summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Enable cleanup processes for detached execMatthew Heon2020-05-20
| | | | | | | | | | | | | | | | | | | | | | The cleanup command creation logic is made public as part of this and wired such that we can call it both within SpecGen (to make container exit commands) and from the ABI detached exec handler. Exit commands are presently only used for detached exec, but theoretically could be turned on for all exec sessions if we wanted (I'm declining to do this because of potential overhead). I also forgot to copy the exit command from the exec config into the ExecOptions struct used by the OCI runtime, so it was not being added. There are also two significant bugfixes for exec in here. One is for updating the status of running exec sessions - this was always failing as I had coded it to remove the exit file *before* reading it, instead of after (oops). The second was that removing a running exec session would always fail because I inverted the check to see if it was running. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add ability to clean up exec sessions with cleanupMatthew Heon2020-05-20
| | | | | | | | | | | | | | We need to be able to use cleanup processes to remove exec sessions as part of detached exec. This PR adds that ability. A new flag is added to `podman container cleanup`, `--exec`, to specify an exec session to be cleaned up. As part of this, ensure that `ExecCleanup` can clean up exec sessions that were running, but have since exited. This ensures that we can come back to an exec session that was running but has since stopped, and clean it up. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add CLI frontend for detached execMatthew Heon2020-05-20
| | | | | | | | | | | Add a new ContainerEngine method for creating a detached exec session, and wire in the frontend code to do this. As part of this, move Streams out of ExecOptions to the function signature in an effort to share the struct between both methods. Fixes #5884 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add backend code for detached execMatthew Heon2020-05-20
| | | | | | | | | | | | As part of the massive exec rework, I stubbed out a function for non-detached exec, which is implemented here. It's largely similar to the existing exec functions, but missing a few pieces. This also involves implemented a new OCI runtime call for detached exec. Again, very similar to the other functions, but with a few missing pieces. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add exit commands to exec sessionsMatthew Heon2020-05-20
| | | | | | | | | | | These are required for detached exec, where they will be used to clean up and remove exec sessions when they exit. As part of this, move all Exec related functionality for the Conmon OCI runtime into a separate file; the existing one was around 2000 lines. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6297 from mheon/minor_fix_attachOpenShift Merge Robot2020-05-20
|\ | | | | Print container state when erroring that it is improper
| * Print container state when erroring that it is improperMatthew Heon2020-05-20
| | | | | | | | | | | | | | This is a nice little convenience - lets people know why we won't let them attach to a container. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #6302 from baude/v2remotecreateOpenShift Merge Robot2020-05-20
|\ \ | | | | | | Fix create_test for remote integration
| * | Fix create_test for remote integrationBrent Baude2020-05-20
| |/ | | | | | | | | | | fixes tests to pass for remote integration. the two remaining tests that are skipped are due to lack of logs command. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6291 from haircommander/journald-container-nameOpenShift Merge Robot2020-05-20
|\ \ | | | | | | oci conmon: tell conmon to log container name
| * | don't skip log tests unless remotePeter Hunt2020-05-20
| | | | | | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * | oci conmon: tell conmon to log container namePeter Hunt2020-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | specifying `-n=ctr-name` tells conmon to log CONTAINER_NAME=name if the log driver is journald add this, and a test! also, refactor the args slice creation to not append() unnecessarily. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #6271 from jwhonce/wip/versionOpenShift Merge Robot2020-05-20
|\ \ \ | |_|/ |/| | V2 API Version Support
| * | V2 API Version SupportJhon Honce2020-05-20
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Update blang/semver to allow ParseTolerant() support * Provide helper functions for API handlers to obtain client's 'version' path variable focused on API endpoint tree: libpod vs. compat * Introduce new errors: * version not given in path, endpoints may determine if this is a hard error (ErrVersionNotGiven) * given version not supported (ErrVersionNotSupported), only a soft error if the handler is going to hijack the connection * Added unit tests for version parsing * bindings check version on connect: * client <= Server API version connection is continued * client >= Server API version connection fails Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #6273 from vrothberg/registry_helperOpenShift Merge Robot2020-05-20
|\ \ | | | | | | Registry helper : go bindings
| * | add go-bindings for `hack/podman-registry`Valentin Rothberg2020-05-20
| | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | New tool: hack/podman-registry, manages local registryEd Santiago2020-05-20
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In response to #6207: this is a helper script intended for use in starting and stopping a local container registry. It takes care of port, username, password assignments; generates a self-signed certificate; and starts the container in an isolated podman root/runroot to avoid conflicting with the caller's environment. Intended usage: invoke from shell script, using 'eval' to get results into calling process environment. See help message (-h) for invocation details. This will work for shell scripts but will be difficult if called from Go or C - if that is likely to happen, I'd love to hear suggestions for alternate ways to get the settings back to the caller. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #6293 from baude/v2docstreeOpenShift Merge Robot2020-05-20
|\ \ | | | | | | [CI:DOCS] Image tree endpoint should return 404
| * | [CI:DOCS] Image tree endpoint should return 404Brent Baude2020-05-20
|/ / | | | | | | | | | | | | | | when trying to get an image tree for a missing image, it should return a 404. doc fix only. Fixes: #6289 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6277 from rhatdan/readmeOpenShift Merge Robot2020-05-20
|\ \ | |/ |/| [CI:DOCS] Get MAC, Windows and Linux podman-remote from latest version links.
