aboutsummaryrefslogtreecommitdiff
path: root/cmd
Commit message (Collapse)AuthorAge
* Propegate exit code on Exec calls and integrated testhaircommander2018-06-07
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #904 Approved by: rhatdan
* Vendor in latest buildah codeDaniel J Walsh2018-06-07
| | | | | | | | | | Use the parsing code to properly setup podman build namespaces Fixes support for network namespace and user namespace Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #917 Approved by: rhatdan
* Add --all flag even though it is a noop so scripts will workDaniel J Walsh2018-06-05
| | | | | | | | | | | | | Until podman build supports caching, their are no intermediary builds, but people might still use scripts that use the --all option. Adding this will not hurt anything and could fix scripts. Also fixed sorting issues in options handling of images Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #896 Approved by: mheon
* varlink build fixesbaude2018-06-05
| | | | | | | | | | | | the varlink build was not working as designed and required some touch-ups: * return a struct that includes logs and the new image ID * pass namespaceoption so that networking in buildah works Signed-off-by: baude <bbaude@redhat.com> Closes: #903 Approved by: rhatdan
* podman-varlink: log timeoutsValentin Rothberg2018-06-05
| | | | | | | | | | | | | | The default timeout of one second when using podman-varlink can confuse users as podman exits in silence after this timeout in case no connection to the endpoint is alive. Print a log (info level) that the varlink service has expired to guide the user. This change requires to vendor in the latest master of varlink/go. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #899 Approved by: rhatdan
* libpod: Execute poststop hooks locallyW. Trevor King2018-06-04
| | | | | | | | | | | | Instead of delegating to the runtime, since some runtimes do not seem to handle these reliably [1]. [1]: https://github.com/projectatomic/libpod/issues/730#issuecomment-392959938 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #864 Approved by: rhatdan
* Add flag to add annotations to a containerMatthew Heon2018-06-04
| | | | | | | | | | Also add annotations from the image the container was created from. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #886 Approved by: rhatdan
* Merge pull request #839 from baude/varlinkcreatefixesDaniel J Walsh2018-06-01
|\ | | | | varlink build
| * varlink buildbaude2018-06-01
| | | | | | | | | | | | | | | | | | | | | | | | Add the endpoint and methods for build so users can build an image with varlink. build can also use the more method for streaming output back more regularily; however, it looks like a bug in buildah does not output all build output to the writer provided. Tidy up some create fixes and add endpoint for GetImage requested by jhonce. Signed-off-by: baude <bbaude@redhat.com>
* | Add OnBuild support for podman buildDaniel J Walsh2018-06-01
|/ | | | | | Only supported for docker formated images. OCI Does not support this flag. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* return all inspect info for varlink containerinspectbaude2018-06-01
| | | | | | | | | | | when obtaining the inspect information for a container through varlink, we need to extract more container related information by parsing the data through the method 'GetCtrInspectInfo' which was previously only in podman's main. Signed-off-by: baude <bbaude@redhat.com> Closes: #866 Approved by: rhatdan
* Remove --net flag and make it an alias for --networkMatthew Heon2018-05-31
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #862 Approved by: rhatdan
* do not allow port related args to be used with --network=container:Daniel J Walsh2018-05-30
| | | | | | | | | | | we cannot set additional ports on an existing container namespace, so we should not allow --network=container with publish or publish-all. Signed-off-by: baude <bbaude@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #853 Approved by: baude
* sort containers and images by create timebaude2018-05-30
| | | | | | | | | | | | When running podman ps or podman images, the containers and images should be sorted by newest to oldest. Resolves: #830 Signed-off-by: baude <bbaude@redhat.com> Closes: #848 Approved by: mheon
* Remove varlink's generated Go filebaude2018-05-29
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #840 Approved by: baude
* save and load should support multi-tag for docker-archiveumohnani82018-05-25
| | | | | | | | | | | | The docker-archive tar files can have multiple tags for the same image stored in it. Load pulls all the tags found in the archive when loading a tar file. Save can oush multiple tags of the same image to a tar archive. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #819 Approved by: rhatdan
