aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* remove hooks files reference and no varlink-python on f27 or epelbaude2018-05-18
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #802 Approved by: baude
* contrib/spec/podman.spec.in: Drop README-hooksW. Trevor King2018-05-18
| | | | | | | | | | | | | I'd tried to drop it here with ea415610 (hooks/docs: Add oci-hooks.5 and per-package man page building, 2018-05-15, #772), but had missed the reference added in 796d6c89 (Add python3 package to podman, 2018-05-17, #791) when rebasing around that package. With this commit, I'm killing it again ;). Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #801 Approved by: rhatdan
* troubleshooting: Add console syntax highlightingW. Trevor King2018-05-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | These blocks include both shell input and command output. GitHub uses Linuguist for syntax highlighting [1]. Linguist defines a ShellSession language to highlight those [2], although I prefer the shorter 'console' alias. This commit also makes this file more consistent about including the leading prompt and sudo. I'd also be fine using the traditional '#' prompt for privileged users instead of '$ sudo', to be less opinionated about *how* the user acquires the privileges (via sudo or otherwise). Linguist's shell-session grammar is from Atom [3], and that grammar recognizes any of >$#% as the final prompt character [4]. But I've left this facet alone for now. [1]: https://help.github.com/articles/creating-and-highlighting-code-blocks/#syntax-highlighting [2]: https://github.com/github/linguist/blob/v6.1.0/lib/linguist/languages.yml#L4362-L4373 [3]: https://github.com/github/linguist/blame/v6.1.0/vendor/README.md#L335 [4]: https://github.com/atom/language-shellscript/blob/v0.26.3/grammars/shell-session.cson#L22 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #796 Approved by: rhatdan
* Fix typoPeter Oliver2018-05-17
| | | | | | | Signed-off-by: Peter Oliver <git@mavit.org.uk> Closes: #792 Approved by: rhatdan
* Refresh pods when refreshing podman stateMatthew Heon2018-05-17
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #784 Approved by: rhatdan
* Add per-pod CGroupsMatthew Heon2018-05-17
| | | | | | | | | | | | | Pods can now create their own (cgroupfs) cgroups which containers in them can (optionally) use. This presently only works with CGroupFS, systemd cgroups are still WIP Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #784 Approved by: rhatdan
* Add pod stateMatthew Heon2018-05-17
| | | | | | | | | | Add a mutable state to pods, and database backend sutable for modifying and updating said state. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #784 Approved by: rhatdan
* hooks: Fix monitoring of multiple directoriesW. Trevor King2018-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | This isn't an issue with podman, which will only ever use one directory. But CRI-O generally uses two directories, and we want to make sure that changes to the fallback directory are not clobbering hooks configured in the override directory. More background in [1]. I've split the handling into a single-directory block and a multiple-directory block so we don't waste time polling the filesystem for single-directory removals. I'm using the single-directory block for the the zero-directory case as well. Managers with zero directories should not be receiving fsnotify events, so I don't think it really matters which block handles them. If we want to handle this case robustly (because we're concerned about something in the hook package adjusted the private .directories property on the fly?), then we'll probably want to add an explicit zero-directory block in future work. [1]: https://github.com/kubernetes-incubator/cri-o/pull/1470 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #757 Approved by: rhatdan
* Merge pull request #797 from baude/coprhooks2Brent Baude2018-05-17
|\ | | | | make sure hooks are renamed for copr spec
| * make sure hooks are renamed for copr specbaude2018-05-17
|/ | | | Signed-off-by: baude <bbaude@redhat.com>
* Use container cleanup() functions when removingMatthew Heon2018-05-17
| | | | | | | | | | | | Instead of manually calling the individual functions that cleanup uses to tear down a container's resources, just call the cleanup function to make sure that cleanup only needs to happen in one place. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #790 Approved by: rhatdan
* docs/podman.1: Link to hook documentationW. Trevor King2018-05-17
