summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Add FIPS mode secretumohnani82018-04-23
| | | | | | | | If the host is in FIPS mode and /etc/system-fips exists /run/secrets/system-fips is created in the container so that the container can run in FIPS mode as well. Signed-off-by: umohnani8 <umohnani@redhat.com>
* Initial varlink implementationbaude2018-04-23
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #627 Approved by: mheon
* Vendor in latest containers/image and contaners/storageumohnani82018-04-19
| | | | | | | | | Made necessary changes to functions to include contex.Context wherever needed Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #640 Approved by: baude
* regression: tls verify should be set on registries.conf if insecurebaude2018-04-18
| | | | | | | | | | | In the case where podman needs to pull an image, if that registry that the image resides on is known to be insesure (as defined in /etc/containers/registries.conf), tls-verify should be altered on the fly. Signed-off-by: baude <bbaude@redhat.com> Closes: #626 Approved by: mheon
* - reverse host field order (ip goes first)Nathan Williams2018-04-18
| | | | | | | | | - fix host string split to permit IPv6 Signed-off-by: Nathan Williams <nath.e.will@gmail.com> Closes: #635 Approved by: rhatdan
* Change container.locked to batchedTomSweeneyRedHat2018-04-16
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #619 Approved by: mheon
* podman pull should always try to pullbaude2018-04-14
| | | | | | | | | | | | | | In the case where you have an image local, if the the user runs podman pull, we should always attempt to pull an updated image. Added a forceRemote bool to New (image) so we can differentiate between "pull" or run because the actions differ. Run does not need to pull the latest -- only run. Signed-off-by: baude <bbaude@redhat.com> Closes: #618 Approved by: baude
* Fix another comparison of a Go interface against nilMatthew Heon2018-04-13
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #608 Approved by: baude
* Allowing attaching stdin to non-interactive containersMatthew Heon2018-04-13
| | | | | | | | | Mimics docker's behavior Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #608 Approved by: baude
* Change attach to accept a struct containing streamsMatthew Heon2018-04-13
| | | | | | | | | | | Comparing Go interfaces, like io.Reader, to nil does not work. As such, we need to include a bool with each stream telling whether to attach to it. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #608 Approved by: baude
* Changes to attach to enable per-stream attachingMatthew Heon2018-04-13
| | | | | | | | | | This allows us to attach to attach to just stdout or stderr or stdin, or any combination of these. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #608 Approved by: baude
* Fix locking interaction in batched Exec() on containerMatthew Heon2018-04-13
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #610 Approved by: giuseppe
* Force host UID/GID mapping when creating containersNalin Dahyabhai2018-04-12
| | | | | | | | | | Until we can handle running containers which use UID/GID mappings, make sure that we always create containers that use the host mappings. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #609 Approved by: baude
* Do not lock all containers during pod killMatthew Heon2018-04-12
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #600 Approved by: rhatdan
* Make pod stop lock one container at a timeMatthew Heon2018-04-12
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #600 Approved by: rhatdan
* Do not lock all containers during pod startMatthew Heon2018-04-12
| | | | | | | | | | This solves a nasty locking issue with getting the path of namespaces for dependencies Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #600 Approved by: rhatdan
* Containers transitioning to stop should not break statsbaude2018-04-11
| | | | | | | | | | | | When a container is transitioning from running to stopped and stats is runnings, we should not break stats if we are unable to get stats for that container. Resolves: #598 Signed-off-by: baude <bbaude@redhat.com> Closes: #599 Approved by: mheon
* Use buildah commit for podman commitbaude2018-04-10
| | | | | | | | Resolves: #586 and #520 Signed-off-by: baude <bbaude@redhat.com> Closes: #592 Approved by: mheon
* Functionality changes to the following flagsumohnani82018-04-06
| | | | | | | | | | | | | | | | | | | --group-add --blkio-weight-device --device-read-bps --device-write-bps --device-read-iops --device-write-iops --group-add now supports group names as well as the gid associated with them. All the --device flags work now with moderate changes to the code to support both bps and iops. Added tests for all the flags. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #590 Approved by: mheon
* Remove image via storage if a buildah container is associatedTomSweeneyRedHat2018-04-05
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #522 Approved by: mheon
* Add hooks support to podmanDaniel J Walsh2018-04-05
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #155 Approved by: mheon
* Prevent a potential race when stopping containersMatthew Heon2018-04-04
| | | | | | | | | | | If sending a signal fails, check if the container is alive. If it is not, it probably stopped on its own before we could send the signal, so don't error out. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #591 Approved by: rhatdan
* Only allocate tty when -tbaude2018-04-03
| | | | | | | | | | | In our ezrly development, we always allocated a tty when not -d. Now we should only allocated when the user asks for it. Resolves: #573 Signed-off-by: baude <bbaude@redhat.com> Closes: #574 Approved by: rhatdan
* Stopping a stopped container should not be an errorbaude2018-04-03
| | | | | | | | | Resolves: #575 Signed-off-by: baude <bbaude@redhat.com> Closes: #588 Approved by: mheon
* Fix golintMatthew Heon2018-04-03
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #577 Approved by: rhatdan
* Refactor dependency checks from init() into public APIMatthew Heon2018-04-03
| | | | | | | | | | | | | Instead of checking during init(), which could result in major locking issues when used with pods, make our dependency checks in the public API instead. This avoids doing them when we start pods (where, because of the dependency graph, we can reasonably say all dependencies are up before we start a container). Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #577 Approved by: rhatdan
* Do not require Init() before Start()Matthew Heon2018-04-03
| | | | | | | | | This will help dependency races Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #577 Approved by: rhatdan
* Ensure dependencies are running before initializing containersMatthew Heon2018-04-03
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #577 Approved by: rhatdan
* Add container dependencies to Inspect outputMatthew Heon2018-04-03
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #577 Approved by: rhatdan
* Add backend code for generic dependenciesMatthew Heon2018-04-03
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #577 Approved by: rhatdan
* Change errorf to warnf in warning removing ctr storageMatthew Heon2018-04-02
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #571 Approved by: rhatdan
* Don't return an ImageConfig when creating storageMatthew Heon2018-04-02
| | | | | | | | | | | | We don't use it directly, we aren't going to cache it in the DB, and when we do use it (image volumes) we might well be in a different process (podman create -> podman start). No point in keeping it around. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #571 Approved by: rhatdan
* More gracefully handle unexpected storage deletionMatthew Heon2018-04-02
| | | | | | | | | | | | | | | | | | We have other tools using containers/storage. They can delete our containers in c/storage without us knowing. Try and handle this better by warning instead of erroring when delete our storage and it is already gone. This does not handle cases where libpod thinks the container is mounted, but it is not. This is harder to check for, because c/storage Mount() and Unmount() take a layer, image, or container and that complicates our "container no longer exists" question. Further work is needed here. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #571 Approved by: rhatdan
* Allow sha256: prefix for inputbaude2018-03-29
| | | | | | | | | | | | We should allow users to pass in image ids with the sha256: prefix for local images. Resolves: #493 Signed-off-by: baude <bbaude@redhat.com> Closes: #560 Approved by: baude
* Add secrets patch to podmanumohnani82018-03-29
| | | | | | | | | | Adds support for mounting secrets especially on RHEL where the container can use the host subsription to run yum Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #544 Approved by: rhatdan
* Fix testsMatthew Heon2018-03-29
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #557 Approved by: rhatdan
* Remove a loop in container graphMatthew Heon2018-03-29
| | | | | | | | | | | Instead of looping to find containers with no dependencies, maintain a map of them and remove entries as we add dependency edges. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #557 Approved by: rhatdan
* Only start containers that are not running in pod startMatthew Heon2018-03-29
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #557 Approved by: rhatdan
* Change pod Start() to use container dependency graphMatthew Heon2018-03-29
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #557 Approved by: rhatdan
* Add tests for container graphsMatthew Heon2018-03-29
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #557 Approved by: rhatdan
* Initial implementation of container graph generationMatthew Heon2018-03-29
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #557 Approved by: rhatdan
* Error is already wrapped properly.Daniel J Walsh2018-03-29
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #517 Approved by: baude
* Check for duplicate names when generating new container and pod names.Daniel J Walsh2018-03-29
| | | | | | | | | This fixes the situation where we fail to create a container when a name already exists. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #517 Approved by: baude
* podman: new option --conmon-pidfile=Giuseppe Scrivano2018-03-29
| | | | | | | | | | | | | | | | | | | so that it is possible to use systemd to automatically restart the container: [Service] Type=forking PIDFile=/run/awesome-service.pid ExecStart=/usr/bin/podman run --conmon-pidfile=/run/awesome-service.pid --name awesome -d IMAGE /usr/bin/do-something ExecStopPost=/usr/bin/podman rm awesome Restart=always Closes: https://github.com/projectatomic/libpod/issues/534 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #549 Approved by: rhatdan
* Ensure container dependencies are part of the same podMatthew Heon2018-03-29
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #558 Approved by: rhatdan
* Prevent ctrs not in pods from depending on pod ctrsMatthew Heon2018-03-29
| | | | | | | | | | | | | Containers in pods cannot depend on containers outside of the same pod. Make the reverse true as well - containers not in pods cannot depend on containers in pods. This greatly simplifies our dependency handling, as we can guarantee that removing a pod will not encounter dependency issues. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #558 Approved by: rhatdan
* Remove dependency on kubernetesbaude2018-03-27
| | | | | | | | | | podman parse and attach were using a very small portion of the kubernetes code but using it caused a signficant increase in binary size. Signed-off-by: baude <bbaude@redhat.com> Closes: #559 Approved by: rhatdan
* Fix some minor issues lint has been picking upMatthew Heon2018-03-27
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #556 Approved by: baude
* cmd/podman/run.go: Error nicely when no image foundbaude2018-03-27
| | | | | | | | | | | | When no image is found, display a useful error message. Also, in imageToRef protect against a nil image being passed. Resolves: #553 Signed-off-by: baude <bbaude@redhat.com> Closes: #555 Approved by: mheon
* Remove current SQLite DB driverMatthew Heon2018-03-26
| | | | | | | | | | | | The SQLite DB backend has become an unmanageable nightmare. I like having the option for DB work, but it's become an active hindrance to further development, and it's definitely not in any shape to be actively used. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #548 Approved by: baude