summaryrefslogtreecommitdiff
path: root/cmd/podman/run.go
Commit message (Collapse)AuthorAge
* Move rootless storage config into libpodMatthew Heon2018-12-02
| | | | | | | | | | | | | | Previous commits ensured that we would use database-configured paths if not explicitly overridden. However, our runtime generation did unconditionally override storage config, which made this useless. Move rootless storage configuration setup to libpod, and change storage setup so we only override if a setting is explicitly set, so we can still override what we want. Signed-off-by: Matthew Heon <mheon@redhat.com>
* --interactive shall keep STDIN attached even when not explicitly called outŠimon Lukašík2018-11-03
| | | | | | | | | | | | | | Addressing: podman run -it -a STDERR --rm alpine /bin/ash hanging. As we droped stdin as soon as -a was used. Notice this is contrary to what D-tool does and contrary to what podman help implies: podman run --help | grep interact --interactive, -i Keep STDIN open even if not attached Signed-off-by: Šimon Lukašík <slukasik@redhat.com>
* Sort all command flagsQi Wang2018-10-11
| | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* Add ContainerStateExited and OCI delete() in cleanup()Matthew Heon2018-10-02
| | | | | | | | | | | | | | | | To work better with Kata containers, we need to delete() from the OCI runtime as a part of cleanup, to ensure resources aren't retained longer than they need to be. To enable this, we need to add a new state to containers, ContainerStateExited. Containers transition from ContainerStateStopped to ContainerStateExited via cleanupRuntime which is invoked as part of cleanup(). A container in the Exited state is identical to Stopped, except it has been removed from the OCI runtime and thus will be handled differently when initializing the container. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Refactor Wait() to not require a timeoutMatthew Heon2018-09-21
| | | | | | | | | | | We added a timeout for convenience, but most invocations don't care about it. Refactor it into WaitWithTimeout() and add a Wait() that doesn't require a timeout and uses the default. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1527 Approved by: mheon
* rootless: fix create with images not in the storageGiuseppe Scrivano2018-09-21
| | | | | | | | | | | | This chunk was mistakenly removed with ecec1a5430885baf96d2e3d6153c7454c41a4617 Introduce it back as it solves the pull of an image that is not yet in the storage when using create/run. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1521 Approved by: baude
* Merge pull request #1461 from rhatdan/runMatthew Heon2018-09-14
|\ | | | | Remove duplicate code between create.go and run.go
| * Remove duplicate code between create.go and run.goDaniel J Walsh2018-09-13
| | | | | | | | | | | | | | | | | | | | | | Create two new createInit for checking if the cotnainer is initialized correctly. createContainer which creates the actual container and containerConfig Also added libpodruntime.GetContainerRuntime to put common runtime code into separate function. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add --interval flag to podman waitDaniel J Walsh2018-09-13
|/ | | | | | | Waiting uses a lot of CPU, so drop back to checking once/second and allow user to pass in the interval. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* rootless: check uid with Geteuid() instead of Getuid()Giuseppe Scrivano2018-09-04
| | | | | | | | | | | | change the tests to use chroot to set a numeric UID/GID. Go syscall.Credential doesn't change the effective UID/GID of the process. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1372 Approved by: mheon
* rootless, run: support --podGiuseppe Scrivano2018-09-04
| | | | | | | | | | move re-exec later on, so that we can check whether we need to join the infra container user namespace or we need to create another one. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1372 Approved by: mheon
* don't print help message for usage errorsValentin Rothberg2018-08-31
| | | | | | | | | | | | | | | | | Don't print potentially verbose help messages in case of usage errors, but print only the usage error followed by a pointer to the command's help. This aligns with Docker. ``` $ podman run -h flag needs an argument: -h See 'podman run --help'. ``` Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1379 Approved by: rhatdan
* run/create: reserve `-h` flag for hostnameValentin Rothberg2018-08-30
| | | | | | | | | | | Move the `-h` short flag from `--help` to `--hostname` for podman-run, podman-create and podman-pod-create to be compatible with Docker. Fixes: #1367 Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1373 Approved by: rhatdan
* switch projectatomic to containersDaniel J Walsh2018-08-16
| | | | | | | | | | Need to get some small changes into libpod to pull back into buildah to complete buildah transition. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1270 Approved by: mheon
* Cleanup descriptions and help informationDaniel J Walsh2018-07-27
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1167 Approved by: baude
* Need to wait for container to exit before completing run/start completesDaniel J Walsh2018-07-13