| | | | | | | | | | | | | | | | | Collecting the Podman/libpod specifics in one place allows us use the hooks documentation which the previous commit made more generic. The re-ordered SEE ALSO is because [1]: > The list should be ordered by section number and then alphabetically > by name. [1]: http://man7.org/linux/man-pages/man7/man-pages.7.html Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #772 Approved by: mheon
* hooks/docs: Add oci-hooks.5 and per-package man page buildingW. Trevor King2018-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows us to reference the hooks docs from podman(1) in a way that will survive system installation. The downside is that the GitHub rendered pages become less usable, now that we can no longer embed links as freely as we could before. I've followed the "Sections within a manual page" suggestions from [1]. locale(7) is [2], which is Linux-specific. Even section numbering is platform-dependent [3], so it's unlikely that these external man references are particularly portable. Platform packagers can adjust our local references to match their target system, but that leaves the GitHub rendering in an awkward place. For now, I think a Linux-centric GitHub rendering without clickable links may be the best we can do without moving away from go-md2man. As far as I can tell, there's not a nice way to get go-md2man to wrap the links in SEE ALSO without sometimes hyphenating a URL (which makes it harder for man-page readers to copy/paste those links into their browser). I've also fixed some "extention" -> "extension" typos. [1]: http://man7.org/linux/man-pages/man7/man-pages.7.html [2]: http://man7.org/linux/man-pages/man7/locale.7.html [3]: https://en.wikipedia.org/wiki/Man_page#Manual_sections Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #772 Approved by: mheon
* Add Troubleshooting guideTomSweeneyRedHat2018-05-17
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #793 Approved by: mheon
* chrootuser: default to GID 0 when given a numeric --userNalin Dahyabhai2018-05-17
| | | | | | | | | | | | | | | When we're given a numeric --user value, default to GID 0 if the numeric ID doesn't correspond to a user entry in /etc/passwd that can provide us with the user's primary group ID. Make sure that GetAdditionalGroupsForUser() returns wrapped errors. Also test various user:group forms. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #728 Approved by: mheon
* Add python3 package to podmanbaude2018-05-17
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #791 Approved by: mheon
* libpod: fix panic when using -t and the process fails to startGiuseppe Scrivano2018-05-17
| | | | | | | | | | | | | | | | | | We were closing resize both on the receiver and the sender side. This was racy as the sender might have written to a closed channel. If the container could not be created, the attach exited immediately causing the channel to be closed before the write from resizeTty. Change the logic to close only from the senderSide and add another channel to notify the resizeTty goroutine when the container exited. Closes: https://github.com/projectatomic/libpod/issues/785 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #787 Approved by: mheon
* Makefile: Use ?= for shell variables (ISODATE, etc.)W. Trevor King2018-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously, Make would execute these shell commands even if we didn't need the resulting variable. With ?='s recursive expansion [1], we only expand the variable when it's consumed. For example, the ISODATE variable is only needed in the recipe for the changelog target, so most Make invocations won't need the value, and the computation is just making whatever Make actually is doing slower. I've shifted the GIT_COMMIT and BUILD_INFO values over to LDFLAGS_PODMAN, because the test/*/* targets don't care about those. I've also moved the Go-specific -ldflags from the variables into the recipes themselves, because callers probably expect C semantics for LDFLAGS and not Go's wrapper. That means that there's no longer a need for the LDFLAGS/BASE_LDFLAGS separation, so I'm just using LDFLAGS (and LDFLAGS_PODMAN) now. That reduces the declared variables to just LDFLAGS_PODMAN, so I've shifted that declaration up to get it closer to its GIT_COMMIT and BUILD_INFO precursors. [1]: https://www.gnu.org/software/make/manual/html_node/Setting.html Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #777 Approved by: rhatdan
* Skip tests that are flaking, holding up merge queueJhon Honce2018-05-16
