+ Expect(err).To(BeNil())
+ })
+
+ It("podman inspect stopped container with size", func() {
+ var name = "top"
+ _, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+ Expect(err).To(BeNil())
+ err = containers.Stop(bt.conn, name, nil)
+ Expect(err).To(BeNil())
+ // Inspecting stopped container with size should succeed
+ _, err = containers.Inspect(bt.conn, name, &bindings.PTrue)
+ Expect(err).To(BeNil())
+ })
+
+ It("podman remove bogus container", func() {
+ err = containers.Remove(bt.conn, "foobar", nil, nil)
+ code, _ := bindings.CheckResponseCode(err)
+ Expect(code).To(BeNumerically("==", http.StatusNotFound))
+ })
+
+ It("podman remove running container by name", func() {
+ var name = "top"
+ _, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+ Expect(err).To(BeNil())
+ // Removing running container should fail
+ err = containers.Remove(bt.conn, name, nil, nil)
+ Expect(err).ToNot(BeNil())
+ code, _ := bindings.CheckResponseCode(err)
+ Expect(code).To(BeNumerically("==", http.StatusInternalServerError))
+ })
+
+ It("podman remove running container by ID", func() {
+ var name = "top"
+ cid, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+ Expect(err).To(BeNil())
+ // Removing running container should fail
+ err = containers.Remove(bt.conn, cid, nil, nil)
+ Expect(err).ToNot(BeNil())
+ code, _ := bindings.CheckResponseCode(err)
+ Expect(code).To(BeNumerically("==", http.StatusInternalServerError))
+ })
+
+ It("podman forcibly remove running container by name", func() {
+ var name = "top"
+ _, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+ Expect(err).To(BeNil())
+ // Removing running container should fail
+ err = containers.Remove(bt.conn, name, &bindings.PTrue, nil)
+ Expect(err).To(BeNil())
+ //code, _ := bindings.CheckResponseCode(err)
+ //Expect(code).To(BeNumerically("==", http.StatusInternalServerError))
+ })
+
+ It("podman forcibly remove running container by ID", func() {
+ var name = "top"
+ cid, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+ Expect(err).To(BeNil())
+ // Removing running container should fail
+ err = containers.Remove(bt.conn, cid, &bindings.PTrue, nil)
+ Expect(err).To(BeNil())
+ //code, _ := bindings.CheckResponseCode(err)
+ //Expect(code).To(BeNumerically("==", http.StatusInternalServerError))
+ })
+
+ It("podman remove running container and volume by name", func() {
+ var name = "top"
+ _, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+ Expect(err).To(BeNil())
+ // Removing running container should fail
+ err = containers.Remove(bt.conn, name, nil, &bindings.PTrue)
+ Expect(err).ToNot(BeNil())
+ code, _ := bindings.CheckResponseCode(err)
+ Expect(code).To(BeNumerically("==", http.StatusInternalServerError))
+ })
+
+ It("podman remove running container and volume by ID", func() {
+ var name = "top"
+ cid, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+ Expect(err).To(BeNil())
+ // Removing running container should fail
+ err = containers.Remove(bt.conn, cid, nil, &bindings.PTrue)
+ Expect(err).ToNot(BeNil())
+ code, _ := bindings.CheckResponseCode(err)
+ Expect(code).To(BeNumerically("==", http.StatusInternalServerError))
+ })
+
+ It("podman forcibly remove running container and volume by name", func() {
+ var name = "top"
+ _, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+ Expect(err).To(BeNil())
+ // Removing running container should fail
+ err = containers.Remove(bt.conn, name, &bindings.PTrue, &bindings.PTrue)
+ Expect(err).To(BeNil())
+ //code, _ := bindings.CheckResponseCode(err)
+ //Expect(code).To(BeNumerically("==", http.StatusInternalServerError))
+ })
+
+ It("podman forcibly remove running container and volume by ID", func() {
+ var name = "top"
+ cid, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+ Expect(err).To(BeNil())
+ // Removing running container should fail
+ err = containers.Remove(bt.conn, cid, &bindings.PTrue, &bindings.PTrue)
+ Expect(err).To(BeNil())
+ //code, _ := bindings.CheckResponseCode(err)
+ //Expect(code).To(BeNumerically("==", http.StatusInternalServerError))
+ })
+
})
diff --git a/pkg/domain/entities/auto-update.go b/pkg/domain/entities/auto-update.go
index aef8fc46b..c51158816 100644
--- a/pkg/domain/entities/auto-update.go
+++ b/pkg/domain/entities/auto-update.go
@@ -1,5 +1,11 @@
package entities
+// AutoUpdateOptions are the options for running auto-update.
