summaryrefslogtreecommitdiff
path: root/cmd/podman/shared
Commit message (Collapse)AuthorAge
* rootless: use a single user namespaceGiuseppe Scrivano2019-04-01
| | | | | | | | | | | | | | | | | | | | | simplify the rootless implementation to use a single user namespace for all the running containers. This makes the rootless implementation behave more like root Podman, where each container is created in the host environment. There are multiple advantages to it: 1) much simpler implementation as there is only one namespace to join. 2) we can join namespaces owned by different containers. 3) commands like ps won't be limited to what container they can access as previously we either had access to the storage from a new namespace or access to /proc when running from the host. 4) rootless varlink works. 5) there are only two ways to enter in a namespace, either by creating a new one if no containers are running or joining the existing one from any container. Containers created by older Podman versions must be restarted. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: remove SkipStorageSetup()Giuseppe Scrivano2019-04-01
| | | | | | | | in the few places where we care about skipping the storage initialization, we can simply use the process effective UID, instead of relying on a global boolean flag. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix gofmtMatthew Heon2019-03-27
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Remove ulele/deepcopier in favor of JSON deep copyMatthew Heon2019-03-27
| | | | | | | | | | | | | We have a very high performance JSON library that doesn't need to perform code generation. Let's use it instead of our questionably performant, reflection-dependent deep copy library. Most changes because some functions can now return errors. Also converts cmd/podman to use jsoniter, instead of pkg/json, for increased performance. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Resolve review commentsMatthew Heon2019-03-27
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add --no-hosts flag to disable management of /etc/hostsMatthew Heon2019-03-27
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* podman health check phase3baude2019-03-22
| | | | | | | | | | | | | | | | podman will not start a transient service and timer for healthchecks. this handles the tracking of the timing for health checks. added the 'started' status which represents the time that a container is in its start-period. the systemd timing can be disabled with an env variable of DISABLE_HC_SYSTEMD="true". added filter for ps where --filter health=[starting, healthy, unhealthy] can now be used. Signed-off-by: baude <bbaude@redhat.com>
* podman: do not split --env on commaGiuseppe Scrivano2019-03-20
| | | | | | | | if --env "a=b,c" is used, do not split into a=b and c=. Closes: https://github.com/containers/libpod/issues/2712 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* port grouping in ps command outputKunal Kushwaha2019-03-15
| | | | | | | continuous published ports are grouped in ps output. bugfix: #1358 Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
* Merge pull request #2562 from baude/healtcheckphase2OpenShift Merge Robot2019-03-12
|\ | | | | healthcheck phase 2
| * healtcheck phase 2baude2019-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | integration of healthcheck into create and run as well as inspect. healthcheck enhancements are as follows: * add the following options to create|run so that non-docker images can define healthchecks at the container level. * --healthcheck-command * --healthcheck-retries * --healthcheck-interval * --healthcheck-start-period * podman create|run --healthcheck-command=none disables healthcheck as described by an image. * the healthcheck itself and the healthcheck "history" can now be observed in podman inspect * added the wiring for healthcheck history which logs the health history of the container, the current failed streak attempts, and log entries for the last five attempts which themselves have start and stop times, result, and a 500 character truncated (if needed) log of stderr/stdout. The timings themselves are not implemented in this PR but will be in future enablement (i.e. next). Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2527 from baude/eventsOpenShift Merge Robot2019-03-11
|\ \ | |/ |/| Add event logging to libpod, even display to podman
| * Add event logging to libpod, even display to podmanbaude2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In lipod, we now log major events that occurr. These events can be displayed using the `podman events` command. Each event contains: * Type (container, image, volume, pod...) * Status (create, rm, stop, kill, ....) * Timestamp in RFC3339Nano format * Name (if applicable) * Image (if applicable) The format of the event and the varlink endpoint are to not be considered stable until cockpit has done its enablement. Signed-off-by: baude <bbaude@redhat.com>
* | preparation for remote-client create containerbaude2019-03-11
|/ | | | | | | | | to prepare for being able to remotely run a container, we need to perform a refactor to get code out of main because it is not reusable. the shared location is a good starting spot though eventually some will likely end up in pkg/spec/ at some point. Signed-off-by: baude <bbaude@redhat.com>