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #783 Approved by: baude
* Remove old varlink testsJhon Honce2018-05-16
| | | | | | | | | * Replaced by tests in libpod/contrib/python/test Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #766 Approved by: rhatdan
* Allow push/save without image referenceumohnani82018-05-16
| | | | | | | | | | | | If the user uses the image ID when saving to either docker-archive or oci-archive, then do not save a reference in the manifest/index.json. If the user chooses to push without an image reference, i.e <transport>:<path> it should be valid and succeed. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #782 Approved by: rhatdan
* Vendor in latest containers/imageumohnani82018-05-16
| | | | | | | | | | Changes include saving image to docker-archive and oci-archive eithout an image reference. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #782 Approved by: rhatdan
* Makefile: Respect GOBINW. Trevor King2018-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | And use 'go env GOBIN' to detect the user's existing preference. From [1]: > The bin directory holds compiled commands. Each command is named > for its source directory, but only the final element, not the entire > path. That is, the command with source in DIR/src/foo/quux is > installed into DIR/bin/quux, not DIR/bin/foo/quux. The "foo/" > prefix is stripped so that you can add DIR/bin to your PATH to get > at the installed commands. If the GOBIN environment variable is > set, commands are installed to the directory it names instead of > DIR/bin. GOBIN must be an absolute path. > ... > Go searches each directory listed in GOPATH to find source code, but > new packages are always downloaded into the first directory in the > list. So if GOBIN is set, it will be non-empty, and we can use $(GOBIN)/... If GOBIN is unset, 'go env GOBIN' will return an empty string (as it does on Travis [2]). In that case, I'm assuming that the package in question is in the first directory in GOPATH and using the new FIRST_GOPATH (firstword and subst are documented in [3]). That's probably fairly safe, since our previous GOPATH handling assumed it only contained a single path, and nobody was complaining about that. Using ?= allows us to skip the 'dirname' call if we end up not needing GOPKGBASEDIR [4] (e.g. for the 'help' target). The recursive expansion could cause an issue if the result of the shell expansions included a '$', but those seem unlikely in GOPKGBASEDIR, GOMD2MAN, or the manpage paths. I haven't used ?= for GOBIN, because we'll always need the expanded value for the if check. Using GOMD2MAN allows us to collapse old ||-based recipe into a less confusing invocation. And using a static pattern rule [5] for $(MANPAGES) lets us write a single rule to handle both section 1 and section 5. While I was updating the GOPATH handling, I moved .gopathok from the possibly-shared $(GOPATH)/.gopathok to the definitely-specific-to-this-project .gopathok. That may cause some issues if you rebuild after changing your GOPATH without calling 'clean', but I don't expect folks to change their GOPATH frequently. And the old approach would fail if different consumers were also using the same flag path to mean something else (as CRI-O does [6]). As part of cleaning up .gopathok, I've also collapsed clean's rm calls into a single invocation. That will give us the same results with less process setup/teardown penalties. [1]: https://golang.org/cmd/go/#hdr-GOPATH_environment_variable [2]: https://travis-ci.org/projectatomic/libpod/jobs/379345071#L459 [3]: https://www.gnu.org/software/make/manual/html_node/Text-Functions.html [4]: https://www.gnu.org/software/make/manual/html_node/Setting.html [5]: https://www.gnu.org/software/make/manual/html_node/Static-Usage.html [6]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.1/Makefile#L62 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #774 Approved by: mheon
* Fix podman inspect bash completionsDaniel J Walsh2018-05-16
| | | | | | | | | Also fixed illegal function __podman_complete_detach_keys() Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #781 Approved by: baude
* Update Tutorial with Fedora kit locationTomSweeneyRedHat2018-05-16
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #779 Approved by: mheon
