summaryrefslogtreecommitdiff
path: root/libpod/util.go
Commit message (Collapse)AuthorAge
* Add ContainerStateRemovingMatthew Heon2019-11-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When Libpod removes a container, there is the possibility that removal will not fully succeed. The most notable problems are storage issues, where the container cannot be removed from c/storage. When this occurs, we were faced with a choice. We can keep the container in the state, appearing in `podman ps` and available for other API operations, but likely unable to do any of them as it's been partially removed. Or we can remove it very early and clean up after it's already gone. We have, until now, used the second approach. The problem that arises is intermittent problems removing storage. We end up removing a container, failing to remove its storage, and ending up with a container permanently stuck in c/storage that we can't remove with the normal Podman CLI, can't use the name of, and generally can't interact with. A notable cause is when Podman is hit by a SIGKILL midway through removal, which can consistently cause `podman rm` to fail to remove storage. We now add a new state for containers that are in the process of being removed, ContainerStateRemoving. We set this at the beginning of the removal process. It notifies Podman that the container cannot be used anymore, but preserves it in the DB until it is fully removed. This will allow Remove to be run on these containers again, which should successfully remove storage if it fails. Fixes #3906 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Set SELinux labels based on the security context in the kube.yamlDaniel J Walsh2019-11-05
| | | | | | | If the kube.yaml specifieds the SELinux type or Level, we need the container to be launched with the correct label. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* add libpod/configValentin Rothberg2019-10-31
| | | | | | | | | | | | Refactor the `RuntimeConfig` along with related code from libpod into libpod/config. Note that this is a first step of consolidating code into more coherent packages to make the code more maintainable and less prone to regressions on the long runs. Some libpod definitions were moved to `libpod/define` to resolve circular dependencies. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Set default seccomp.json file for podman play kubeDaniel J Walsh2019-10-29
| | | | | | | Currently podman play kube is not using the system default seccomp.json file. This PR will use the default or override location for podman play. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Return information about mount_program (fuse-overlayfs)Daniel J Walsh2019-09-06
| | | | | | | | | | We want to get podman info to tell us about the version of the mount program to help us diagnose issues users are having. Also if in rootless mode and slirp4netns is installed reveal package info on slirp4netns. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* libpod: avoid polling container statusGiuseppe Scrivano2019-09-04
| | | | | | | | | | | | | | | | | | | | | | | use the inotify backend to be notified on the container exit instead of polling continuosly the runtime. Polling the runtime slowns significantly down the podman execution time for short lived processes: $ time bin/podman run --rm -ti fedora true real 0m0.324s user 0m0.088s sys 0m0.064s from: $ time podman run --rm -ti fedora true real 0m4.199s user 0m5.339s sys 0m0.344s Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* code cleanupbaude2019-07-08
| | | | | | clean up code identified as problematic by golands inspection Signed-off-by: baude <bbaude@redhat.com>
* libpod removal from main (phase 2)baude2019-06-27
| | | | | | this is phase 2 for the removal of libpod from main. Signed-off-by: baude <bbaude@redhat.com>
* remove libpod from mainbaude2019-06-25
| | | | | | | | | | | | | the compilation demands of having libpod in main is a burden for the remote client compilations. to combat this, we should move the use of libpod structs, vars, constants, and functions into the adapter code where it will only be compiled by the local client. this should result in cleaner code organization and smaller binaries. it should also help if we ever need to compile the remote client on non-Linux operating systems natively (not cross-compiled). Signed-off-by: baude <bbaude@redhat.com>
* util: fix race condition in WaitForFileGiuseppe Scrivano2019-05-20
| | | | | | | | | | | enable polling also when using inotify. It is generally useful to have it as under high load inotify can lose notifications. It also solves a race condition where the file is created while the watcher is configured and it'd wait until the timeout and fail. Closes: https://github.com/containers/libpod/issues/2942 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Remove ulele/deepcopier in favor of JSON deep copyMatthew Heon2019-03-27
| | | | | | | | | | | | | We have a very high performance JSON library that doesn't need to perform code generation. Let's use it instead of our questionably performant, reflection-dependent deep copy library. Most changes because some functions can now return errors. Also converts cmd/podman to use jsoniter, instead of pkg/json, for increased performance. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix build on non-LinuxMiloslav Trmač2018-12-06
