summaryrefslogtreecommitdiff
path: root/libpod/runtime.go
Commit message (Collapse)AuthorAge
* Small fixes for #2950Matthew Heon2019-05-01
| | | | | | | We merged #2950 with some nits still remaining, as Giuseppe was going on PTO. This addresses those small requested changes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* runtime: pass down the contextGiuseppe Scrivano2019-04-26
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* system: add new subcommand "migrate"Giuseppe Scrivano2019-04-26
| | | | | | | | | | | it is useful to migrate existing containers to a new version of podman. Currently, it is needed to migrate rootless containers that were created with podman <= 1.2 to a newer version which requires all containers to be running in the same user namespace. Closes: https://github.com/containers/libpod/issues/2935 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add System event type and renumber, refresh eventsMatthew Heon2019-04-25
| | | | | | | Also, re-add locking to file eventer Write() to protect against concurrent events. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #3013 from mheon/logging_for_refreshOpenShift Merge Robot2019-04-25
|\ | | | | Logging for refresh
| * Add a debug message indicating that a refresh occurredMatthew Heon2019-04-25
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | journald event loggingbaude2019-04-24
|/ | | | | | | | | add the ability for podman to read and write events to journald instead of just a logfile. This can be controlled in libpod.conf with the `events_logger` attribute of `journald` or `file`. The default will be set to `journald`. Signed-off-by: baude <bbaude@redhat.com>
* rootless: fix segfault on refresh if there are containersGiuseppe Scrivano2019-04-10
| | | | | | | | | create immediately a namespace if we need a refresh. This is necessary to access the rootless storage. Closes: https://github.com/containers/libpod/issues/2894 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: use a single user namespaceGiuseppe Scrivano2019-04-01
| | | | | | | | | | | | | | | | | | | | | simplify the rootless implementation to use a single user namespace for all the running containers. This makes the rootless implementation behave more like root Podman, where each container is created in the host environment. There are multiple advantages to it: 1) much simpler implementation as there is only one namespace to join. 2) we can join namespaces owned by different containers. 3) commands like ps won't be limited to what container they can access as previously we either had access to the storage from a new namespace or access to /proc when running from the host. 4) rootless varlink works. 5) there are only two ways to enter in a namespace, either by creating a new one if no containers are running or joining the existing one from any container. Containers created by older Podman versions must be restarted. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: remove SkipStorageSetup()Giuseppe Scrivano2019-04-01
| | | | | | | | in the few places where we care about skipping the storage initialization, we can simply use the process effective UID, instead of relying on a global boolean flag. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: set sticky bit on rundirGiuseppe Scrivano2019-03-29
| | | | | | | it prevents the directory to be auto pruned, according to the XDG specifications. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* vendor buildah, image, storage, cniValentin Rothberg2019-03-28
| | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Remove ulele/deepcopier in favor of JSON deep copyMatthew Heon2019-03-27
| | | | | | | | | | | | | We have a very high performance JSON library that doesn't need to perform code generation. Let's use it instead of our questionably performant, reflection-dependent deep copy library. Most changes because some functions can now return errors. Also converts cmd/podman to use jsoniter, instead of pkg/json, for increased performance. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* utils: split generation and writing of storage.confGiuseppe Scrivano2019-03-17
| | | | | | | | | | | | | split the generation for the default storage.conf and when we write it if not existing for a rootless user. This is necessary because during the startup we might be overriding the default configuration through --storage-driver and --storage-opt, that would not be written down to the storage.conf file we generated. Closes: https://github.com/containers/libpod/issues/2659 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: write the custom config file before reloadGiuseppe Scrivano2019-03-15
| | | | | | | so that when we do a rootlessReload we inherit the correct settings from the command line. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: do not override user settingsGiuseppe Scrivano2019-03-15
| | | | | | | | | if the settings are available in the user config file, do not override them with the global configuration. Closes: https://github.com/containers/libpod/issues/2614 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* runtime: refactor NewRuntime and NewRuntimeFromConfigGiuseppe Scrivano2019-03-15
| | | | | | | | | | we had two functions NewRuntimeFromConfig and NewRuntime that differed only for the config file they use. Move comon logic to newRuntimeFromConfig and let it lookup the configuration file to use when one is not specified. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add event logging to libpod, even display to podmanbaude2019-03-11
