summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Merge pull request #4805 from giuseppe/log-tagOpenShift Merge Robot2020-01-10
|\ | | | | log: support --log-opt tag=
| * log: support --log-opt tag=Giuseppe Scrivano2020-01-10
| | | | | | | | | | | | | | | | | | | | support a custom tag to add to each log for the container. It is currently supported only by the journald backend. Closes: https://github.com/containers/libpod/issues/3653 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | fix e2e test failurebaude2020-01-10
| | | | | | | | | | | | it is possible for layers.names to be nil and we must account for that. Signed-off-by: baude <bbaude@redhat.com>
* | address review comments before mergebaude2020-01-10
| | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | Initial commit on compatible APIJhon Honce2020-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Create service command Use cd cmd/service && go build . $ systemd-socket-activate -l 8081 cmd/service/service & $ curl http://localhost:8081/v1.24/images/json Signed-off-by: Jhon Honce <jhonce@redhat.com> Correct Makefile Signed-off-by: Jhon Honce <jhonce@redhat.com> Two more stragglers Signed-off-by: Jhon Honce <jhonce@redhat.com> Report errors back as http headers Signed-off-by: Jhon Honce <jhonce@redhat.com> Split out handlers, updated output Output aligned to docker structures Signed-off-by: Jhon Honce <jhonce@redhat.com> Refactored routing, added more endpoints and types * Encapsulated all the routing information in the handler_* files. * Added more serviceapi/types, including podman additions. See Info Signed-off-by: Jhon Honce <jhonce@redhat.com> Cleaned up code, implemented info content * Move Content-Type check into serviceHandler * Custom 404 handler showing the url, mostly for debugging * Refactored images: better method names and explicit http codes * Added content to /info * Added podman fields to Info struct * Added Container struct Signed-off-by: Jhon Honce <jhonce@redhat.com> Add a bunch of endpoints containers: stop, pause, unpause, wait, rm images: tag, rmi, create (pull only) Signed-off-by: baude <bbaude@redhat.com> Add even more handlers * Add serviceapi/Error() to improve error handling * Better support for API return payloads * Renamed unimplemented to unsupported these are generic endpoints we don't intend to ever support. Swarm broken out since it uses different HTTP codes to signal that the node is not in a swarm. * Added more types * API Version broken out so it can be validated in the future Signed-off-by: Jhon Honce <jhonce@redhat.com> Refactor to introduce ServiceWriter Signed-off-by: Jhon Honce <jhonce@redhat.com> populate pods endpoints /libpod/pods/.. exists, kill, pause, prune, restart, remove, start, stop, unpause Signed-off-by: baude <bbaude@redhat.com> Add components to Version, fix Error body Signed-off-by: Jhon Honce <jhonce@redhat.com> Add images pull output, fix swarm routes * docker-py tests/integration/api_client_test.py pass 100% * docker-py tests/integration/api_image_test.py pass 4/16 + Test failures include services podman does not support Signed-off-by: Jhon Honce <jhonce@redhat.com> pods endpoint submission 2 add create and others; only top and stats is left. Signed-off-by: baude <bbaude@redhat.com> Update pull image to work from empty registry Signed-off-by: Jhon Honce <jhonce@redhat.com> pod create and container create first pass at pod and container create. the container create does not quite work yet but it is very close. pod create needs a partial rewrite. also broken off the DELETE (rm/rmi) to specific handler funcs. Signed-off-by: baude <bbaude@redhat.com> Add docker-py demos, GET .../containers/json * Update serviceapi/types to reflect libpod not podman * Refactored removeImage() to provide non-streaming return Signed-off-by: Jhon Honce <jhonce@redhat.com> create container part2 finished minimal config needed for create container. started demo.py for upcoming talk Signed-off-by: baude <bbaude@redhat.com> Stop server after honoring request * Remove casting for method calls * Improve WriteResponse() * Update Container API type to match docker API Signed-off-by: Jhon Honce <jhonce@redhat.com> fix namespace assumptions cleaned up namespace issues with libpod. Signed-off-by: baude <bbaude@redhat.com> wip Signed-off-by: baude <bbaude@redhat.com> Add sliding window when shutting down server * Added a Timeout rather than closing down service on each call * Added gorilla/schema dependency for Decode'ing query parameters * Improved error handling * Container logs returned and multiplexed for stdout and stderr * .../containers/{name}/logs?stdout=True&stderr=True * Container stats * .../containers/{name}/stats Signed-off-by: Jhon Honce <jhonce@redhat.com> Improve error handling * Add check for at least one std stream required for /containers/{id}/logs * Add check for state in /containers/{id}/top * Fill in more fields for /info * Fixed error checking in service start code Signed-off-by: Jhon Honce <jhonce@redhat.com> get rest of image tests for pass Signed-off-by: baude <bbaude@redhat.com> linting our content Signed-off-by: baude <bbaude@redhat.com> more linting Signed-off-by: baude <bbaude@redhat.com> more linting Signed-off-by: baude <bbaude@redhat.com> pruning Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]apiv2 pods migrate from using args in the url to using a json struct in body for pod create. Signed-off-by: baude <bbaude@redhat.com> fix handler_images prune prune's api changed slightly to deal with filters. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]enabled base container create tests enabling the base container create tests which allow us to get more into the stop, kill, etc tests. many new tests now pass. Signed-off-by: baude <bbaude@redhat.com> serviceapi errors: append error message to API message I dearly hope this is not breaking any other tests but debugging "Internal Server Error" is not helpful to any user. In case, it breaks tests, we can rever the commit - that's why it's a small one. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> serviceAPI: add containers/prune endpoint Signed-off-by: Valentin Rothberg <rothberg@redhat.com> add `service` make target Also remove the non-functional sub-Makefile. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> add make targets for testing the service * `sudo make run-service` for running the service. * `DOCKERPY_TEST="tests/integration/api_container_test.py::ListContainersTest" \ make run-docker-py-tests` for running a specific tests. Run all tests by leaving the env variable empty. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> Split handlers and server packages The files were split to help contain bloat. The api/server package will contain all code related to the functioning of the server while api/handlers will have all the code related to implementing the end points. api/server/register_* will contain the methods for registering endpoints. Additionally, they will have the comments for generating the swagger spec file. See api/handlers/version.go for a small example handler, api/handlers/containers.go contains much more complex handlers. Signed-off-by: Jhon Honce <jhonce@redhat.com> [CI:DOCS]enabled more tests Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]libpod endpoints small refactor for libpod inclusion and began adding endpoints. Signed-off-by: baude <bbaude@redhat.com> Implement /build and /events * Include crypto libraries for future ssh work Signed-off-by: Jhon Honce <jhonce@redhat.com> [CI:DOCS]more image implementations convert from using for to query structs among other changes including new endpoints. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]add bindings for golang Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]add volume endpoints for libpod create, inspect, ls, prune, and rm Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]apiv2 healthcheck enablement wire up container healthchecks for the api. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]Add mount endpoints via the api, allow ability to mount a container and list container mounts. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]Add search endpoint add search endpoint with golang bindings Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]more apiv2 development misc population of methods, etc Signed-off-by: baude <bbaude@redhat.com> rebase cleanup and epoch reset Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]add more network endpoints also, add some initial error handling and convenience functions for standard endpoints. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]use helper funcs for bindings use the methods developed to make writing bindings less duplicative and easier to use. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]add return info for prereview begin to add return info and status codes for errors so that we can review the apiv2 Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]first pass at adding swagger docs for api Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #4818 from haircommander/piped-exec-fixOpenShift Merge Robot2020-01-09
|\ \ | | | | | | exec: fix pipes
| * | exec: fix pipesPeter Hunt2020-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In a largely anticlimatic solution to the saga of piped input from conmon, we come to this solution. When we pass the Stdin stream to the exec.Command structure, it's immediately consumed and lost, instead of being consumed through CopyDetachable(). When we don't pass -i in, conmon is not told to create a masterfd_stdin, and won't pass anything to the container. With both, we can do echo hi | podman exec -til cat and get the expected hi Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | rootlessport: honor ctr.runtime.config.TmpDirAkihiro Suda2020-01-09
| |/ |/| | | | | | | | | Previously, rootlessport was using /var/tmp as the tmp dir. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* | fix lint - ignore image.ImageDeleteResponse definitionValentin Rothberg2020-01-08
| | | | | | | | | | | | | | Golint claims that image.Image stutters but renaming the type would be a breaking change which isn't worth the consequences. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | fix lint - drop else blockValentin Rothberg2020-01-08
| | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | fix lint: add comment for NameRegex and errorValentin Rothberg2020-01-08
| | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | fix lint: correct func identifier in commentValentin Rothberg2020-01-08
| | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | fix lint: "guarantess" is a misspelling of "guarantees"Valentin Rothberg2020-01-08
| | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | rootless: use RootlessKit port forwarderAkihiro Suda2020-01-08
