aboutsummaryrefslogtreecommitdiff
path: root/libpod/pod.go
Commit message (Collapse)AuthorAge
* Fix bug where pods would unintentionally share cgroupnsMatthew Heon2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This one was a massive pain to track down. The original symptom was an error message from rootless Podman trying to make a container in a pod. I unfortunately did not look at the error message closely enough to realize that the namespace in question was the cgroup namespace (the reproducer pod was explicitly set to only share the network namespace), else this would have been quite a bit shorter. I spent considerable effort trying to track down differences between the inspect output of the two containers, and when that failed I was forced to resort to diffing the OCI specs. That finally proved fruitful, and I was able to determine what should have been obvious all along: the container was joining the cgroup namespace of the infra container when it really ought not to have. From there, I discovered a variable collision in pod config. The UsePodCgroup variable means "create a parent cgroup for the pod and join containers in the pod to it". Unfortunately, it is very similar to UsePodUTS, UsePodNet, etc, which mean "the pod shares this namespace", so an accessor was accidentally added for it that indicated the pod shared the cgroup namespace when it really did not. Once I realized that, it was a quick fix - add a bool to the pod's configuration to indicate whether the cgroup ns was shared (distinct from UsePodCgroup) and use that for the accessor. Also included are fixes for `podman inspect` and `podman pod inspect` that fix them to actually display the state of the cgroup namespace (for container inspect) and what namespaces are shared (for pod inspect). Either of those would have made tracking this down considerably quicker. Fixes #6149 Signed-off-by: Matthew Heon <mheon@redhat.com>
* v2 podman statsbaude2020-05-05
| | | | Signed-off-by: baude <bbaude@redhat.com>
* Enable pod inspect integration testSujil022020-04-26
| | | | | | | | Enable pod inspect integration test Get rid of libpod pod inspect references Remove libpod PodInspect struct. Signed-off-by: Sujil02 <sushah@redhat.com>
* Update pod bindings and Add test to validate prune pod apiv2 binding.Sujil022020-02-28
| | | | | | | | Modify the pod inspect bindings to hold current pod status. Includes test to validate on pod status and added test to check no or few pods are pruned,if the pods are in exited state. Signed-off-by: Sujil02 <sushah@redhat.com>
* Add ability for pods to use the host networkMatthew Heon2020-02-17
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add backend code for pod network optionsMatthew Heon2020-02-04
| | | | | | | | | | This adds network-related options to the pod in the database. We are going to add the CLI frontend in further patches. In short, this should greatly improve the ability of pods to configure networking, once the CLI parsing is added. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Allow customizing pod hostnameChen Zhiwei2019-08-18
| | | | | | | * set hostname in pod yaml file * set --hostname in pod create command Signed-off-by: Chen Zhiwei <zhiweik@gmail.com>
* remove libpod from mainbaude2019-06-25
| | | | | | | | | | | | | the compilation demands of having libpod in main is a burden for the remote client compilations. to combat this, we should move the use of libpod structs, vars, constants, and functions into the adapter code where it will only be compiled by the local client. this should result in cleaner code organization and smaller binaries. it should also help if we ever need to compile the remote client on non-Linux operating systems natively (not cross-compiled). Signed-off-by: baude <bbaude@redhat.com>
* Purge all use of easyjson and ffjson in libpodMatthew Heon2019-06-13
| | | | | | | | | We're no longer using either of these JSON libraries, dropped them in favor of jsoniter. We can't completely remove ffjson as c/storage uses it and can't easily migrate, but we can make sure that libpod itself isn't doing anything with them anymore. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Convert pods to SHM locksMatthew Heon2019-01-04
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Allow users to expose ports from the pod to the hostbaude2018-11-20
| | | | | | | | | | we need to allow users to expose ports to the host for the purposes of networking, like a webserver. the port exposure must be done at the time the pod is created. strictly speaking, the port exposure occurs on the infra container. Signed-off-by: baude <bbaude@redhat.com>
* Swap from FFJSON to easyjsonMatthew Heon2018-08-24
| | | | | | | | | | | | | | | FFJSON has serialization differences versus stock Go - namely, it does not respect the MarshalText() and UnmarshalText() methods, particularly on []byte, which causes incompatability with pre-FFJSON containers which contained DNS servers. EasyJSON does not have these issues, and might even be slightly faster. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1322 Approved by: mheon
* Fixing network ns segfaulthaircommander2018-08-23
| | | | | | | | | As well as small style corrections, update pod_top_test to use CreatePod, and move handling of adding a container to the pod's namespace from container_internal_linux to libpod/option. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Change pause container to infra containerhaircommander2018-08-23
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Support pause containers in varlinkhaircommander2018-08-23
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Added option to share kernel namespaces in libpod and podmanhaircommander2018-08-23
| | | | | | | | | A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Changed GetContainerStats to return ErrCtrStateInvalidhaircommander2018-08-23
| | | | | | | | | | | | | | This results in some functionality changes: If a ErrCtrStateInvalid is returned to GetPodStats, the container is ommitted from the stats. As such, if an empty slice of Container stats are returned to GetPodStats in varlink, an error will occur. GetContainerStats will return the ErrCtrStateInvalid as well. Finally, if ErrCtrStateInvalid is returned to the podman stats call, the container will be ommitted from the stats. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1319 Approved by: baude
* podman pod statsbaude2018-08-17
| | | | | | | | | add the ability to monitor container statistics in a pod. Signed-off-by: baude <bbaude@redhat.com> Closes: #1265 Approved by: rhatdan
