summaryrefslogtreecommitdiff
path: root/cmd/podman/common
Commit message (Collapse)AuthorAge
* Enable IPv6 port bindingMatthew Heon2020-06-10
| | | | | | | | | | | | | | | | | | | | | | | | Two areas needed tweaking to accomplish this: port parsing and binding ports on the host. Parsing is an obvious problem - we have to accomodate an IPv6 address enclosed by [] as well as a normal IPv4 address. It was slightly complicated by the fact that we previously just counted the number of colons in the whole port definition (a thousand curses on whoever in the IPv6 standard body decided to reuse colons for address separators), but did not end up being that bad. Libpod also (optionally) binds ports on the host to prevent their reuse by host processes. This code was IPv4 only for TCP, and bound to both for UDP (which I'm fairly certain is not correct, and has been adjusted). This just needed protocols adjusted to read "tcp4"/"tcp6" and "udp4"/"udp6" based on what we wanted to bind to. Fixes #5715 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fixup issues found by golintDaniel J Walsh2020-06-10
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix handling of systemd.Daniel J Walsh2020-06-05
| | | | | | | | | | Systemd enablement has to happen on the server side, since we need check if the image is running systemd. Also need to make sure user setting the StopSignal is not overriden on the server side. But if not set and using systemd, we set it correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Strip defaults from namespace flagsMatthew Heon2020-06-04
| | | | | | | | | | | | | | | | | We were picking up defaults from the client's containers.conf, which broke pod namespaces. The server-side code already checks containers.conf when not explicitly overridden by the user, or by the container being part of a pod (the last bit being our bug). This only manifested on systems with a containers.conf installed, so RHEL 8 and Fedora 32 (which means our F32 CI VMs likely should have caught it, but didn't, which is concerning). This prevents defaults for these flags being shown, but they were incorrect anyways for `podman-remote`, so I'm not terribly concerned. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Combine the code of dealing with 'readonly' and 'ro'.Charles Shih2020-06-02
| | | | | | https://github.com/containers/libpod/pull/6380#discussion_r432391376 Signed-off-by: Charles Shih <schrht@gmail.com>
* Add support for `readonly` option to --mountMatthew Heon2020-05-26
| | | | | | | | | This is just an alias to the `ro` option, but it's already in the manpages (and Docker) so we might as well add support for it. Fixes #6379 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* rootless: do not set pids limits with cgroupfsGiuseppe Scrivano2020-05-12
| | | | | | and enable events tests. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add remaining annotations for `podman inspect`Matthew Heon2020-05-08
| | | | | | This should finish support for `podman inspect` in APIv2. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* set --conmon-pidfileValentin Rothberg2020-05-08
| | | | | | | The --conmon-pidfile was not set in the spec leading to failing systemd units. Also add a system test to prevent future regressions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* podman: split env variables in env and overridesGiuseppe Scrivano2020-05-07
| | | | | | | | | | | | | | There are three different priorities for applying env variables: 1) environment/config file environment variables 2) image's config 3) user overrides (--env) The third kind are known to the client, while the default config and image's config is handled by the backend. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* add {generate,play} kubeValentin Rothberg2020-05-06
| | | | | | | | | | | | | | | | | | | Add the `podman generate kube` and `podman play kube` command. The code has largely been copied from Podman v1 but restructured to not leak the K8s core API into the (remote) client. Both commands are added in the same commit to allow for enabling the tests at the same time. Move some exports from `cmd/podman/common` to the appropriate places in the backend to avoid circular dependencies. Move definitions of label annotations to `libpod/define` and set the security-opt labels in the frontend to make kube tests pass. Implement rest endpoints, bindings and the tunnel interface. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add small fixes for 'podman run' from diffing inspectMatthew Heon2020-05-05
| | | | | | | | | | | | | | | | | | | | | | | | To try and identify differences between Podman v1.9 and master, I ran a series of `podman run` commands with various flags through each, then inspecting the resulting containers and diffed the inspect JSON between each. This identified a number of issues which are fixed in this PR. In order of discovery: - Podman v2 gave short names for images, where Podman v1 gave the fully-qualified name. Simple enough fix (get image tags and use the first one if they're available) - The --restart flag was not being parsed correctly when a number of retries was specified. Parsing has been corrected. - The -m flag was not setting the swap limit (simple fix to set swap in that case if it's not explicitly set by the user) - The --cpus flag was completely nonfunctional (wired in its logic) Tests have been added for all of these to catch future regressions. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Rework port parsing to support --expose and -PMatthew Heon2020-05-04
| | | | | | | | | | | | | | | | | | | | | As part of this, make a major change to the type we use to represent port mappings in SpecGen (from using existing OCICNI structs to using our own custom one). This struct has the advantage of supporting ranges, massively reducing traffic over the wire for Podman commands using them (for example, the `podman run -p 5000-6000` command will now send only one struct instead of 1000). This struct also allows us to easily validate which ports are in use, and which are not, which is necessary for --expose. Once we have parsed the ports from the new struct, we can produce an accurate map including all currently requested ports, and use that to determine what ports need to be exposed (some requested exposed ports may already be included in a mapping from --publish and will be ignored) and what open ports on the host we can map them to. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* cgroupsns was not following containers.confDaniel J Walsh2020-05-01
