summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Add event on container deathMatthew Heon2019-03-13
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2562 from baude/healtcheckphase2OpenShift Merge Robot2019-03-12
|\ | | | | healthcheck phase 2
| * healtcheck phase 2baude2019-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | integration of healthcheck into create and run as well as inspect. healthcheck enhancements are as follows: * add the following options to create|run so that non-docker images can define healthchecks at the container level. * --healthcheck-command * --healthcheck-retries * --healthcheck-interval * --healthcheck-start-period * podman create|run --healthcheck-command=none disables healthcheck as described by an image. * the healthcheck itself and the healthcheck "history" can now be observed in podman inspect * added the wiring for healthcheck history which logs the health history of the container, the current failed streak attempts, and log entries for the last five attempts which themselves have start and stop times, result, and a 500 character truncated (if needed) log of stderr/stdout. The timings themselves are not implemented in this PR but will be in future enablement (i.e. next). Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2585 from giuseppe/build-honor-netOpenShift Merge Robot2019-03-12
|\ \ | | | | | | build: honor --net
| * | slirp4netns: add builtin DNS server to resolv.confGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2527 from baude/eventsOpenShift Merge Robot2019-03-11
|\ \ \ | | | | | | | | Add event logging to libpod, even display to podman
| * | | Add event logging to libpod, even display to podmanbaude2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In lipod, we now log major events that occurr. These events can be displayed using the `podman events` command. Each event contains: * Type (container, image, volume, pod...) * Status (create, rm, stop, kill, ....) * Timestamp in RFC3339Nano format * Name (if applicable) * Image (if applicable) The format of the event and the varlink endpoint are to not be considered stable until cockpit has done its enablement. Signed-off-by: baude <bbaude@redhat.com>
* | | | Ensure that tmpfs mounts do not have symlinksMatthew Heon2019-03-11
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When mounting a tmpfs, runc attempts to make the directory it will be mounted at. Unfortunately, Golang's os.MkdirAll deals very poorly with symlinks being part of the path. I looked into fixing this in runc, but it's honestly much easier to just ensure we don't trigger the issue on our end. Fixes BZ #1686610 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Buffer stdin to a file when importing "-"Nalin Dahyabhai2019-03-11
|/ / | | | | | | | | | | | | | | When importing an image from a file somewhere, we already know how to download data from a URL to a file, so do the same for stdin, in case it's unexpectedly large. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | Merge pull request #2583 from giuseppe/rootless-fix-pod-rmOpenShift Merge Robot2019-03-11
|\ \ | | | | | | rootless: fix stop and rm when the container is running with uid != 0
| * | errors: fix error cause comparisonGiuseppe Scrivano2019-03-11
| |/ | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2538 from giuseppe/slirp4netns-pathOpenShift Merge Robot2019-03-11
|\ \ | | | | | | libpod: allow to configure path to the slirp4netns binary
| * | libpod: allow to configure path to the network-cmd binaryGiuseppe Scrivano2019-03-11
| |/ | | | | | | | | | | | | | | | | | | | | | | | | allow to configure the path to the network-cmd binary, either via an option flag --network-cmd-path or through the libpod.conf configuration file. This is currently used to customize the path to the slirp4netns binary. Closes: https://github.com/containers/libpod/issues/2506 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / pull: promote debug statement to errorGiuseppe Scrivano2019-03-11
|/ | | | | | print an error if there is any failure pulling an image. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix generation of infra container commandMatthew Heon2019-03-10
| | | | | | | | | | | | When sourcing from an image, we need to grab its entrypoint first and then add command on to mimic the behavior of Docker. The default Kube pause image just sets ENTRYPOINT, and not CMD, so nothing changes there, but this ought to fix other images (for example, nginx would try to run the pause command instead of an nginx process without this patch) Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Remove an unused if statement I addedMatthew Heon2019-03-10
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Don't delete another container's resolv and hosts filesMatthew Heon2019-03-10
