| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Add an API for Attach over HTTP API
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The new APIv2 branch provides an HTTP-based remote API to Podman.
The requirements of this are, unfortunately, incompatible with
the existing Attach API. For non-terminal attach, we need append
a header to what was copied from the container, to multiplex
STDOUT and STDERR; to do this with the old API, we'd need to copy
into an intermediate buffer first, to handle the headers.
To avoid this, provide a new API to handle all aspects of
terminal and non-terminal attach, including closing the hijacked
HTTP connection. This might be a bit too specific, but for now,
it seems to be the simplest approach.
At the same time, add a Resize endpoint. This needs to be a
separate endpoint, so our existing channel approach does not work
here.
I wanted to rework the rest of attach at the same time (some
parts of it, particularly how we start the Attach session and how
we do resizing, are (in my opinion) handled much better here.
That may still be on the table, but I wanted to avoid breaking
existing APIs in this already massive change.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
hack/install_golangci.sh: check env vars
|
| | |
| | |
| | |
| | |
| | |
| | | |
Also make it executable and `set -eo pipefail`.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
e2e/run_signal_test.go: make it more robust
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Make the signal test more robust by just checking that the container's
exit code is non-zero. There are two possible exit codes (i.e., 130 and
137) depending on how the container is being killed, which is likely
responsible for CI flakes.
Fixes: #4886
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
systemdgen: add --ignore flag to generic services
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The --ignore flag lets Podman ignore errors when a specified container
does not exist (anymore). That's a nice addition to generic services
generated via the --new flag. Those services create new containers and
can hence allows user to manually remove a container; may it only be by
accident.
The important part of using the --ignore flag is that Podman will exit 0
which plays nicer with most restart policies; a non-zero exit may yield
systemd to restart the entire service which is arguably wrong if the
user manually deletes the container.
If desired, users can still alter the generated files.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Remove c.String(net)
|
| |/
| |
| |
| |
| |
| |
| | |
We have a lot of cludgy code trying to make --net and --network equivalent.
This will allow --net to still exists but will eliminate the help and confusion.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
v2: don't block sigterm and add the service to `make binaries`
|
| |
| |
| |
| |
| |
| |
| | |
Include the service into make binaries such that we're it's being build
in the CI.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|/
|
|
| |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Cirrus: remove workaround for cleaning /go/bin
|
|/
|
|
|
|
|
|
|
|
| |
Remove the temporary workaround for cleaning /go/bin in the gating task.
The workaround was added to make sure that we're always installing the
latest tools in `make install.tools`. The gating image does not ship
with these pre-installed tools anymore which is now causing errors in
the gating task as the `rm` is missing the `--force` flag.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Enable pre-commit linting
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This should help use keep the codebase more consistent, and avoid sevel
whitespace related issues, or bad file permissions.
pre-commit allows us to easily introduce other linters in follow-ups,
like bashate.
Note: pre-commit tool does *not* install any git-hooks. Making commits
will will call the tool unless you deliverately tell it to install the
hooks.
Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
|
|\ \
| | |
| | | |
v2 api: top improvements
|
| | |
| | |
| | |
| | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a hanlder to figure out if the specified http request came through
a libpod endpoint. A first user is the top endpoint which has a
different default value for `ps_args` depending if the request came
through the docker or libpod endpoint.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Move the top logic from pkg/adapter into the (*libpod.Container).Top().
This way, we drop the dependency from pkg/api on pkg/adapters and have
a clearer separation of concerns.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Let's not mix apples and oranges and give stderr a dedicated pipe. This
way, we don't return conmon log messages if run in debug mode.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Use `pkg/adapter` to increase code reuse and reduce code redundancy.
* Extend swagger docs to mention AIX descriptors.
* Document the libpod endpoint which shares the same handler.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
more BATS tests
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- run: --name (includes 'podman container exists' tests)
- run: --pull (always, never, missing)
- build: new test for ADD URL (#4420)
- exec: new test for issue #4785 (pipe getting lost)
- diff: new test
- selinux (mostly copied from docker-autotest)
Plus a bug fix: the wait_for_output() helper would continue
checking, eventually timing out, even if the container had
already exited (probably because of an error). Fix: as
part of the loop, run 'podman inspect' and bail out if
container is not running. Include exit code and logs.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
[CI:DOCS]swagger cleanup and left-hand nav
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add a static tags file so we can dictate the left-hand navigation. in
doing so we now override the tag in the swagger:operation. we now have
images and images (compat) as a way to differentiate.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Gating dockerfile
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Instead of only performing a presence check of the binary, also do a
version check and force installing the specified one if needed. This
will prevent users and the CI from using a wrong version in the future.
Move the logic into a dedicated shell script as I find built-in bash in
Makefiles hard to maintain.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Remove all references on gometalinter including the target to install
it. We are not using it anymore since we have fully migrated to
golangci-lint.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Use fedora:31 as a base image and rebuild to fetch the latest tools.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
[CI:DOCS] Add APIv2 CLI example POC
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Add ReadMe, CLI and unit files to support socket activation, both for
system and rootless
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
v2 api: stats improvements
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Also remove the redundant stats handler in libpod.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The docker and libpod endpoints provide the same functionality, so
we can use the same handler.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Also expect the container to be running.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Also add some comments.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
We must check all errors and handle them properly. Otherwise, we can run
into nil dereferences ultimately killing the service.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
`NumProcs` and `StorageStats` are windows specific and are not
popoulated on Linux. Hence, we can safely remove them.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
oci_conmon: not make accessible dirs if not needed
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
do not change the permissions mask for the rundir and the tmpdir when
running a container with a user namespace and the current user is
mapped inside the user namespace.
The change was introduced with
849548ffb8e958e901317eceffdcc2d918cafd8d, that dropped the
intermediate mount namespace in favor of allowing root into the user
namespace to access these directories.
Closes: https://github.com/containers/libpod/issues/4846
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Bump to Buildah v1.13.1
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
policy for seccomp-profile selection
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Implement a policy for selecting a seccomp profile. In addition to the
default behaviour (default profile unless --security-opt seccomp is set)
add a second policy doing a lookup in the image annotation.
If the image has the "io.containers.seccomp.profile" set its value will be
interpreted as a seccomp profile. The policy can be selected via the
new --seccomp-policy CLI flag.
Once the containers.conf support is merged into libpod, we can add an
option there as well.
Note that this feature is marked as experimental and may change in the
future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Rename `data` to `imageData` to make it more obvious which kind of data
the variable refers to.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
[CI:DOCS]swagger corrections
|
|/ / / / /
| | | | |
| | | | |
| | | | | |
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
make lint: extend checks
|