| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When using CGroupfs, we see races during pod removal between
removing the CGroup and the cleanup process starting (in the
CGroup, thus preventing removal).
The simplest way to avoid this is to prevent the forking of the
cleanup process. Conveniently, we can do this via the CGroup that
we already created for Conmon - we just need to update the PID
limit to 0, which completely inhibits new forks.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
|
|
|
| |
Instead of rewriting the logic, reuse the standard logic we use
for removing containers, which is much better tested.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\
| |
| | |
Improve robustness of pod removal
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Ensure that, if an error occurs somewhere along the way when we
remove a pod, it's preserved until the end and returned, even as
we continue to remove the pod.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Removing a pod must first removal all containers in the pod.
Libpod requires the state to remain consistent at all times, so
references to a deleted pod must all be cleansed first.
Pods can have many containers in them. We presently iterate
through all of them, and if an error occurs trying to clean up
and remove any single container, we abort the entire operation
(but cannot recover anything already removed - pod removal is not
an atomic operation).
Because of this, if a removal error occurs partway through, we
can end up with a pod in an inconsistent state that is no longer
usable. What's worse, if the error is in the infra container, and
it's persistent, we get zombie pods - completely unable to be
removed.
When we saw some of these same issues with containers not in
pods, we modified the removal code there to aggressively purge
containers from the database, then try to clean up afterwards.
Take the same approach here, and make cleanup errors nonfatal.
Once we've gone ahead and removed containers, we need to see
pod deletion through to the end - we'll log errors but keep
going.
Also, fix some other small things (most notably, we didn't make
events for the containers removed).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| | |
first pass at enabling a swath of integration tests for the
remote-client.
Signed-off-by: baude <bbaude@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
After a reboot, when we refresh Podman's state, we retrieved the
lock from the fresh SHM instance, but we did not mark it as
allocated to prevent it being handed out to other containers and
pods.
Provide a method for marking locks as in-use, and use it when we
refresh Podman state after a reboot.
Fixes #2900
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\
| |
| | |
Add restart policy for containers
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| | |
Ensure that we can decode the restart event with the new journald
events.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The on-failure restart option supports restarting only a given
number of times. To do this, we need one additional field in the
DB to track restart count (which conveniently fills a field in
Inspect we weren't populating), plus some plumbing logic.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| | |
Noticed this when testing some behavior with Docker.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| | |
This initial version does not support restart count, but it works
as advertised otherwise.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This field indicates that a container was explciitly stopped by
an API call, and did not exit naturally. It's used when
implementing restart policy for containers.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \
| |/
|/| |
change from sysregistries to sysregistriesv2
|
| | |
| |
| |
| |
| |
| |
| |
| | |
We want to start supporting the registries.conf format.
Also start showing blocked registries in podman info
Fix sorting so all registries are listed together in podman info.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
Fallback to executing ps(1) in case we hit an unknown psgo descriptor.
This ensures backwards compatibility with docker-top, which was purely
ps(1) driven.
Also support comma-separated descriptors as input.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
Merge volume flags implementation
|
| | |
| |
| |
| |
| |
| |
| | |
This involves moving some code out of pkg/spec/ into util/ so it
can also be used by libpod.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \
| | |
| | | |
Small fixes for #2950
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
We merged #2950 with some nits still remaining, as Giuseppe was
going on PTO. This addresses those small requested changes.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \
| |/ /
|/| | |
Add podman init command
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As part of this, rework the number of workers used by various
Podman tasks to match original behavior - need an explicit
fallthrough in the switch statement for that block to work as
expected.
Also, trivial change to Podman cleanup to work on initialized
containers - we need to reset to a different state after cleaning
up the OCI runtime.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \
| |/ /
|/| | |
container: drop rootless check
|
| | |/
| |
| |
| |
| |
| |
| | |
we don't need to treat the rootless case differently now that we use a
single user namespace.
Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
|
| |/
|
|
|
|
|
| |
build a podman-remote binary for windows that allows users to use the
remote client on windows and interact with podman on linux system.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\
| |
| | |
Add --read-only-tmpfs options
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The --read-only-tmpfs option caused podman to mount tmpfs on /run, /tmp, /var/tmp
if the container is running int read-only mode.
The default is true, so you would need to execute a command like
--read-only --read-only-tmpfs=false to turn off this behaviour.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
it is useful to migrate existing containers to a new version of
podman. Currently, it is needed to migrate rootless containers that
were created with podman <= 1.2 to a newer version which requires all
containers to be running in the same user namespace.
Closes: https://github.com/containers/libpod/issues/2935
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| |/
|/| |
Add System event type and renumber, refresh events
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Also, re-add locking to file eventer Write() to protect against
concurrent events.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/
|
|
|
|
|
| |
add the ability for the remote client to display a container's running
processes.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\
| |
| | |
Logging for refresh
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \
| | |
| | | |
journald event logging
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
add the ability for podman to read and write events to journald instead
of just a logfile. This can be controlled in libpod.conf with the
`events_logger` attribute of `journald` or `file`. The default will be
set to `journald`.
Signed-off-by: baude <bbaude@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Rework our expectations of how images that are derived from each other
look, so that we don't assume that an image that's derived from a base
image always adds layers relative to that base image.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |/
|
|
|
|
|
| |
Add a context.Context parameter to Image.GetParent(), Image.IsParent(),
Image.GetChildren(), Image.Remove(), and Runtime.PruneImages().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
We refer to the pause_image and pause_container in the libpod.conf
description, but internally we had infra_image and infra_container.
This means it the user made changes to the conf, it would not effect the
actual tool using libpod.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently in Docker if you commit with --change 'CMD a b c'
The command that gets added is
[/bin/sh -c "a b c"]
If you commit --change 'CMD ["a","b","c"]'
You get
[a b c]
This patch set makes podman match this behaviour.
Similar change required for Entrypoint.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Validate ENV/LABEL Change options in varlink
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
If you pass in an invalid CHANGE ENV or LABEL option without the "=" character
podman crashes.
I see that there were other problems with the handling of commit --change handling.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
oci: fix umount of /sys/kernel
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
if the mount was already umounted as part of the cleanup (i.e. being a
submount), the umount would fail.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