| * Get MAC, Windows and Linux podman-remote from latest version links.Daniel J Walsh2020-05-19
| | | | | | | | | | | | | | The links to latest windows and MAC versions are broken, and snapd version is i out of date. Users should just go to release and grab packages from there. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6177 from baude/v2enableremoteOpenShift Merge Robot2020-05-20
|\ \ | |/ |/| v2 enable remote integration tests
| * v2 enable remote integration testsBrent Baude2020-05-19
| | | | | | | | | | | | enable remote integration tests Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6266 from mheon/bump-2.0.0-rc1OpenShift Merge Robot2020-05-18
|\ \ | |/ |/| Bump to v2.0.0-RC1
| * Bump to v2.0.0-devMatthew Heon2020-05-18
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Bump to v2.0.0-rc1v2.0.0-rc1Matthew Heon2020-05-18
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #6249 from jwhonce/wip/resizeOpenShift Merge Robot2020-05-18
|\ \ | | | | | | V2 Implement terminal handling in bindings attach
| * | V2 Implement terminal handling in bindings attachJhon Honce2020-05-18
| |/ | | | | | | | | | | | | | | | | * Add support for /exec/{id}/resize * Add support for ErrSessionNotFound * Resize container TTY as stdin changes size * Refactor all resize functions into one handler Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #6188 from neVERberleRfellerER/autoupdate-systemd-envvarOpenShift Merge Robot2020-05-18
|\ \ | | | | | | Give `auto-update` ability to use per-container authfile specified by label.
| * | Give `auto-update` ability to use per-container authfile specified by label.Ondřej Kraus2020-05-17
| | | | | | | | | | | | Signed-off-by: Ondřej Kraus <neverberlerfellerer@gmail.com>
* | | Merge pull request #6268 from baude/varlinkbuild2OpenShift Merge Robot2020-05-18
|\ \ \ | | | | | | | | Fix EOM for SendFile
| * | | Fix EOM for SendFileBrent Baude2020-05-18
| | |/ | |/| | | | | | | | | | | | | | | | | | | To terminate a connection of varlink, say after sending a file, we need to send a message containing a delimiter of ':' so the client knows to hang up. Fixes: #6237 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6232 from edsantiago/bats_cgroupsv1_fixesOpenShift Merge Robot2020-05-18
|\ \ \ | |/ / |/| | system tests: small fixes for rawhide+cgroups v1
| * | system tests: small fixes for rawhide+cgroups v1Ed Santiago2020-05-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Three small fixes for breaking tests on rawhide: 1) run test: looks like runc changed the format of an error message, adding a colon in one place. runc is used on rawhide when booted in cgroups v1 2) volumes test: difference in exit status and error message between runc and crun. 3) systemd test: define XDG_RUNTIME_DIR if unset. podman helpfully sets this to a reasonable default, but the 'systemctl' commands used in this test do not. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #6264 from baude/v2rmiOpenShift Merge Robot2020-05-18
|\ \ \ | | | | | | | | v2endpoint remove image path correction
| * | | v2endpoint remove image path correctionBrent Baude2020-05-18
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the endpoint for single image removal (on the libpod side) should be as follows: versionedPath/libpod/images/IMAGENAME The DELETE method then signifies the removal of the image. Fixes: #6261 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6231 from mheon/fix_coverityOpenShift Merge Robot2020-05-17
|\ \ \ | |_|/ |/| | Fix two coverity issues (unchecked null return)
| * | Fix two coverity issues (unchecked null return)Matthew Heon2020-05-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | Theoretically these should never happen, but it never hurts to be sure and check. Add a check to one, make the other one a create-if-not-exist (it was just adding, not checking the contents). Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #5831 from mheon/exec_http_attachOpenShift Merge Robot2020-05-15
|\ \ \ | | | | | | | | APIv2 ExecStart (Attached Only)
| * | | Drop APIv2 resize endpointMatthew Heon2020-05-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Jhon is working on an alternative version that will combine container and exec session resize, so we'll wait for that. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Drop a debug line which could print very large messagesMatthew Heon2020-05-15
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Fix lintMatthew Heon2020-05-14
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Remove duplicated exec handling codeMatthew Heon2020-05-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During the initial workup of HTTP exec, I duplicated most of the existing exec handling code so I could work on it without breaking normal exec (and compare what I was doing to the nroaml version). Now that it's done and working, we can switch over to the refactored version and ditch the original, removing a lot of duplicated code. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Fix lintMatthew Heon2020-05-14
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Update API documentation for InspectMatthew Heon2020-05-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Most importantly, note the pruning behavior of compat Inspect. Less importantly, note that the Tty parameter to Start is only ignored, as opposed to being not supported. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Parameters for ExecStart are body, not queryMatthew Heon2020-05-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Oops. Misread the docs when I initially implemented this. Nice and easy fix, at least. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Prune stale exec sessions on inspectMatthew Heon2020-05-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The usual flow for exec is going to be: - Create exec session - Start and attach to exec session - Exec session exits, attach session terminates - Client does an exec inspect to pick up exit code The safest point to remove the exec session, without doing any database changes to track stale sessions, is to remove during the last part of this - the single inspect after the exec session exits. This is definitely different from Docker (which would retain the exec session for up to 10 minutes after it exits, where we will immediately discard) but should be close enough to be not noticeable in regular usage. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Remove exec sessions on container restartMatthew Heon2020-05-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With APIv2, we cannot guarantee that exec sessions will be removed cleanly on exit (Docker does not include an API for removing exec sessions, instead using a timer-based reaper which we cannot easily replicate). This is part 1 of a 2-part approach to providing a solution to this. This ensures that exec sessions will be reaped, at the very least, on container restart, which takes care of any that were not properly removed during the run of a container. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Fix start order for APIv2 exec start endpointMatthew Heon2020-05-14
| | | | | | | | | | | | | | | | | | | | | | | | This makes the endpoint (mostly) functional. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Don't fail when saving exec status fails on removed ctrMatthew Heon2020-05-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We can't save the exec session, but it's because the container is entirely gone, so no point erroring. Signed-off-by: Matthew Heon <mheon@redhat.com>