* Spell check strings and commentsJhon Honce2018-05-25
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #831 Approved by: rhatdan
* Update podman build to match buildah bud functionalityDaniel J Walsh2018-05-23
| | | | | | | | | Add --label, --annotations, --idfile, --squash Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #824 Approved by: TomSweeneyRedHat
* set varlink timeout to 1 secondsbaude2018-05-22
| | | | | | | | | Add option to varlink for --timeout. Input for this option is in milliseconds Signed-off-by: baude <bbaude@redhat.com> Closes: #814 Approved by: baude
* podman create, start, getattachsocketbaude2018-05-21
| | | | | | | | | First pass at implement API endpoints for create and start. Signed-off-by: baude <bbaude@redhat.com> Closes: #805 Approved by: baude
* finish changing the path for varlinkbaude2018-05-19
| | | | | | | cleanup the last references to /run/io.projectatomic... and make sure /run/podman/projectatomic... is used. Signed-off-by: baude <bbaude@redhat.com>
* libpod: fix panic when using -t and the process fails to startGiuseppe Scrivano2018-05-17
| | | | | | | | | | | | | | | | | | We were closing resize both on the receiver and the sender side. This was racy as the sender might have written to a closed channel. If the container could not be created, the attach exited immediately causing the channel to be closed before the write from resizeTty. Change the logic to close only from the senderSide and add another channel to notify the resizeTty goroutine when the container exited. Closes: https://github.com/projectatomic/libpod/issues/785 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #787 Approved by: mheon
* Allow push/save without image referenceumohnani82018-05-16
| | | | | | | | | | | | If the user uses the image ID when saving to either docker-archive or oci-archive, then do not save a reference in the manifest/index.json. If the user chooses to push without an image reference, i.e <transport>:<path> it should be valid and succeed. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #782 Approved by: rhatdan
* improve podman commit documentation and error messagesbaude2018-05-15
| | | | | | | | | | | | document --format|-f in the commit man page. also, improve the error message when user tries to use -m with the oci image format. Resolves: 765 Signed-off-by: baude <bbaude@redhat.com> Closes: #768 Approved by: rhatdan
* implement varlink commitbaude2018-05-15
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #762 Approved by: baude
* fix segfault for podman pushbaude2018-05-15
| | | | | | | | | | When no args were provided to podman push, podman segfaults. Quick fix to avoid the condition that triggers the segf. Signed-off-by: baude <bbaude@redhat.com> Closes: #773 Approved by: mheon
* libpod: Add HooksDirNotExistFatalW. Trevor King2018-05-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | And add an argument to WithHooksDir to set it. If the hook dir doesn't exist, the new hooks package considers that a fatal error. When a podman caller sets --hooks-dir-path=/some/typoed/directory, a fatal error is more helpful than silently not loading any hooks. However, callers who call podman without setting --hooks-dir-path may not need hooks at all. We don't want to pester those callers with not-exist errors. With this commit, we: * Assume the caller knows what they're doing if they set --hooks-dir-path and set HooksDirNotExistFatal. * If the caller does not explicitly set --hooks-dir-path, assume they won't mind if the hook directory is missing and set HooksDirNotExistFatal false. We also considered checking for the directory's existence in the code calling WithHooksDir or from within WithHooksDir, but checks there would race with the underlying ioutil.ReadDir in the hooks package. By pushing the warn/error decision down into libpod's implementation, we avoid a racy "do we expect this to work once libpod gets to it?" pre-check. I've also added a check to error if WithHooksDir is called with an empty-string argument, because we haven't defined the semantics of that (is it clearing a previous value? Is it effectively the same as the current directory?). I agree with Matthew that a separate WithNoHooks, or a *string argument to WithHooks, or some such would be a better API for clearing previous values [1]. But for now, I'm just erroring out to fail early for callers who might otherwise be surprised that libpod ignores empty-string HooksDir. [1]: https://github.com/projectatomic/libpod/pull/686#issuecomment-385119370 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #686 Approved by: mheon