| | | | | | | | | | | | | This fixes a race condition where conmon is still writing the exit file and the container is exiting. Also we should not be ignoring the -a stdin flag if the user specifies --interactive mode. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1086 Approved by: baude
* Refactor podman/utils with a single container start and attach functionMarco Vedovati2018-07-06
| | | | | | | | | | | Use a single function startAttachCtr() to handle both container start with attach and attach to running containers, as the code handling the attach is common for the 2 use cases. Signed-off-by: Marco Vedovati <mvedovati@suse.com> Closes: #1025 Approved by: rhatdan
* Add `podman container cleanup` to CLIDaniel J Walsh2018-06-29
| | | | | | | | | | | | | When we run containers in detach mode, nothing cleans up the network stack or the mount points. This patch will tell conmon to execute the cleanup code when the container exits. It can also be called to attempt to cleanup previously running containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #942 Approved by: mheon
* Option handling has become large and should be a shared functionDaniel J Walsh2018-06-22
| | | | | | | | | | | Everytime we add a new option for create, we end up having to also add it to run, this makes it error prone. Moving these to the same function makes it easier to develop and prevents user mistakes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #975 Approved by: mheon
* podman: use a different store for the rootless caseGiuseppe Scrivano2018-06-15
| | | | | | | | | so that the user has rw access to it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* podman: accept option --rootfs to use exploded imagesGiuseppe Scrivano2018-06-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* Aliases do not work with IsSetDaniel J Walsh2018-06-12
| | | | | | | | | Have to specify all names. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #933 Approved by: baude
* libpod: Execute poststop hooks locallyW. Trevor King2018-06-04
| | | | | | | | | | | | Instead of delegating to the runtime, since some runtimes do not seem to handle these reliably [1]. [1]: https://github.com/projectatomic/libpod/issues/730#issuecomment-392959938 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #864 Approved by: rhatdan
* podman create, start, getattachsocketbaude2018-05-21
| | | | | | | | | First pass at implement API endpoints for create and start. Signed-off-by: baude <bbaude@redhat.com> Closes: #805 Approved by: baude
* Major fixes to systemd cgroup handlingMatthew Heon2018-05-11
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #507 Approved by: baude
* Make invalid state nonfatal when cleaning up in runMatthew Heon2018-05-04
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #726 Approved by: baude
* Begin wiring in USERNS Support into podmanDaniel J Walsh2018-05-04
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #690 Approved by: mheon
* varlink imagesbaude2018-04-26
| | | | | | | | | | | | | implement varlink image functions for working with libpod with the exception of a couple due to incompletions on the libpod side of things (build). also, created a first pass at a libpodpy package which will stand as a client to working with libpod's varlink methods using python. Signed-off-by: baude <bbaude@redhat.com> Closes: #669 Approved by: baude
* Vendor in latest containers/image and contaners/storageumohnani82018-04-19
| | | | | | | | | Made necessary changes to functions to include contex.Context wherever needed Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #640 Approved by: baude
* regression: tls verify should be set on registries.conf if insecurebaude2018-04-18
| | | | | | | | | | | In the case where podman needs to pull an image, if that registry that the image resides on is known to be insesure (as defined in /etc/containers/registries.conf), tls-verify should be altered on the fly. Signed-off-by: baude <bbaude@redhat.com> Closes: #626 Approved by: mheon
* Allow podman to exit exit codes of removed containersMatthew Heon2018-04-17
| | | | | | | | | | | | | | | We can read the exit file created by conmon to get the exit code instead of querying libpod. Also, do not error on cleanup if the container is already gone, as a completely removed container is definitely cleaned up. Resolves: #527 Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #632 Approved by: rhatdan
* podman pull should always try to pullbaude2018-04-14
| | | | | | | | | | | | | | In the case where you have an image local, if the the user runs podman pull, we should always attempt to pull an updated image. Added a forceRemote bool to New (image) so we can differentiate between "pull" or run because the actions differ. Run does not need to pull the latest -- only run. Signed-off-by: baude <bbaude@redhat.com> Closes: #618 Approved by: baude
* Fix terminal attachMatthew Heon2018-04-13
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #608 Approved by: baude
* Changes to attach to enable per-stream attachingMatthew Heon2018-04-13
| | | | | | | | | | This allows us to attach to attach to just stdout or stderr or stdin, or any combination of these. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #608 Approved by: baude
