summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* libpod: add GetConfigNoCopy()Valentin Rothberg2021-09-29
| | | | | | | | | | | | | | | | Add a new function to libpod to directly access the runtime configuration without creating an expensive deep copy. Further migrate a number of callers to this new function. This drops the number of calls to JSONDeepCopy from 4 to 1 in a simple `podman run --rm -d busybox top`. Future work: Please note that there are more callers of GetConfig() that can me migrated to GetConfigNoCopy(). [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* libpod: add execSessionNoCopyValentin Rothberg2021-09-29
| | | | | | | | | To avoid creating an expensive deep copy, create an internal function to access the exec session. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* libpod: do not call (*container).Spec()Valentin Rothberg2021-09-29
| | | | | | | | | | | | Access the container's spec field directly inside of libpod instead of calling Spec() which in turn creates expensive JSON deep copies. Accessing the field directly drops memory consumption of a simple podman run --rm busybox true from ~700kB to ~600kB. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Ensure pod ID bucket is properly updated on renameMatthew Heon2021-09-28
| | | | | | | | | | | | | As we were not updating the pod ID bucket, removing a pod with containers still in it (including the infra container, which will always suffer from this) will not properly update the name registry to remove the name of any renamed containers. This patch ensures that does not happen - all containers will be fully removed, even if renamed. Fixes #11750 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* libpod: do not call (*container).Config()Valentin Rothberg2021-09-28
| | | | | | | | | | | | Access the container's config field directly inside of libpod instead of calling `Config()` which in turn creates expensive JSON deep copies. Accessing the field directly drops memory consumption of a simple `podman run --rm busybox true` from 1245kB to 410kB. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #11751 from Luap99/net-aliasOpenShift Merge Robot2021-09-28
|\ | | | | always add short container id as net alias
| * move network alias validation to container createPaul Holzinger2021-09-28
| | | | | | | | | | | | | | | | | | | | Podman 4.0 currently errors when you use network aliases for a network which has dns disabled. Because the error happens on network setup this can cause regression for old working containers. The network backend should not validate this. Instead podman should check this at container create time and also for network connect. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * always add short container id as net aliasPaul Holzinger2021-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This matches what docker does. Also make sure the net aliases are also shown when the container is stopped. docker-compose uses this special alias entry to check if it is already correctly connected to the network. [1] Because we do not support static ips on network connect at the moment calling disconnect && connect will loose the static ip. Fixes #11748 [1] https://github.com/docker/compose/blob/0bea52b18dda3de8c28fcfb0c80cc08b8950645e/compose/service.py#L663-L667 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | image prune: support removing external containersValentin Rothberg2021-09-28
| | | | | | | | | | | | | | | | Support removing external containers (e.g., build containers) during image prune. Fixes: #11472 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | CNI: network remove do not error for ENOENTPaul Holzinger2021-09-27
|/ | | | | | | | Make podman network rm more robust by checking for ENOENT if we cannot remove the config file. If it does not exists there is no reason to error. This is especially useful for podman network prune. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* rootful: do not set XDG_RUNTIME_DIR for cni pluginsPaul Holzinger2021-09-24
| | | | | | | | | | | | | | | The dnsname plugin tries to use XDG_RUNTIME_DIR to store files. podman run will have XDG_RUNTIME_DIR set and thus the cni plugin can use it. The problem is that XDG_RUNTIME_DIR is unset for the conmon process for rootful users. This causes issues since the cleanup process is spawned by conmon and thus not have XDG_RUNTIME_DIR set to same value as podman run. Because of it dnsname will not find the config files and cannot correctly cleanup. To fix this we should also unset XDG_RUNTIME_DIR for the cni plugins as rootful. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11654 from Luap99/health-dockerOpenShift Merge Robot2021-09-23
|\ | | | | podman inspect add State.Health field for docker compat
| * podman inspect add State.Health field for docker compatPaul Holzinger2021-09-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | podman inspect shows the healthcheck status in `.State.Healthcheck`, docker uses `.State.Health`. To make sure docker scripts work we should add the `Health` key. Because we do not want to display both keys by default we only use the new `Health` key. This is a breaking change for podman users but matches what docker does. To provide some form of compatibility users can still use `--format {{.State.Healthcheck}}`. IT is just not shown by default. Fixes #11645 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11704 from rhatdan/kubeOpenShift Merge Robot2021-09-23
|\ \ | | | | | | podman generate kube should not include images command