* pkg/hooks: Version the hook structure and add 1.0.0 hooksW. Trevor King2018-05-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This shifts the matching logic out of libpod/container_internal and into the hook package, where we can reuse it after vendoring into CRI-O. It also adds unit tests with almost-complete coverage. Now libpod is even more isolated from the hook internals, which makes it fairly straightforward to bump the hook config file to 1.0.0. I've dubbed the old format 0.1.0, although it doesn't specify an explicit version. Motivation for some of my changes with 1.0.0: * Add an explicit version field. This will make any future JSON structure migrations more straightforward by avoiding the need for version-guessing heuristics. * Collect the matching properties in a new When sub-structure. This makes the root Hook structure easier to understand, because you don't have to read over all the matching properties when wrapping your head around Hook. * Replace the old 'hook' and 'arguments' with a direct embedding of the runtime-spec's hook structure. This provides access to additional upstream properties (args[0], env, and timeout) and avoids the complication of a CRI-O-specific analog structure. * Add a 'when.always' property. You can usually accomplish this effect in another way (e.g. when.commands = [".*"]), but having a boolean explicitly for this use-case makes for easier reading and writing. * Replace the previous annotations array with an annotations map. The 0.1.0 approach matched only the values regardless of key, and that seems unreliable. * Replace 'cmds' with 'when.commands', because while there are a few ways to abbreviate "commands", there's only one way to write it out in full ;). This gives folks one less thing to remember when writing hook JSON. * Replace the old "inject if any specified condition matches" with "inject if all specified conditions match". This allows for more precise targeting. Users that need more generous targeting can recover the previous behavior by creating a separate 1.0.0 hook file for each specified 0.1.0 condition. I've added doc-compat support for the various pluralizations of the 0.1.0 properties. Previously, the docs and code were not in agreement. More on this particular facet in [1]. I've updated the docs to point out that the annotations being matched are the OCI config annotations. This differs from CRI-O, where the annotations used are the Kubernetes-supplied annotations [2,3]. For example, io.kubernetes.cri-o.Volumes [4] is part of CRI-O's runtime config annotations [5], but not part of the Kubernetes-supplied annotations CRI-O uses for matching hooks. The Monitor method supports the CRI-O use-case [6]. podman doesn't need it directly, but CRI-O will need it when we vendor this package there. I've used nvidia-container-runtime-hook for the annotation examples because Dan mentioned the Nvidia folks as the motivation behind annotation matching. The environment variables are documented in [7]. The 0.1.0 hook config, which does not allow for environment variables, only works because runc currently leaks the host environment into the hooks [8]. I haven't been able to find documentation for their usual annotation trigger or hook-install path, so I'm just guessing there. [1]: https://github.com/kubernetes-incubator/cri-o/pull/1235 [2]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.0/server/container_create.go#L760 [3]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.0/server/container_create.go#L772 [4]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.0/pkg/annotations/annotations.go#L97-L98 [5]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.0/server/container_create.go#L830-L834 [6]: https://github.com/kubernetes-incubator/cri-o/pull/1345/ [7]: https://github.com/NVIDIA/nvidia-container-runtime/tree/v1.3.0-1#environment-variables-oci-spec [8]: https://github.com/opencontainers/runc/pull/1738 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #686 Approved by: mheon
* Update Podman-specific readmeMatthew Heon2018-05-11
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #754 Approved by: baude
* Add --cgroup-manager flag to Podman binaryMatthew Heon2018-05-11
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #507 Approved by: baude
* Major fixes to systemd cgroup handlingMatthew Heon2018-05-11
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #507 Approved by: baude
* varlink infobaude2018-05-11
| | | | | | | | | | The varlinfo info returns the same information as podman info but always includes the so-called debug information. Signed-off-by: baude <bbaude@redhat.com> Closes: #745 Approved by: baude
* podman push should honor registries.confbaude2018-05-10