* Ensure pod inspect is locked and validity-checkedMatthew Heon2018-08-11
| | | | | | | | | | Also, don't return the internal podState struct - instead return a public inspect struct. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1258 Approved by: rhatdan
* Split pod.go into 3 filesMatthew Heon2018-08-10
| | | | | | | | | | | This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
* add podman pod inspectbaude2018-08-09
| | | | | | | | | first pass of podman pod inspect Signed-off-by: baude <bbaude@redhat.com> Closes: #1236 Approved by: rhatdan
* Ensure container and pod refresh picks up a StateMatthew Heon2018-07-31
| | | | | | | | | | | | refresh() is the only major command we had that did not perform a sync before running, and thus was not guaranteed to pick up a good copy of the state. Fix this by updating the state before a refresh(). Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1186 Approved by: rhatdan
* Add additional comments on accessing state in APIMatthew Heon2018-07-31
| | | | | | | | | | | The new state changes are potentially confusing to people writing API functions on containers or pods. Add comments to the structs on how to safely use them. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1186 Approved by: rhatdan
* Add pod pause/unpausehaircommander2018-07-27
| | | | | | | | | | | Added Pause() and Unpause() to libpod/pod.go Added man pages, tests and completions Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1126 Approved by: rhatdan
* Added pod restarthaircommander2018-07-25
| | | | | | | | | With tests, man page and completions. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1152 Approved by: rhatdan
* Added pod.Restart() functionality to libpod.haircommander2018-07-25
| | | | | | | | | | | Moved contents of RestartWithTimeout to restartWithTimeout in container_internal to be able to call restart without locking in function. Refactored startNode to be able to either start or restart a node. Built pod Restart() with new startNode with refresh true. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1152 Approved by: rhatdan
* Add container and pod namespaces to configsMatthew Heon2018-07-24
| | | | | | | Libpod namespaces are a way to logically separate groups of pods and containers within the state. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Added created time to pod statehaircommander2018-07-12
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1079 Approved by: rhatdan
* Make CGroups cleanup optional on whether they existMatthew Heon2018-06-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* Added a defer to an Unlock that immediately followed a Lockhaircommander2018-06-05
| | | | Signed-off-by: haircommander <pehunt@redhat.com>
* Add per-pod CGroupsMatthew Heon2018-05-17
| | | | | | | | | | | | | Pods can now create their own (cgroupfs) cgroups which containers in them can (optionally) use. This presently only works with CGroupFS, systemd cgroups are still WIP Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #784 Approved by: rhatdan
* Add pod stateMatthew Heon2018-05-17
| | | | | | | | | | Add a mutable state to pods, and database backend sutable for modifying and updating said state. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #784 Approved by: rhatdan
* Vendor in latest containers/image and contaners/storageumohnani82018-04-19
| | | | | | | | | Made necessary changes to functions to include contex.Context wherever needed Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #640 Approved by: baude
* Do not lock all containers during pod killMatthew Heon2018-04-12
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #600 Approved by: rhatdan
* Make pod stop lock one container at a timeMatthew Heon2018-04-12
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #600 Approved by: rhatdan
* Do not lock all containers during pod startMatthew Heon2018-04-12
| | | | | | | | | | This solves a nasty locking issue with getting the path of namespaces for dependencies Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #600 Approved by: rhatdan
* Refactor dependency checks from init() into public APIMatthew Heon2018-04-03
| | | | | | | | | | | | | Instead of checking during init(), which could result in major locking issues when used with pods, make our dependency checks in the public API instead. This avoids doing them when we start pods (where, because of the dependency graph, we can reasonably say all dependencies are up before we start a container). Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #577 Approved by: rhatdan
* Only start containers that are not running in pod startMatthew Heon2018-03-29
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #557 Approved by: rhatdan
* Change pod Start() to use container dependency graphMatthew Heon2018-03-29
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #557 Approved by: rhatdan
* Check for duplicate names when generating new container and pod names.Daniel J Walsh2018-03-29
| | | | | | | | | This fixes the situation where we fail to create a container when a name already exists. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #517 Approved by: baude
* Add StartAndAttach() API endpoint for containersMatthew Heon2018-03-15
| | | | | | | | | | | | This solves our prior problems with attach races by ensuring the order is correct. Also contains substantial cleanups to the attach code. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #482 Approved by: baude
* Implement container restartingMatthew Heon2018-03-15
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #482 Approved by: baude
* Remove extra pod Start codeMatthew Heon2018-03-13
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #478 Approved by: rhatdan
* Modify pod API to move Init() into Start()Matthew Heon2018-03-13
| | | | | | | | | | | | | Separate Init() and Start() does not make sense on the pod side, where we may have to start containers in order to initialize others due to dependency orders. Also adjusts internal containers API for more code sharing. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #478 Approved by: rhatdan
* Remove unnecessary booleansMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Fix gofmtMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Make operations on pod containers as a group independentMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Fix gofmtMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Add ability to start containers in a podMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Add kill and stop for podsMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan