summaryrefslogtreecommitdiff
path: root/libpod/define
Commit message (Collapse)AuthorAge
* play kube: service containerValentin Rothberg2022-05-12
| | | | | | | | | | | | | | | | | | | | Add the notion of a "service container" to play kube. A service container is started before the pods in play kube and is (reverse) linked to them. The service container is stopped/removed *after* all pods it is associated with are stopped/removed. In other words, a service container tracks the entire life cycle of a service started via `podman play kube`. This is required to enable `play kube` in a systemd unit file. The service container is only used when the `--service-container` flag is set on the CLI. This flag has been marked as hidden as it is not meant to be used outside the context of `play kube`. It is further not supported on the remote client. The wiring with systemd will be done in a later commit. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Additional stats for podman infoBrent Baude2022-05-03
| | | | | | | | | | | | | | | In support of podman machine and its counterpart desktop, we have added new stats to podman info. For storage, we have added GraphRootAllocated and GraphRootUsed in bytes. For CPUs, we have added user, system, and idle percents based on /proc/stat. Fixes: #13876 Signed-off-by: Brent Baude <bbaude@redhat.com>
* pod: add exit policiesValentin Rothberg2022-05-02
| | | | | | | | | | | | | | | | | | | | | | | | Add the notion of an "exit policy" to a pod. This policy controls the behaviour when the last container of pod exits. Initially, there are two policies: - "continue" : the pod continues running. This is the default policy when creating a pod. - "stop" : stop the pod when the last container exits. This is the default behaviour for `play kube`. In order to implement the deferred stop of a pod, add a worker queue to the libpod runtime. The queue will pick up work items and in this case helps resolve dead locks that would otherwise occur if we attempted to stop a pod during container cleanup. Note that the default restart policy of `play kube` is "Always". Hence, in order to really solve #13464, the YAML files must set a custom restart policy; the tests use "OnFailure". Fixes: #13464 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #14023 from rhatdan/kubeOpenShift Merge Robot2022-04-27
|\ | | | | Truncate annotations when generating kubernetes yaml files
| * Truncate annotations when generating kubernetes yaml filesDaniel J Walsh2022-04-27
| | | | | | | | | | | | | | | | | | | | | | | | Kubernetes only allows 63 characters in an annotation. Make sure that we only add 63 or less charaters when generating kube. Warn if containers or pods have longer length and truncate. Discussion: https://github.com/containers/podman/discussions/13901 Fixes: https://github.com/containers/podman/issues/13962 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | enable gocritic linterPaul Holzinger2022-04-26
|/ | | | | | | | | | | | | | | | | | | | | | The linter ensures a common code style. - use switch/case instead of else if - use if instead of switch/case for single case statement - add space between comment and text - detect the use of defer with os.Exit() - use short form var += "..." instead of var = var + "..." - detect problems with append() ``` newSlice := append(orgSlice, val) ``` This could lead to nasty bugs because the orgSlice will be changed in place if it has enough capacity too hold the new elements. Thus we newSlice might not be a copy. Of course most of the changes are just cosmetic and do not cause any logic errors but I think it is a good idea to enforce a common style. This should help maintainability. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Revert "container,inspect: convert Entrypoint to array instead of a string"Aditya R2022-04-22
| | | | | | | | | | | | | | It seems this breaks older version of `podman-remote` users hence it looks like this patch would be a better candidate for podman `5.0` Problem * Client with `4.0` cannot interact with a server of `4.1` Plan this patch for podman `5.0` This reverts commit 0cebd158b6d8da1828b1255982e27fe9224310d0. Signed-off-by: Aditya R <arajan@redhat.com>
* Add support for checkpoint imageRadostin Stoyanov2022-04-20
| | | | | | | | | | | | | | | | | | | | | | | | This is an enhancement proposal for the checkpoint / restore feature of Podman that enables container migration across multiple systems with standard image distribution infrastructure. A new option `--create-image <image>` has been added to the `podman container checkpoint` command. This option tells Podman to create a container image. This is a standard image with a single layer, tar archive, that that contains all checkpoint files. This is similar to the current approach with checkpoint `--export`/`--import`. This image can be pushed to a container registry and pulled on a different system. It can also be exported locally with `podman image save` and inspected with `podman inspect`. Inspecting the image would display additional information about the host and the versions of Podman, criu, crun/runc, kernel, etc. `podman container restore` has also been extended to support image name or ID as input. Suggested-by: Adrian Reber <areber@redhat.com> Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
* container,inspect: convert Entrypoint to array instead of a stringAditya R2022-04-08
| | | | | | | Convert container entrypoint from string to an array inorder to make sure there is parity between `podman inspect` and `docker inspect` Signed-off-by: Aditya R <arajan@redhat.com>
* Add 'Os' to be queried via 'version' outputJohn Matthews2022-03-29
| | | | Signed-off-by: John Matthews <jwmatthews@gmail.com>
* podman stats: improve cpu average calcPaul Holzinger2022-03-22
| | | | | | | We can just calculate the cpu percent for the time the container is running. There is no need to use datapoints. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Add support for --chrootdirsLStandman2022-03-14
| | | | Signed-off-by: LStandman <65296484+LStandman@users.noreply.github.com>
* bump go module to version 4Valentin Rothberg2022-01-18
| | | | | | | | | | | | | Automated for .go files via gomove [1]: `gomove github.com/containers/podman/v3 github.com/containers/podman/v4` Remaining files via vgrep [2]: `vgrep github.com/containers/podman/v3` [1] https://github.com/KSubedi/gomove [2] https://github.com/vrothberg/vgrep Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12684 from mheon/remap_statesOpenShift Merge Robot2022-01-18
|\ | | | | Revamp Libpod state strings for Docker compat
| * Revamp Libpod state strings for Docker compatMatthew Heon2022-01-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Improve our compatibility with Docker by better handling the state strings that we print in `podman ps`. Docker capitalizes all states in `ps` (we do not) - fix this in our PS code. Also, stop normalizing ContainerStateConfigured to the "Created" state, and instead make it always be Created, with the existing Created state becoming Initialized. I didn't rename the actual states because I'm somewhat reticent to make such a large change a day before we leave for break. It's somewhat confusing that ContainerStateConfigured now returns Created, but internally and externally we're still consistent. [NO NEW TESTS NEEDED] existing tests should catch anything that broke. I also consider this a breaking change. I will flag appropriately on Github. Fixes RHBZ#2010432 and RHBZ#2032561 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #12870 from rhatdan/userns1OpenShift Merge Robot2022-01-18
|\ \ | |/ |/| Use PODMAN_USERNS environment variable when running as a service
| * Use PODMAN_USERNS environment variable when running as a serviceDaniel J Walsh2022-01-17
| | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11350#issuecomment-1011562526 Also add inspect information about the idmappings if they exists. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Standardize on capatalized CgroupsDaniel J Walsh2022-01-14
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* use libnetwork from c/commonPaul Holzinger2022-01-12
| | | | | | | | The libpod/network packages were moved to c/common so that buildah can use it as well. To prevent duplication use it in podman as well and remove it from here. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #12733 from rhatdan/copyOpenShift Merge Robot2022-01-07
|\ | | | | Set volume NeedsCopyUp to false iff data was copied up
| * Set volume NeedsCopyUp to false iff data was copied upDaniel J Walsh2022-01-06
| | | | | | | | | | | | | | | | | | | | | | | | Currently Docker copies up the first volume on a mountpoint with data. Fixes: https://github.com/containers/podman/issues/12714 Also added NeedsCopyUP, NeedsChown and MountCount to the podman volume inspect code. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | fix healthcheck timeouts and ut8 coercionBrent Baude2022-01-06
|/ | | | | | | | | | | | | | | | | this commit fixes two bugs and adds regression tests. when getting healthcheck values from an image, if the image does not have a timeout defined, this resulted in a 0 value for timeout. The default as described in the man pages is 30s. when inspecting a container with a healthcheck command, a customer observed that the &, <, and > characters were being converted into a unicode escape value. It turns out json marshalling will by default coerce string values to ut8. Fixes: bz2028408 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Pod Security Option supportcdoern2021-12-27
| | | | | | | | | | | | | Added support for pod security options. These are applied to infra and passed down to the containers as added (unless overridden). Modified the inheritance process from infra, creating a new function Inherit() which reads the config, and marshals the compatible options into an intermediate struct `InfraInherit` This is then unmarshaled into a container config and all of this is added to the CtrCreateOptions. Removes the need (mostly) for special additons which complicate the Container_create code and pod creation. resolves #12173 Signed-off-by: cdoern <cdoern@redhat.com>
* container creation: don't apply reserved annotations from imageValentin Rothberg2021-12-23
