| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Execute /proc/self/exe instead of podman. This makes the runlabel
command more portable as it works for binaries outside the path as
well as for local builds.
Also, avoid redundantly executing the runlabel command by setting
the PODMAN_RUNLABEL_NESTED environment variable to "1". Podman
now checks for this variable before executing the runlabel command
and will throw an error in case the variable is set.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
| |\
| |
| | |
podman: allow usage of gVisor as OCI runtime
|
| | |
| |
| |
| |
| |
| |
| | |
read the OCI status from stdout, not the combined stdout+stderr
stream.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix an issue when using gVisor that couldn't start the container since
the XDG_RUNTIME_DIR env variable used for the "create" and "start"
commands is different. Set the environment variable for each command
so that the OCI runtime gets always the same value.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
Add support to checkpoint/restore containers
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds the podman-container-checkpoint and
podman-container-restore man pages.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
runc uses CRIU to support checkpoint and restore of containers. This
brings an initial checkpoint/restore implementation to podman.
None of the additional runc flags are yet supported and container
migration optimization (pre-copy/post-copy) is also left for the future.
The current status is that it is possible to checkpoint and restore a
container. I am testing on RHEL-7.x and as the combination of RHEL-7 and
CRIU has seccomp troubles I have to create the container without
seccomp.
With the following steps I am able to checkpoint and restore a
container:
# podman run --security-opt="seccomp=unconfined" -d registry.fedoraproject.org/f27/httpd
# curl -I 10.22.0.78:8080
HTTP/1.1 403 Forbidden # <-- this is actually a good answer
# podman container checkpoint <container>
# curl -I 10.22.0.78:8080
curl: (7) Failed connect to 10.22.0.78:8080; No route to host
# podman container restore <container>
# curl -I 10.22.0.78:8080
HTTP/1.1 403 Forbidden
I am using CRIU, runc and conmon from git. All required changes for
checkpoint/restore support in podman have been merged in the
corresponding projects.
To have the same IP address in the restored container as before
checkpointing, CNI is told which IP address to use.
If the saved network configuration cannot be found during restore, the
container is restored with a new IP address.
For CRIU to restore established TCP connections the IP address of the
network namespace used for restore needs to be the same. For TCP
connections in the listening state the IP address can change.
During restore only one network interface with one IP address is handled
correctly. Support to restore containers with more advanced network
configuration will be implemented later.
v2:
* comment typo
* print debug messages during cleanup of restore files
* use createContainer() instead of createOCIContainer()
* introduce helper CheckpointPath()
* do not try to restore a container that is paused
* use existing helper functions for cleanup
* restructure code flow for better readability
* do not try to restore if checkpoint/inventory.img is missing
* git add checkpoint.go restore.go
v3:
* move checkpoint/restore under 'podman container'
v4:
* incorporated changes from latest reviews
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |\ \
| | |
| | | |
Don't tmpcopyup on systemd cgroup
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
disable gce building of images
|
| |/ /
| |
| |
| | |
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
Add Ubuntu-18.04 to CI testing
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
unfortunately the papr CI system cannot test ubuntu as a VM; therefore,
this PR still keeps travis. but it does include fixes that will be required
for running on modern versions of ubuntu.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
selinux: drop superflous relabel
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The same relabel is already done in writeStringToRundir so we don't
need to do it twice. The version in writeStringToRundir takes into
account the correct file path when using user namespaces.
Closes: https://github.com/containers/libpod/pull/1584
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
rootless: always set XDG_RUNTIME_DIR
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
it is used internally by containers/image to locate the auth file.
Closes: https://github.com/containers/libpod/issues/1457
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Add ContainerStateExited and OCI delete() in cleanup()
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We call cleanup() (which calls cleanupRuntime()) as part of
removing containers, after the container has already been removed
from the database. cleanupRuntime() tries to update and save the
state, which obviously fails if the container no longer exists.
Make the save() conditional on the container not being in the
process of being removed.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To work better with Kata containers, we need to delete() from the
OCI runtime as a part of cleanup, to ensure resources aren't
retained longer than they need to be.
To enable this, we need to add a new state to containers,
ContainerStateExited. Containers transition from
ContainerStateStopped to ContainerStateExited via cleanupRuntime
which is invoked as part of cleanup(). A container in the Exited
state is identical to Stopped, except it has been removed from
the OCI runtime and thus will be handled differently when
initializing the container.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |\ \ \
| | | |
| | | | |
Add container runlabel command
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Execute the command as described by a container image. The value of the label is processed
into a command by:
1. Ensuring the first argument of the command is podman.
2. Substituting any variables with those defined by the environment or otherwise.
If no label exists in the container image, nothing is done.
podman container runlabel LABEL IMAGE extra_args
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Update docs to build a runc that works with systemd
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Runc disables systemd cgroup support when build statically, so
don't tell people to do that now that we're defaulting to systemd
for cgroup management.
Also, fix some error messages to use the proper ID() call for
containers.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
Disable SELinux labeling if --privileged
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Implement pod varlink bindings
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Update varlink document
* Add NoContainersInPod error in go and python
* Add support for varlink pod interface
* New code passes pylint
* Fix bug in test_runner.sh
* Update integration tests for race condition on status check
* Add missing port config file support
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Need to allocate memory for hook struct
|
| | | |/ /
| |/| |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
rootless: raise an error when trying to use cgroups
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
https://github.com/containers/libpod/issues/1429#issuecomment-424040416
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
Add --all flag to podman kill
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
runtime: fix message which assumes the runtime is runc
|
| |/ / /
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Add podman.io to README.md
|
| |/ /
| |
| |
| | |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
| |\ \
| |/
|/| |
Vendor in the latest containers/storage, image and buildah
|
| |/
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
run complex image names with short names
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In cases where the image name is more complex like:
quay/baude/alpine_nginx:latest and is not from the docker
registry, we need to be able to run the image by its shortname
such as baude/alpine_nginx. The same goes when the image is
not from a registry but instead has the localhost repository.
This resolves buildah issue #1034
Signed-off-by: baude <bbaude@redhat.com>
|
