aboutsummaryrefslogtreecommitdiff
path: root/libpod/boltdb_state.go
Commit message (Collapse)AuthorAge
* Do not fetch pod and ctr State on retrieval in BoltMatthew Heon2018-07-31
| | | | | | | | | | | | | | | | | It's not necessary to fill in state immediately, as we'll be overwriting it on any API call accessing it thanks to syncContainer(). It is also causing races when we fetch it without holding the container lock (which syncContainer() does). As such, just don't retrieve the state on initial pull from the database with Bolt. Also, refactor some Linux-specific netns handling functions out of container_internal_linux.go into boltdb_linux.go. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1186 Approved by: rhatdan
* Add a mutex to BoltDB state to prevent lock issuesMatthew Heon2018-07-25
| | | | | | | | | | | | | | Per https://www.sqlite.org/src/artifact/c230a7a24?ln=994-1081, POSIX file advisory locks are unsafe to use within a single process if multiple file descriptors are open for the same file. Unfortunately, this has a strong potential to happen for multithreaded usage of libpod, and could result in DB corruption. To prevent this, wrap all access to BoltDB within a single libpod instance in a mutex to ensure concurrent access cannot occur. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Update comments in BoltDB and In-Memory statesMatthew Heon2018-07-24
| | | | | | | Better explain the inner workings of both state types in comments to make reviews and changes easier. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Address first round of review commentsMatthew Heon2018-07-24
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add tests for state namespacingMatthew Heon2018-07-24
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Untested implementation of namespaced BoltDB accessMatthew Heon2018-07-24
| | | | | | | | | | | All BoltDB access and update functions now understand namespaces. Accessing containers outside of your namespace will produce errors, except for Lookup and All functions, which will perform their tasks only on containers within your namespace. The "" namespace remains a reserved, no-restrictions namespace. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add constraint that dependencies must be in the same nsMatthew Heon2018-07-24
| | | | | | | Dependency containers must be in the same namespace, to ensure there are never problems resolving a dependency. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add namespaces and initial constraints to databaseMatthew Heon2018-07-24
| | | | | | | | Add basic awareness of namespaces to the database. As part of this, add constraints so containers can only be added to pods in the same namespace. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* more changes to compile darwinbaude2018-07-05
| | | | | | | | | | | | | | | | this should represent the last major changes to get darwin to **compile**. again, the purpose here is to get darwin to compile so that we can eventually implement a ci task that would protect against regressions for darwin compilation. i have left the manual darwin compilation largely static still and in fact now only interject (manually) two build tags to assist with the build. trevor king has great ideas on how to make this better and i will defer final implementation of those to him. Signed-off-by: baude <bbaude@redhat.com> Closes: #1047 Approved by: rhatdan
* Returning joining namespace error should not be fatalDaniel J Walsh2018-06-29
| | | | | | | | | | | | | | | | | | | | | | I got my database state in a bad way by killing a hanging container. It did not setup the network namespace correctly listing/remove bad containers becomes impossible. podman run alpine/nginx ^c got me in this state. I got into a state in the database where podman ps -a was returning errors and I could not get out of it, Makeing joining the network namespace a non fatal error fixes the issue. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #918 Approved by: mheon
* Add Refresh() to ctrs to refresh state after db changeMatthew Heon2018-06-22
| | | | | | | | | | The Refresh() function is used to reset a container's state after a database format change to state is made that requires migration Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* Errors from closing a netns on removal from DB are nonfatalMatthew Heon2018-06-19
| | | | | | | | | | | | | | | | Upon updating a container, if its network namespace has been removed, we attempt to clean up the network namespace locally, to ensure we don't leave hanging file descriptors. This triggers cleanup code which assumes the network namespace still exists, but it almost certainly was removed by whoever removed it from the database. As such, we end up with unavoidable errors if we don't want to leak FDs. Make these errors nonfatal and log them because of this. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #962 Approved by: rhatdan
* Add MacAddress to inspectWim2018-06-18
| | | | | | | Signed-off-by: Wim <wim@42.be> Closes: #955 Approved by: rhatdan
* Correctly report errors retrieving containers in psMatthew Heon2018-06-14
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #944 Approved by: rhatdan
* Add per-pod CGroupsMatthew Heon2018-05-17
| | | | | | | | | | | | | Pods can now create their own (cgroupfs) cgroups which containers in them can (optionally) use. This presently only works with CGroupFS, systemd cgroups are still WIP Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #784 Approved by: rhatdan
* Add pod stateMatthew Heon2018-05-17
| | | | | | | | | | Add a mutable state to pods, and database backend sutable for modifying and updating said state. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #784 Approved by: rhatdan
* Check for duplicate names when generating new container and pod names.Daniel J Walsh2018-03-29
| | | | | | | | | This fixes the situation where we fail to create a container when a name already exists. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #517 Approved by: baude
* Convert bind mounts to use DB fieldMatthew Heon2018-03-08
| | | | | | | | | | | | | | | Refactors creation of bind mounts into a separate function that can be called from elsewhere (e.g. pod start or container restart). This function stores the mounts in the DB using the field established last commit. Spec generation now relies upon this field in the DB instead of manually enumerating files to be bind mounted in. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #462 Approved by: baude
* Update DB to hold CNI network informationMatthew Heon2018-03-02
| | | | | | | | | | | Replace our old IP and Subnet fields in state with CNI types that contain a lot more information. Retrieve these structs from the CNI plugins themselves. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #440 Approved by: baude
* Convert exec session tracking to use a dedicated structMatthew Heon2018-03-01
| | | | | | | | | | | This will behave better if we need to add anything to it at a later date - we can add fields to the struct without breaking existing BoltDB databases. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Add tracking for container exec sessions to DBMatthew Heon2018-03-01
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Add buckets for all containers and all podsMatthew Heon2018-02-12
| | | | | | | | | | | Now, we don't need to use the global ID registry to iterate - we can iterate only through containers or only through pods, without having to iterate through both. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #184 Approved by: baude
* Check error when checking ctr dependenciesMatthew Heon2018-02-12
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #184 Approved by: baude
* Refactor Pod to use a Config structMatthew Heon2018-02-12
| | | | | | | | | | | | This allows us to JSON it and stuff it in the DB - previously, all pod fields were private, so JSON couldn't encode them. This allows us to keep all pod fields private by having a substruct with public fields. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #184 Approved by: baude
* Add pod functions to BoltDB stateMatthew Heon2018-02-12
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #184 Approved by: baude
* Add pod bucketsMatthew Heon2018-02-12
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #184 Approved by: baude
* Add implementation for BoltDB-backed stateMatthew Heon2018-02-12
Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #184 Approved by: baude