| | | | | | Implement ParseCgroupsNamespace to handle defaults. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6057 from baude/v2networkingOpenShift Merge Robot2020-05-01
|\ | | | | v2networking enable commands
| * add provided cni networks to spec genbaude2020-05-01
| | | | | | | | | | | | enable final integration tests for networking. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #6016 from giuseppe/fix-createOpenShift Merge Robot2020-05-01
|\ \ | |/ |/| v2, podman: fix create and entrypoint tests
| * cmd, podman: do not override entrypoint if unsetGiuseppe Scrivano2020-04-30
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * cmd, podman: use String instead of variable+StringVarGiuseppe Scrivano2020-04-30
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | V2 enable ps testsJhon Honce2020-04-29
|/ | | | | | | | * Combine cobra.Command helper functions into validate package from registry and common packages * Introduce ChoiceValue for flags Signed-off-by: Jhon Honce <jhonce@redhat.com>
* enable inspect testsValentin Rothberg2020-04-29
| | | | | | | | | | A surprisingly big change. A core problem was that `podman inspect` allows for passing containers AND images with the default `--type=all`. This only worked partially as the data was processed in isolation which caused various issues (e.g., two separate outputs instead of one) but it also caused issues regarding error handling. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* system tests must passBrent Baude2020-04-28
| | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* specgen: remove dead codeGiuseppe Scrivano2020-04-28
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #6000 from mheon/volume_backend_flagsOpenShift Merge Robot2020-04-27
|\ | | | | Add support for volumes-from, image volumes, init
| * Add support for volumes-from, image volumes, initMatthew Heon2020-04-27
| | | | | | | | | | | | | | | | | | | | | | This should complete Podmanv2's support for volume-related flags. Most code was sourced from the old pkg/spec implementation with modifications to account for the split between frontend flags (volume, mount, tmpfs) and the backend flags implemented here. Also enables tests for podman run with volumes Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Make podman container list == podman psDaniel J Walsh2020-04-27
|/ | | | | | | | | | Also make podman create -p PUBLISHPorts work. This PR fixes ps_test.go Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #5994 from giuseppe/fix-healthchecksOpenShift Merge Robot2020-04-27
|\ | | | | v2, podman: fix healthchecks
| * podman: handle --no-healthcheckGiuseppe Scrivano2020-04-27
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * podman: special case health-cmd noneGiuseppe Scrivano2020-04-27
| | | | | | | | | | | | now we have to pass down this information to libpod Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | spec: propagate --no-hosts to specgenGiuseppe Scrivano2020-04-27
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #5971 from giuseppe/fix-userns-testsOpenShift Merge Robot2020-04-24
|\ | | | | v2, podman: fix and enable all run_userns_test.go tests
| * podman: assume user namespace if there are mappingsGiuseppe Scrivano2020-04-24
| | | | | | | | | | | | | | if some mappings are specified, assume there is a private user namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * podman: implement userns=keep-idGiuseppe Scrivano2020-04-24
| | | | | | | | | | | | | | add missing implementation for userns=keep-id and enable the user namespaces tests. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | podman: fix --log-opt=path=%sGiuseppe Scrivano2020-04-24
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | podman: fix --http-proxyGiuseppe Scrivano2020-04-24
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | podman: fix podman --group-addGiuseppe Scrivano2020-04-24
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | podman: fix --cgroups=disabledGiuseppe Scrivano2020-04-24
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* podman: handle namespaces specified on the CLIGiuseppe Scrivano2020-04-23
| | | | | | | and handle differently the user namespace as it supports additional options. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* specgen: do not always set shmsizeGiuseppe Scrivano2020-04-23
| | | | | | if it wasn't overriden on the CLI, leave it undefined. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Enable basic volumes support in Podmanv2Matthew Heon2020-04-22
| | | | | | | | This enables the --volume, --mount, and --tmpfs flags in Podmanv2. It does not enable init-related flags, image volumes, and --volumes-from. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #5919 from rhatdan/v2OpenShift Merge Robot2020-04-21
|\ | | | | Lots more fixes for V2 conversion.
| * Handle hostname flag from clientDaniel J Walsh2020-04-21
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Add support for devices from command lineDaniel J Walsh2020-04-21
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Fix handling of CGroupsParent and CGroupsModeDaniel J Walsh2020-04-21
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Throw error on IPv6 ip addressesDaniel J Walsh2020-04-21
| | | | | | | | | | | | Podman does not currently support IPv6 addresses. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #5851 from jwhonce/wip/jsonOpenShift Merge Robot2020-04-21
|\ \ | | | | | | Provide a json variable pointing to a configured json API
| * | Provide a json variable pointing to a configured json APIJhon Honce2020-04-21
| | | | | | | | | | | | | | | | | | | | | | | | * All commands now using the same instance of json API * `json` variable created in each package to prevent `encoding/json` from being re-introduced Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Modify namespace generation code for specgenMatthew Heon2020-04-21
| |/ |/| | | | | | | | | | | | | | | | | | | | | Namespaces have now been changed to properly handle all cases. Spec handling code for namespaces was consolidated in a single function. Still missing: - Image ports - Pod namespaces likely still broken in Podmanv2 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #5911 from giuseppe/cgroup-skip-unsetOpenShift Merge Robot2020-04-21
|\ \ | |/ |/| podman: do not set empty cgroup limit blocks
| * podman: do not set empty cgroup limit blocksGiuseppe Scrivano2020-04-21
| | | | | | | | | | | | | | refactor cgroup limits in their own function. If there are no limits set avoid to set the block. Basic rootless containers work now. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>