| Commit message (Collapse) | Author | Age |
|
|
|
| |
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To work better with Kata containers, we need to delete() from the
OCI runtime as a part of cleanup, to ensure resources aren't
retained longer than they need to be.
To enable this, we need to add a new state to containers,
ContainerStateExited. Containers transition from
ContainerStateStopped to ContainerStateExited via cleanupRuntime
which is invoked as part of cleanup(). A container in the Exited
state is identical to Stopped, except it has been removed from
the OCI runtime and thus will be handled differently when
initializing the container.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
We added a timeout for convenience, but most invocations don't
care about it. Refactor it into WaitWithTimeout() and add a
Wait() that doesn't require a timeout and uses the default.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1527
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
| |
This chunk was mistakenly removed with ecec1a5430885baf96d2e3d6153c7454c41a4617
Introduce it back as it solves the pull of an image that is not yet in
the storage when using create/run.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1521
Approved by: baude
|
|\
| |
| | |
Remove duplicate code between create.go and run.go
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Create two new createInit for checking if the cotnainer is initialized
correctly.
createContainer which creates the actual container and containerConfig
Also added libpodruntime.GetContainerRuntime to put common runtime code
into separate function.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
| |
Waiting uses a lot of CPU, so drop back to checking once/second
and allow user to pass in the interval.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
change the tests to use chroot to set a numeric UID/GID.
Go syscall.Credential doesn't change the effective UID/GID of the
process.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
move re-exec later on, so that we can check whether we need to join
the infra container user namespace or we need to create another one.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't print potentially verbose help messages in case of usage errors,
but print only the usage error followed by a pointer to the command's
help. This aligns with Docker.
```
$ podman run -h
flag needs an argument: -h
See 'podman run --help'.
```
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1379
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
Move the `-h` short flag from `--help` to `--hostname` for podman-run,
podman-create and podman-pod-create to be compatible with Docker.
Fixes: #1367
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1373
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
Need to get some small changes into libpod to pull back into buildah
to complete buildah transition.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1270
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1167
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a race condition where conmon is still writing the exit
file and the container is exiting.
Also we should not be ignoring the -a stdin flag if the user specifies
--interactive mode.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1086
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
| |
Use a single function startAttachCtr() to handle both container start
with attach and attach to running containers, as the code handling the
attach is common for the 2 use cases.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Closes: #1025
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we run containers in detach mode, nothing cleans up the network stack or
the mount points. This patch will tell conmon to execute the cleanup code when
the container exits.
It can also be called to attempt to cleanup previously running containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #942
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
Everytime we add a new option for create, we end up having to also
add it to run, this makes it error prone. Moving these to the same
function makes it easier to develop and prevents user mistakes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #975
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
so that the user has rw access to it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
Have to specify all names.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #933
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of delegating to the runtime, since some runtimes do not seem
to handle these reliably [1].
[1]: https://github.com/projectatomic/libpod/issues/730#issuecomment-392959938
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #864
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
| |
First pass at implement API endpoints for create and start.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #805
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #507
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #726
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #690
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
implement varlink image functions for working with libpod with the exception of a
couple due to incompletions on the libpod side of things (build).
also, created a first pass at a libpodpy package which will stand as a client to
working with libpod's varlink methods using python.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #669
Approved by: baude
|
|
|
|
|
|
|
|
|
| |
Made necessary changes to functions to include contex.Context wherever needed
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #640
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
| |
In the case where podman needs to pull an image, if that registry that the image
resides on is known to be insesure (as defined in /etc/containers/registries.conf),
tls-verify should be altered on the fly.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #626
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We can read the exit file created by conmon to get the exit code
instead of querying libpod.
Also, do not error on cleanup if the container is already gone,
as a completely removed container is definitely cleaned up.
Resolves: #527
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #632
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the case where you have an image local, if the the user runs
podman pull, we should always attempt to pull an updated image.
Added a forceRemote bool to New (image) so we can differentiate
between "pull" or run because the actions differ. Run does not
need to pull the latest -- only run.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #618
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #608
Approved by: baude
|
|
|
|
|
|
|
|
|
|
| |
This allows us to attach to attach to just stdout or stderr or
stdin, or any combination of these.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #608
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--group-add
--blkio-weight-device
--device-read-bps
--device-write-bps
--device-read-iops
--device-write-iops
--group-add now supports group names as well as the gid associated with them.
All the --device flags work now with moderate changes to the code to support both
bps and iops.
Added tests for all the flags.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #590
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an image name has no reponames, you should still be able to run it
by ID. When doing so, imageName needs to be set to "" so we don't hit an index
out of range error
Resolves: #587
Signed-off-by: baude <bbaude@redhat.com>
Closes: #593
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We no longer require an explicit Init() to start a container, as
Start() will now call Init() if the container is not initialized.
Remove explicit Init() invocations from run and start to help
with dependency ordering - less time for a dependency to go down
before we start.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #577
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
so that it is possible to use systemd to automatically restart the
container:
[Service]
Type=forking
PIDFile=/run/awesome-service.pid
ExecStart=/usr/bin/podman run --conmon-pidfile=/run/awesome-service.pid --name awesome -d IMAGE /usr/bin/do-something
ExecStopPost=/usr/bin/podman rm awesome
Restart=always
Closes: https://github.com/projectatomic/libpod/issues/534
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #549
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
| |
When no image is found, display a useful error message. Also, in imageToRef
protect against a nil image being passed.
Resolves: #553
Signed-off-by: baude <bbaude@redhat.com>
Closes: #555
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Both podman run and create have an option to write the container ID to a file. The option
is called cidfile. If the cidfile exists, we should not create or run a container but rather
output a sensical error message.
Resolves: #530
Signed-off-by: baude <bbaude@redhat.com>
Closes: #531
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #525
Approved by: baude
|
|
|
|
|
|
|
|
|
|
| |
Migrate the podman create and commit subcommandis to leverage the images library. I also had
to migrate the cmd/ portions of run and rmi.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #498
Approved by: mheon
|
|
|
|
|
|
|
| |
Also removes sig-proxy from 'podman create', where is does not
make sense.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This solves our prior problems with attach races by ensuring the
order is correct.
Also contains substantial cleanups to the attach code.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #482
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--image-volumes tells podman what to do with the image volumes in the image config
There are 3 options: bind, tmpfs, and ignore
bind puts the volume contents in /var/lib/containers/storage/container-id/volumes/vol-dir
and bind mounts it into the container at /vol-dir
tmpfs mounts /vol-dir as a tmps into the container
ignore doesn't mount the image volumes onto the container
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #377
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
- Added run_cgroup_parent_test.go
- Cleaned up calls to logrus
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #370
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #370
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
Example:
sudo /usr/local/bin/podman run --cgroup-parent=/zzz fedora cat /proc/self/cgroup
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #370
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The exit codes for 126 and 127 were reversed. For the record, the exit
codes used are as follows:
* 125 if ‘chroot’ itself fails
* 126 if COMMAND is found but cannot be invoked
* 127 if COMMAND cannot be found
This resolves issue #367
Signed-off-by: baude <bbaude@redhat.com>
Closes: #378
Approved by: baude
|
|
|
|
|
|
| |
This patch will cleanup the network stack when the container exits
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #234
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
| |
Create a mocked CLI instance so we can test that user-input
functions to run (create) end up in the spec correctly. It will
also help protect against regression include type changes.
We can decide if we want to test items one at a time or several
at a time.
Signed-off-by: baude <bbaude@redhat.com>
|