* container runlabel respect $PWDbaude2019-03-08
| | | | | | | | | When doing environment variable substitution, we need to make sure $PWD is replaced with the current working directory. fixes issue #2171 Signed-off-by: baude <bbaude@redhat.com>
* podman-remote create|psbaude2019-02-25
| | | | | | | enable the podman-remote client to be able to create and list pods on a remote system. Signed-off-by: baude <bbaude@redhat.com>
* show container ports of network namespacebaude2019-02-13
| | | | | | | | | | in cases where a container is part of a network namespace, we should show the network namespace's ports when dealing with ports. this impacts ps, kube, and port. fixes: #846 Signed-off-by: baude <bbaude@redhat.com>
* Add volume mounts to PS outputbaude2019-02-08
| | | | | | | | | When listing containers, you should be able to list the mounts with something like --format "table{{".Mounts}}". Resolves: #2238 Signed-off-by: baude <bbaude@redhat.com>
* Changes to container runlabel for toolbox projectbaude2019-01-30
| | | | | | | | | | The toolbox project would benefit from a few changes to more closely resembe the original atomic cli project. Changes made are: * only pull image for container runlabel if the label exists in the image * if a container image does not have the desired label, exit with non-zero Signed-off-by: baude <bbaude@redhat.com>
* podman-remote inspectbaude2019-01-18
| | | | | | base enablement of the inspect command. Signed-off-by: baude <bbaude@redhat.com>
* Add varlink support for prunebaude2019-01-10
| | | | | | | Add the ability to prune unused images using the varlink API. Signed-off-by: baude <bbaude@redhat.com>
* Rename libpod.Config back to ContainerConfigMatthew Heon2019-01-07
| | | | | | | | | | During an earlier bugfix, we swapped all instances of ContainerConfig to Config, which was meant to fix some data we were returning from Inspect. This unfortunately also renamed a libpod internal struct for container configs. Undo the rename here. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* container runlabel NAME implementationbaude2019-01-04
| | | | | | | | | | | when using container runlabel, if a --name is not provided, we must deduce the container name from the base name of the image to maintain parity with the atomic cli. fixed small bug where we split the cmd on " " rather than using fields could lead to extra spaces in command output. Signed-off-by: baude <bbaude@redhat.com>
* Switch all referencs to image.ContainerConfig to image.ConfigDaniel J Walsh2018-12-21
| | | | | | This will more closely match what Docker is doing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #1986 from baude/varlinkendpointsOpenShift Merge Robot2018-12-17
|\ | | | | Clean up some existing varlink endpoints
| * Clean up some existing varlink endpointsbaude2018-12-12
| | | | | | | | | | | | | | | | Going through and adding options (like tls-verify, signature option, etc) to some varlink endpoints (like push/pull) many of which had not been updated since their original authoring. Signed-off-by: baude <bbaude@redhat.com>
* | runlabel should sub podman for docker|/usr/bin/dockerbaude2018-12-13
|/ | | | | | | | | | Many RH images use a fully-qualified path to docker in their RUN labels. While initially we wanted an exact match for substituting commands, docker is a good exception. Bug #1623282 Signed-off-by: baude <bbaude@redhat.com>
* Remove the forceSecure parameter on the pull call stackMiloslav Trmač2018-12-06
| | | | | | | DockerRegistryOptions.DockerInsecureSkipTLSVerify as an types.OptionalBool can now represent that value, so forceSecure is redundant. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Merge pull request #1912 from baude/pruneOpenShift Merge Robot2018-12-06
|\ | | | | Add ability to prune containers and images
| * Add ability to prune containers and imagesbaude2018-12-05
| | | | | | | | | | | | | | | | | | | | | | Allow user to prune unused/unnamed images, the layer images from building, via podman rmi --prune. Allow user to prune stopped/exiuted containers via podman rm --prune. This should resolve #1910 Signed-off-by: baude <bbaude@redhat.com>
* | Add --sync flag to podman psMatthew Heon2018-12-06
|/ | | | | | | | | | | The previous commit added support for --sync to podman rm to ensure state inconsistencies would not prevent containers from being removed. Add the flag to podman ps as well, so that all containers can be forcibly synced and all state inconsistencies resolved. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Adding more varlink endpointsbaude2018-12-03
| | | | | | | | | | | * runlabel * checkpoint * restore * container|image exists * mount * unmount Signed-off-by: baude <bbaude@redhat.com>
* runlabel: use shlex for splitting commandsValentin Rothberg2018-11-16
| | | | | | | | Use github.com/google/shlex for splitting commands instead of splitting at whitespaces. This way, we avoid accidentally splitting single string arguments into mutliple ones. Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
* rm -f now removes a paused containerbaude2018-11-08
| | | | | | | | | | | | We now can remove a paused container by sending it a kill signal while it is paused. We then unpause the container and it is immediately killed. Also, reworked how the parallelWorker results are handled to provide a more consistent approach to how each subcommand implements it. It also fixes a bug where if one container errors, the error message is duplicated when printed out. Signed-off-by: baude <bbaude@redhat.com>