* Functionality changes to the following flagsumohnani82018-04-06
| | | | | | | | | | | | | | | | | | | --group-add --blkio-weight-device --device-read-bps --device-write-bps --device-read-iops --device-write-iops --group-add now supports group names as well as the gid associated with them. All the --device flags work now with moderate changes to the code to support both bps and iops. Added tests for all the flags. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #590 Approved by: mheon
* Run images with no namesbaude2018-04-04
| | | | | | | | | | | | | When an image name has no reponames, you should still be able to run it by ID. When doing so, imageName needs to be set to "" so we don't hit an index out of range error Resolves: #587 Signed-off-by: baude <bbaude@redhat.com> Closes: #593 Approved by: mheon
* Remove explicit Init() calls in run and startMatthew Heon2018-04-03
| | | | | | | | | | | | | We no longer require an explicit Init() to start a container, as Start() will now call Init() if the container is not initialized. Remove explicit Init() invocations from run and start to help with dependency ordering - less time for a dependency to go down before we start. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #577 Approved by: rhatdan
* podman: new option --conmon-pidfile=Giuseppe Scrivano2018-03-29
| | | | | | | | | | | | | | | | | | | so that it is possible to use systemd to automatically restart the container: [Service] Type=forking PIDFile=/run/awesome-service.pid ExecStart=/usr/bin/podman run --conmon-pidfile=/run/awesome-service.pid --name awesome -d IMAGE /usr/bin/do-something ExecStopPost=/usr/bin/podman rm awesome Restart=always Closes: https://github.com/projectatomic/libpod/issues/534 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #549 Approved by: rhatdan
* cmd/podman/run.go: Error nicely when no image foundbaude2018-03-27
| | | | | | | | | | | | When no image is found, display a useful error message. Also, in imageToRef protect against a nil image being passed. Resolves: #553 Signed-off-by: baude <bbaude@redhat.com> Closes: #555 Approved by: mheon
* If cidfile exists, do not proceedbaude2018-03-23
| | | | | | | | | | | | | Both podman run and create have an option to write the container ID to a file. The option is called cidfile. If the cidfile exists, we should not create or run a container but rather output a sensical error message. Resolves: #530 Signed-off-by: baude <bbaude@redhat.com> Closes: #531 Approved by: rhatdan
* Migrate podman inspect and tag to image librarybaude2018-03-21
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #525 Approved by: baude
* Image library stage 4 - create and commitbaude2018-03-20
| | | | | | | | | | Migrate the podman create and commit subcommandis to leverage the images library. I also had to migrate the cmd/ portions of run and rmi. Signed-off-by: baude <bbaude@redhat.com> Closes: #498 Approved by: mheon
* Add signal proxying to podman run, start, and attachMatthew Heon2018-03-15
| | | | | | | Also removes sig-proxy from 'podman create', where is does not make sense. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add StartAndAttach() API endpoint for containersMatthew Heon2018-03-15
| | | | | | | | | | | | This solves our prior problems with attach races by ensuring the order is correct. Also contains substantial cleanups to the attach code. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #482 Approved by: baude
* Implement --image-volumes for create and runumohnani82018-02-22
| | | | | | | | | | | | | | --image-volumes tells podman what to do with the image volumes in the image config There are 3 options: bind, tmpfs, and ignore bind puts the volume contents in /var/lib/containers/storage/container-id/volumes/vol-dir and bind mounts it into the container at /vol-dir tmpfs mounts /vol-dir as a tmps into the container ignore doesn't mount the image volumes onto the container Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #377 Approved by: rhatdan
* Add tests and cleanupJhon Honce2018-02-22
| | | | | | | | | | - Added run_cgroup_parent_test.go - Cleaned up calls to logrus Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #370 Approved by: rhatdan
* Push up createConfig.CgroupParent processing to parentJhon Honce2018-02-22
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #370 Approved by: rhatdan
* Implement podman run option --cgroup-parentJhon Honce2018-02-22
| | | | | | | | | | | Example: sudo /usr/local/bin/podman run --cgroup-parent=/zzz fedora cat /proc/self/cgroup Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #370 Approved by: rhatdan
* Correct exit code 126 and 127baude2018-02-21
| | | | | | | | | | | | | | | | The exit codes for 126 and 127 were reversed. For the record, the exit codes used are as follows: * 125 if ‘chroot’ itself fails * 126 if COMMAND is found but cannot be invoked * 127 if COMMAND cannot be found This resolves issue #367 Signed-off-by: baude <bbaude@redhat.com> Closes: #378 Approved by: baude
* cleanup network stack as well as storage when container shuts down.Daniel J Walsh2018-02-08
| | | | | | This patch will cleanup the network stack when the container exits Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>