summaryrefslogtreecommitdiff
path: root/libpod/runtime.go
Commit message (Collapse)AuthorAge
* Ensure volumes reacquire locks on state refreshMatthew Heon2019-12-02
| | | | | | | | | | | | | | | | | | | | | | | | After a restart, pods and containers both run a refresh() function to prepare to run after a reboot. Until now, volumes have not had a similar function, because they had no per-boot setup to perform. Unfortunately, this was not noticed when in-memory locking was introduced to volumes. The refresh() routine is, among other things, responsible for ensuring that locks are reserved after a reboot, ensuring they cannot be taken by a freshly-created container, pod, or volume. If this reservation is not done, we can end up with two objects using the same lock, potentially needing to lock each other for some operations - classic recipe for deadlocks. Add a refresh() function to volumes to perform lock reservation and ensure it is called as part of overall refresh(). Fixes #4605 Fixes #4621 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* add libpod/configValentin Rothberg2019-10-31
| | | | | | | | | | | | Refactor the `RuntimeConfig` along with related code from libpod into libpod/config. Note that this is a first step of consolidating code into more coherent packages to make the code more maintainable and less prone to regressions on the long runs. Some libpod definitions were moved to `libpod/define` to resolve circular dependencies. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* bump containers/image to v5.0.0, buildah to v1.11.4Nalin Dahyabhai2019-10-29
| | | | | | | | | Move to containers/image v5 and containers/buildah to v1.11.4. Replace an equality check with a type assertion when checking for a docker.ErrUnauthorizedForCredentials in `podman login`. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Merge pull request #3792 from haircommander/minimum-conmonOpenShift Merge Robot2019-10-29
|\ | | | | require conmon v2.0.1
| * require conmon v2.0.1Peter Hunt2019-10-28
| | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * require conmon v2.0.0Peter Hunt2019-10-28
| | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Merge pull request #4228 from giuseppe/detect-no-systemd-sessionOpenShift Merge Robot2019-10-24
|\ \ | | | | | | rootless: detect no system session with --cgroup-manager=systemd
| * | rootless: detect no system session with --cgroup-manager=systemdGiuseppe Scrivano2019-10-23
| |/ | | | | | | | | | | | | if the cgroup manager is set to systemd, detect if dbus is available, otherwise fallback to --cgroup-manager=cgroupfs. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4309 from giuseppe/write-storage-overridesOpenShift Merge Robot2019-10-21
|\ \ | |/ |/| rootless: write storage overrides to the conf file
| * rootless: write storage overrides to the conf fileGiuseppe Scrivano2019-10-21
| | | | | | | | | | | | | | | | | | make sure the user overrides are stored in the configuration file when first created. Closes: https://github.com/containers/libpod/issues/2659 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | rootless: do not enable lingering modeGiuseppe Scrivano2019-10-17
|/ | | | | | | | do not automatically enable lingering mode. Closes: https://github.com/containers/libpod/issues/4224 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #4220 from mheon/null_runtimeOpenShift Merge Robot2019-10-11
|\ | | | | Move OCI runtime implementation behind an interface
| * Move OCI runtime implementation behind an interfaceMatthew Heon2019-10-10
| | | | | | | | | | | | | | | | | | | | | | | | For future work, we need multiple implementations of the OCI runtime, not just a Conmon-wrapped runtime matching the runc CLI. As part of this, do some refactoring on the interface for exec (move to a struct, not a massive list of arguments). Also, add 'all' support to Kill and Stop (supported by runc and used a bit internally for removing containers). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Migrate can move containers to a new runtimeMatthew Heon2019-10-10
|/ | | | | | | | | | | | This is a horrible hack to work around issues with Fedora 31, but other distros might need it to, so we'll move it upstream. I do not recommend this functionality for general use, and the manpages and other documentation will reflect this. But for some upgrade cases, it will be the only thing that allows for a working system. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Update c/image to v4.0.1 and buildah to 1.11.3Miloslav Trmač2019-10-04
