summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Remove manual handling of insecure registries in doPullImageMiloslav Trmač2018-12-06
| | | | | | Instead, just set SystemRegistriesConfPath and let the transport do it. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Remove the forceSecure parameter on the pull call stackMiloslav Trmač2018-12-06
| | | | | | | DockerRegistryOptions.DockerInsecureSkipTLSVerify as an types.OptionalBool can now represent that value, so forceSecure is redundant. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Remove manual handling of insecure registries in PushImageToReferenceMiloslav Trmač2018-12-06
| | | | | | Instead, just set SystemRegistriesConfPath and let the transport do it. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Factor out the registries.conf location code in pkg/registriesMiloslav Trmač2018-12-06
| | | | | | | | | The newly introduced SystemRegistriesConfPath somewhat decreases duplication, but more importantly will allow future callers to set just a types.SystemContext.SystemRegistriesConfPath and not call GetRegistries / GetInsecureRegistries at all. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Remove the forceSecure parameter of Image.PushImageTo*Miloslav Trmač2018-12-06
| | | | | | | DockerRegistryOptions.DockerInsecureSkipTLSVerify as an types.OptionalBool can now represent that value, so forceSecure is redundant. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Minimally update for the DockerInsecureSkipTLSVerify type changeMiloslav Trmač2018-12-06
| | | | | | | | | | | | | | | | | Following SystemContext.DockerInsecureSkipTLSVerify, make the DockerRegistryOne also an OptionalBool, and update callers. Explicitly document that --tls-verify=true and --tls-verify unset have different behavior in those commands where the behavior changed (or where it hasn't changed but the documentation needed updating). Also make the --tls-verify man page sections a tiny bit more consistent throughout. This is a minimal fix, without changing the existing "--tls-verify=true" paths nor existing manual insecure registry lookups. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Fix build on non-LinuxMiloslav Trmač2018-12-06
| | | | | | Unrelated to the rest of the PR. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Remove some unused data structures and codeMiloslav Trmač2018-12-06
| | | | | | ... instead of unnecessarily adapting it for the DockerInsecureSkipTLSVerify type change. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Vendor buildah after merging https://github.com/containers/buildah/pull/1214Miloslav Trmač2018-12-06
| | | | | | This updates buildah for the sysregistriesv2 changes. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Update containers/image to 63a1cbdc5e6537056695cf0d627c0a33b334df53Miloslav Trmač2018-12-06
| | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Merge pull request #1951 from baude/podcontainernetOpenShift Merge Robot2018-12-06
|\ | | | | bind mount /etc/resolv.conf|hosts in pods
| * bind mount /etc/resolv.conf|hosts in podsbaude2018-12-06
| | | | | | | | | | | | | | containers inside pods need to make sure they get /etc/resolv.conf and /etc/hosts bind mounted when network is expected Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1905 from umohnani8/loginOpenShift Merge Robot2018-12-06
|\ \ | |/ |/| Pick registry to login from full image name as well
| * Pick registry to login from full image name as wellUrvashi Mohnani2018-12-06
| | | | | | | | | | | | | | | | | | | | podman login reg.io/username/image works as well now. It picks the registry and checks for authentication, if none exist it will prompt for username and password. If the credentials exist but are not valid, it will prompt the user for new valid credentials. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Merge pull request #1904 from umohnani8/volumeOpenShift Merge Robot2018-12-06
|\ \ | | | | | | Add "podman volume" command
| * | Tests for podman volume commandsUrvashi Mohnani2018-12-06
| | | | | | | | | | | | Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
| * | Add "podman volume" commandumohnani82018-12-06
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for podman volume and its subcommands. The commands supported are: podman volume create podman volume inspect podman volume ls podman volume rm podman volume prune This is a tool to manage volumes used by podman. For now it only handle named volumes, but eventually it will handle all volumes used by podman. Signed-off-by: umohnani8 <umohnani@redhat.com>
* | Merge pull request #1912 from baude/pruneOpenShift Merge Robot2018-12-06
|\ \ | | | | | | Add ability to prune containers and images
| * | Add ability to prune containers and imagesbaude2018-12-05