| | | | | | | | | | | Like podman pull, when you push an image, podman should check if the registry is listed as insecure and if so, it should --tls-verify=false unless the user overrides this. Signed-off-by: baude <bbaude@redhat.com> Closes: #738 Approved by: mheon
* alphabetize the varlink methods, types, and errors in the docsbaude2018-05-10
| | | | | | | | | | | | We have decided to alphabetize things in the API documentation to help users find things easier. It also solves an issue where when being made, the API.md doc would remake itself in a different order resulting in massive diffs in the pull requests but no new content. Signed-off-by: baude <bbaude@redhat.com> Closes: #739 Approved by: baude
* Add missing newline to podman portMatthew Heon2018-05-10
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #741 Approved by: giuseppe
* Generate varlink API documentation automaticallybaude2018-05-08
| | | | | | | | | | Using varlink's idl parser, we generate API documentation for the podman API relying on the .varlink file as the source. Signed-off-by: baude <bbaude@redhat.com> Closes: #734 Approved by: baude
* Allow streaming on some varlink container methodsbaude2018-05-08
| | | | | | | | | | | | | | | The following methods should support streaming requests from the client: * GetContainerLogs A reference for a python stream implementation can be found here: https://github.com/varlink/python/blob/master/varlink/tests/test_orgexamplemore.py#L29-L42 Signed-off-by: baude <bbaude@redhat.com> Closes: #724 Approved by: mheon
* Remove extra close from attach resize channelMatthew Heon2018-05-08
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #733 Approved by: umohnani8
* Fix calculation of RunningFor in ps json outputMatthew Heon2018-05-05
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #727 Approved by: rhatdan
* Make invalid state nonfatal when cleaning up in runMatthew Heon2018-05-04
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #726 Approved by: baude
* networking, userNS: configure the network namespace after createGiuseppe Scrivano2018-05-04
| | | | | | | | | | | so that the OCI runtime creates the network namespace from the correct userNS. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #690 Approved by: mheon
* Begin wiring in USERNS Support into podmanDaniel J Walsh2018-05-04
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #690 Approved by: mheon
* varlink containersbaude2018-05-03
| | | | | | | | | | | | | first pass at adding in the container related endpoints/methods for the libpod backend. Couple of important notes: * endpoints that can use a console are not going to be done until we have "remote" console * several of the container methods should probably be able to stream as opposed to a one-off return Signed-off-by: baude <bbaude@redhat.com> Closes: #708 Approved by: baude
* Trivial refactor on volume additionMatthew Heon2018-05-03
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #700 Approved by: rhatdan
* When adding volumes to DB, handle nontrivial casesMatthew Heon2018-05-03
| | | | | | | | | | We want to make sure we don't add anything but the host volume, and the volumes can include options and container locations. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #700 Approved by: rhatdan
* Store user Volumes, Entrypoint, Command in databaseMatthew Heon2018-05-03
| | | | | | | | | | | We need these for commit, and they cannot be properly deduced from just the OCI spec, so save them in the database so we can retrieve them for commit. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #700 Approved by: rhatdan
* Add config bool to indicate there are user volumesMatthew Heon2018-05-03
| | | | | | | | | | This allows us to accurately trigger OCI hooks that trigger on the presence of volume mounts. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #700 Approved by: rhatdan
* remove options from create/run that we cannot supportbaude2018-05-02
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #711 Approved by: rhatdan
* Fix podman logout --all flagumohnani82018-05-02
| | | | | | | | | | | podman logout --all should remove cached credentials for all registries in the auth.json file. Before this, it was asking for a registry to be given with the --all flag also. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #712 Approved by: rhatdan
* podman should assign a host port to -p when omittedbaude2018-05-01
| | | | | | | | | | | If the user does not provide a host port when adding -p to create/run, podman should inject an available random port. podman run -p 80 .... podman should assign a random port to the host and expose the container port 80 to it Signed-off-by: baude <bbaude@redhat.com> Closes: #703 Approved by: rhatdan