aboutsummaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Improve robustness of pod removalMatthew Heon2019-05-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Removing a pod must first removal all containers in the pod. Libpod requires the state to remain consistent at all times, so references to a deleted pod must all be cleansed first. Pods can have many containers in them. We presently iterate through all of them, and if an error occurs trying to clean up and remove any single container, we abort the entire operation (but cannot recover anything already removed - pod removal is not an atomic operation). Because of this, if a removal error occurs partway through, we can end up with a pod in an inconsistent state that is no longer usable. What's worse, if the error is in the infra container, and it's persistent, we get zombie pods - completely unable to be removed. When we saw some of these same issues with containers not in pods, we modified the removal code there to aggressively purge containers from the database, then try to clean up afterwards. Take the same approach here, and make cleanup errors nonfatal. Once we've gone ahead and removed containers, we need to see pod deletion through to the end - we'll log errors but keep going. Also, fix some other small things (most notably, we didn't make events for the containers removed). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2826 from mheon/restart_policyOpenShift Merge Robot2019-05-03
|\ | | | | Add restart policy for containers
| * Small code fixMatthew Heon2019-05-03
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Fix 'restart' event in journaldMatthew Heon2019-05-03
| | | | | | | | | | | | | | Ensure that we can decode the restart event with the new journald events. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Address review comments on restart policyMatthew Heon2019-05-03
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Add a restart event, and make one during restart policyMatthew Heon2019-05-03
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Restart policy should not run if a container is runningMatthew Heon2019-05-03
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Move to using constants for valid restart policy typesMatthew Heon2019-05-03
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Add support for retry count with --restart flagMatthew Heon2019-05-03
| | | | | | | | | | | | | | | | | | The on-failure restart option supports restarting only a given number of times. To do this, we need one additional field in the DB to track restart count (which conveniently fills a field in Inspect we weren't populating), plus some plumbing logic. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Sending signals to containers prevents restart policyMatthew Heon2019-05-03
| | | | | | | | | | | | Noticed this when testing some behavior with Docker. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Add container restart policy to Libpod & PodmanMatthew Heon2019-05-03
| | | | | | | | | | | | | | This initial version does not support restart count, but it works as advertised otherwise. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Add a StoppedByUser field to the DBMatthew Heon2019-05-03
| | | | | | | | | | | | | | | | This field indicates that a container was explciitly stopped by an API call, and did not exit naturally. It's used when implementing restart policy for containers. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #3064 from rhatdan/sysregistriesv2OpenShift Merge Robot2019-05-03
|\ \ | |/ |/| change from sysregistries to sysregistriesv2
| * change from sysregistries to sysregistriesv2Daniel J Walsh2019-05-03
| | | | | | | | | | | | | | | | We want to start supporting the registries.conf format. Also start showing blocked registries in podman info Fix sorting so all registries are listed together in podman info. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | top: fallback to execing ps(1)Valentin Rothberg2019-05-03
|/ | | | | | | | | | Fallback to executing ps(1) in case we hit an unknown psgo descriptor. This ensures backwards compatibility with docker-top, which was purely ps(1) driven. Also support comma-separated descriptors as input. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #2959 from mheon/merge_volume_flagsOpenShift Merge Robot2019-05-03
|\ | | | | Merge volume flags implementation
| * Ensure that named volumes have their options parsedMatthew Heon2019-05-01
| | | | | | | | | | | | | | This involves moving some code out of pkg/spec/ into util/ so it can also be used by libpod. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #3051 from mheon/podman_migrate_fixesOpenShift Merge Robot2019-05-02
|\ \ | | | | | | Small fixes for #2950
| * | Small fixes for #2950Matthew Heon2019-05-01
| | | | | | | | | | | | | | | | | | | | | We merged #2950 with some nits still remaining, as Giuseppe was going on PTO. This addresses those small requested changes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #3039 from mheon/podman_initOpenShift Merge Robot2019-05-02
|\ \ \ | |/ / |/| | Add podman init command
| * | Add basic structure of podman init commandMatthew Heon2019-05-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As part of this, rework the number of workers used by various Podman tasks to match original behavior - need an explicit fallthrough in the switch statement for that block to work as expected. Also, trivial change to Podman cleanup to work on initialized containers - we need to reset to a different state after cleaning up the OCI runtime. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #3049 from giuseppe/drop-unuseful-checkOpenShift Merge Robot2019-05-01
|\ \ \ | |/ / |/| | container: drop rootless check
| * | container: drop rootless checkGiuseppe Scrivano2019-05-01
| |/ | | | | | | | | | | | | we don't need to treat the rootless case differently now that we use a single user namespace. Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
* / enable podman-remote on windowsbaude2019-04-30
|/ | | | | | | build a podman-remote binary for windows that allows users to use the remote client on windows and interact with podman on linux system. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3025 from rhatdan/read-onlyOpenShift Merge Robot2019-04-29
|\ | | | | Add --read-only-tmpfs options
| * Add --read-only-tmpfs optionsDaniel J Walsh2019-04-26