| | | | | | | | | | Do not apply reserved annotations from the image to the container. Reserved annotations are applied during container creation to retrieve certain information (e.g., custom seccomp profile or autoremoval) once a container has been created. Context: #12671 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Podman run --passwdcdoern2021-12-21
| | | | | | | | | added support for a new flag --passwd which, when false prohibits podman from creating entries in /etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint resolves #11805 Signed-off-by: cdoern <cdoern@redhat.com>
* Add more checkpoint/restore information to 'inspect'Adrian Reber2021-12-17
| | | | | | | | | | | | | | | | | | | | | | | | This adds the following information to the output of 'podman inspect': * CheckpointedAt - time the container was checkpointed Only set if the container has been checkpointed * RestoredAt - time the container was restored Only set if the container has been restored * CheckpointLog - path to the checkpoint log file (CRIU's dump.log) Only set if the log file exists (--keep) * RestoreLog - path to the restore log file (CRIU's restore.log) Only set if the log file exists (--keep) * CheckpointPath - path to the actual (CRIU) checkpoint files Only set if the checkpoint files exists (--keep) * Restored - set to true if the container has been restored Only set if the container has been restored Signed-off-by: Adrian Reber <areber@redhat.com>
* libpod, inspect: export cgroup pathGiuseppe Scrivano2021-11-24
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #12174 from ↵OpenShift Merge Robot2021-11-19
|\ | | | | | | | | fgimenez/fix-docker-networksettings-type-discrepancy Introduces Address type to be used in secondary IPv4 and IPv6 inspect data structure
| * Introduce Address type to be used in secondary IPv4 and IPv6 inspect dataFederico Gimenez2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | structure. Resolves a discrepancy between the types used in inspect for docker and podman. This causes a panic when using the docker client against podman when the secondary IP fields in the `NetworkSettings` inspect field are populated. Fixes containers#12165 Signed-off-by: Federico Gimenez <fgimenez@redhat.com>
* | Do not store the exit command in container configPaul Holzinger2021-11-18
|/ | | | | | | | | | | | | | | | | | | There is a problem with creating and storing the exit command when the container was created. It only contains the options the container was created with but NOT the options the container is started with. One example would be a CNI network config. If I start a container once, then change the cni config dir with `--cni-config-dir` ans start it a second time it will start successfully. However the exit command still contains the wrong `--cni-config-dir` because it was not updated. To fix this we do not want to store the exit command at all. Instead we create it every time the conmon process for the container is startet. This guarantees us that the container cleanup process is startet with the correct settings. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Added optional container checkpointing statisticsAdrian Reber2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the parameter '--print-stats' to 'podman container checkpoint'. With '--print-stats' Podman will measure how long Podman itself, the OCI runtime and CRIU requires to create a checkpoint and print out these information. CRIU already creates checkpointing statistics which are just read in addition to the added measurements. In contrast to just printing out the ID of the checkpointed container, Podman will now print out JSON: # podman container checkpoint --latest --print-stats { "podman_checkpoint_duration": 360749, "container_statistics": [ { "Id": "25244244bf2efbef30fb6857ddea8cb2e5489f07eb6659e20dda117f0c466808", "runtime_checkpoint_duration": 177222, "criu_statistics": { "freezing_time": 100657, "frozen_time": 60700, "memdump_time": 8162, "memwrite_time": 4224, "pages_scanned": 20561, "pages_written": 2129 } } ] } The output contains 'podman_checkpoint_duration' which contains the number of microseconds Podman required to create the checkpoint. The output also includes 'runtime_checkpoint_duration' which is the time the runtime needed to checkpoint that specific container. Each container also includes 'criu_statistics' which displays the timing information collected by CRIU. Signed-off-by: Adrian Reber <areber@redhat.com>
* Add network backend to podman infoPaul Holzinger2021-11-11
| | | | Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Pod Volumes From Supportcdoern2021-10-01
| | | | | | | added support for a volumes from container. this flag just required movement of the volumes-from flag declaration out of the !IsInfra block, and minor modificaions to container_create.go Signed-off-by: cdoern <cdoern@redhat.com>
* Merge pull request #11686 from cdoern/podDeviceOptionsOpenShift Merge Robot2021-10-01
|\ | | | | Pod Device-Read-BPS support
| * Pod Device-Read-BPS supportcdoern2021-09-28
| | | | | | | | | | | | | | | | | | added the option for the user to specify a rate, in bytes, at which they would like to be able to read from the device being added to the pod. This is the first in a line of pod device options. WARNING: changed pod name json tag to pod_name to avoid confusion when marshaling with the containerspec's name Signed-off-by: cdoern <cdoern@redhat.com>