| | | | | | Unrelated to the rest of the PR. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* util: use fsnotify to wait for fileGiuseppe Scrivano2018-11-28
| | | | | | | | | | | prefer a fsnotify watcher to polling the file, we take advantage of inotify on Linux and react more promptly to the PID file being created. If the watcher cannot be created, then fallback to the old polling mechanism. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* exec: don't wait for pidfile when the runtime exitedGiuseppe Scrivano2018-11-27
| | | | | | | | | | | don't wait for the timeout to expire if the runtime process exited. I've noticed podman to hang on exit and keeping the container lock taken when the OCI runtime already exited. Additionally, it reduces the waiting time as we won't hit the 25 milliseconds waiting time in the worst case. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* create: fix writing cidfile when using rootlessGiuseppe Scrivano2018-10-23
| | | | | | | | | | prevent opening the same file twice, since we re-exec podman in rootless mode. While at it, also solve a possible race between the check for the file and writing to it. Another process could have created the file in the meanwhile and we would just end up overwriting it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add ability for ubuntu to be testedbaude2018-10-03
| | | | | | | | unfortunately the papr CI system cannot test ubuntu as a VM; therefore, this PR still keeps travis. but it does include fixes that will be required for running on modern versions of ubuntu. Signed-off-by: baude <bbaude@redhat.com>
* Refactor error checking in With*NSFromPod optionshaircommander2018-08-23
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Fix build on non-Linux OSesMatthew Heon2018-08-15
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1266 Approved by: baude
* Create pod CGroups when using the systemd cgroup driverMatthew Heon2018-08-15
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1266 Approved by: baude
* We need to sort mounts so that one mount does not over mount another.Daniel J Walsh2018-08-10
| | | | | | | | | | | | | | | | | Currently we add mounts from images, volumes and internal. We can accidently over mount an existing mount. This patch sorts the mounts to make sure a parent directory is always mounted before its content. Had to change the default propagation on image volume mounts from shared to private to stop mount points from leaking out of the container. Also switched from using some docker/docker/pkg to container/storage/pkg to remove some dependencies on Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1243 Approved by: mheon
* Stage 4 Image cleanupbaude2018-03-23
| | | | | | | | | | Cull funcs from runtime_img.go which are no longer needed. Also, fix any remaining spots that use the old image technique. Signed-off-by: baude <bbaude@redhat.com> Closes: #532 Approved by: mheon
* Stage3 Image Librarybaude2018-03-14
| | | | | | | | | | | | | This represents the stage3 implementation for the image library. At this point, we are moving the image-centric functions to pkg/image including migration of args and object-oriented references. This is a not a one-for-one migration of funcs and some funcs will need to continue to reside in runtime_img as they are overly specific to libpod and probably not useful to others. Signed-off-by: baude <bbaude@redhat.com> Closes: #484 Approved by: baude
* Add tracking for exec session IDsMatthew Heon2018-03-01
| | | | | | | | | | | Exec sessions now have an ID generated and assigned to their PID and stored in the database state. This allows us to track what exec sessions are currently active. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Implement --image-volumes for create and runumohnani82018-02-22
| | | | | | | | | | | | | | --image-volumes tells podman what to do with the image volumes in the image config There are 3 options: bind, tmpfs, and ignore bind puts the volume contents in /var/lib/containers/storage/container-id/volumes/vol-dir and bind mounts it into the container at /vol-dir tmpfs mounts /vol-dir as a tmps into the container ignore doesn't mount the image volumes onto the container Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #377 Approved by: rhatdan
* podman run container id to filebaude2018-01-11
| | | | | | | | | | podman run --cidfile /tmp/foo writes the container's id to a file. Signed-off-by: baude <bbaude@redhat.com> Closes: #205 Approved by: rhatdan
* kpod statsbaude2017-12-13
| | | | | | | | | Move kpod stats to the libpod backend. Signed-off-by: baude <bbaude@redhat.com> Closes: #113 Approved by: baude
* remove unused functions and variablesSuraj Deshmukh2017-11-28
| | | | | | | Signed-off-by: Suraj Deshmukh <surajd.service@gmail.com> Closes: #71 Approved by: rhatdan
* Add docker transport to push image before final failureTomSweeneyRedHat2017-11-28
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #42 Approved by: rhatdan
* Address run/create performance issuesbaude2017-11-14
| | | | | | | | | | | | Fixed the logic where we observed different performance results when running an image by its fqname vs a shortname. In the case of the latter, we resolve the name without using the network. Signed-off-by: baude <bbaude@redhat.com> Closes: #37 Approved by: rhatdan
* libpod create and runbaude2017-11-01
patched version of the same code that went into crio Signed-off-by: baude <bbaude@redhat.com>