summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Merge pull request #6829 from rhatdan/keepidOpenShift Merge Robot2020-07-07
|\ | | | | Add username to /etc/passwd inside of container if --userns keep-id
| * Add username to /etc/passwd inside of container if --userns keep-idDaniel J Walsh2020-07-07
| | | | | | | | | | | | | | | | | | | | If I enter a continer with --userns keep-id, my UID will be present inside of the container, but most likely my user will not be defined. This patch will take information about the user and stick it into the container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | fix race condition in `libpod.GetEvents(...)`Valentin Rothberg2020-07-07
|/ | | | | | | | | Fix a race that could cause read errors to be masked. Masking such errors is likely to report red herrings since users don't see that reading failed for some reasons but that a given event could not be found. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Implement --sdnotify cmdline option to control sd-notify behaviorJoseph Gooch2020-07-06
| | | | | | | | | | | | | | | | | | | --sdnotify container|conmon|ignore With "conmon", we send the MAINPID, and clear the NOTIFY_SOCKET so the OCI runtime doesn't pass it into the container. We also advertise "ready" when the OCI runtime finishes to advertise the service as ready. With "container", we send the MAINPID, and leave the NOTIFY_SOCKET so the OCI runtime passes it into the container for initialization, and let the container advertise further metadata. This is the default, which is closest to the behavior podman has done in the past. The "ignore" option removes NOTIFY_SOCKET from the environment, so neither podman nor any child processes will talk to systemd. This removes the need for hardcoded CID and PID files in the command line, and the PIDFile directive, as the pid is advertised directly through sd-notify. Signed-off-by: Joseph Gooch <mrwizard@dok.org>
* Merge pull request #6836 from ashley-cui/tzlibpodOpenShift Merge Robot2020-07-06
|\ | | | | Add --tz flag to create, run
| * Add --tz flag to create, runAshley Cui2020-07-02
| | | | | | | | | | | | | | --tz flag sets timezone inside container Can be set to IANA timezone as well as `local` to match host machine Signed-off-by: Ashley Cui <acui@redhat.com>
* | move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to `github.com/containers/libpod/v2`. The renaming of the imports was done via `gomove` [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6846 from mheon/fix_pod_errorsOpenShift Merge Robot2020-07-06
|\ \ | | | | | | Print errors from individual containers in pods
| * | Print errors from individual containers in podsMatthew Heon2020-07-02
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The infra/abi code for pods was written in a flawed way, assuming that the map[string]error containing individual container errors was only set when the global error for the pod function was nil; that is not accurate, and we are actually *guaranteed* to set the global error when any individual container errors. Thus, we'd never actually include individual container errors, because the infra code assumed that err being set meant everything failed and no container operations were attempted. We were originally setting the cause of the error to something nonsensical ("container already exists"), so I made a new error indicating that some containers in the pod failed. We can then ignore that error when building the report on the pod operation and actually return errors from individual containers. Unfortunately, this exposed another weakness of the infra code, which was discarding the container IDs. Errors from individual containers are not guaranteed to identify which container they came from, hence the use of map[string]error in the Pod API functions. Rather than restructuring the structs we return from pkg/infra, I just wrapped the returned errors with a message including the ID of the container. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* / Fix `system service` panic from early hangup in eventsMatthew Heon2020-07-02
|/ | | | | | | | | | | | We weren't actually halting the goroutine that sent events, so it would continue sending even when the channel closed (the most notable cause being early hangup - e.g. Control-c on a curl session). Use a context to cancel the events goroutine and stop sending events. Fixes #6805 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6747 from giuseppe/fix-user-volumesOpenShift Merge Robot2020-06-30
|\ | | | | container: move volume chown after spec generation
| * container: move volume chown after spec generationGiuseppe Scrivano2020-06-29
| | | | | | | | | | | | | | | | | | move the chown for newly created volumes after the spec generation so the correct UID/GID are known. Closes: https://github.com/containers/libpod/issues/5698 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * libpod: volume copyup honors namespace mappingsGiuseppe Scrivano2020-06-29
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #6666 from giuseppe/conmon-delegateOpenShift Merge Robot2020-06-29
|\ \ | | | | | | podman: add new cgroup mode split
| * | podman: add new cgroup mode splitGiuseppe Scrivano2020-06-25
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running under systemd there is no need to create yet another cgroup for the container. With conmon-delegated the current cgroup will be split in two sub cgroups: - supervisor - container The supervisor cgroup will hold conmon and the podman process, while the container cgroup is used by the OCI runtime (using the cgroupfs backend). Closes: https://github.com/containers/libpod/issues/6400 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / Add support for dangling filter to volumesMatthew Heon2020-06-24
|/ | | | | | | | | The dangling filter determine whether a volume is dangling - IE, it has no containers attached using it. Unlike our other filters, this one is a boolean - must be true or false, not arbitrary values. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6732 from mheon/fix_stopsignal_setOpenShift Merge Robot2020-06-24
|\ | | | | Set stop signal to 15 when not explicitly set
| * Set stop signal to 15 when not explicitly setMatthew Heon2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When going through the output of `podman inspect` to try and identify another issue, I noticed that Podman 2.0 was setting StopSignal to 0 on containers by default. After chasing it through the command line and SpecGen, I determined that we were actually not setting a default in Libpod, which is strange because I swear we used to do that. I re-added the disappeared default and now all is well again. Also, while I was looking for the bug in SpecGen, I found a bunch of TODOs that have already been done. Eliminate the comments for these. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6746 from vrothberg/untagOpenShift Merge Robot2020-06-24
|\ \ | | | | | | podman untag: error if tag doesn't exist
| * | podman untag: error if tag doesn't existValentin Rothberg2020-06-24
| |/ | | | | | | | | | | | | | | | | | | | | Throw an error if a specified tag does not exist. Also make sure that the user input is normalized as we already do for `podman tag`. To prevent regressions, add a set of end-to-end and systemd tests. Last but not least, update the docs and add bash completions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6729 from QiWang19/inspect-formatOpenShift Merge Robot2020-06-24
|\ \ | | | | | | Reformat inspect network settings
| * | Reformat inspect network settingsQi Wang2020-06-23
| |/ | | | | | | | | | | Reformat ports of inspect network settings to compatible with docker inspect. Close #5380 Signed-off-by: Qi Wang <qiwan@redhat.com>
* / libpod: specify mappings to the storageGiuseppe Scrivano2020-06-24
|/ | | | | | | | | | | | specify the mappings in the container configuration to the storage when creating the container so that the correct mappings can be configured. Regression introduced with Podman 2.0. Closes: https://github.com/containers/libpod/issues/6735 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #6625 from QiWang19/fdOpenShift Merge Robot2020-06-23
|\ | | | | Add --preservefds to podman run
| * Add --preservefds to podman runQi Wang2020-06-19
| | | | | | | | | | | | Add --preservefds to podman run. close https://github.com/containers/libpod/issues/6458 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #6702 from jgallucci32/follow-logs-pollOpenShift Merge Robot2020-06-22
|\ \ | | | | | | Stop following logs using timers
| * | Use POLL_DURATION for timerjgallucci322020-06-21
| | | | | | | | | | | | Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
| * | Stop following logs using timersjgallucci322020-06-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This incorporates code from PR #6591 and #6614 but does not use event channels to detect container state and rather uses timers with a defined wait duration before calling t.StopAtEOF() to ensure the last log entry is output before a container exits. The polling interval is set to 250 milliseconds based on polling interval defined in hpcloud/tail here: https://github.com/hpcloud/tail/blob/v1.0.0/watch/polling.go#L117 Co-authored-by: Qi Wang <qiwan@redhat.com> Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
* | | Add container name to the /etc/hosts within the containerDaniel J Walsh2020-06-20
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This will allow containers that connect to the network namespace be able to use the container name directly. For example you can do something like podman run -ti --name foobar fedora ping foobar While we can do this with hostname now, this seems more natural. Also if another container connects on the network to this container it can do podman run --network container:foobar fedora ping foobar And connect to the original container,without having to discover the name. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6621 from vrothberg/bz-1846629OpenShift Merge Robot2020-06-20
|\ \ | | | | | | search: allow wildcards
| * | search: allow wildcardsValentin Rothberg2020-06-19
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow wildcards in the search term. Note that not all registries support wildcards and it may only work with v1 registries. Note that searching implies figuring out if the specified search term includes a registry. If there's not registry detected, the search term will be used against all configured "unqualified-serach-registries" in the registries.conf. The parsing logic considers a registry to be the substring before the first slash `/`. With these changes we now not only support wildcards but arbitrary input; ultimately it's up to the registries to decide whether they support given input or not. Fixes: bugzilla.redhat.com/show_bug.cgi?id=1846629 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / Poll on events for file readingBrent Baude2020-06-19
|/ | | | | | | | When multiple connections are monitoring events via the remote API, the inotify in the hpcloud library seems unable to consistently send events. Switching from inotify to poll seems to clear this up. Fixes: #6664 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Allow recursive dependency start with Init()Matthew Heon2020-06-18