* | Support selinux options with bind mounts play/genBrent Baude2021-09-30
| | | | | | | | | | | | | | | | | | | | | | | | When using play kube and generate kube, we need to support if bind mounts have selinux options. As kubernetes does not support selinux in this way, we tuck the selinux values into a pod annotation for generation of the kube yaml. Then on play, we check annotations to see if a value for the mount exists and apply it. Fixes BZ #1984081 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | logging: new mode -l passthroughGiuseppe Scrivano2021-09-27
| | | | | | | | | | | | | | | | | | | | it allows to pass the current std streams down to the container. conmon support: https://github.com/containers/conmon/pull/289 [NO TESTS NEEDED] it needs a new conmon. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | podman inspect add State.Health field for docker compatPaul Holzinger2021-09-23
|/ | | | | | | | | | | | | | podman inspect shows the healthcheck status in `.State.Healthcheck`, docker uses `.State.Health`. To make sure docker scripts work we should add the `Health` key. Because we do not want to display both keys by default we only use the new `Health` key. This is a breaking change for podman users but matches what docker does. To provide some form of compatibility users can still use `--format {{.State.Healthcheck}}`. IT is just not shown by default. Fixes #11645 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Pod Device Supportcdoern2021-09-20
| | | | | | | | | | added support for pod devices. The device gets added to the infra container and recreated in all containers that join the pod. This required a new container config item to keep track of the original device passed in by the user before the path was parsed into the container device. Signed-off-by: cdoern <cdoern@redhat.com>
* Set default storage from containers.conf for temporary imagesDaniel J Walsh2021-09-15
| | | | | | Fixes: https://github.com/containers/podman/issues/11107 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11409 from cdoern/podVolumesOpenShift Merge Robot2021-09-15
|\ | | | | Pod Volumes Support
| * Pod Volumes Supportcdoern2021-09-14
| | | | | | | | | | | | | | | | | | added support for the --volume flag in pods using the new infra container design. users can specify all volume options they can with regular containers resolves #10379 Signed-off-by: cdoern <cdoern@redhat.com>
* | Show variant and codename of the distributionAnders F Björklund2021-09-14
|/ | | | | | | | | | | | Along with the name (id) and the version(_id) But only show the information if is available Examples: Fedora CoreOS, Ubuntu Focal [NO TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* Add logDriver to podman infoDaniel J Walsh2021-09-08
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add Checkpointed bool to InspectMatthew Heon2021-09-07
| | | | | | | | When inspecting a container, we now report whether the container was stopped by a `podman checkpoint` operation via a new bool in the State portion of inspected, `Checkpointed`. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Podman info output plugin informationPaul Holzinger2021-08-19
| | | | | | | | | For docker compat include information about available volume, log and network drivers which should be listed under the plugins key. Fixes #11265 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* rename oneshot initcontainers to onceBrent Baude2021-08-12
| | | | | | | | | | after the init containers pr merged, it was suggested to use `once` instead of `oneshot` containers as it is more aligned with other terminiology used similarily. [NO TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* Add support for pod inside of user namespace.Daniel J Walsh2021-08-09
| | | | | | | | | | | | | Add the --userns flag to podman pod create and keep track of the userns setting that pod was created with so that all containers created within the pod will inherit that userns setting. Specifically we need to be able to launch a pod with --userns=keep-id Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* implement init containers in podmanBrent Baude2021-08-04
| | | | | | | | | | | | | | this is the first pass at implementing init containers for podman pods. init containersare made popular by k8s as a way to run setup for pods before the pods standard containers run. unlike k8s, we support two styles of init containers: always and oneshot. always means the container stays in the pod and starts whenever a pod is started. this does not apply to pods restarting. oneshot means the container runs onetime when the pod starts and then is removed. Signed-off-by: Brent Baude <bbaude@redhat.com>
* podman pod create --pid flagcdoern2021-07-15
| | | | | | | | added support for --pid flag. User can specify ns:file, pod, private, or host. container returns an error since you cannot point the ns of the pods infra container to a container outside of the pod. Signed-off-by: cdoern <cdoern@redhat.com>