* Makefile: Drop find-godeps.sh for podman targetW. Trevor King2018-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We inherited this from a031b83a (Initial checkin from CRI-O repo, 2017-11-01), but: * The output is actually going into bin/podman, so Make will rebuild this target every time. You'll never be able to save compilation because the target is newer than all the prerequisites. * Make expands prerequisites immediately when loading a Makefile [1], and on my wimpy Chromebook SD Card, this is *slow*: $ time hack/find-godeps.sh ~/.local/lib/go/src/github.com/projectatomic/libpod cmd/podman github.com/projectatomic/libpod ... real 0m56.225s user 0m44.918s sys 0m21.918s * Go is pretty good at this on its own, so having make call 'go build' every time will almost certainly be faster than us trying to mimic this in a shell script. And by punting to Go in the recipe, Make invocations that do not need the podman target (e.g. 'make help') can skip the dependency lookup entirely. [1]: https://www.gnu.org/software/make/manual/html_node/Reading-Makefiles.html#Rule-Definition Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #776 Approved by: rhatdan
* Support pulling Dockerfile from httpDaniel J Walsh2018-05-16
| | | | | | | | | | | | | Currently podman build http://remote.com/Dockerfile does not work. podman always treats this file as an Archive. Vendoring in the latest buildah code fixes this issue. Also updated the man pages to better explain the syntax. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #775 Approved by: TomSweeneyRedHat
* Refactor libpod python varlink bindingsJhon Honce2018-05-16
| | | | | | | | | | | | | | | | | | | - More pythonic - Leverage context managers to help with socket leaks - Add system unittest's - Add image unittest's - Add container unittest's - Add models for system, containers and images, and their collections - Add helper functions for datetime parsing/formatting - GetInfo() implemented - Add support for setuptools - Update documentation - Support for Python 3.4-3.6 Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #748 Approved by: baude
* add more bash completionsbaude2018-05-16
| | | | | | | | | Resolves: #660 Signed-off-by: baude <bbaude@redhat.com> Closes: #770 Approved by: rhatdan
* improve podman commit documentation and error messagesbaude2018-05-15
| | | | | | | | | | | | document --format|-f in the commit man page. also, improve the error message when user tries to use -m with the oci image format. Resolves: 765 Signed-off-by: baude <bbaude@redhat.com> Closes: #768 Approved by: rhatdan
* Touch up logo linksTomSweeneyRedHat2018-05-15
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #771 Approved by: mheon
* implement varlink commitbaude2018-05-15
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #762 Approved by: baude
* fix segfault for podman pushbaude2018-05-15
| | | | | | | | | | When no args were provided to podman push, podman segfaults. Quick fix to avoid the condition that triggers the segf. Signed-off-by: baude <bbaude@redhat.com> Closes: #773 Approved by: mheon
* Add the Podman LogoTomSweeneyRedHat2018-05-15
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #769 Approved by: rhatdan
* logo: Remove unused directoryW. Trevor King2018-05-15
| | | | | | | | | | | | | | Theses are from a031b83a (Initial checkin from CRI-O repo, 2017-11-01), but they're CRI-O's logos and not libpod's or podman's. We still use CRI-O's logos in a few places, but since a031b83a all of those references have used cdn.rawgit.com URLs pointing at the CRI-O repository. That means there's no need to keep local copies of another project's logos here. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #767 Approved by: rhatdan
* hooks: Add package support for extension stagesW. Trevor King2018-05-14
| | | | | | | | | | | | | We aren't consuming this yet, but these pkg/hooks changes lay the groundwork for future libpod changes to support post-exit hooks [1,2]. [1]: https://github.com/projectatomic/libpod/issues/730 [2]: https://github.com/opencontainers/runc/issues/1797 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #758 Approved by: rhatdan
* Gracefully handle containers removed from c/storageMatthew Heon2018-05-14
| | | | | | | | | | Allow containers that no longer exist in storage to be evicted from the state instead of erroring. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #764 Approved by: rhatdan
* Add packaging for hooks/README.mdbaude2018-05-14
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #763 Approved by: baude
* Remove stop on error from Docker install switch in baseline testsTomSweeneyRedHat2018-05-14
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #760 Approved by: mheon