| |/ | | | | | | | | | | | | | | | | | | | | Allow user to prune unused/unnamed images, the layer images from building, via podman rmi --prune. Allow user to prune stopped/exiuted containers via podman rm --prune. This should resolve #1910 Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1887 from mheon/rm_syncOpenShift Merge Robot2018-12-06
|\ \ | | | | | | Add --sync option to podman rm
| * | Remove --sync flag from `podman rm`Matthew Heon2018-12-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Per discussion with Dan, it would be better to automatically handle potential runtime errors by automatically syncing if they occur. Retaining the flag for `ps` makes sense, as we won't even be calling the OCI runtime and as such won't see errors if the state desyncs, but rm can be handled automatically. The automatic desync handling code will take some additional work so we'll land this as-is (sync on ps is enough to solve most desync issues). Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | Add locking to Sync() on containersMatthew Heon2018-12-06
| | | | | | | | | | | | | | | | | | | | | | | | Previously not needed as it only worked inside of Batch(), but now that it can be called anywhere we need to add mutual exclusion on its config changes. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | Add --sync flag to podman psMatthew Heon2018-12-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous commit added support for --sync to podman rm to ensure state inconsistencies would not prevent containers from being removed. Add the flag to podman ps as well, so that all containers can be forcibly synced and all state inconsistencies resolved. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | Add --sync option to podman rmMatthew Heon2018-12-06
| |/ | | | | | | | | | | | | | | | | | | | | With the changes made recently to ensure Podman does not hit the OCI runtime as often to sync state, we can find ourselves in a situation where the runtime's state does not match ours. Add a --sync flag to podman rm to ensure we can still remove containers when this happens. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #1944 from giuseppe/update-tutorialOpenShift Merge Robot2018-12-06
|\ \ | | | | | | tutorial: add ostree dependency
| * | tutorial: add ostree dependencyGiuseppe Scrivano2018-12-06
| |/ | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #1946 from rhatdan/vendorOpenShift Merge Robot2018-12-06
|\ \ | |/ |/| Vendor in latest containers/storage
| * Merge branch 'vendor' of github.com:rhatdan/libpod into vendorDaniel J Walsh2018-12-06
| |\
| | * Vendor in latest containers/storageDaniel J Walsh2018-12-05
| | | | | | | | | | | | | | | | | | This should improve performance on vfs images on top of xfs/reflink drives. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | Merge branch 'master' of github.com:containers/libpod into vendorDaniel J Walsh2018-12-06
| |\ \ | |/ / |/| |
* | | Merge pull request #1945 from jwhonce/bug/1929OpenShift Merge Robot2018-12-05
|\ \ \ | | | | | | | | Invert tlsverify default in API
| * | | Invert tlsverify default in APIJhon Honce2018-12-05
| | | | | | | | | | | | | | | | | | | | | | | | Fixes #1929 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #1924 from baude/mroevarlinkendpointsOpenShift Merge Robot2018-12-05
|\ \ \ \ | |/ / / |/| | | Adding more varlink endpoints
| * | | Adding more varlink endpointsbaude2018-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * runlabel * checkpoint * restore * container|image exists * mount * unmount Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #1947 from baude/f28runcOpenShift Merge Robot2018-12-05
|\ \ \ \ | |_|_|/ |/| | | set .54 version for f28 due to memory error
| * | | set .54 version for f28 due to memory errorbaude2018-12-05
|/ / / | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #1940 from wking/numeric-gidOpenShift Merge Robot2018-12-05
|\ \ \ | | | | | | | | libpod/container_internal_linux: Allow gids that aren't in the group file
| * | | pkg/lookup: Return ID-only pointers on ErrNo*EntriesW. Trevor King2018-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Callers that only care about the IDs should try to convert the identifier to an integer before calling the Get* functions, so they can save the cost of hitting the filesystem and maybe or maybe not finding the other fields (User.Name, etc.). But callers that *want* the other fields but only actually need the ID can, with this commit, just call the Get* function and ignore ErrNo*Entries responses: user, err := lookup.GetUser(mount, userIDorName) if err != nil && err != ErrNoPasswdEntries { return err } Previously, they'd have to perform their own integer-conversion attempt in Get* error handling, with logic like: user, err := lookup.GetUser(mount, userIDorName) if err == ErrNoPasswdEntries { uuid, err := strconv.ParseUint(userIDorName, 10, 32) if err == nil { user.Uid = int(uuid) } } else if err != nil { return err } Signed-off-by: W. Trevor King <wking@tremily.us>