| | | | | | | | | | | | | | This requires updating all import paths throughout, and a matching buildah update to interoperate. I can't figure out the reason for go.mod tracking github.com/containers/image v3.0.2+incompatible // indirect ((go mod graph) lists it as a direct dependency of libpod, but (go list -json -m all) lists it as an indirect dependency), but at least looking at the vendor subdirectory, it doesn't seem to be actually used in the built binaries. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* rootless: set DBUS_SESSION_BUS_ADDRESS if it is not setGiuseppe Scrivano2019-10-02
| | | | | | | | | | if the variable is not set, make sure it has a sane value so that go-dbus won't try to connect to the wrong user session. Closes: https://github.com/containers/libpod/issues/4162 Closes: https://github.com/containers/libpod/issues/4164 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* We need to convert libpod.conf files in user homedir for cgroupv2Daniel J Walsh2019-09-21
| | | | | | | | | | | If a user upgrades to a machine that defaults to a cgroups V2 machine and has a libpod.conf file in their homedir that defaults to OCI Runtime runc, then we want to change it one time to crun. runc as of this point does not work on cgroupV2 systems. This patch will eventually be removed but is needed until runc has support. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* fix trivial type for event loggerbaude2019-09-19
| | | | | | Fixes: #4062 Signed-off-by: baude <bbaude@redhat.com>
* Add support for launching containers without CGroupsMatthew Heon2019-09-10
| | | | | | | This is mostly used with Systemd, which really wants to manage CGroups itself when managing containers via unit file. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Ensure good defaults on blank c/storage configurationMatthew Heon2019-09-05
| | | | | | | | | | | | | | | | If c/storage paths are explicitly set to "" (the empty string) it will use compiled-in defaults. However, it won't tell us this via `storage.GetDefaultStoreOptions()` - we just get the empty string (which can put our defaults, some of which are relative to c/storage, in a bad spot). Hardcode a sane default for cases like this. Furthermore, add some sanity checks to paths, to ensure we don't use relative paths for core parts of libpod. Fixes #3952 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add an integration test for systemd in a containerMatthew Heon2019-08-28
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2940 from giuseppe/drop-firewallOpenShift Merge Robot2019-08-21
|\ | | | | networking: use firewall plugin
| * networking: use firewall pluginGiuseppe Scrivano2019-08-19
| | | | | | | | | | | | | | drop the pkg/firewall module and start using the firewall CNI plugin. It requires an updated package for CNI plugins. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3760 from rhatdan/authOpenShift Merge Robot2019-08-19
|\ \ | |/ |/| Use GetRuntimeDir to setup auth.json for login
| * Use GetRuntimeDir to setup auth.json for loginDaniel J Walsh2019-08-12
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | do not activate sd_notify support when varlinkbaude2019-08-15
|/ | | | | | | | | add ability to not activate sd_notify when running under varlink as it causes deadlocks and hangs. Fixes: #3572 Signed-off-by: baude <bbaude@redhat.com>
* rootless: cherry-pick runtime from the system configurationGiuseppe Scrivano2019-08-12
| | | | | | | | | when creating the default libpod.conf file, be sure the default OCI runtime is cherry picked from the system configuration. Closes: https://github.com/containers/libpod/issues/3781 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add conmon probe to runtime constructionPeter Hunt2019-08-08
| | | | | | Now, when a user's conmon is out of date, podman will tell them Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Merge pull request #3466 from TomSweeneyRedHat/dev/tsweeney/myhomeOpenShift Merge Robot2019-08-06
|\ | | | | Touch up XDG, add rootless links
| * Touch up XDG, add rootless linksTomSweeneyRedHat2019-07-29
| | | | | | | | | | | | | | | | | | | | | | Touch up a number of formating issues for XDG_RUNTIME_DIRS in a number of man pages. Make use of the XDG_CONFIG_HOME environment variable in a rootless environment if available, or set it if not. Also added a number of links to the Rootless Podman config page and added the location of the auth.json files to that doc. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | honor libpod.conf in /usr/share/containersbaude2019-08-04
