summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* No space in kube annotations for bind mountsBrent Baude2021-10-12
| | | | | | | | | | | Kubernetes fails to deal with an annotation that has a space in it. Trim these strings to remove spaces. Fixes: #11929 Signed-off-by: Brent Baude <bbaude@redhat.com> [NO TESTS NEEDED]
* Merge pull request #11869 from jwhonce/wip/pprofOpenShift Merge Robot2021-10-10
|\ | | | | Enable /debug/pprof API service endpoints
| * Enable /debug/pprof API service endpointsJhon Honce2021-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactor sidecar HTTP service for /debug/pprof endpoints to use a TCP address given via new podman system service --pprof-address flag * Allow same URL parsing in "system service" as bindings/connection.go * Refactor NewServerWithSettings() to use entities.ServiceOptions in place of deleted server.Options * Updated godoc for impacted functions and types * Fixed API service Shutdown() to do an orderly shutdown when terminated and running with --time=0 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #11880 from rhatdan/stoptimeoutOpenShift Merge Robot2021-10-10
|\ \ | | | | | | Warn if podman stop timeout expires that sigkill was sent
| * | Warn if podman stop timeout expires that sigkill was sentDaniel J Walsh2021-10-08
| |/ | | | | | | | | | | | | | | | | Note: the Warning message will not come to podman-remote. It would be difficult to plumb, and not really worth the effort. Fixes: https://github.com/containers/podman/issues/11854 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / faster image inspectionValentin Rothberg2021-10-08
|/ | | | | | | | | | | | | | Vendor the latest HEAD in c/common to pull in changes for a faster inspection of images. Previously, only the size computation was optional, now the one for the parent image is as well. In many cases, the parent image is not needed but it takes around 10ms on my local machine. With this change, we cut off 10ms from many code paths, most importantly, container creation. [NO NEW TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #11878 from mheon/stop_stoppingOpenShift Merge Robot2021-10-06
|\ | | | | Allow `podman stop` to be run on Stopping containers
| * Ensure `podman ps --sync` functionsMatthew Heon2021-10-06
| | | | | | | | | | | | | | | | | | | | | | | | The backend for `ps --sync` has been nonfunctional for a long while now - probably since v2.0. It's questionable how useful the flag is in modern Podman (the original case it was intended to catch, Conmon gone via SIGKILL, should be handled now via pinging the process with a signal to ensure it's still alive) but having the ability to force a refresh of container state from the OCI runtime is still useful. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Allow `podman stop` to be run on Stopping containersMatthew Heon2021-10-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows you to stop a container after a `podman stop` process started, but did not finish, stopping the container (probably an ignored stop signal, with no time to SIGKILL?). This is a very narrow case, but once you're in it the only way to recover is a `podman rm -f` of the container or extensive manual remediation (you'd have to kill the container yourself, manually, and then force a `podman ps --all --sync` to update its status from the OCI runtime). [NO NEW TESTS NEEDED] I have no idea how to verify this one - we need to test that it actually started *during* the other stop command, and that's nontrivial. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | libpod: fix race when closing STDINPaul Holzinger2021-10-06
|/ | | | | | | | | | | | | | | | There is a race where `conn.Close()` was called before `conn.CloseWrite()`. In this case `CloseWrite` will fail and an useless error is printed. To fix this we move the the `CloseWrite()` call to the same goroutine to remove the race. This ensures that `CloseWrite()` is called before `Close()` and never afterwards. Also fixed podman-remote run where the STDIN was never was closed. This is causing flakes in CI testing. [NO TESTS NEEDED] Fixes #11856 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11763 from rhatdan/timeoutOpenShift Merge Robot2021-10-04
|\ | | | | Add --time option for podman * rm -f flag
| * Add --time out for podman * rm -f commandsDaniel J Walsh2021-10-04
| | | | | | | | | | | | | | | | | | Add --time flag to podman container rm Add --time flag to podman pod rm Add --time flag to podman volume rm Add --time flag to podman network rm Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | CNI networks: reload networks if neededPaul Holzinger2021-10-04
|/ | | | | | | | | | | | | | | | | | | | The current implementation of the CNI network interface only loads the networks on the first call and saves them in a map. This is done to safe performance and not having to reload all configs every time which will be costly for many networks. The problem with this approach is that if a network is created by another process it will not be picked up by the already running podman process. This is not a problem for the short lived podman commands but it is problematic for the podman service. To make sure we always have the actual networks store the mtime of the config directory. If it changed since the last read we have to read again. Fixes #11828 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Pod Volumes From Supportcdoern2021-10-01
| | | | | | | added support for a volumes from container. this flag just required movement of the volumes-from flag declaration out of the !IsInfra block, and minor modificaions to container_create.go Signed-off-by: cdoern <cdoern@redhat.com>
* Merge pull request #11686 from cdoern/podDeviceOptionsOpenShift Merge Robot2021-10-01
|\ | | | | Pod Device-Read-BPS support
| * Pod Device-Read-BPS supportcdoern2021-09-28
| | | | | | | | | | | | | | | | | | added the option for the user to specify a rate, in bytes, at which they would like to be able to read from the device being added to the pod. This is the first in a line of pod device options. WARNING: changed pod name json tag to pod_name to avoid confusion when marshaling with the containerspec's name Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #11807 from emsoucy/mainDaniel J Walsh2021-09-30
|\ \ | | | | | | Fix typo in storage.conf file exists message
| * | [NO TESTS NEEDED] Fix typo in storage.conf file exists messageEthan Soucy2021-09-30
| | | | | | | | | | | | Signed-off-by: Ethan Soucy <ethan.soucy@gmail.com>
* | | Support selinux options with bind mounts play/genBrent Baude2021-09-30
|/ / | | | | | | | | | | | | | | | | | | | | | | When using play kube and generate kube, we need to support if bind mounts have selinux options. As kubernetes does not support selinux in this way, we tuck the selinux values into a pod annotation for generation of the kube yaml. Then on play, we check annotations to see if a value for the mount exists and apply it. Fixes BZ #1984081 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #11787 from rhatdan/deleteContainerOpenShift Merge Robot2021-09-30
|\ \ | | | | | | Storage can remove ErrNotAContainer as well
| * | Storage can remove ErrNotAContainer as wellDaniel J Walsh2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11775 [NO TESTS NEEDED] No easy way to cause this problem in CI. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #11390 from giuseppe/logging-passthroughOpenShift Merge Robot2021-09-29
|\ \ \ | | | | | | | | logging: new mode -l passthrough
| * | | logging: new mode -l passthroughGiuseppe Scrivano2021-09-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it allows to pass the current std streams down to the container. conmon support: https://github.com/containers/conmon/pull/289 [NO TESTS NEEDED] it needs a new conmon. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #11781 from vrothberg/specOpenShift Merge Robot2021-09-29
|\ \ \ \ | | | | | | | | | | podman run - avoid calls to JSONDeepCopy
| * | | | libpod: container create: init variable: do not deep copy specValentin Rothberg2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not create an expensive deep copy for the provided spec.Spec when creating a container. No API should be expected to create deep copies of arguments unless explicitly documented. This removes the last call to JSONDeepCopy in a simple `podman run --rm -d busybox true`. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | libpod: add GetConfigNoCopy()Valentin Rothberg2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new function to libpod to directly access the runtime configuration without creating an expensive deep copy. Further migrate a number of callers to this new function. This drops the number of calls to JSONDeepCopy from 4 to 1 in a simple `podman run --rm -d busybox top`. Future work: Please note that there are more callers of GetConfig() that can me migrated to GetConfigNoCopy(). [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | libpod: add execSessionNoCopyValentin Rothberg2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To avoid creating an expensive deep copy, create an internal function to access the exec session. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | libpod: do not call (*container).Spec()Valentin Rothberg2021-09-29
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Access the container's spec field directly inside of libpod instead of calling Spec() which in turn creates expensive JSON deep copies. Accessing the field directly drops memory consumption of a simple podman run --rm busybox true from ~700kB to ~600kB. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #11761 from umohnani8/initOpenShift Merge Robot2021-09-29
|\ \ \ \ | |/ / / |/| | | Add port configuration to first regular container
| * | | [NO TESTS NEEDED] Add port configuration to first regular containerUrvashi Mohnani2021-09-28
| |/ / | | | | | | | | | | | | | | | | | | | | | When generating a kube yaml and there is a port configuration add the configuration to the first regular container in the pod and not to the init container. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | Ensure pod ID bucket is properly updated on renameMatthew Heon2021-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As we were not updating the pod ID bucket, removing a pod with containers still in it (including the infra container, which will always suffer from this) will not properly update the name registry to remove the name of any renamed containers. This patch ensures that does not happen - all containers will be fully removed, even if renamed. Fixes #11750 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | libpod: do not call (*container).Config()Valentin Rothberg2021-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Access the container's config field directly inside of libpod instead of calling `Config()` which in turn creates expensive JSON deep copies. Accessing the field directly drops memory consumption of a simple `podman run --rm busybox true` from 1245kB to 410kB. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #11751 from Luap99/net-aliasOpenShift Merge Robot2021-09-28
|\ \ \ | | | | | | | | always add short container id as net alias
| * | | move network alias validation to container createPaul Holzinger2021-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman 4.0 currently errors when you use network aliases for a network which has dns disabled. Because the error happens on network setup this can cause regression for old working containers. The network backend should not validate this. Instead podman should check this at container create time and also for network connect. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | always add short container id as net aliasPaul Holzinger2021-09-28
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This matches what docker does. Also make sure the net aliases are also shown when the container is stopped. docker-compose uses this special alias entry to check if it is already correctly connected to the network. [1] Because we do not support static ips on network connect at the moment calling disconnect && connect will loose the static ip. Fixes #11748 [1] https://github.com/docker/compose/blob/0bea52b18dda3de8c28fcfb0c80cc08b8950645e/compose/service.py#L663-L667 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | image prune: support removing external containersValentin Rothberg2021-09-28
| | | | | | | | | | | | | | | | | | | | | | | | Support removing external containers (e.g., build containers) during image prune. Fixes: #11472 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | CNI: network remove do not error for ENOENTPaul Holzinger2021-09-27
|/ / | | | | | | | | | | | | | | Make podman network rm more robust by checking for ENOENT if we cannot remove the config file. If it does not exists there is no reason to error. This is especially useful for podman network prune. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | rootful: do not set XDG_RUNTIME_DIR for cni pluginsPaul Holzinger2021-09-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The dnsname plugin tries to use XDG_RUNTIME_DIR to store files. podman run will have XDG_RUNTIME_DIR set and thus the cni plugin can use it. The problem is that XDG_RUNTIME_DIR is unset for the conmon process for rootful users. This causes issues since the cleanup process is spawned by conmon and thus not have XDG_RUNTIME_DIR set to same value as podman run. Because of it dnsname will not find the config files and cannot correctly cleanup. To fix this we should also unset XDG_RUNTIME_DIR for the cni plugins as rootful. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11654 from Luap99/health-dockerOpenShift Merge Robot2021-09-23
|\ \ | | | | | | podman inspect add State.Health field for docker compat
| * | podman inspect add State.Health field for docker compatPaul Holzinger2021-09-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman inspect shows the healthcheck status in `.State.Healthcheck`, docker uses `.State.Health`. To make sure docker scripts work we should add the `Health` key. Because we do not want to display both keys by default we only use the new `Health` key. This is a breaking change for podman users but matches what docker does. To provide some form of compatibility users can still use `--format {{.State.Healthcheck}}`. IT is just not shown by default. Fixes #11645 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #11704 from rhatdan/kubeOpenShift Merge Robot2021-09-23
|\ \ \ | | | | | | | | podman generate kube should not include images command
| * | | podman generate kube should not include images commandDaniel J Walsh2021-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the command came from the underlying image, then we should not include it in the generate yaml file. Fixes: https://github.com/containers/podman/issues/11672 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #11604 from rhatdan/deleteContainerOpenShift Merge Robot2021-09-22
|\ \ \ \ | | | | | | | | | | Ignore mount errors except ErrContainerUnknown when cleaningup container
| * | | | Ignore mount errors except ErrContainerUnknown when cleaningup containerDaniel J Walsh2021-09-22
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11207 [NO TESTS NEEDED] Since I don't know how to get into this situation. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / | | standardize logrus messages to upper caseDaniel J Walsh2021-09-22
|/ / / | | | | | | | | | | | | | | | | | | | | | Remove ERROR: Error stutter from logrus messages also. [ NO TESTS NEEDED] This is just code cleanup. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #11689 from Luap99/con-stateOpenShift Merge Robot2021-09-22
|\ \ \ | |/ / |/| | sync container state before reading the healthcheck
| * | sync container state before reading the healthcheckPaul Holzinger2021-09-22
| |/ | | | | | | | | | | | | | | | | | | The health check result is stored in the container state. Since the state can change or might not even be set we have to retrive the current state before we try to read the health check result. Fixes #11687 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11629 from Luap99/CNI-1.0OpenShift Merge Robot2021-09-22
|\ \ | | | | | | Bump CNI to v1.0.1
| * | Bump CNI to v1.0.1Paul Holzinger2021-09-22
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update CNI so we can match wrapped errors. This should silence ENOENT warnings when trying to read the cni conflist files. Fixes #10926 Because CNI v1.0.0 contains breaking changes we have to change some import paths. Also we cannot update the CNI version used for the conflist files created by `podman network create` because this would require at least containernetwork-plugins v1.0.1 and a updated dnsname plugin. Because this will take a while until it lands in most distros we should not use this version. So keep using v0.4.0 for now. The update from checkpoint-restore/checkpointctl is also required to make sure it no longer uses CNI to read the network status. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / net types: remove omitempty from required fieldsPaul Holzinger2021-09-22
|/ | | | | | | | | This will make reading the fields easier in rust because we can guarantee that the fields will be present in the json output. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>