* docs: fix contrib/cni broken linkTristan Cacqueray2018-05-14
| | | | | | | | | | | This change updates the install.md documentation to reference the new cni directory location. This change also restores the previously deleted README.md with updated instructions. Signed-off-by: Tristan Cacqueray <tdecacqu@redhat.com> Closes: #761 Approved by: baude
* Merge pull request #755 from mheon/bump_0_5_2Matthew Heon2018-05-11
|\ | | | | Bump to v0.5.2
| * Update gitvalidation epochMatthew Heon2018-05-11
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.5.3-devMatthew Heon2018-05-11
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.5.2v0.5.2Matthew Heon2018-05-11
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* vendor/golang.org/x/text: Vendor collate and languageW. Trevor King2018-05-11
| | | | | | | | | | | | | | | | | | | | | Following the vndr docs [1]: $ go get -u github.com/LK4D4/vndr $ vndr golang.org/x/text $ git add -A vendor/golang.org/x/text The targeted 'git add' was because we seem to have versioned some test files (e.g. vendor/github.com/varlink/go/varlink/varlink_test.go in 8493dba2 (Initial varlink implementation, 2018-03-26, #627). I don't know why, possibly an old vndr version? But either way, I'm punting that particular issue to a separate branch. [1]: https://github.com/LK4D4/vndr/blob/1fc68ee0c852556a9ed53cbde16247033f104111/README.md Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #686 Approved by: mheon
* hooks: Order injection by collated JSON filenameW. Trevor King2018-05-11
| | | | | | | | | | | | | | | | | | | | | | | We also considered ordering with sort.Strings, but Matthew rejected that because it uses a byte-by-byte UTF-8 comparison [1] which would fail many language-specific conventions [2]. There's some more discussion of the localeToLanguage mapping in [3]. Currently language.Parse does not handle either 'C' or 'POSIX', returning: und, language: tag is not well-formed for both. [1]: https://github.com/projectatomic/libpod/pull/686#issuecomment-387914358 [2]: https://en.wikipedia.org/wiki/Alphabetical_order#Language-specific_conventions [3]: https://github.com/golang/go/issues/25340 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #686 Approved by: mheon
* libpod: Add HooksDirNotExistFatalW. Trevor King2018-05-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | And add an argument to WithHooksDir to set it. If the hook dir doesn't exist, the new hooks package considers that a fatal error. When a podman caller sets --hooks-dir-path=/some/typoed/directory, a fatal error is more helpful than silently not loading any hooks. However, callers who call podman without setting --hooks-dir-path may not need hooks at all. We don't want to pester those callers with not-exist errors. With this commit, we: * Assume the caller knows what they're doing if they set --hooks-dir-path and set HooksDirNotExistFatal. * If the caller does not explicitly set --hooks-dir-path, assume they won't mind if the hook directory is missing and set HooksDirNotExistFatal false. We also considered checking for the directory's existence in the code calling WithHooksDir or from within WithHooksDir, but checks there would race with the underlying ioutil.ReadDir in the hooks package. By pushing the warn/error decision down into libpod's implementation, we avoid a racy "do we expect this to work once libpod gets to it?" pre-check. I've also added a check to error if WithHooksDir is called with an empty-string argument, because we haven't defined the semantics of that (is it clearing a previous value? Is it effectively the same as the current directory?). I agree with Matthew that a separate WithNoHooks, or a *string argument to WithHooks, or some such would be a better API for clearing previous values [1]. But for now, I'm just erroring out to fail early for callers who might otherwise be surprised that libpod ignores empty-string HooksDir. [1]: https://github.com/projectatomic/libpod/pull/686#issuecomment-385119370 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #686 Approved by: mheon
* hooks/read: Ignore IsNotExist for JSON files in ReadDirW. Trevor King2018-05-11
| | | | | | | | | | | | | | | If a .json file existed when we called ioutil.ReadDir but that file has been removed by the time we get around to calling Read on it, silently ignore the file. Iterating through all the files in the directory shouldn't take particularly long, so this is an unlikely corner case. And when it happens, silently ignoring the file gives the same outcome as you'd have gotten if the parallel remove had happened slightly earlier before the ioutil.ReadDir call. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #686 Approved by: mheon
