summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Return early in refNamesFromImageReference instead of appending to pullNamesMiloslav Trmač2018-08-01
| | | | | | | | | | | | | | Almost all paths appended to pullNames exactly once; just construct a single-element array in place and return it. That way we can add empty lines as separators, and still come out shorter. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Use srcRef.StringWithinTransport() instead of parsing imgName againMiloslav Trmač2018-08-01
| | | | | | | | | | | | | | | | | | | Because srcRef is created by parsing imgName, both hard-code assumptions about transport-specific formats of the strings, so that is neither better nor worse; but we do less explicit parsing. Should not change behavior for dir:, nor for fully-correct docker-archive:. docker-archive:, though, also supports docker-archive:path:reference, where the reference is ignored (with a warning) on read; in such cases the previous code would use the reference only (not the path), the new code uses both as the path. Neither works, we just change the failure mode (but "error opening path:reference" is now more suggestive of the correct usage). Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Use a switch instead of if/if else/.../elseMiloslav Trmač2018-08-01
| | | | | | | | | Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Remove the error return value from getPullRefNameMiloslav Trmač2018-08-01
| | | | | | | | | | | ... it is always nil. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Rename getPullListFromRef to refPairsFromImageReferenceMiloslav Trmač2018-08-01
| | | | | | | | | | | | This is a bit more specific as to what "ref" or "list" means, and consistent with refPairsFromPossiblyUnqualifiedName Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Split refNamesFromImageReference from Runtime.getPullListFromRefMiloslav Trmač2018-08-01
| | | | | | | | | | | | | | Again, that makes the core logic independent from Runtime == containers-storage, and easier to test independently. So, this also adds tests. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Replace getPullRefPair with getPullRefNameMiloslav Trmač2018-08-01
| | | | | | | | | | | | | | | | | | | ... and use pullRefPairsFromRefNames to convert to the desired data structure later. This will make both getPullRefName, and later the bulk of getPullListFromRef, independent of the storage, and thus much easier to test. Then add tests for getPullRefName. (Ideally they should be shorter, e.g. hopefully the .image member can be eliminated.) Should not change behavior, except that error messages on invalid dstName will now include the value. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Include the rejected reference when parsing it fails in pullRefPairsFromRefNamesMiloslav Trmač2018-08-01
| | | | | | | | | This will make any failures easier to attribute to the cause. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Add --force to podman umount to force the unmounting of the rootfsDaniel J Walsh2018-08-01
| | | | | | | | | | | | podman umount will currently only unmount file system if not other process is using it, otherwise the umount decrements the container storage to indicate that the caller is no longer using the mount point, once the count gets to 0, the file system is actually unmounted. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1184 Approved by: TomSweeneyRedHat
* Integration Test Improvements #3baude2018-08-01
| | | | | | | | | Third round of speed improvements to the integration tests. Signed-off-by: baude <bbaude@redhat.com> Closes: #1193 Approved by: rhatdan
* Ensure container and pod refresh picks up a StateMatthew Heon2018-07-31
| | | | | | | | | | | | refresh() is the only major command we had that did not perform a sync before running, and thus was not guaranteed to pick up a good copy of the state. Fix this by updating the state before a refresh(). Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1186 Approved by: rhatdan
* Fix build on non-linux platformsMatthew Heon2018-07-31
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1186 Approved by: rhatdan
* Rework state testing to allow State structs to be emptyMatthew Heon2018-07-31
| | | | | | | | | | | Pod and container State structs are now allowed to be empty on first being retrieved from the database. Rework pod and container equality functions used in testing to account for this change. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1186 Approved by: rhatdan
* Add additional comments on accessing state in APIMatthew Heon2018-07-31
| | | | | | | | | | | The new state changes are potentially confusing to people writing API functions on containers or pods. Add comments to the structs on how to safely use them. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1186 Approved by: rhatdan
* Do not fetch pod and ctr State on retrieval in BoltMatthew Heon2018-07-31
| | | | | | | | | | | | | | | | | It's not necessary to fill in state immediately, as we'll be overwriting it on any API call accessing it thanks to syncContainer(). It is also causing races when we fetch it without holding the container lock (which syncContainer() does). As such, just don't retrieve the state on initial pull from the database with Bolt. Also, refactor some Linux-specific netns handling functions out of container_internal_linux.go into boltdb_linux.go. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1186 Approved by: rhatdan