| | | | | | | | | | | The logic of deleting and recreating /etc/hosts and /etc/resolv.conf only makes sense when we're the one that creates the files - when we don't, it just removes them, and there's nothing left to use. Fixes #2602 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix a potential segfault during infra container createMatthew Heon2019-03-10
| | | | | | | | | I was seeing some segfaults where image config was being passed as nil, causing a nil dereference segfault. Fix the apparent cause and add some safety fencing to try and ensure it doesn't happen again. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2516 from rhatdan/secretsOpenShift Merge Robot2019-03-09
|\ | | | | Move secrets package to buildah
| * Move secrets package to buildahDaniel J Walsh2019-03-08
| | | | | | | | | | | | | | | | Trying to remove circular dependencies between libpod and buildah. First step to move pkg content from libpod to buildah. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2590 from haircommander/pause_entry_cmdOpenShift Merge Robot2019-03-08
|\ \ | |/ |/| Default to image entrypoint for infra container
| * Default to image entrypoint for infra containerPeter Hunt2019-03-08
| | | | | | | | | | | | | | If the pod infra container is overriden, we want to run the entry point of the image, instead of the default infra command. This allows users to override the infra-image with greater ease. Also use process environment variables from image Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | rootless: propagate errors from infoGiuseppe Scrivano2019-03-08
|/ | | | | | | | | we use "podman info" to reconfigure the runtime after a reboot, but we don't propagate the error message back if something goes wrong. Closes: https://github.com/containers/libpod/issues/2584 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2573 from giuseppe/exec-extra-filesOpenShift Merge Robot2019-03-07
|\ | | | | oci: make explicit the extra files to the exec
| * oci: make explicit the extra files to the execGiuseppe Scrivano2019-03-07
| | | | | | | | | | | | | | | | | | In the previous version I forgot to add the fds to preserve into AdditionalFiles. It doesn't make a difference as the files were still preserved, but this seems to be the correct way of making it explicit. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2550 from wking/language-dot-splitOpenShift Merge Robot2019-03-07
|\ \ | |/ |/| libpod/container_internal: Split locale at the first dot, etc.
| * libpod/container_internal: Split locale at the first dot, etc.W. Trevor King2019-03-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We're going to feed this into Go's BCP 47 language parser. Language tags have the form [1]: language ["-" script] ["-" region] *("-" variant) *("-" extension) ["-" privateuse] and locales have the form [2]: [language[_territory][.codeset][@modifier]] The modifier is useful for collation, but Go's language-based API [3] does not provide a way for us to supply it. This code converts our locale to a BCP 47 language by stripping the dot and later and replacing the first underscore, if any, with a hyphen. This will avoid errors like [4]: WARN[0000] failed to parse language "en_US.UTF-8": language: tag is not well-formed when feeding language.Parse(...). [1]: https://tools.ietf.org/html/bcp47#section-2.1 [2]: http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02 [3]: https://github.com/golang/go/issues/25340 [4]: https://github.com/containers/libpod/issues/2494 Signed-off-by: W. Trevor King <wking@tremily.us>
* | Merge pull request #2563 from mheon/lookup_double_match_always_returns_nameOpenShift Merge Robot2019-03-07
|\ \ | | | | | | Change LookupContainer logic to match Docker
| * | Change LookupContainer logic to match DockerMatthew Heon2019-03-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When looking up a container or pod by from user input, we handle collisions between names and IDs differently than Docker at present. In Docker, when there is a container with an ID starting with "c1" and a container named "c1", commands on "c1" will always act on the container named "c1". For the same scenario in podman, we throw an error about name collision. Change Podman to follow Docker, by returning the named container or pod instead of erroring. This should also have a positive effect on performance in the lookup-by-full-name case, which no longer needs to fully traverse the list of all pods or containers. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #2545 from haircommander/weird_pod_bugOpenShift Merge Robot2019-03-06
|\ \ \ | | | | | | | | Fix pod create failure
| * | | Fix incorrect pod create failurePeter Hunt2019-03-06
| | |/ | |/| | | | | | | | | | | | | Before, a pod create would fail if it was set to share no namespaces, but had an infra container. While inefficient (you add a container for no reason), it shouldn't be a fatal failure. Fix this by only failing if the pod was set to share namespaces, but had no infra container, and writing a warning if vice versa. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #2491 from baude/healtcheckphase1OpenShift Merge Robot2019-03-06
|\ \ \ | |/ / |/| | podman healthcheck run (phase 1)
| * | podman healthcheck run (phase 1)baude2019-03-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add the ability to manually run a container's healthcheck command. This is only the first phase of implementing the healthcheck. Subsequent pull requests will deal with the exposing the results and history of healthchecks as well as the scheduling. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #2518 from haircommander/pod_hostOpenShift Merge Robot2019-03-05
|\ \ \ | |_|/ |/| | Append hosts to dependency container's /etc/hosts file
| * | Append hosts to dependency container's /etc/hosts filePeter Hunt2019-03-05
| |/ | | | | | | | | | | Before, any container with a netNS dependency simply used its dependency container's hosts file, and didn't abide its configuration (mainly --add-host). Fix this by always appending to the dependency container's hosts file, creating one if necessary. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Merge pull request #2537 from giuseppe/rootless-storage-configOpenShift Merge Robot2019-03-05
|\ \ | |/ |/| rootless: fill in correct storage conf default
| * rootless: fill in correct storage conf defaultGiuseppe Scrivano2019-03-05
| | | | | | | | | | | | | | | | | | When the configuration file is specified, be sure to fill rootless compatible values in the default configuration. Closes: https://github.com/containers/libpod/issues/2510 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2426 from giuseppe/exec-preserve-fdsOpenShift Merge Robot2019-03-05
|\ \ | |/ |/| exec: support --preserve-fds
| * exec: support --preserve-fdsGiuseppe Scrivano2019-03-02
| | | | | | | | | | | | | | | | Allow to pass additional FDs to the process being executed. Closes: https://github.com/containers/libpod/issues/2372 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | runtime: fill a proper default tmpdir when --config is usedGiuseppe Scrivano2019-03-04
|/ | | | | | Closes: https://github.com/containers/libpod/issues/2408 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2485 from adrianreber/oci-checkOpenShift Merge Robot2019-03-01
|\ | | | | Verify that used OCI runtime supports checkpoint
| * Verify that used OCI runtime supports checkpointAdrian Reber2019-03-01
| | | | | | | | | | | | | | | | | | | | To be able to use OCI runtimes which do not implement checkpoint/restore this adds a check to the checkpoint code path and the checkpoint/restore tests to see if it knows about the checkpoint subcommand. If the used OCI runtime does not implement checkpoint/restore the tests are skipped and the actual 'podman container checkpoint' returns an error. Signed-off-by: Adrian Reber <areber@redhat.com>
* | Allow Exec API user to override streamsPeter Hunt2019-02-28
|/ | | | | | Allow passing in of AttachStreams to libpod.Exec() for usage in podman healthcheck. An API caller can now specify different streams for stdout, stderr and stdin, or no streams at all. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Centralize setting default volume pathMatthew Heon2019-02-26
| | | | | | | | No reason to do it in util/ anymore. It's always going to be a subdirectory of c/storage graph root by default, so we can just set it after the return. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Move all storage configuration defaults into libpodMatthew Heon2019-02-26
| | | | | | | | | | | Instead of passing in defaults via WithStorageConfig after computing them in cmd/podman/libpodruntime, do all defaults in libpod itself. This can alleviate ordering issues which caused settings in the libpod config (most notably, volume path) to be ignored. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Only remove image volumes when removing containersMatthew Heon2019-02-26
| | | | | | | | | | | | When removing volumes with rm --volumes we want to only remove volumes that were created with the container. Volumes created separately via 'podman volume create' should not be removed. Also ensure that --rm implies volumes will be removed. Fixes #2441 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Record when volume path is explicitly set in configMatthew Heon2019-02-26
| | | | | | | This ensures we won't overwrite it when it's set in the config we load from disk. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add debug information when overriding paths with the DBMatthew Heon2019-02-26
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add path for named volumes to `podman info`Matthew Heon2019-02-26
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Validate VolumePath against DB configurationMatthew Heon2019-02-26
| | | | | | | | | If this doesn't match, we end up not being able to access named volumes mounted into containers, which is bad. Use the same validation that we use for other critical paths to ensure this one also matches. Signed-off-by: Matthew Heon <matthew.heon@pm.me>