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RootlessKit port forwarder has a lot of advantages over the slirp4netns port forwarder: * Very high throughput. Benchmark result on Travis: socat: 5.2 Gbps, slirp4netns: 8.3 Gbps, RootlessKit: 27.3 Gbps (https://travis-ci.org/rootless-containers/rootlesskit/builds/597056377) * Connections from the host are treated as 127.0.0.1 rather than 10.0.2.2 in the namespace. No UDP issue (#4586) * No tcp_rmem issue (#4537) * Probably works with IPv6. Even if not, it is trivial to support IPv6. (#4311) * Easily extensible for future support of SCTP * Easily extensible for future support of `lxc-user-nic` SUID network RootlessKit port forwarder has been already adopted as the default port forwarder by Rootless Docker/Moby, and no issue has been reported AFAIK. As the port forwarder is imported as a Go package, no `rootlesskit` binary is required for Podman. Fix #4586 May-fix #4559 Fix #4537 May-fix #4311 See https://github.com/rootless-containers/rootlesskit/blob/v0.7.0/pkg/port/builtin/builtin.go Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* Merge pull request #4748 from NevilleC/nc-podnameOpenShift Merge Robot2019-12-29
|\ | | | | [Issue #4703] Add the pod name when we use `podman ps -p`
| * Add the pod name when we use `podman ps -p`Neville Cain2019-12-28
| | | | | | | | | | | | | | | | | | | | | | | | The pod name does not appear when doing `podman ps -p`. It is missing as the documentation says: -p, --pod Print the ID and name of the pod the containers are associated with The pod name is added in the ps output and checked in unit tests. Closes #4703 Signed-off-by: NevilleC <neville.cain@qonto.eu>
* | Ensure SizeRw is shown when a user does 'inspect --size -t container'.Neville Cain2019-12-27
|/ | | | | | | | | | | | | | Currently, if a user requests the size on a container (inspect --size -t container), the SizeRw does not show up if the value is 0. It's because InspectContainerData is defined as int64 and there is an omit when empty. We do want to display it even if the value is empty. I have changed the type of SizeRw to be a pointer to an int64 instead of an int64. It will allow us todistinguish the empty value to the missing value. I updated the test "podman inspect container with size" to ensure we check thatSizeRw is displayed correctly. Closes #4744 Signed-off-by: NevilleC <neville.cain@qonto.eu>
* add struct response for removal of imagesbaude2019-12-23
| | | | | | | | when removing an image from storage, we should return a struct that details what was untagged vs deleted. this replaces the simple println's used previously and assists in API development. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #4727 from rhatdan/pidnsOpenShift Merge Robot2019-12-20
|\ | | | | if container is not in a pid namespace, stop all processes
| * if container is not in a pid namespace, stop all processesDaniel J Walsh2019-12-19
| | | | | | | | | | | | | | | | | | When a container is in a PID namespace, it is enought to send the stop signal to the PID 1 of the namespace, only send signals to all processes in the container when the container is not in a pid namespace. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #4723 from mheon/pod_volume_postremoveOpenShift Merge Robot2019-12-19
|\ \ | | | | | | Remove volumes after containers in pod remove
| * | Remove volumes after containers in pod removeMatthew Heon2019-12-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When trying to reproduce #4704 I noticed that the named volumes from the Postgres containers in the reproducer weren't being removed by `podman pod rm -f` saying that the container they were attached to was still in use. This was rather odd, considering they were only in use by one container, and that container was in the process of being removed with the pod. After a bit of tracing, I realized that the cause is the ordering of container removal when we remove a pod. Normally, it's done in removeContainer() before volume removal (which is the last thing in that function). However, when we are removing a pod, we remove containers all at once, after removeContainer has already finished - meaning the container still exists when we try to remove its volumes, and thus the volume can't be removed. Solution: collect a list of all named volumes in use by the pod, and remove them all at once after every container in the pod is gone. This ensures that there are no dependency issues. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #4684 from vrothberg/systemd-improvementsOpenShift Merge Robot2019-12-19
|\ \ \ | |_|/ |/| | container config: add CreateCommand
| * | container config: add CreateCommandValentin Rothberg2019-12-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Store the full command plus arguments of the process the container has been created with. Expose this data as a `Config.CreateCommand` field in the container-inspect data as well. This information can be useful for debugging, as we can find out which command has created the container, and, if being created via the Podman CLI, we know exactly with which flags the container has been created with. The immediate motivation for this change is to use this information for `podman-generate-systemd` to generate systemd-service files that allow for creating new containers (in contrast to only starting existing ones). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #4643 from adrianreber/masterOpenShift Merge Robot2019-12-17
|\ \ \ | | | | | | | | Correctly export the root file-system changes
| * | | Correctly export the root file-system changesAdrian Reber2019-12-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When doing a checkpoint with --export the root file-system diff was not working as expected. Instead of getting the changes from the running container to the highest storage layer it got the changes from the highest layer to that parent's layer. For a one layer container this could mean that the complete root file-system is part of the checkpoint. With this commit this changes to use the same functionality as 'podman diff'. This actually enables to correctly diff the root file-system including tracking deleted files. This also removes the non-working helper functions from libpod/diff.go. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | Merge pull request #4681 from jvanz/issue4553OpenShift Merge Robot2019-12-17
|\ \ \ \ | |_|_|/ |/| | | podman: mirror information
| * | | runtime.go: show registries data and search tableJosé Guilherme Vanz2019-12-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Update podman info command to show the registries data and the search table. Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com>
| * | | runtime.go: show search table in podman infoJosé Guilherme Vanz2019-12-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Updates the podman info command to show registries from v1 config file in the search table format. Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com>
| * | | podman: mirror informationJosé Guilherme Vanz2019-12-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Updates the podman info command to show the mirror information Issue https://github.com/containers/libpod/issues/4553 Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com>
* | | | Fix F30-F31 migration for Podman 1.7.0Matthew Heon2019-12-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The earlier attempt to re-add config migration only worked with user-specified configs (podman run --config). This version works more in line with that we want - the first rootless config file will be changed from runc to crun. Verified on my system after an F31 migration - everything seems to be working well. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #4692 from mheon/reap_exec_sessionsOpenShift Merge Robot2019-12-13
|\ \ \ \ | |_|_|/ |/| | | Reap exec sessions on cleanup and removal
| * | | Reap exec sessions on cleanup and removalMatthew Heon2019-12-12
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We currently rely on exec sessions being removed from the state by the Exec() API itself, on detecting the session stopping. This is not a reliable method, though. The Podman frontend for exec could be killed before the session ended, or another Podman process could be holding the lock and prevent update (most notable in `run --rm`, when a container with an active exec session is stopped). To resolve this, add a function to reap active exec sessions from the state, and use it on cleanup (to clear sessions after the container stops) and remove (to do the same when --rm is passed). This is a bit more complicated than it ought to be because Kata and company exist, and we can't guarantee the exec session has a PID on the host, so we have to plumb this through to the OCI runtime. Fixes #4666 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #4664 from baude/movefiltersOpenShift Merge Robot2019-12-11
|\ \ \ | | | | | | | | move image filters under libpod/images
| * | | move image filters under libpod/imagesbaude2019-12-10
| |/ / | | | | | | | | | | | | | | | | | | | | | to make things more effecient for the api work we are doing, we should process image filters internally (as opposed to in main). this allows for better api responses and more closely affiliated functions. Signed-off-by: baude <bbaude@redhat.com>
* / / Re-add Fedora 31 migration code.Matthew Heon2019-12-10
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the process, make everything in the config omitempty in TOML. We're seeing issues (notably [1]) where, after rewriting libpod.conf, fields that were not previously populated are written - and, because they were not previously written, they are included as empty. This is unfortunately different from not included at all - it means that we need to assume the user explicitly unset the value, and we can't use defaults. Setting omitempty prevents us from writing things that should not be written as they were not set originally. [1] https://github.com/containers/libpod/issues/4210 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #4563 from mheon/fix_change_parsingOpenShift Merge Robot2019-12-06
|\ \ | |/ |/| Fix parsing for arrays of values in image changes
| * Add ONBUILD support to --changeMatthew Heon2019-12-05