+type AutoUpdateOptions struct {
+ // Authfile to use when contacting registries.
+ Authfile string
+}
+
// AutoUpdateReport contains the results from running auto-update.
type AutoUpdateReport struct {
// Units - the restarted systemd units during auto-update.
diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go
index 719ac3f9e..e77f0758b 100644
--- a/pkg/domain/entities/engine_container.go
+++ b/pkg/domain/entities/engine_container.go
@@ -10,7 +10,7 @@ import (
)
type ContainerEngine interface {
- AutoUpdate(ctx context.Context) (*AutoUpdateReport, []error)
+ AutoUpdate(ctx context.Context, options AutoUpdateOptions) (*AutoUpdateReport, []error)
Config(ctx context.Context) (*config.Config, error)
ContainerAttach(ctx context.Context, nameOrId string, options AttachOptions) error
ContainerCheckpoint(ctx context.Context, namesOrIds []string, options CheckpointOptions) ([]*CheckpointReport, error)
diff --git a/pkg/domain/infra/abi/auto-update.go b/pkg/domain/infra/abi/auto-update.go
index aa20664b4..9fcc451fd 100644
--- a/pkg/domain/infra/abi/auto-update.go
+++ b/pkg/domain/infra/abi/auto-update.go
@@ -7,7 +7,11 @@ import (
"github.com/containers/libpod/pkg/domain/entities"
)
-func (ic *ContainerEngine) AutoUpdate(ctx context.Context) (*entities.AutoUpdateReport, []error) {
- units, failures := autoupdate.AutoUpdate(ic.Libpod)
+func (ic *ContainerEngine) AutoUpdate(ctx context.Context, options entities.AutoUpdateOptions) (*entities.AutoUpdateReport, []error) {
+ // Convert the entities options to the autoupdate ones. We can't use
+ // them in the entities package as low-level packages must not leak
+ // into the remote client.
+ autoOpts := autoupdate.Options{Authfile: options.Authfile}
+ units, failures := autoupdate.AutoUpdate(ic.Libpod, autoOpts)
return &entities.AutoUpdateReport{Units: units}, failures
}
diff --git a/pkg/domain/infra/tunnel/auto-update.go b/pkg/domain/infra/tunnel/auto-update.go
index fac033050..5c2dd360d 100644
--- a/pkg/domain/infra/tunnel/auto-update.go
+++ b/pkg/domain/infra/tunnel/auto-update.go
@@ -7,6 +7,6 @@ import (
"github.com/pkg/errors"
)
-func (ic *ContainerEngine) AutoUpdate(ctx context.Context) (*entities.AutoUpdateReport, []error) {
+func (ic *ContainerEngine) AutoUpdate(ctx context.Context, options entities.AutoUpdateOptions) (*entities.AutoUpdateReport, []error) {
return nil, []error{errors.New("not implemented")}
}
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 77e92ae29..25cad9578 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -545,10 +545,14 @@ func addRlimits(config *CreateConfig, g *generate.Generator) error {
if err := unix.Getrlimit(unix.RLIMIT_NOFILE, &rlimit); err != nil {
logrus.Warnf("failed to return RLIMIT_NOFILE ulimit %q", err)
}
- current = rlimit.Cur
- max = rlimit.Max
+ if rlimit.Cur < current {
+ current = rlimit.Cur
+ }
+ if rlimit.Max < max {
+ max = rlimit.Max
+ }
}
- g.AddProcessRlimits("RLIMIT_NOFILE", current, max)
+ g.AddProcessRlimits("RLIMIT_NOFILE", max, current)
}
if !nprocSet {
max := kernelMax
@@ -558,10 +562,14 @@ func addRlimits(config *CreateConfig, g *generate.Generator) error {
if err := unix.Getrlimit(unix.RLIMIT_NPROC, &rlimit); err != nil {
logrus.Warnf("failed to return RLIMIT_NPROC ulimit %q", err)
}
- current = rlimit.Cur
- max = rlimit.Max
+ if rlimit.Cur < current {
+ current = rlimit.Cur
+ }
+ if rlimit.Max < max {
+ max = rlimit.Max
+ }
}
- g.AddProcessRlimits("RLIMIT_NPROC", current, max)
+ g.AddProcessRlimits("RLIMIT_NPROC", max, current)
}
return nil