| | | | | | | | | | | | | | | | | In lipod, we now log major events that occurr. These events can be displayed using the `podman events` command. Each event contains: * Type (container, image, volume, pod...) * Status (create, rm, stop, kill, ....) * Timestamp in RFC3339Nano format * Name (if applicable) * Image (if applicable) The format of the event and the varlink endpoint are to not be considered stable until cockpit has done its enablement. Signed-off-by: baude <bbaude@redhat.com>
* libpod: allow to configure path to the network-cmd binaryGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | | allow to configure the path to the network-cmd binary, either via an option flag --network-cmd-path or through the libpod.conf configuration file. This is currently used to customize the path to the slirp4netns binary. Closes: https://github.com/containers/libpod/issues/2506 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: propagate errors from infoGiuseppe Scrivano2019-03-08
| | | | | | | | | we use "podman info" to reconfigure the runtime after a reboot, but we don't propagate the error message back if something goes wrong. Closes: https://github.com/containers/libpod/issues/2584 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: fill in correct storage conf defaultGiuseppe Scrivano2019-03-05
| | | | | | | | | When the configuration file is specified, be sure to fill rootless compatible values in the default configuration. Closes: https://github.com/containers/libpod/issues/2510 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* runtime: fill a proper default tmpdir when --config is usedGiuseppe Scrivano2019-03-04
| | | | | | Closes: https://github.com/containers/libpod/issues/2408 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Centralize setting default volume pathMatthew Heon2019-02-26
| | | | | | | | No reason to do it in util/ anymore. It's always going to be a subdirectory of c/storage graph root by default, so we can just set it after the return. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Move all storage configuration defaults into libpodMatthew Heon2019-02-26
| | | | | | | | | | | Instead of passing in defaults via WithStorageConfig after computing them in cmd/podman/libpodruntime, do all defaults in libpod itself. This can alleviate ordering issues which caused settings in the libpod config (most notably, volume path) to be ignored. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Record when volume path is explicitly set in configMatthew Heon2019-02-26
| | | | | | | This ensures we won't overwrite it when it's set in the config we load from disk. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add debug information when overriding paths with the DBMatthew Heon2019-02-26
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Validate VolumePath against DB configurationMatthew Heon2019-02-26
| | | | | | | | | If this doesn't match, we end up not being able to access named volumes mounted into containers, which is bad. Use the same validation that we use for other critical paths to ensure this one also matches. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* When location of c/storage root changes, set VolumePathMatthew Heon2019-02-26
| | | | | | | | | | | | | | | We want named volumes to be created in a subdirectory of the c/storage graph root, the same as the libpod root directory is now. As such, we need to adjust its location when the graph root changes location. Also, make a change to how we set the default. There's no need to explicitly set it every time we initialize via an option - that might conflict with WithStorageConfig setting it based on graph root changes. Instead, just initialize it in the default config like our other settings. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* oci: improve error message when the OCI runtime is not foundGiuseppe Scrivano2019-02-26
| | | | | | | We were previously returning the not so nice error directly from conmon. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Do not make renumber shut down the runtimeMatthew Heon2019-02-21
| | | | | | | | | | | | | | | The original intent behind the requirement was to ensure that, if two SHM lock structs were open at the same time, we should not make such a runtime available to the user, and should clean it up instead. It turns out that we don't even need to open a second SHM lock struct - if we get an error mapping the first one due to a lock count mismatch, we can just delete it, and it cleans itself up when it errors. So there's no reason not to return a valid runtime. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Recreate SHM locks when renumbering on count mismatchMatthew Heon2019-02-21
| | | | | | | | | | | | | | When we're renumbering locks, we're destroying all existing allocations anyways, so destroying the old lock struct is not a particularly big deal. Existing long-lived libpod instances will continue to use the old locks, but that will be solved in a followon. Also, solve an issue with returning error values in the C code. There were a few places where we return ERRNO where it was not set, so make them return actual error codes). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Move RenumberLocks into runtime initMatthew Heon2019-02-21
| | | | | | | | | | | | | | | | | | We can't do renumbering after init - we need to open a potentially invalid locks file (too many/too few locks), and then potentially delete the old locks and make new ones. We need to be in init to bypass the checks that would otherwise make this impossible. This leaves us with two choices: make RenumberLocks a separate entrypoint from NewRuntime, duplicating a lot of configuration load code (we need to know where the locks live, how many there are, etc) - or modify NewRuntime to allow renumbering during it. Previous experience says the first is not really a viable option and produces massive code bloat, so the second it is. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* libpod: honor runtime_path from libpod.confGiuseppe Scrivano2019-02-15