| * | podman generate kube should not include images commandDaniel J Walsh2021-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | If the command came from the underlying image, then we should not include it in the generate yaml file. Fixes: https://github.com/containers/podman/issues/11672 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #11604 from rhatdan/deleteContainerOpenShift Merge Robot2021-09-22
|\ \ \ | | | | | | | | Ignore mount errors except ErrContainerUnknown when cleaningup container
| * | | Ignore mount errors except ErrContainerUnknown when cleaningup containerDaniel J Walsh2021-09-22
| | |/ | |/| | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11207 [NO TESTS NEEDED] Since I don't know how to get into this situation. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / | standardize logrus messages to upper caseDaniel J Walsh2021-09-22
|/ / | | | | | | | | | | | | | | Remove ERROR: Error stutter from logrus messages also. [ NO TESTS NEEDED] This is just code cleanup. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #11689 from Luap99/con-stateOpenShift Merge Robot2021-09-22
|\ \ | |/ |/| sync container state before reading the healthcheck
| * sync container state before reading the healthcheckPaul Holzinger2021-09-22
| | | | | | | | | | | | | | | | | | | | The health check result is stored in the container state. Since the state can change or might not even be set we have to retrive the current state before we try to read the health check result. Fixes #11687 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11629 from Luap99/CNI-1.0OpenShift Merge Robot2021-09-22
|\ \ | | | | | | Bump CNI to v1.0.1
| * | Bump CNI to v1.0.1Paul Holzinger2021-09-22
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update CNI so we can match wrapped errors. This should silence ENOENT warnings when trying to read the cni conflist files. Fixes #10926 Because CNI v1.0.0 contains breaking changes we have to change some import paths. Also we cannot update the CNI version used for the conflist files created by `podman network create` because this would require at least containernetwork-plugins v1.0.1 and a updated dnsname plugin. Because this will take a while until it lands in most distros we should not use this version. So keep using v0.4.0 for now. The update from checkpoint-restore/checkpointctl is also required to make sure it no longer uses CNI to read the network status. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / net types: remove omitempty from required fieldsPaul Holzinger2021-09-22
|/ | | | | | | | | This will make reading the fields easier in rust because we can guarantee that the fields will be present in the json output. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11676 from rhatdan/kubeOpenShift Merge Robot2021-09-21
|\ | | | | Generate kube shouldn't add podman default environment vars
| * Generate kube should'd add podman default environment varsDaniel J Walsh2021-09-21
| | | | | | | | | | | | | | | | Currently we add the default PATH, TERM and container from Podman to every kubernetes.yaml file. These values should not be recorded in the yaml files. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #11650 from flouthoc/named-volume-overlayOpenShift Merge Robot2021-09-21
|\ \ | |/ |/| volume: Add support for overlay on named volumes
| * volume: Add support for overlay on named volumesAditya Rajan2021-09-21
| | | | | | | | | | | | | | Following PR allows containers to create and mount overlays on top of named volumes instead of mounting actual volumes via already documented `:O`. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | Pod Device Supportcdoern2021-09-20
|/ | | | | | | | | | added support for pod devices. The device gets added to the infra container and recreated in all containers that join the pod. This required a new container config item to keep track of the original device passed in by the user before the path was parsed into the container device. Signed-off-by: cdoern <cdoern@redhat.com>
* podman machine: use gvproxy for host.containers.internalPaul Holzinger2021-09-20
| | | | | | | | | | | | | | | | Let the gvproxy dns server handle the host.containers.internal entry. Support for this is already added to gvproxy. [1] To make sure the container uses the dns response from gvproxy we should not add host.containers.internal to /etc/hosts in this case. [NO TESTS NEEDED] podman machine has no tests :/ Fixes #11642 [1] https://github.com/containers/gvisor-tap-vsock/commit/1108ea45162281046d239047a6db9bc187e64b08 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11628 from Luap99/remove-unsued-codeOpenShift Merge Robot2021-09-18
|\ | | | | Remove unused code from libpod
| * Remove unused code from libpodPaul Holzinger2021-09-17
| | | | | | | | | | | | | | | | | | | | | | | | | | The libpod package should only compile on linux. The remote client should never try to import this package. Since these files do not add any value we should remove them, this prevents people from accidentally importing this package because it would fail to compile on windows/macos. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11607 from Luap99/ipvlanOpenShift Merge Robot2021-09-17
|\ \ | |/ |/| CNI: add ipvlan driver support and macvlan modes
| * CNI: add ipvlan driverPaul Holzinger2021-09-16
| | | | | | | | | | | | | | | | | | Add support for the ipvlan cni plugin. This allows us to create, inspect and list ipvlan networks correctly. Fixes #10478 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * CNI: network create support macvlan modesPaul Holzinger2021-09-16
| | | | | | | | | | | | | | | | Support setting the macvlan mode with `podman network create -d macvlan --opt mode=bridge`. This will correctly set the specified macvlan mode in the cni conflist file. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11603 from rhatdan/truncateOpenShift Merge Robot2021-09-17
|\ \ | | | | | | Add no-trunc support to podman-events
| * | Add no-trunc support to podman-eventsDaniel J Walsh2021-09-16
| |/ | | | | | | | | | | | | | | | | | | | | Standardize on no-trunc through the code. Alias notruncate where necessary. Standardize on the man page display of no-trunc. Fixes: https://github.com/containers/podman/issues/8941 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #11606 from giuseppe/always-move-pause-process-to-scopeOpenShift Merge Robot2021-09-17
|\ \ | | | | | | runtime: move pause process to scope
| * | runtime: move pause process to scopeGiuseppe Scrivano2021-09-16
| |/ | | | | | | | | | | | | | | | | | | | | make sure the pause process is moved to its own scope as well as what we do when we join an existing user+mount namespace. Closes: https://github.com/containers/podman/issues/11560 [NO TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / Only add 127.0.0.1 entry to /etc/hosts with --net=nonePaul Holzinger2021-09-16
|/ | | | | | | | | | | The check for net=none was wrong. It just assumed when we do not create the netns but have one set that we use the none mode. This however also applies to a container which joins the pod netns. To correctly check for the none mode use `config.NetMode.IsNone()`. Fixes #11596 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11322 from Luap99/network-libpodOpenShift Merge Robot2021-09-15
|\ | | | | Wire network interface into libpod
| * Add Drivers method to the Network InterfacePaul Holzinger2021-09-15
| | | | | | | | | | | | | | Drivers should return the list of supported network drivers by this plugin. This is useful for podman info. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * Drop OCICNI dependencyPaul Holzinger2021-09-15
| | | | | | | | | | | | | | | | | | | | | | We do not use the ocicni code anymore so let's get rid of it. Only the port struct is used but we can copy this into libpod network types so we can debloat the binary. The next step is to remove the OCICNI port mapping form the container config and use the better PortMapping struct everywhere. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * Wire network interface into libpodPaul Holzinger2021-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make use of the new network interface in libpod. This commit contains several breaking changes: - podman network create only outputs the new network name and not file path. - podman network ls shows the network driver instead of the cni version and plugins. - podman network inspect outputs the new network struct and not the cni conflist. - The bindings and libpod api endpoints have been changed to use the new network structure. The container network status is stored in a new field in the state. The status should be received with the new `c.getNetworkStatus`. This will migrate the old status to the new format. Therefore old containers should contine to work correctly in all cases even when network connect/ disconnect is used. New features: - podman network reload keeps the ip and mac for more than one network. - podman container restore keeps the ip and mac for more than one network. - The network create compat endpoint can now use more than one ipam config. The man pages and the swagger doc are updated to reflect the latest changes. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * cni network configs set ipv6 enables correctlyPaul Holzinger2021-09-15
| | | | | | | | | | | | | | When configs are loaded from disk we need to check if they contain a ipv6 subnet and set ipv6 enables to true in this case. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * default network: do not validate the used subnetsPaul Holzinger2021-09-15
| | | | | | | | | | | | | | | | | | | | | | The default network should not be validated against used subnets, we have to ensure that this network can always be created even when a subnet is already used on the host. This could happen if you run a container on this net, then the cni interface will be created on the host and "block" this subnet from being used again. Therefore the next podman command tries to create the default net again and it would fail because it thinks the network is used on the host. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * network create: validate the input subnetPaul Holzinger2021-09-15
| | | | | | | | | | | | | | Check that the given subnet does not conflict with existing ones (other configs or host interfaces). Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11577 from rhatdan/tmpdirOpenShift Merge Robot2021-09-15
|\ \ | |/ |/| Set default storage from containers.conf for temporary images
| * Set default storage from containers.conf for temporary imagesDaniel J Walsh2021-09-15
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11107 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #11567 from giuseppe/cgroups-split-with-podsOpenShift Merge Robot2021-09-15
|\ \ | |/ |/| libpod: honor --cgroups=split also with pods
| * libpod: honor --cgroups=split also with podsGiuseppe Scrivano2021-09-14
| | | | | | | | | | | | Honor --cgroups=split also when the container is running in a pod. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>