| | | | | | | | | | | | | | | | | | | | | | we should be looking for the libpod.conf file in /usr/share/containers and not in /usr/local. packages of podman should drop the default libpod.conf in /usr/share. the override remains /etc/containers/ as well. Fixes: #3702 Signed-off-by: baude <bbaude@redhat.com>
* | Add runtime and conmon path discoverySascha Grunert2019-08-01
| | | | | | | | | | | | | | | | The `$PATH` environment variable will now used as fallback if no valid runtime or conmon path matches. The debug logs has been updated to state the used executable. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Update libpod.conf to be NixOS friendlySascha Grunert2019-07-30
|/ | | | | | | | NixOS links the current system state to `/run/current-system`, so we have to add these paths to the configuration files as well to work out of the box. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* Fix a segfault on Podman no-store commands with refreshMatthew Heon2019-07-23
| | | | | | | | | | | | | When a command (like `ps`) requests no store be created, but also requires a refresh be performed, we have to ignore its request and initialize the store anyways to prevent segfaults. This work was done in #3532, but that missed one thing - initializing a storage service. Without the storage service, Podman will still segfault. Fix that oversight here. Fixes #3625 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #3532 from mheon/ensure_store_on_refreshOpenShift Merge Robot2019-07-15
|\ | | | | Ensure we have a valid store when we refresh
| * Ensure we have a valid store when we refreshMatthew Heon2019-07-10
| | | | | | | | | | | | Fixes #3520 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | first pass of corrections for golangci-lintbaude2019-07-10
|/ | | | Signed-off-by: baude <bbaude@redhat.com>
* code cleanupbaude2019-07-08
| | | | | | clean up code identified as problematic by golands inspection Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3437 from giuseppe/fix-nocgoOpenShift Merge Robot2019-07-03
|\ | | | | build: allow to build without cgo on RISC-V
| * lock: new lock type "file"Giuseppe Scrivano2019-07-02
| | | | | | | | | | | | it is a wrapper around containers/storage file locking. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * runtime: allow to specify the lock mechanismGiuseppe Scrivano2019-07-02
| | | | | | | | | | | | preparation for the next patch. It currently supports only "shm". Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | configure runtime without storebaude2019-07-01
|/ | | | | | | | | some podman commands do not require the use of a container/image store. in those cases, it is more effecient to not open the store, because that results in having to also close the store which can be costly when the system is under heavy write I/O loads. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3324 from marcov/detach-keys-configurableOpenShift Merge Robot2019-07-01
|\ | | | | libpod: specify a detach keys sequence in libpod.conf
| * libpod: specify a detach keys sequence in libpod.confMarco Vedovati2019-06-26
| | | | | | | | | | | | Add the ability of specifying a detach keys sequence in libpod.conf Signed-off-by: Marco Vedovati <mvedovati@suse.com>
* | rootless: enable linger if /run/user/UID not existsGiuseppe Scrivano2019-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | at least on Fedora 30 it creates the /run/user/UID directory for the user logged in via ssh. This needs to be done very early so that every other check when we create the default configuration file will point to the correct location. Closes: https://github.com/containers/libpod/issues/3410 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3442 from baude/removelibpodfrommainphase2OpenShift Merge Robot2019-06-27
|\ \ | | | | | | libpod removal from main (phase 2)
| * | libpod removal from main (phase 2)baude2019-06-27
| |/ | | | | | | | | | | this is phase 2 for the removal of libpod from main. Signed-off-by: baude <bbaude@redhat.com>
* | runtime: do not attempt to use global conf fileGiuseppe Scrivano2019-06-27
| | | | | | | | | | | | | | | | | | we had a regression where the rootless user tried to use the global configuration file. We should not try to use the global configuration when running in rootless but only cherry-pick some settings from there when creating the file for the first time. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | runtime: use GetRootlessUID() to get rootless uidGiuseppe Scrivano2019-06-27
| | | | | | | | | | | | otherwise it won't work in a user namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3429 from cevich/strip_crio_conmonOpenShift Merge Robot2019-06-27
|\ \ | |/ |/| Remove refs to crio/conmon