| * | | libpod/container_internal_linux: Allow gids that aren't in the group fileW. Trevor King2018-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When an image config sets config.User [1] to a numeric group (like 1000:1000), but those values do not exist in the container's /etc/group, libpod is currently breaking: $ podman run --rm registry.svc.ci.openshift.org/ci-op-zvml7cd6/pipeline:installer --help error creating temporary passwd file for container 228f6e9943d6f18b93c19644e9b619ec4d459a3e0eb31680e064eeedf6473678: unable to get gid 1000 from group file: no matching entries in group file However, the OCI spec requires converters to copy numeric uid and gid to the runtime config verbatim [2]. With this commit, I'm frontloading the "is groupspec an integer?" check and only bothering with lookup.GetGroup when it was not. I've also removed a few .Mounted checks, which are originally from 00d38cb3 (podman create/run need to load information from the image, 2017-12-18, #110). We don't need a mounted container filesystem to translate integers. And when the lookup code needs to fall back to the mounted root to translate names, it can handle erroring out internally (and looking it over, it seems to do that already). [1]: https://github.com/opencontainers/image-spec/blame/v1.0.1/config.md#L118-L123 [2]: https://github.com/opencontainers/image-spec/blame/v1.0.1/conversion.md#L70 Signed-off-by: W. Trevor King <wking@tremily.us>
* | | | Merge pull request #1918 from mheon/use_db_pathsOpenShift Merge Robot2018-12-05
|\ \ \ \ | | | | | | | | | | Use paths written in DB instead if they differ from our defaults
| * | | | Use runtime lockDir in BoltDB stateMatthew Heon2018-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of storing the runtime's file lock dir in the BoltDB state, refer to the runtime inside the Bolt state instead, and use the path stored in the runtime. This is necessary since we moved DB initialization very far up in runtime init, before the locks dir is properly initialized (and it must happen before the locks dir can be created, as we use the DB to retrieve the proper path for the locks dir now). Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | Revert changes to GetDefaultStoreOptionsMatthew Heon2018-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We don't need this for anything more than rootless work in Libpod now, but Buildah still uses it as it was originally written, so leave it intact as part of our API. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | Fix libpod static dir selection when graphroot changedMatthew Heon2018-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When graphroot is set by the user, we should set libpod's static directory to a subdirectory of that by default, to duplicate previous behavior. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | Ensure directory where we will make database existsMatthew Heon2018-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensure that the directory where we will create the Podman db exists prior to creating the database - otherwise creating the DB will fail. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | Fix typoMatthew Heon2018-12-03
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | Add better descriptions for validation errors in DBMatthew Heon2018-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When validating fields against the DB, report more verbosely the name of the field being validated if it fails. Specifically, add the name used in config files, so people will actually know what to change it errors happen. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | Fix gofmt and lintMatthew Heon2018-12-02
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | Make locks dir in unit testsMatthew Heon2018-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensure we don't break the unit tests by creating a locks directory (which, prior to the last commit, would be created by BoltDB state init). Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | Do not initialize locks dir in BoltDBMatthew Heon2018-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We already create the locks directory as part of the libpod runtime's init - no need to do it again as part of BoltDB's init. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | Move rootless storage config into libpodMatthew Heon2018-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previous commits ensured that we would use database-configured paths if not explicitly overridden. However, our runtime generation did unconditionally override storage config, which made this useless. Move rootless storage configuration setup to libpod, and change storage setup so we only override if a setting is explicitly set, so we can still override what we want. Signed-off-by: Matthew Heon <mheon@redhat.com>