* Make kill, pause, and unpause parallel.baude2018-11-01
| | | | | | | | | | | Operations like kill, pause, and unpause -- which can operation on one or more containers -- can greatly benefit from parallizing its main job (eq kill). In the case of pauseand unpause, an --all option as was added. pause --all will pause all **running** containers. And unpause --all will unpause all **paused** containers. Signed-off-by: baude <bbaude@redhat.com>
* Make restart parallel and add --allbaude2018-11-01
| | | | | | | | | | When attempting to restart many containers, we can benefit from making the restarts parallel. For convenience, two new options are added: --all attempts to restart all containers --run-only when used with --all will attempt to restart only running containers Signed-off-by: baude <bbaude@redhat.com>
* truncate command output in ps by defaultbaude2018-10-30
| | | | | | | | when the PS command was reworked for performance and formatting improvements, i forgot to truncate the command field. Long container commands was throwing the formatting off. we now truncated to 17 characters plus the elipses. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #1637 from vrothberg/runlabel-execute-any-commandOpenShift Merge Robot2018-10-26
|\ | | | | runlabel: run any command
| * runlabel: run any commandValentin Rothberg2018-10-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As discussed [1], the runlabel command should execute any command specified in a label. The reasoning behind is that we cannot restrict which options are passed to Podman which thereby has full access to the host (runlabels must be used with care). With the updated semantics, runlabel will substitute the commands with a basepath equal to "docker" or "podman" with "/proc/self/exe", and otherwise leave the command unchanged to execute any other command on the host. [1] https://github.com/containers/libpod/pull/1607#issuecomment-428321382 Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
* | Add --max-workers and heuristics for parallel operationsbaude2018-10-25
|/ | | | | | | | | | add a global flag for --max-workers so users can limit the number of parallel operations for a given function. also, when not limited by max-workers, we implement a heuristic function that returns the number of preferred parallel workers based on the number of CPUs and the given operation. Signed-off-by: baude <bbaude@redhat.com>
* Make podman ps fastbaude2018-10-23
| | | | | | Like Ricky Bobby, we want to go fast. Signed-off-by: baude <bbaude@redhat.com>
* fix runlabel functions based on QA feedbackbaude2018-10-11
| | | | Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #1587 from mheon/fix_pod_statusOpenShift Merge Robot2018-10-08
|\ | | | | Fix pod status reporting for new Exited state
| * Fix pod status reporting for new Exited stateMatthew Heon2018-10-03
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | runlabel: execute /proc/self/exe and avoid recursionValentin Rothberg2018-10-05
|/ | | | | | | | | | | | | Execute /proc/self/exe instead of podman. This makes the runlabel command more portable as it works for binaries outside the path as well as for local builds. Also, avoid redundantly executing the runlabel command by setting the PODMAN_RUNLABEL_NESTED environment variable to "1". Podman now checks for this variable before executing the runlabel command and will throw an error in case the variable is set. Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
* Add container runlabel commandbaude2018-09-28
| | | | | | | | | | | | | Execute the command as described by a container image. The value of the label is processed into a command by: 1. Ensuring the first argument of the command is podman. 2. Substituting any variables with those defined by the environment or otherwise. If no label exists in the container image, nothing is done. podman container runlabel LABEL IMAGE extra_args Signed-off-by: baude <bbaude@redhat.com>
* Fix pod sharing for utsmodeDaniel J Walsh2018-09-07
| | | | | | | | | | | | | We should be sharing cgroups namespace by default in pods uts namespace sharing was broken in pods. Create a new libpod/pkg/namespaces for handling of namespace fields in containers Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1418 Approved by: mheon
* Fix handling of multiple filters in podman psMatthew Heon2018-08-27
| | | | | | | | | | | | | Docker expects multiple filters to be passed with multiple uses of the --filter flag (e.g. --filter=label=a=b --filter=label=c=d) and not a single comma-separated list of filters as we expected. Convert to the Docker format, and make some small cleanups to our handling of filters along the way. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1345 Approved by: umohnani8
* Fixing network ns segfaulthaircommander2018-08-23
| | | | | | | | | As well as small style corrections, update pod_top_test to use CreatePod, and move handling of adding a container to the pod's namespace from container_internal_linux to libpod/option. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Support pause containers in varlinkhaircommander2018-08-23
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon