summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* migrate: not create a new namespaceGiuseppe Scrivano2019-05-17
| | | | | | | this leaves the containers stopped but we won't risk to use the wrong user namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #3121 from giuseppe/rootless-error-cniOpenShift Merge Robot2019-05-16
|\ | | | | network: raise a clearer error when using CNI
| * network: raise a clearer error when using CNIGiuseppe Scrivano2019-05-14
| | | | | | | | | | | | | | | | | | print a clearer error message when an unprivileged user attempts to create a network using CNI. Closes: https://github.com/containers/libpod/issues/3118 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3127 from mheon/fix_start_raceOpenShift Merge Robot2019-05-16
|\ \ | | | | | | Ensure that start() in StartAndAttach() is locked
| * | Ensure that start() in StartAndAttach() is lockedMatthew Heon2019-05-14
| |/ | | | | | | | | | | | | | | | | | | | | | | | | StartAndAttach() runs start() in a goroutine, which can allow it to fire after the caller returns - and thus, after the defer to unlock the container lock has fired. The start() call _must_ occur while the container is locked, or else state inconsistencies may occur. Fixes #3114 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #3124 from mheon/remove_pod_lockOpenShift Merge Robot2019-05-15
|\ \ | | | | | | When removing pods, free their locks
| * | When removing pods, free their locksMatthew Heon2019-05-14
| |/ | | | | | | | | | | | | Without this we leak allocated locks, which is definitely not a good thing. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* / set default event logger based on build tagsbaude2019-05-14
|/ | | | | | | once the default event logger was removed from libpod.conf, we need to set the default based on whether the systemd build tag is used or not. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3083 from openSUSE/systemd-optionalOpenShift Merge Robot2019-05-13
|\ | | | | Add `systemd` build tag
| * Add `systemd` build tagSascha Grunert2019-05-13
| | | | | | | | | | | | | | | | | | | | | | | | If the systemd development files are not present on the system which builds podman, then `podman events` will error on runtime creation. Beside this, a warning will be printed when compiling podman. This commit mainly exists because projects which depend on libpod would not need the podman event support and therefore do not need to rely on the systemd headers. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | healthcheck benign errorbaude2019-05-13
|/ | | | | | | clean up the reporting of a benign error that can occur when a container is first stopped and then removed. Signed-off-by: baude <bbaude@redhat.com>
* When removing a pod with CGroupfs, set pids limit to 0Matthew Heon2019-05-12
| | | | | | | | | | | | | When using CGroupfs, we see races during pod removal between removing the CGroup and the cleanup process starting (in the CGroup, thus preventing removal). The simplest way to avoid this is to prevent the forking of the cleanup process. Conveniently, we can do this via the CGroup that we already created for Conmon - we just need to update the PID limit to 0, which completely inhibits new forks. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Use standard remove functions for removing pod ctrsMatthew Heon2019-05-10
| | | | | | | Instead of rewriting the logic, reuse the standard logic we use for removing containers, which is much better tested. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #3082 from mheon/pod_removal_reliabilityOpenShift Merge Robot2019-05-08
|\ | | | | Improve robustness of pod removal
| * Preserve errors returned by removing podsMatthew Heon2019-05-07
| | | | | | | | | | | | | | | | Ensure that, if an error occurs somewhere along the way when we remove a pod, it's preserved until the end and returned, even as we continue to remove the pod. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Improve robustness of pod removalMatthew Heon2019-05-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Removing a pod must first removal all containers in the pod. Libpod requires the state to remain consistent at all times, so references to a deleted pod must all be cleansed first. Pods can have many containers in them. We presently iterate through all of them, and if an error occurs trying to clean up and remove any single container, we abort the entire operation (but cannot recover anything already removed - pod removal is not an atomic operation). Because of this, if a removal error occurs partway through, we can end up with a pod in an inconsistent state that is no longer usable. What's worse, if the error is in the infra container, and it's persistent, we get zombie pods - completely unable to be removed. When we saw some of these same issues with containers not in pods, we modified the removal code there to aggressively purge containers from the database, then try to clean up afterwards. Take the same approach here, and make cleanup errors nonfatal. Once we've gone ahead and removed containers, we need to see pod deletion through to the end - we'll log errors but keep going. Also, fix some other small things (most notably, we didn't make events for the containers removed). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | enable integration tests for remote-clientbaude2019-05-07
| | | | | | | | | | | | | | first pass at enabling a swath of integration tests for the remote-client. Signed-off-by: baude <bbaude@redhat.com>
* | When refreshing after a reboot, force lock allocationMatthew Heon2019-05-06
|/ | | | | | | | | | | | | | After a reboot, when we refresh Podman's state, we retrieved the lock from the fresh SHM instance, but we did not mark it as allocated to prevent it being handed out to other containers and pods. Provide a method for marking locks as in-use, and use it when we refresh Podman state after a reboot. Fixes #2900 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2826 from mheon/restart_policyOpenShift Merge Robot2019-05-03
|\ | | | | Add restart policy for containers
| * Small code fixMatthew Heon2019-05-03
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Fix 'restart' event in journaldMatthew Heon2019-05-03
| | | | | | | | | | | | | | Ensure that we can decode the restart event with the new journald events. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Address review comments on restart policyMatthew Heon2019-05-03
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Add a restart event, and make one during restart policyMatthew Heon2019-05-03
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Restart policy should not run if a container is runningMatthew Heon2019-05-03
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Move to using constants for valid restart policy typesMatthew Heon2019-05-03
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Add support for retry count with --restart flagMatthew Heon2019-05-03
| | | | | | | | | | | | | | | | | | The on-failure restart option supports restarting only a given number of times. To do this, we need one additional field in the DB to track restart count (which conveniently fills a field in Inspect we weren't populating), plus some plumbing logic. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Sending signals to containers prevents restart policyMatthew Heon2019-05-03
| | | | | | | | | | | | Noticed this when testing some behavior with Docker. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Add container restart policy to Libpod & PodmanMatthew Heon2019-05-03
| | | | | | | | | | | | | | This initial version does not support restart count, but it works as advertised otherwise. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Add a StoppedByUser field to the DBMatthew Heon2019-05-03
| | | | | | | | | | | | | | | | This field indicates that a container was explciitly stopped by an API call, and did not exit naturally. It's used when implementing restart policy for containers. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #3064 from rhatdan/sysregistriesv2OpenShift Merge Robot2019-05-03
|\ \ | |/ |/| change from sysregistries to sysregistriesv2
| * change from sysregistries to sysregistriesv2Daniel J Walsh2019-05-03
| | | | | | | | | | | | | | | | We want to start supporting the registries.conf format. Also start showing blocked registries in podman info Fix sorting so all registries are listed together in podman info. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | top: fallback to execing ps(1)Valentin Rothberg2019-05-03
|/ | | | | | | | | | Fallback to executing ps(1) in case we hit an unknown psgo descriptor. This ensures backwards compatibility with docker-top, which was purely ps(1) driven. Also support comma-separated descriptors as input. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #2959 from mheon/merge_volume_flagsOpenShift Merge Robot2019-05-03
|\ | | | | Merge volume flags implementation
| * Ensure that named volumes have their options parsedMatthew Heon2019-05-01
| | | | | | | | | | | | | | This involves moving some code out of pkg/spec/ into util/ so it can also be used by libpod. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #3051 from mheon/podman_migrate_fixesOpenShift Merge Robot2019-05-02
|\ \ | | | | | | Small fixes for #2950
| * | Small fixes for #2950Matthew Heon2019-05-01
| | | | | | | | | | | | | | | | | | | | | We merged #2950 with some nits still remaining, as Giuseppe was going on PTO. This addresses those small requested changes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #3039 from mheon/podman_initOpenShift Merge Robot2019-05-02
|\ \ \ | |/ / |/| | Add podman init command
| * | Add basic structure of podman init commandMatthew Heon2019-05-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As part of this, rework the number of workers used by various Podman tasks to match original behavior - need an explicit fallthrough in the switch statement for that block to work as expected. Also, trivial change to Podman cleanup to work on initialized containers - we need to reset to a different state after cleaning up the OCI runtime. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #3049 from giuseppe/drop-unuseful-checkOpenShift Merge Robot2019-05-01
|\ \ \ | |/ / |/| | container: drop rootless check
| * | container: drop rootless checkGiuseppe Scrivano2019-05-01
| |/ | | | | | | | | | | | | we don't need to treat the rootless case differently now that we use a single user namespace. Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
* / enable podman-remote on windowsbaude2019-04-30
|/ | | | | | | build a podman-remote binary for windows that allows users to use the remote client on windows and interact with podman on linux system. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3025 from rhatdan/read-onlyOpenShift Merge Robot2019-04-29
|\ | | | | Add --read-only-tmpfs options
| * Add --read-only-tmpfs optionsDaniel J Walsh2019-04-26
| | | | | | | | | | | | | | | | | | | | | | The --read-only-tmpfs option caused podman to mount tmpfs on /run, /tmp, /var/tmp if the container is running int read-only mode. The default is true, so you would need to execute a command like --read-only --read-only-tmpfs=false to turn off this behaviour. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | runtime: pass down the contextGiuseppe Scrivano2019-04-26
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | system: add new subcommand "migrate"Giuseppe Scrivano2019-04-26
| | | | | | | | | | | | | | | | | | | | | | it is useful to migrate existing containers to a new version of podman. Currently, it is needed to migrate rootless containers that were created with podman <= 1.2 to a newer version which requires all containers to be running in the same user namespace. Closes: https://github.com/containers/libpod/issues/2935 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3019 from mheon/system_eventsOpenShift Merge Robot2019-04-26
|\ \ | |/ |/| Add System event type and renumber, refresh events
| * Do not hard fail on non-decodable eventsMatthew Heon2019-04-26
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Add System event type and renumber, refresh eventsMatthew Heon2019-04-25
| | | | | | | | | | | | | | Also, re-add locking to file eventer Write() to protect against concurrent events. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | enable podman remote topbaude2019-04-25
|/ | | | | | | add the ability for the remote client to display a container's running processes. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3013 from mheon/logging_for_refreshOpenShift Merge Robot2019-04-25
|\ | | | | Logging for refresh