* network: add support for rootless network with slirp4netnsGiuseppe Scrivano2018-07-31
| | | | | | | | | | | slirp4netns is required to setup the network namespace: https://github.com/rootless-containers/slirp4netns Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1156 Approved by: rhatdan
* varlink ImageRemove should always return image IDbaude2018-07-31
| | | | | | | | | | | | | When removing an image via varlink, we should always return the ID of the image even in the case where the image has multiple repository names and one was only untagged. Reported by jhonce during integration testing. Signed-off-by: baude <bbaude@redhat.com> Closes: #1191 Approved by: jwhonce
* Add documentations on how to setup /etc/subuid and /etc/subgidDaniel J Walsh2018-07-31
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1185 Approved by: giuseppe
* Integration Test Improvements #2baude2018-07-30
| | | | | | | | | | This is the second round of performance improvements for out integration tests. Signed-off-by: baude <bbaude@redhat.com> Closes: #1190 Approved by: rhatdan
* avoid spewing fds do to restore of cached imagesbaude2018-07-30
| | | | | | | | | | | due to how cstorage is designed, we were spewing thousands of fds when we restored cached images causing unwieldy rlimits. we now use podman load to restore the images thereby not tripping the issue. Signed-off-by: baude <bbaude@redhat.com> Closes: #1188 Approved by: baude
* Add load test for xz compressed imagesumohnani82018-07-30
| | | | | | | | | | The auto decompression functionality was already vendored in with containers/image. Adding a test for it. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1137 Approved by: rhatdan
* Speed up test resultsbaude2018-07-30
| | | | | | | | | | | | Stop all containers with a zero timeout prior to trying to rm -fa. This results in quicker teardown times by not waiting for timeouts. Also, with wait tests, no need to wait the full 10 second sleep. 1 will do. Signed-off-by: baude <bbaude@redhat.com> Closes: #1181 Approved by: rhatdan
* Show duration for each ginkgo test and test speed improvementsbaude2018-07-28
| | | | | | | | | | | | | | Because our tests are getting so long, we want to be able to audit which tests are taking the longest to complete. This may indicate a bad test, bad CI, bad code, etc and therefore should be auditable. Also, make speed improvements to tests by making sure we only unpack caches images that actually get used. Signed-off-by: baude <bbaude@redhat.com> Closes: #1178 Approved by: mheon
* vendor: update containers/storageGiuseppe Scrivano2018-07-28
| | | | | | | | | | | update to version 956a1971694f18fd602b1203c0a2d192e2cc88a1 inherit support for IDs shifting when fuse-overlayfs is used. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1177 Approved by: mheon
* Clean up pylint warnings and errors for podmanJhon Honce2018-07-28
| | | | | | | | | | | * Some of the pedantic errors were not corrected * Clean up prep for porting to MacOS and PyPi hosting * Fix broken unittest Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #1159 Approved by: rhatdan
* podman rmi shouldn't delete named referenced imagesumohnani82018-07-28
| | | | | | | | | | | If an image is created from another and it is deleted, only delete the actual image and not the parent images if the parent images have names/references. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1174 Approved by: mheon
* Merge pull request #1173 from mheon/bump-0.7.4Matthew Heon2018-07-27
|\ | | | | Bump to 0.7.4
| * Bump gitvalidation epochMatthew Heon2018-07-27
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.8.1-devMatthew Heon2018-07-27
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.7.4v0.7.4Matthew Heon2018-07-27
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add pod pause/unpausehaircommander2018-07-27
| | | | | | | | | | | Added Pause() and Unpause() to libpod/pod.go Added man pages, tests and completions Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1126 Approved by: rhatdan
* Fix up docker compatibility messagesDaniel J Walsh2018-07-27
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1170 Approved by: mheon
* Update vendored version of runc,buildah,containers/imageDaniel J Walsh2018-07-27
| | | | | | | | | | | | | | | There is a compiler warning that has been fixed in the upstream, so I figured we should update to fix. Also vendor in latest buildah to get better support for running builds in rootless mode. Vendor in latest containers/image to allow daemon support to be pluggable. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1169 Approved by: mheon
* Refactored method of getting podshaircommander2018-07-27
| | | | | | | | | Now, for commands that have --latest and --all, the context flags are checked, and pods are grabbed in a single function Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1161 Approved by: rhatdan
* Fix godoc comment in pkg/netnsMatthew Heon2018-07-27
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1165 Approved by: baude
* Fix handling of Linux network namespacesMatthew Heon2018-07-27
