| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As discussed [1], the runlabel command should execute any command
specified in a label. The reasoning behind is that we cannot restrict
which options are passed to Podman which thereby has full access to the
host (runlabels must be used with care).
With the updated semantics, runlabel will substitute the commands with a
basepath equal to "docker" or "podman" with "/proc/self/exe", and
otherwise leave the command unchanged to execute any other command on
the host.
[1] https://github.com/containers/libpod/pull/1607#issuecomment-428321382
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
|\
| |
| | |
Support auth file environment variable in podman build
|
| |
| |
| |
| | |
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
prevent opening the same file twice, since we re-exec podman in
rootless mode. While at it, also solve a possible race between the
check for the file and writing to it. Another process could have
created the file in the meanwhile and we would just end up overwriting
it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Add --all and --latest to checkpoint/restore
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This add the convenience options --all and --latest to the subcommands
checkpoint and restore.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This removes duplicate code paths which has been previously factored out
as getAllOrLatestContainers().
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instead of duplicating the same code in multiple commands this uses the
newly added function checkAllAndLatest() instead.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Just as the checkAllAndLatest() function the new code in
getAllOrLatestContainers() is used in some commands and duplicated. This
factors out this code to be used in other places without duplicating it.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| | |
The check about the --all and --latest option is used and repeated and
some commands. Factor it out and put it into common.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \
| | |
| | | |
Make podman ps fast
|
| | |
| | |
| | |
| | |
| | |
| | | |
Like Ricky Bobby, we want to go fast.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix podman port -l
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Running 'podman port -l' on a system without any containers created
gives:
$ podman port -l
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0xf3cef1]
goroutine 1 [running]:
github.com/containers/libpod/libpod.(*Container).State(0x0, 0x0, 0x0, 0x0)
/share/go/src/github.com/containers/libpod/libpod/container.go:658 +0x41
main.portCmd(0xc420094580, 0x0, 0x0)
/share/go/src/github.com/containers/libpod/cmd/podman/port.go:118 +0x406
This fixes it by making sure the variable 'containers' is nil and not [<nil>].
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
correct stats err with non-running containers
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
when doing stats -a|--all, if you have non-running containers, we should
not error on not being able to get information like PID, etc on them.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
fix environment variable parsing
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix the parsing of environment variables to catch invalid ones, such as
`-e = ` or `-e =A`, early in the stack to return meaningful error
messages. Also, instead of erroring out, set unspecified env variables
as empty (e.g., `-e FOO`) to remain compatible with Docker.
Fixes: #1663
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Make rm faster
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
When doing rm, we now parallelize the actual conainter deletions so they
can complete faster. This speeds up operations like rm -a.
Signed-off-by: baude <bbaude@redhat.com>
|
|/ /
| |
| |
| | |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|/
|
|
|
|
| |
This should allow us to share this code with buildah.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
| |
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|
|
|
|
|
|
| |
We were encountering sync issues with the map, so swap to a
thread-safe channel and convert into a map when we output
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|\
| |
| | |
Pass along syslog variable to podman cleanup processes
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As of now, there is no way to debug podman clean up processes.
They are started by conmon with no stdout/stderr and log nowhere.
This allows us to actually figure out what is going on when a
cleanup process runs.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|\ \
| | |
| | | |
Sort all CLI flags in podman commands
|
| |/
| |
| |
| | |
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
Stop containers in parallel fashion
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Prior, we were stopping containers serially. So if a container had a default
timeout of 10 seconds and there were five containers being stopped, the operation
would take roughly 50 seconds. If we stop these containers in parallel, the operation
should be roughly 10 seconds and change which is a significant speed up at scale.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Add ability to specify static IPs with --ip flag
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add the --ip flag back with bash completions. Manpages still
missing.
Add plumbing to pass appropriate the appropriate option down to
libpod to connect the flag to backend logic added in the previous
commits.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|/
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
Fix pod status reporting for new Exited state
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Execute /proc/self/exe instead of podman. This makes the runlabel
command more portable as it works for binaries outside the path as
well as for local builds.
Also, avoid redundantly executing the runlabel command by setting
the PODMAN_RUNLABEL_NESTED environment variable to "1". Podman
now checks for this variable before executing the runlabel command
and will throw an error in case the variable is set.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
runc uses CRIU to support checkpoint and restore of containers. This
brings an initial checkpoint/restore implementation to podman.
None of the additional runc flags are yet supported and container
migration optimization (pre-copy/post-copy) is also left for the future.
The current status is that it is possible to checkpoint and restore a
container. I am testing on RHEL-7.x and as the combination of RHEL-7 and
CRIU has seccomp troubles I have to create the container without
seccomp.
With the following steps I am able to checkpoint and restore a
container:
# podman run --security-opt="seccomp=unconfined" -d registry.fedoraproject.org/f27/httpd
# curl -I 10.22.0.78:8080
HTTP/1.1 403 Forbidden # <-- this is actually a good answer
# podman container checkpoint <container>
# curl -I 10.22.0.78:8080
curl: (7) Failed connect to 10.22.0.78:8080; No route to host
# podman container restore <container>
# curl -I 10.22.0.78:8080
HTTP/1.1 403 Forbidden
I am using CRIU, runc and conmon from git. All required changes for
checkpoint/restore support in podman have been merged in the
corresponding projects.
To have the same IP address in the restored container as before
checkpointing, CNI is told which IP address to use.
If the saved network configuration cannot be found during restore, the
container is restored with a new IP address.
For CRIU to restore established TCP connections the IP address of the
network namespace used for restore needs to be the same. For TCP
connections in the listening state the IP address can change.
During restore only one network interface with one IP address is handled
correctly. Support to restore containers with more advanced network
configuration will be implemented later.
v2:
* comment typo
* print debug messages during cleanup of restore files
* use createContainer() instead of createOCIContainer()
* introduce helper CheckpointPath()
* do not try to restore a container that is paused
* use existing helper functions for cleanup
* restructure code flow for better readability
* do not try to restore if checkpoint/inventory.img is missing
* git add checkpoint.go restore.go
v3:
* move checkpoint/restore under 'podman container'
v4:
* incorporated changes from latest reviews
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\
| |
| | |
rootless: always set XDG_RUNTIME_DIR
|
| |
| |
| |
| |
| |
| |
| |
| | |
it is used internally by containers/image to locate the auth file.
Closes: https://github.com/containers/libpod/issues/1457
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| |/
|/| |
Add ContainerStateExited and OCI delete() in cleanup()
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To work better with Kata containers, we need to delete() from the
OCI runtime as a part of cleanup, to ensure resources aren't
retained longer than they need to be.
To enable this, we need to add a new state to containers,
ContainerStateExited. Containers transition from
ContainerStateStopped to ContainerStateExited via cleanupRuntime
which is invoked as part of cleanup(). A container in the Exited
state is identical to Stopped, except it has been removed from
the OCI runtime and thus will be handled differently when
initializing the container.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|\ \
| | |
| | | |
Add container runlabel command
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Execute the command as described by a container image. The value of the label is processed
into a command by:
1. Ensuring the first argument of the command is podman.
2. Substituting any variables with those defined by the environment or otherwise.
If no label exists in the container image, nothing is done.
podman container runlabel LABEL IMAGE extra_args
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Disable SELinux labeling if --privileged
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Implement pod varlink bindings
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Update varlink document
* Add NoContainersInPod error in go and python
* Add support for varlink pod interface
* New code passes pylint
* Fix bug in test_runner.sh
* Update integration tests for race condition on status check
* Add missing port config file support
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|/
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|