| | | | | | | | | | | | | | | | | | | | | | Return types had to change a bit for this, but since we can wrap the old v1.ImageConfig, changes are overall not particularly bad. At present, I believe this only works with commit, not import. This matches how things were before we changed to the new parsing so I think this is fine. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Move Commit() to new parsing for --changeMatthew Heon2019-12-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It turns out we had two independent parsing impkementations for Dockerfile instructions out of --change. My previous commit fixed the one used in --change, but as I discovered to my dismay, commit used a different implementation. Remove that and use the new parsing implementation instead. While we're at it, fix some bugs in the current commit code. The addition of anonymous named volumes to Libpod recently means we can now include those in the image config when committing. Some changes (VOLUME, ENV, EXPOSE, LABEL) previously cleared the config of the former image when used; Docker does not do this, so I removed that behavior. Still needs fixing: the new implementation does not support ONBUILD, while the old one did. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | libpod: fix stats for rootless podsGiuseppe Scrivano2019-12-04
|/ | | | | | | | honor the systemd parent directory when specified. Closes: https://github.com/containers/libpod/issues/4634 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #4629 from mheon/fix_indirect_netnsctr_lookupOpenShift Merge Robot2019-12-03
|\ | | | | Allow chained network namespace containers
| * Allow chained network namespace containersMatthew Heon2019-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | The code currently assumes that the container we delegate network namespace to will never further delegate to another container, so when looking up things like /etc/hosts and /etc/resolv.conf we won't pull the correct files from the chained dependency. The changes to resolve this are relatively simple - just need to keep looking until we find a container without NetNsCtr set. Fixes #4626 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Ensure volumes reacquire locks on state refreshMatthew Heon2019-12-02
|/ | | | | | | | | | | | | | | | | | | | | | | | After a restart, pods and containers both run a refresh() function to prepare to run after a reboot. Until now, volumes have not had a similar function, because they had no per-boot setup to perform. Unfortunately, this was not noticed when in-memory locking was introduced to volumes. The refresh() routine is, among other things, responsible for ensuring that locks are reserved after a reboot, ensuring they cannot be taken by a freshly-created container, pod, or volume. If this reservation is not done, we can end up with two objects using the same lock, potentially needing to lock each other for some operations - classic recipe for deadlocks. Add a refresh() function to volumes to perform lock reservation and ensure it is called as part of overall refresh(). Fixes #4605 Fixes #4621 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* libpod: fix case for executable file not found errorsGiuseppe Scrivano2019-12-02
| | | | | | | | | | do not change the runtime error to be lowercase, but use a case insensitive regex matching. In this way the original error from the OCI runtime is reported back. regression introduced by bc485bce47f55135d6ead80537bc145edb779ae9 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #4493 from mheon/add_removing_stateOpenShift Merge Robot2019-12-02
|\ | | | | Add ContainerStateRemoving
| * Error on netns not exist only when ctr is runningMatthew Heon2019-11-19
| | | | | | | | | | | | | | | | | | | | If the container is running and we need to get its netns and can't, that is a serious bug deserving of errors. If it's not running, that's not really a big deal. Log an error and continue. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Add ContainerStateRemovingMatthew Heon2019-11-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When Libpod removes a container, there is the possibility that removal will not fully succeed. The most notable problems are storage issues, where the container cannot be removed from c/storage. When this occurs, we were faced with a choice. We can keep the container in the state, appearing in `podman ps` and available for other API operations, but likely unable to do any of them as it's been partially removed. Or we can remove it very early and clean up after it's already gone. We have, until now, used the second approach. The problem that arises is intermittent problems removing storage. We end up removing a container, failing to remove its storage, and ending up with a container permanently stuck in c/storage that we can't remove with the normal Podman CLI, can't use the name of, and generally can't interact with. A notable cause is when Podman is hit by a SIGKILL midway through removal, which can consistently cause `podman rm` to fail to remove storage. We now add a new state for containers that are in the process of being removed, ContainerStateRemoving. We set this at the beginning of the removal process. It notifies Podman that the container cannot be used anymore, but preserves it in the DB until it is fully removed. This will allow Remove to be run on these containers again, which should successfully remove storage if it fails. Fixes #3906 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #4558 from rhatdan/resetOpenShift Merge Robot2019-11-29
|\ \ | | | | | | Add podman system reset command
| * | Add podman system reset commandDaniel J Walsh2019-11-29
| | | | | | | | | | | | | | | | | | | | | This command will destroy all data created via podman. It will remove containers, images, volumes, pods. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #4576 from giuseppe/oci-errors-only-matchOpenShift Merge Robot2019-11-29
|\ \ \ | |/ / |/| | oci: print only matching part for the errors