| | | | | | | | | | | | | | | | | | | The CNI plugins upstream removed their network namespace creation code, making it a test package only. Copy it into our repository and slightly modify it for our use (most notably, use MNT_DETACH when unmounting namespaces). This new CNI code splits closing and unmounting network namespaces, which allows us to greatly reduce the number of occasions on which we call teardownNetwork() and make more errors in that function fatal instead of warnings. Instead, we can call Close() and just close the open file descriptor in cases where the namespace has already been cleaned up. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1165 Approved by: baude
* Update containernetworking/plugins to current masterMatthew Heon2018-07-27
| | | | | | | | | | We need to pick up changes to the netns packages that are not yet in a released tag. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1165 Approved by: baude
* Cleanup descriptions and help informationDaniel J Walsh2018-07-27
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1167 Approved by: baude
* Skip seccomp-dependent tests on non-LinuxMiloslav Trmač2018-07-26
| | | | | | | | | | | | | | | | | Currently, getRuntimeSpec always fails on non-Linux because spec.CreateConfigToOCISpec always fails, because the podman CLI sets up a seccomp path, and processing that on non-Linux is not supported. This breaks testing of entirely unrelated options. We can either skip the tests on non-Linux, or explicitly disable seccomp inside the tests. Linux testing matters much more than other platforms, and the tests are more reliable when they don't change supposedly unrelated options; so, skip the tests on non-Linux. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1115 Approved by: rhatdan
* Use the Linux version BoltState.getContainerFromDB on all platforms.Miloslav Trmač2018-07-26
| | | | | | | | | | | | | | | This just muves the Linux implementation, unchanged, to the platform-agnostic file. Should not change behavior on Linux. On non-Linux platforms, reading containers from BoltDB now works (and rejects containers with namespace data). The checkRuntimeConfig validation ensures that each BoltDB database is only used on one platform, so network namespaces should never exist in non-Linux BoltDB files. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1115 Approved by: rhatdan
* Split parseNetNSBoltData from BoltState.getContainerFromDBMiloslav Trmač2018-07-26
| | | | | | | | | | | | | | This is the actual platform-specific part of getContainerFromDB. Factor it out, unchanged, on Linux. On other platforms, introduce a stub which fails if any data exists; this stub is not yet called. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1115 Approved by: rhatdan
* Use testify/require in a few places to avoid panics in testsMiloslav Trmač2018-07-26
| | | | | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1115 Approved by: rhatdan
* Skip unit tests which require storage when not running as rootMiloslav Trmač2018-07-26
| | | | | | | | | | | | | | | | On macOS NewImageRuntimeFromOptions fails with chown EPERM because the "vfs" driver tries to chown its home to root:root 0700; in fact running as root seems to be a generic requirement. So, skip the tests if not running as root. (This could maybe benefit from an extra state, maybe an environment variable like RUNNING_IN_CI, to make sure the tests are actually run often enough.) Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1115 Approved by: rhatdan
* Don't pollute the build output with failures to build checkseccompMiloslav Trmač2018-07-26
| | | | | | | | | | | | (make localunit) complains about the unbuildable subpackage; silence that. Actually, I can't find any user of checkseccomp in this repo; maybe it is entirely unused? Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1115 Approved by: rhatdan
* Remove cmd/podman/user.goMiloslav Trmač2018-07-26
| | | | | | | | | | | | None of the functions are used within the package, and it does not build on non-Linux systems. (Similar code continues to exist in pkg/chrootuser, and is unaffected.) Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1115 Approved by: rhatdan
* double papr timeout for all ci testsbaude2018-07-26
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1163 Approved by: baude
* vendor latest containers/psgoValentin Rothberg2018-07-26
| | | | | | | Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1162 Approved by: rhatdan
* Merge pull request #1158 from mheon/prevent_multiple_boltdb_connsMatthew Heon2018-07-26
|\ | | | | Add a mutex to BoltDB state to prevent lock issues
| * Add a mutex to BoltDB state to prevent lock issuesMatthew Heon2018-07-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Per https://www.sqlite.org/src/artifact/c230a7a24?ln=994-1081, POSIX file advisory locks are unsafe to use within a single process if multiple file descriptors are open for the same file. Unfortunately, this has a strong potential to happen for multithreaded usage of libpod, and could result in DB corruption. To prevent this, wrap all access to BoltDB within a single libpod instance in a mutex to ensure concurrent access cannot occur. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Vendor latest container/storage to fix overlay mountoptDaniel J Walsh2018-07-25
| | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1160 Approved by: mheon