| | | | | | | | | | | | | | Add backward compatibility for `runtime_path` that was used by older versions of Podman. The issue was introduced with: 650cf122e1b33f4d8f4426ee1cc1a4bf00c14798 If `runtime_path` is specified, it overrides any other configuration and a warning is printed. It should be considered deprecated and will be removed in future. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: open the correct fileDaniel J Walsh2019-02-15
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: copy some settings from the global configurationGiuseppe Scrivano2019-02-05
| | | | | | | | | if some paths are overriden in the global configuration file, be sure that rootless podman honors them. Closes: https://github.com/containers/libpod/issues/2174 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2069 from mheon/warn_on_overriding_driverOpenShift Merge Robot2019-01-23
|\ | | | | Warn on overriding user-specified storage driver w/ DB
| * Warn on overriding user-specified storage driver w/ DBMatthew Heon2019-01-02
| | | | | | | | | | | | | | | | Overriding storage.conf is not intuitive behavior, so pop up an error message when it happens, so people know that bad things are happening. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Show a better error message when podman info fails during a refreshRyan Gonzalez2019-01-21
| | | | | | | | Signed-off-by: Ryan Gonzalez <rymg19@gmail.com>
* | oci: allow to define multiple OCI runtimesGiuseppe Scrivano2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we can define multiple OCI runtimes that can be chosen with --runtime. in libpod.conf is possible to specify them with: [runtimes] foo = [ "/usr/bin/foo", "/usr/sbin/foo", ] bar = [ "/usr/bin/foo", "/usr/sbin/foo", ] If the argument to --runtime is an absolute path then it is used directly without any lookup in the configuration. Closes: https://github.com/containers/libpod/issues/1750 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | libpod: allow multiple oci runtimesVincent Batts2019-01-14
| | | | | | | | | | | | | | | | | | | | This deprecates the libpod.conf variable of `runtime_path=`, and now has `runtimes=`, like a map for naming the runtime, preparing for a `--runtime` flag to `podman run` (i.e. runc, kata, etc.) Reference: https://github.com/containers/libpod/issues/1750 Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
* | If you fail to open shm lock then attempt to create itDaniel J Walsh2019-01-09
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Rootless with shmlocks was not working.Daniel J Walsh2019-01-05
| | | | | | | | | | | | | | | | This patch makes the path unigue to each UID. Also cleans up some return code to return the path it is trying to lock. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Move lock init after tmp dir is populated properlyMatthew Heon2019-01-04
| | | | | | | | | | | | | | | | | | Don't initialize the lock manager until almost the end of libpod init, so we can guarantee our tmp dir is properly set up and exists. This wasn't an issue on systems that had previously run Podman, but CI caught it. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | When refreshing libpod, if SHM locks exist, remove themMatthew Heon2019-01-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This will hopefully help cases where libpod is initialized multiple times on the same system (as on our CI tests). We still run into potential issues where multiple Podmans with multiple tmp paths try to run on the same system - we could end up thrashing the locks. I think we need a file locks driver for situations like that. We can also see about storing paths in the SHM segment, to make sure multiple libpod instances aren't using the same one. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Ensure different error messages and creating/opening locksMatthew Heon2019-01-04
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Remove runtime lockDir and add in-memory lock managerMatthew Heon2019-01-04
| | | | | | | | | | | | | | | | | | Remove runtime's lockDir as it is no longer needed after the lock rework. Add a trivial in-memory lock manager for unit testing Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Convert containers to SHM lockingMatthew Heon2019-01-04
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Add lock manager to libpod runtimeMatthew Heon2019-01-04
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | add container-init supportValentin Rothberg2019-01-04
|/ | | | | | | | | | | | | | | | | | | Add support for executing an init binary as PID 1 in a container to forward signals and reap processes. When the `--init` flag is set for podman-create or podman-run, the init binary is bind-mounted to `/dev/init` in the container and "/dev/init --" is prepended to the container's command. The default base path of the container-init binary is `/usr/libexec/podman` while the default binary is catatonit [1]. This default can be changed permanently via the `init_path` field in the `libpod.conf` configuration file (which is recommended for packaging) or temporarily via the `--init-path` flag of podman-create and podman-run. [1] https://github.com/openSUSE/catatonit Fixes: #1670 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Support podman image trust commandQi Wang2018-12-19
| | | | | | Display the trust policy of the host system. The trust policy is stored in the /etc/containers/policy.json file and defines a scope of registries or repositories. Signed-off-by: Qi Wang <qiwan@redhat.com>