diff options
Diffstat (limited to 'vendor')
7 files changed, 111 insertions, 21 deletions
diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go index c652a66f2..b3278bb28 100644 --- a/vendor/github.com/containers/common/pkg/config/config.go +++ b/vendor/github.com/containers/common/pkg/config/config.go @@ -165,9 +165,12 @@ type ContainersConfig struct { // ShmSize holds the size of /dev/shm. ShmSize string `toml:"shm_size,omitempty"` - //TZ sets the timezone inside the container + // TZ sets the timezone inside the container TZ string `toml:"tz,omitempty"` + // Umask is the umask inside the container. + Umask string `toml:"umask,omitempty"` + // UTSNS indicates how to create a UTS namespace for the container UTSNS string `toml:"utsns,omitempty"` @@ -198,7 +201,7 @@ type EngineConfig struct { // The first path pointing to a valid file will be used. ConmonPath []string `toml:"conmon_path,omitempty"` - //DetachKeys is the sequence of keys used to detach a container. + // DetachKeys is the sequence of keys used to detach a container. DetachKeys string `toml:"detach_keys,omitempty"` // EnablePortReservation determines whether engine will reserve ports on the @@ -272,12 +275,20 @@ type EngineConfig struct { // Indicates whether the application should be running in Remote mode Remote bool `toml:"-"` + // RemoteURI is deprecated, see ActiveService // RemoteURI containers connection information used to connect to remote system. RemoteURI string `toml:"remote_uri,omitempty"` - // Identity key file for RemoteURI + // RemoteIdentity is deprecated, ServiceDestinations + // RemoteIdentity key file for RemoteURI RemoteIdentity string `toml:"remote_identity,omitempty"` + // ActiveService index to Destinations added v2.0.3 + ActiveService string `toml:"active_service,omitempty"` + + // Destinations mapped by service Names + ServiceDestinations map[string]Destination `toml:"service_destinations,omitempty"` + // RuntimePath is the path to OCI runtime binary for launching containers. // The first path pointing to a valid file will be used This is used only // when there are no OCIRuntime/OCIRuntimes defined. It is used only to be @@ -393,6 +404,15 @@ type NetworkConfig struct { NetworkConfigDir string `toml:"network_config_dir,omitempty"` } +// Destination represents destination for remote service +type Destination struct { + // URI, required. Example: ssh://root@example.com:22/run/podman/podman.sock + URI string `toml:"uri"` + + // Identity file with ssh key, optional + Identity string `toml:"identity,omitempty"` +} + // NewConfig creates a new Config. It starts with an empty config and, if // specified, merges the config at `userConfigPath` path. Depending if we're // running as root or rootless, we then merge the system configuration followed @@ -582,6 +602,10 @@ func (c *ContainersConfig) Validate() error { return err } + if err := c.validateUmask(); err != nil { + return err + } + if c.LogSizeMax >= 0 && c.LogSizeMax < OCIBufSize { return fmt.Errorf("log size max should be negative or >= %d", OCIBufSize) } @@ -828,9 +852,9 @@ func stringsEq(a, b []string) bool { } var ( - configOnce sync.Once - configErr error - config *Config + configErr error + configMutex sync.Mutex + config *Config ) // Default returns the default container config. @@ -845,9 +869,12 @@ var ( // The system defaults container config files can be overwritten using the // CONTAINERS_CONF environment variable. This is usually done for testing. func Default() (*Config, error) { - configOnce.Do(func() { - config, configErr = NewConfig("") - }) + configMutex.Lock() + defer configMutex.Unlock() + if config != nil || configErr != nil { + return config, configErr + } + config, configErr = NewConfig("") return config, configErr } @@ -879,8 +906,8 @@ func customConfigFile() (string, error) { return OverrideContainersConfig, nil } -//ReadCustomConfig reads the custom config and only generates a config based on it -//If the custom config file does not exists, function will return an empty config +// ReadCustomConfig reads the custom config and only generates a config based on it +// If the custom config file does not exists, function will return an empty config func ReadCustomConfig() (*Config, error) { path, err := customConfigFile() if err != nil { @@ -936,3 +963,36 @@ func (c *Config) Write() error { } return nil } + +// Reload clean the cached config and reloads the configuration from containers.conf files +// This function is meant to be used for long-running processes that need to reload potential changes made to +// the cached containers.conf files. +func Reload() (*Config, error) { + configMutex.Lock() + configErr = nil + config = nil + configMutex.Unlock() + return Default() +} + +func (c *Config) ActiveDestination() (string, string, error){ + if uri, found := os.LookupEnv("CONTAINER_HOST"); found { + var ident string + if v, found := os.LookupEnv("CONTAINER_SSHKEY"); found { + ident = v + } + return uri, ident, nil + } + + switch { + case c.Engine.ActiveService != "": + d, found := c.Engine.ServiceDestinations[c.Engine.ActiveService] + if !found { + return "", "", errors.Errorf("%q service destination not found", c.Engine.ActiveService) + } + return d.URI, d.Identity, nil + case c.Engine.RemoteURI != "": + return c.Engine.RemoteURI, c.Engine.RemoteIdentity, nil + } + return "", "", errors.New("no service destination configured") +} diff --git a/vendor/github.com/containers/common/pkg/config/config_local.go b/vendor/github.com/containers/common/pkg/config/config_local.go index a6ab33c50..282eb80b7 100644 --- a/vendor/github.com/containers/common/pkg/config/config_local.go +++ b/vendor/github.com/containers/common/pkg/config/config_local.go @@ -6,6 +6,7 @@ import ( "fmt" "os" "path/filepath" + "regexp" "syscall" units "github.com/docker/go-units" @@ -88,6 +89,14 @@ func (c *ContainersConfig) validateTZ() error { return nil } +func (c *ContainersConfig) validateUmask() error { + validUmask := regexp.MustCompile(`^[0-7]{1,4}$`) + if !validUmask.MatchString(c.Umask) { + return fmt.Errorf("Not a valid Umask %s", c.Umask) + } + return nil +} + func isRemote() bool { return false } diff --git a/vendor/github.com/containers/common/pkg/config/config_remote.go b/vendor/github.com/containers/common/pkg/config/config_remote.go index 61dd159ad..7fd9202bb 100644 --- a/vendor/github.com/containers/common/pkg/config/config_remote.go +++ b/vendor/github.com/containers/common/pkg/config/config_remote.go @@ -27,3 +27,7 @@ func (c *ContainersConfig) validateUlimits() error { func (c *ContainersConfig) validateTZ() error { return nil } + +func (c *ContainersConfig) validateUmask() error { + return nil +} diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index 80afbb9bc..780df2a22 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -210,6 +210,10 @@ # # tz = "" +# Set umask inside the container +# +# umask="0022" + # Default way to to create a UTS namespace for the container # Options are: # `private` Create private UTS Namespace for the container. @@ -340,14 +344,6 @@ # Whether to pull new image before running a container # pull_policy = "missing" -# Default Remote URI to access the Podman service. -# Examples: -# rootless "unix://run/user/$UID/podman/podman.sock" (Default) -# rootfull "unix://run/podman/podman.sock.(Default) -# remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock -# remote rootfull ssh://root@10.10.1.136:22/run/podman/podman.sock -# remote_uri= "" - # Directory for persistent engine files (database, etc) # By default, this will be configured relative to where the containers/storage # stores containers @@ -386,6 +382,22 @@ # Number of seconds to wait for container to exit before sending kill signal. # stop_timeout = 10 +# Index to the active service +# active_service = production + +# map of service destinations +# [service_destinations] +# [service_destinations.production] +# URI to access the Podman service +# Examples: +# rootless "unix://run/user/$UID/podman/podman.sock" (Default) +# rootfull "unix://run/podman/podman.sock (Default) +# remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock +# remote rootfull ssh://root@10.10.1.136:22/run/podman/podman.sock +# uri="ssh://user@production.example.com/run/user/1001/podman/podman.sock" +# Path to file containing ssh identity key +# identity = "~/.ssh/id_rsa" + # Paths to look for a valid OCI runtime (runc, runv, kata, etc) [engine.runtimes] # runc = [ diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index e7a1836bd..12cf1b421 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -191,6 +191,7 @@ func DefaultConfig() (*Config, error) { SeccompProfile: SeccompDefaultPath, ShmSize: DefaultShmSize, TZ: "", + Umask: "0022", UTSNS: "private", UserNS: "host", UserNSSize: DefaultUserNSSize, @@ -504,3 +505,7 @@ func (c *Config) DetachKeys() string { func (c *Config) TZ() string { return c.Containers.TZ } + +func (c *Config) Umask() string { + return c.Containers.Umask +} diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go index 741e9bd03..b75bbe971 100644 --- a/vendor/github.com/containers/common/version/version.go +++ b/vendor/github.com/containers/common/version/version.go @@ -1,4 +1,4 @@ package version // Version is the version of the build. -const Version = "0.15.2" +const Version = "0.16.0" diff --git a/vendor/modules.txt b/vendor/modules.txt index edcf17f0d..d7ebbd7cc 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -84,7 +84,7 @@ github.com/containers/buildah/pkg/secrets github.com/containers/buildah/pkg/supplemented github.com/containers/buildah/pkg/umask github.com/containers/buildah/util -# github.com/containers/common v0.15.2 +# github.com/containers/common v0.16.0 github.com/containers/common/pkg/apparmor github.com/containers/common/pkg/auth github.com/containers/common/pkg/capabilities |