* pkg/hooks: Version the hook structure and add 1.0.0 hooksW. Trevor King2018-05-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This shifts the matching logic out of libpod/container_internal and into the hook package, where we can reuse it after vendoring into CRI-O. It also adds unit tests with almost-complete coverage. Now libpod is even more isolated from the hook internals, which makes it fairly straightforward to bump the hook config file to 1.0.0. I've dubbed the old format 0.1.0, although it doesn't specify an explicit version. Motivation for some of my changes with 1.0.0: * Add an explicit version field. This will make any future JSON structure migrations more straightforward by avoiding the need for version-guessing heuristics. * Collect the matching properties in a new When sub-structure. This makes the root Hook structure easier to understand, because you don't have to read over all the matching properties when wrapping your head around Hook. * Replace the old 'hook' and 'arguments' with a direct embedding of the runtime-spec's hook structure. This provides access to additional upstream properties (args[0], env, and timeout) and avoids the complication of a CRI-O-specific analog structure. * Add a 'when.always' property. You can usually accomplish this effect in another way (e.g. when.commands = [".*"]), but having a boolean explicitly for this use-case makes for easier reading and writing. * Replace the previous annotations array with an annotations map. The 0.1.0 approach matched only the values regardless of key, and that seems unreliable. * Replace 'cmds' with 'when.commands', because while there are a few ways to abbreviate "commands", there's only one way to write it out in full ;). This gives folks one less thing to remember when writing hook JSON. * Replace the old "inject if any specified condition matches" with "inject if all specified conditions match". This allows for more precise targeting. Users that need more generous targeting can recover the previous behavior by creating a separate 1.0.0 hook file for each specified 0.1.0 condition. I've added doc-compat support for the various pluralizations of the 0.1.0 properties. Previously, the docs and code were not in agreement. More on this particular facet in [1]. I've updated the docs to point out that the annotations being matched are the OCI config annotations. This differs from CRI-O, where the annotations used are the Kubernetes-supplied annotations [2,3]. For example, io.kubernetes.cri-o.Volumes [4] is part of CRI-O's runtime config annotations [5], but not part of the Kubernetes-supplied annotations CRI-O uses for matching hooks. The Monitor method supports the CRI-O use-case [6]. podman doesn't need it directly, but CRI-O will need it when we vendor this package there. I've used nvidia-container-runtime-hook for the annotation examples because Dan mentioned the Nvidia folks as the motivation behind annotation matching. The environment variables are documented in [7]. The 0.1.0 hook config, which does not allow for environment variables, only works because runc currently leaks the host environment into the hooks [8]. I haven't been able to find documentation for their usual annotation trigger or hook-install path, so I'm just guessing there. [1]: https://github.com/kubernetes-incubator/cri-o/pull/1235 [2]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.0/server/container_create.go#L760 [3]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.0/server/container_create.go#L772 [4]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.0/pkg/annotations/annotations.go#L97-L98 [5]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.0/server/container_create.go#L830-L834 [6]: https://github.com/kubernetes-incubator/cri-o/pull/1345/ [7]: https://github.com/NVIDIA/nvidia-container-runtime/tree/v1.3.0-1#environment-variables-oci-spec [8]: https://github.com/opencontainers/runc/pull/1738 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #686 Approved by: mheon
* Fix varlink remove image forcebaude2018-05-11
| | | | | | | | | | | | | Fixes a bug where the force bool was being ignored when deleting images via the varlink interface. Also, minor fix to the docs to add a line break between methods and types in the doc index. Signed-off-by: baude <bbaude@redhat.com> Closes: #753 Approved by: rhatdan