summaryrefslogtreecommitdiff
path: root/libpod/runtime.go
Commit message (Collapse)AuthorAge
* runtime: do not attempt to use global conf fileGiuseppe Scrivano2019-06-27
| | | | | | | | | we had a regression where the rootless user tried to use the global configuration file. We should not try to use the global configuration when running in rootless but only cherry-pick some settings from there when creating the file for the first time. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* runtime: use GetRootlessUID() to get rootless uidGiuseppe Scrivano2019-06-27
| | | | | | otherwise it won't work in a user namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #3429 from cevich/strip_crio_conmonOpenShift Merge Robot2019-06-27
|\ | | | | Remove refs to crio/conmon
| * Remove refs to crio/conmonChris Evich2019-06-26
| | | | | | | | | | | | | | | | Conmon has moved out of cri-o and into it's own dedicated repository. This commit updates configuration and definitions which referenced the old cri-o based paths. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #3419 from baude/removelibpodfrommainphase1OpenShift Merge Robot2019-06-26
|\ \ | |/ |/| remove libpod from main
| * remove libpod from mainbaude2019-06-25
| | | | | | | | | | | | | | | | | | | | | | | | | | the compilation demands of having libpod in main is a burden for the remote client compilations. to combat this, we should move the use of libpod structs, vars, constants, and functions into the adapter code where it will only be compiled by the local client. this should result in cleaner code organization and smaller binaries. it should also help if we ever need to compile the remote client on non-Linux operating systems natively (not cross-compiled). Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #3332 from rhatdan/cgroupmanagerOpenShift Merge Robot2019-06-25
|\ \ | |/ |/| Correctly identify the defaults for cgroup-manager
| * Correctly identify the defaults for cgroup-managerDaniel J Walsh2019-06-15
| | | | | | | | | | | | | | | | | | | | | | Currently we report cgroupmanager default as systemd, even if the user modified the libpod.conf. Also cgroupmanager does not work in rootless mode. This PR correctly identifies the default cgroup manager or reports it is not supported. Also add homeDir to correctly get the homedir if the $HOME is not set. Will attempt to get Homedir out of /etc/passwd. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | runtime.go: Add /usr/local/{s,}binJamie Bliss2019-06-21
| | | | | | | | Signed-off-by: Jamie Bliss <jamie@ivyleav.es>
* | Properly handle OCI runtime being set to a pathMatthew Heon2019-06-20
| | | | | | | | | | | | This is done by the --runtime flag, and as such, by all our CI. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Make a missing OCI runtime nonfatalMatthew Heon2019-06-19
| | | | | | | | | | | | | | | | | | | | We may want to ship configurations including more than one runtime configuration - for example, crun and runc and kata, all configured. However, we don't want to make these extra runtimes hard requirements, so let's not fatally error when we can't find their executables. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Begin adding support for multiple OCI runtimesMatthew Heon2019-06-19
|/ | | | | | | | | | | | | Allow Podman containers to request to use a specific OCI runtime if multiple runtimes are configured. This is the first step to properly supporting containers in a multi-runtime environment. The biggest changes are that all OCI runtimes are now initialized when Podman creates its runtime, and containers now use the runtime requested in their configuration (instead of always the default runtime). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Remove unnecessary var type to fix lint warningLawrence Chan2019-06-14
| | | | Signed-off-by: Lawrence Chan <element103@gmail.com>
* Move installPrefix and etcDir into runtime.goLawrence Chan2019-06-14
| | | | Signed-off-by: Lawrence Chan <element103@gmail.com>
* Improve DESTDIR/PREFIX/ETCDIR handlingLawrence Chan2019-06-14
| | | | | | | | | | | - PREFIX is now passed saved in the binary at build-time so that default paths match installation paths. - ETCDIR is also overridable in a similar way. - DESTDIR is now applied on top of PREFIX for install/uninstall steps. Previously, a DESTDIR=/foo PREFIX=/bar make would install into /bar, rather than /foo/bar. Signed-off-by: Lawrence Chan <element103@gmail.com>
* oci: allow to specify what runtimes support JSONGiuseppe Scrivano2019-06-13
| | | | | | | | | add a new configuration `runtime_supports_json` to list what OCI runtimes support the --log-format=json option. If the runtime is not listed here, libpod will redirect stdout/stderr from the runtime process. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Inherit rootless init_path from system libpod.confLawrence Chan2019-06-03
| | | | Signed-off-by: Lawrence Chan <element103@gmail.com>
* runtime: unlock the alive lock only onceValentin Rothberg2019-05-28
| | | | | | | Unlock the alive lock only once in the deferred func call. Fixes: #3207 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* rootless: use a pause processGiuseppe Scrivano2019-05-17
| | | | | | | | | | | | | | | | | use a pause process to keep the user and mount namespace alive. The pause process is created immediately on reload, and all successive Podman processes will refer to it for joining the user&mount namespace. This solves all the race conditions we had on joining the correct namespaces using the conmon processes. As a fallback if the join fails for any reason (e.g. the pause process was killed), then we try to join the running containers as we were doing before. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* migrate: not create a new namespaceGiuseppe Scrivano2019-05-17
| | | | | | | this leaves the containers stopped but we won't risk to use the wrong user namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* set default event logger based on build tagsbaude2019-05-14
| | | | | | | once the default event logger was removed from libpod.conf, we need to set the default based on whether the systemd build tag is used or not. Signed-off-by: baude <bbaude@redhat.com>
* enable integration tests for remote-clientbaude2019-05-07
| | | | | | | first pass at enabling a swath of integration tests for the remote-client. Signed-off-by: baude <bbaude@redhat.com>
* change from sysregistries to sysregistriesv2Daniel J Walsh2019-05-03
| | | | | | | | We want to start supporting the registries.conf format. Also start showing blocked registries in podman info Fix sorting so all registries are listed together in podman info. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Small fixes for #2950Matthew Heon2019-05-01
| | | | | | | We merged #2950 with some nits still remaining, as Giuseppe was going on PTO. This addresses those small requested changes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* runtime: pass down the contextGiuseppe Scrivano2019-04-26
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* system: add new subcommand "migrate"Giuseppe Scrivano2019-04-26
| | | | | | | | | | | it is useful to migrate existing containers to a new version of podman. Currently, it is needed to migrate rootless containers that were created with podman <= 1.2 to a newer version which requires all containers to be running in the same user namespace. Closes: https://github.com/containers/libpod/issues/2935 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add System event type and renumber, refresh eventsMatthew Heon2019-04-25
| | | | | | | Also, re-add locking to file eventer Write() to protect against concurrent events. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #3013 from mheon/logging_for_refreshOpenShift Merge Robot2019-04-25
|\ | | | | Logging for refresh
| * Add a debug message indicating that a refresh occurredMatthew Heon2019-04-25
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | journald event loggingbaude2019-04-24
|/ | | | | | | | | add the ability for podman to read and write events to journald instead of just a logfile. This can be controlled in libpod.conf with the `events_logger` attribute of `journald` or `file`. The default will be set to `journald`. Signed-off-by: baude <bbaude@redhat.com>
* rootless: fix segfault on refresh if there are containersGiuseppe Scrivano2019-04-10
| | | | | | | | | create immediately a namespace if we need a refresh. This is necessary to access the rootless storage. Closes: https://github.com/containers/libpod/issues/2894 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: use a single user namespaceGiuseppe Scrivano2019-04-01
| | | | | | | | | | | | | | | | | | | | | simplify the rootless implementation to use a single user namespace for all the running containers. This makes the rootless implementation behave more like root Podman, where each container is created in the host environment. There are multiple advantages to it: 1) much simpler implementation as there is only one namespace to join. 2) we can join namespaces owned by different containers. 3) commands like ps won't be limited to what container they can access as previously we either had access to the storage from a new namespace or access to /proc when running from the host. 4) rootless varlink works. 5) there are only two ways to enter in a namespace, either by creating a new one if no containers are running or joining the existing one from any container. Containers created by older Podman versions must be restarted. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: remove SkipStorageSetup()Giuseppe Scrivano2019-04-01
| | | | | | | | in the few places where we care about skipping the storage initialization, we can simply use the process effective UID, instead of relying on a global boolean flag. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: set sticky bit on rundirGiuseppe Scrivano2019-03-29
| | | | | | | it prevents the directory to be auto pruned, according to the XDG specifications. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* vendor buildah, image, storage, cniValentin Rothberg2019-03-28
| | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Remove ulele/deepcopier in favor of JSON deep copyMatthew Heon2019-03-27
| | | | | | | | | | | | | We have a very high performance JSON library that doesn't need to perform code generation. Let's use it instead of our questionably performant, reflection-dependent deep copy library. Most changes because some functions can now return errors. Also converts cmd/podman to use jsoniter, instead of pkg/json, for increased performance. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* utils: split generation and writing of storage.confGiuseppe Scrivano2019-03-17
| | | | | | | | | | | | | split the generation for the default storage.conf and when we write it if not existing for a rootless user. This is necessary because during the startup we might be overriding the default configuration through --storage-driver and --storage-opt, that would not be written down to the storage.conf file we generated. Closes: https://github.com/containers/libpod/issues/2659 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: write the custom config file before reloadGiuseppe Scrivano2019-03-15
| | | | | | | so that when we do a rootlessReload we inherit the correct settings from the command line. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: do not override user settingsGiuseppe Scrivano2019-03-15
| | | | | | | | | if the settings are available in the user config file, do not override them with the global configuration. Closes: https://github.com/containers/libpod/issues/2614 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* runtime: refactor NewRuntime and NewRuntimeFromConfigGiuseppe Scrivano2019-03-15
| | | | | | | | | | we had two functions NewRuntimeFromConfig and NewRuntime that differed only for the config file they use. Move comon logic to newRuntimeFromConfig and let it lookup the configuration file to use when one is not specified. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add event logging to libpod, even display to podmanbaude2019-03-11
| | | | | | | | | | | | | | | | | In lipod, we now log major events that occurr. These events can be displayed using the `podman events` command. Each event contains: * Type (container, image, volume, pod...) * Status (create, rm, stop, kill, ....) * Timestamp in RFC3339Nano format * Name (if applicable) * Image (if applicable) The format of the event and the varlink endpoint are to not be considered stable until cockpit has done its enablement. Signed-off-by: baude <bbaude@redhat.com>
* libpod: allow to configure path to the network-cmd binaryGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | | allow to configure the path to the network-cmd binary, either via an option flag --network-cmd-path or through the libpod.conf configuration file. This is currently used to customize the path to the slirp4netns binary. Closes: https://github.com/containers/libpod/issues/2506 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: propagate errors from infoGiuseppe Scrivano2019-03-08
| | | | | | | | | we use "podman info" to reconfigure the runtime after a reboot, but we don't propagate the error message back if something goes wrong. Closes: https://github.com/containers/libpod/issues/2584 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: fill in correct storage conf defaultGiuseppe Scrivano2019-03-05
| | | | | | | | | When the configuration file is specified, be sure to fill rootless compatible values in the default configuration. Closes: https://github.com/containers/libpod/issues/2510 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* runtime: fill a proper default tmpdir when --config is usedGiuseppe Scrivano2019-03-04
| | | | | | Closes: https://github.com/containers/libpod/issues/2408 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Centralize setting default volume pathMatthew Heon2019-02-26
| | | | | | | | No reason to do it in util/ anymore. It's always going to be a subdirectory of c/storage graph root by default, so we can just set it after the return. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Move all storage configuration defaults into libpodMatthew Heon2019-02-26
| | | | | | | | | | | Instead of passing in defaults via WithStorageConfig after computing them in cmd/podman/libpodruntime, do all defaults in libpod itself. This can alleviate ordering issues which caused settings in the libpod config (most notably, volume path) to be ignored. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Record when volume path is explicitly set in configMatthew Heon2019-02-26
| | | | | | | This ensures we won't overwrite it when it's set in the config we load from disk. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add debug information when overriding paths with the DBMatthew Heon2019-02-26
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Validate VolumePath against DB configurationMatthew Heon2019-02-26
| | | | | | | | | If this doesn't match, we end up not being able to access named volumes mounted into containers, which is bad. Use the same validation that we use for other critical paths to ensure this one also matches. Signed-off-by: Matthew Heon <matthew.heon@pm.me>