| | | | | | | | | | | | | | | | | | | | | | The --read-only-tmpfs option caused podman to mount tmpfs on /run, /tmp, /var/tmp if the container is running int read-only mode. The default is true, so you would need to execute a command like --read-only --read-only-tmpfs=false to turn off this behaviour. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | runtime: pass down the contextGiuseppe Scrivano2019-04-26
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | system: add new subcommand "migrate"Giuseppe Scrivano2019-04-26
| | | | | | | | | | | | | | | | | | | | | | it is useful to migrate existing containers to a new version of podman. Currently, it is needed to migrate rootless containers that were created with podman <= 1.2 to a newer version which requires all containers to be running in the same user namespace. Closes: https://github.com/containers/libpod/issues/2935 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3019 from mheon/system_eventsOpenShift Merge Robot2019-04-26
|\ \ | |/ |/| Add System event type and renumber, refresh events
| * Do not hard fail on non-decodable eventsMatthew Heon2019-04-26
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Add System event type and renumber, refresh eventsMatthew Heon2019-04-25
| | | | | | | | | | | | | | Also, re-add locking to file eventer Write() to protect against concurrent events. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | enable podman remote topbaude2019-04-25
|/ | | | | | | add the ability for the remote client to display a container's running processes. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3013 from mheon/logging_for_refreshOpenShift Merge Robot2019-04-25
|\ | | | | Logging for refresh
| * Add a debug message indicating that a refresh occurredMatthew Heon2019-04-25
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #2850 from baude/eventsjournaldOpenShift Merge Robot2019-04-25
|\ \ | | | | | | journald event logging
| * | journald event loggingbaude2019-04-24
| |/ | | | | | | | | | | | | | | | | add the ability for podman to read and write events to journald instead of just a logfile. This can be controlled in libpod.conf with the `events_logger` attribute of `journald` or `file`. The default will be set to `journald`. Signed-off-by: baude <bbaude@redhat.com>
* | image: rework parent/child/history matchingNalin Dahyabhai2019-04-25
| | | | | | | | | | | | | | | | Rework our expectations of how images that are derived from each other look, so that we don't assume that an image that's derived from a base image always adds layers relative to that base image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | images: add context to GetParent/IsParent/Remove/Prune...Nalin Dahyabhai2019-04-25
|/ | | | | | | Add a context.Context parameter to Image.GetParent(), Image.IsParent(), Image.GetChildren(), Image.Remove(), and Runtime.PruneImages(). Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Internal names do not match external namesDaniel J Walsh2019-04-18
| | | | | | | | | | We refer to the pause_image and pause_container in the libpod.conf description, but internally we had infra_image and infra_container. This means it the user made changes to the conf, it would not effect the actual tool using libpod. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix podman command --change CMDDaniel J Walsh2019-04-17
| | | | | | | | | | | | | | | | | | Currently in Docker if you commit with --change 'CMD a b c' The command that gets added is [/bin/sh -c "a b c"] If you commit --change 'CMD ["a","b","c"]' You get [a b c] This patch set makes podman match this behaviour. Similar change required for Entrypoint. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2870 from rhatdan/changeOpenShift Merge Robot2019-04-15
|\ | | | | Validate ENV/LABEL Change options in varlink
| * Validate ENV/LABEL Change options in varlinkDaniel J Walsh2019-04-14
| | | | | | | | | | | | | | | | | | If you pass in an invalid CHANGE ENV or LABEL option without the "=" character podman crashes. I see that there were other problems with the handling of commit --change handling. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2928 from giuseppe/fix-umountOpenShift Merge Robot2019-04-14
|\ \ | | | | | | oci: fix umount of /sys/kernel
| * | oci: fix umount of /sys/kernelGiuseppe Scrivano2019-04-14
| | | | | | | | | | | | | | | | | | | | | if the mount was already umounted as part of the cleanup (i.e. being a submount), the umount would fail. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2501 from mtrmac/fixed-hook-orderOpenShift Merge Robot2019-04-14
|\ \ \ | |_|/ |/| | RFC: Make hooks sort order locale-independent
| * | Potentially breaking: Make hooks sort order locale-independentMiloslav Trmač2019-04-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't sort OCI hooks using the locale collation order; it does not make sense for the same system-wide directory to be interpreted differently depending on the user's LC_COLLATE setting, and the language-specific collation order can even change over time. Besides, the current collation order determination code has never worked with the most common LC_COLLATE values like en_US.UTF-8. Ideally, we would like to just order based on Unicode code points to be reliably stable, but the existing implementation is case-insensitive, so we are forced to rely on the unicode case mapping tables at least. (This gives up on canonicalization and width-insensitivity, potentially breaking users who rely on these previously documented properties.) Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | | Merge pull request #2912 from adrianreber/labelOpenShift Merge Robot2019-04-14
|\ \ \ | |_|/ |/| | Use the same SELinux label for CRIU log files
| * | Use the same SELinux label for CRIU log filesAdrian Reber2019-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | The SELinux label for the CRIU dump.log was explicitly set in Podman. The label for the restore.log, however, not. This just moves the code to label the log file into a function and calls that functions during checkpoint and restore. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | Merge pull request #2913 from mheon/get_instead_of_lookupOpenShift Merge Robot2019-04-12
|\ \ \ | |/ / |/| | Use GetContainer instead of LookupContainer for full ID
| * | Use GetContainer instead of LookupContainer for full IDMatthew Heon2019-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All IDs in libpod are stored as a full container ID. We can get a container by full ID faster with GetContainer (which directly retrieves) than LookupContainer (which finds a match, then retrieves). No reason to use Lookup when we have full IDs present and available. Signed-off-by: Matthew Heon <matthew.heon@pm.me>