| | | | | | | | | | | | | | | | | | | | As part of APIv2 Attach, we need to be able to attach to freshly created containers (in ContainerStateConfigured). This isn't something Libpod is interested in supporting, so we use Init() to get the container into ContainerStateCreated, in which attach is possible. Problem: Init() will fail if dependencies are not started, so a fresh container in a fresh pod will fail. The simplest solution is to extend the existing recursive start code from Start() to Init(), allowing dependency containers to be started when we initialize the container (optionally, controlled via bool). Also, update some comments in container_api.go to make it more clear how some of our major API calls work. Fixes #6646 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #6560 from mheon/fix_exec_logdriverOpenShift Merge Robot2020-06-17
|\ | | | | Do not share container log driver for exec
| * Do not share container log driver for execMatthew Heon2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the container uses journald logging, we don't want to automatically use the same driver for its exec sessions. If we do we will pollute the journal (particularly in the case of healthchecks) with large amounts of undesired logs. Instead, force exec sessions logs to file for now; we can add a log-driver flag later (we'll probably want to add a `podman logs` command that reads exec session logs at the same time). As part of this, add support for the new 'none' logs driver in Conmon. It will be the default log driver for exec sessions, and can be optionally selected for containers. Great thanks to Joe Gooch (mrwizard@dok.org) for adding support to Conmon for a null log driver, and wiring it in here. Fixes #6555 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6522 from mheon/unless-stoppedOpenShift Merge Robot2020-06-17
|\ \ | | | | | | Add support for the unless-stopped restart policy
| * | Add support for the unless-stopped restart policyMatthew Heon2020-06-17
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We initially believed that implementing this required support for restarting containers after reboot, but this is not the case. The unless-stopped restart policy acts identically to the always restart policy except in cases related to reboot (which we do not support yet), but it does not require that support for us to implement it. Changes themselves are quite simple, we need a new restart policy constant, we need to remove existing checks that block creation of containers when unless-stopped was used, and we need to update the manpages. Fixes #6508 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* / Revert #6591 to fix issue with failed testsjgallucci322020-06-17
|/ | | | Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
* Fix podman-remote imagesDaniel J Walsh2020-06-16
| | | | | | Looks like we went too far with the linters. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6591 from jgallucci32/patch-1OpenShift Merge Robot2020-06-15
|\ | | | | Merged request to fix -f to stop following logs
| * Remove redundant break in for loop.jgallucci322020-06-15
| | | | | | | | | | | | | | Remove redundant `break` call in for loop. Co-authored-by: Qi Wang <qiwan@redhat.com> Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
| * Do not print error message when container does not existjgallucci322020-06-12
| | | | | | | | | | | | | | | | This fixes a condition when a container is removed while following the logs and prints an error when the container is removed forcefully. Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
| * Changed from t.StopAtEOF() to t.Stop() and added error checkjgallucci322020-06-12
| | | | | | | | Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
| * Fix -f logs to stop when a container exitsjgallucci322020-06-12
| | | | | | | | | | | | | | | | | | | | | | Fixes an issue with the previous PR where a container would exit while following logs and the log tail continued to follow. This creates a subroutine which checks the state of the container and instructs the tailLog to stop when it reaches EOF. Tested the following conditions: * Tail and follow logs of running container * Tail and follow logs of stopped container * Tail and follow logs of running container which exits after some time Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
| * Fix -f logs follow with stopped containerQi Wang2020-06-11
| | | | | | | | | | | | Fix -f logs follow with stopped container. Close #6531 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Turn on More lintersDaniel J Walsh2020-06-15
|/ | | | | | | | | - misspell - prealloc - unparam - nakedret Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6415 from vrothberg/systemd-new-podOpenShift Merge Robot2020-06-11
|\ | | | | podman-generate-systemd --new for pods
| * generate systemd: create pod templateValentin Rothberg2020-06-11
| | | | | | | | | | | | | | | | | | | | Create a new template for generating a pod unit file. Eventually, this allows for treating and extending pod and container generation seprately. The `--new` flag now also works on pods. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * generate systemd: refactorValentin Rothberg2020-06-11
| | | | | | | | | | | | | | | | | | | | | | | | Refactor the systemd-unit generation code and move all the logic into `pkg/systemd/generate`. The code was already hard to maintain but I found it impossible to wire the `--new` logic for pods in all the chaos. The code refactoring in this commit will make maintaining the code easier and should make it easier to extend as well. Further changes and refactorings may still be needed but they will easier. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * add (*Pod).CreateCommand()Valentin Rothberg2020-06-11
| | | | | | | | | | | | Add a method to Pod to easily access its .config.CreateCommand. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>