summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Make c.networks() list include the default networkMatthew Heon2020-11-20
| | | | | | | | | | | | | | This makes things a lot more clear - if we are actually joining a CNI network, we are guaranteed to get a non-zero length list of networks. We do, however, need to know if the network we are joining is the default network for inspecting containers as it determines how we populate the response struct. To handle this, add a bool to indicate that the network listed was the default network, and only the default network. Signed-off-by: Matthew Heon <mheon@redhat.com>
* fix container cgroup lookupValentin Rothberg2020-11-20
| | | | | | | | | | | | | When running on cgroups v1, `/proc/{PID}/cgroup` has multiple entries, each pointing potentially to a different cgroup. Some may be empty, some may point to parents. The one we really need is the libpod-specific one, which always is the longest path. So instead of looking at the first entry, look at all and select the longest one. Fixes: #8397 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #8391 from baude/networkconnectdisconnectOpenShift Merge Robot2020-11-19
|\ | | | | add network connect|disconnect compat endpoints
| * add network connect|disconnect compat endpointsbaude2020-11-19
| | | | | | | | | | | | | | | | | | | | | | this enables the ability to connect and disconnect a container from a given network. it is only for the compatibility layer. some code had to be refactored to avoid circular imports. additionally, tests are being deferred temporarily due to some incompatibility/bug in either docker-py or our stack. Signed-off-by: baude <bbaude@redhat.com>
* | Align the podman pod ps --filter behavior with podman psPaul Holzinger2020-11-18
| | | | | | | | | | | | | | | | | | Filters with the same key work inclusive with the only exception being `label` which is exclusive. Filters with different keys always work exclusive. Also update the documentation with the new behavior. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8376 from Luap99/podman-filtersOpenShift Merge Robot2020-11-18
|\ \ | |/ |/| Align the podman ps --filter behavior with docker
| * Align the podman ps --filter behavior with dockerPaul Holzinger2020-11-18
| | | | | | | | | | | | | | | | | | | | All of our filters worked exclusive resulting in `--filter status=created --filter status=exited` to return nothing. In docker filters with the same key work inclusive with the only exception being `label` which is exclusive. Filters with different keys always work exclusive. This PR aims to match the docker behavior with podman. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Fix podman pod inspect show wrong MAC stringzhangguanzhang2020-11-18
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | add network connect|disconnect compat endpointsbaude2020-11-17
| | | | | | | | | | | | | | | | | | | | | | this enables the ability to connect and disconnect a container from a given network. it is only for the compatibility layer. some code had to be refactored to avoid circular imports. additionally, tests are being deferred temporarily due to some incompatibility/bug in either docker-py or our stack. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #8290 from vrothberg/fix-8265OpenShift Merge Robot2020-11-17
|\ \ | | | | | | use container cgroups path
| * | use container cgroups pathValentin Rothberg2020-11-17
| |/ | | | | | | | | | | | | | | | | When looking up a container's cgroup path, parse /proc/[PID]/cgroup. This will work across all cgroup managers and configurations and is supported on cgroups v1 and v2. Fixes: #8265 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #8347 from rhatdan/hostnameOpenShift Merge Robot2020-11-17
|\ \ | | | | | | Make sure /etc/hosts populated correctly with networks
| * | Make sure /etc/hosts populated correctly with networksDaniel J Walsh2020-11-16
| |/ | | | | | | | | | | | | | | | | | | | | The --hostname and containername should always be added to containers. Added some tests to make sure you can always ping the hostname and container name from within the container. Fixes: https://github.com/containers/podman/issues/8095 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / Improve the shell completion apiPaul Holzinger2020-11-16
|/ | | | | | | | | | | | | | | | | | | | One main advantage of the new shell completion logic is that we can easly parse flags and adjust based on the given flags the suggestions. For example some commands accept the `--latest` flag only if no arguments are given. This commit implements this logic in a simple maintainable way since it reuses the already existing `Args` function in the cmd struct. I also refactored the `getXXX` function to match based on the namei/id which could speed up the shell completion with many containers, images, etc... I also added the degraded status to the valid pod status filters which was implemented in #8081. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* short-name aliasingValentin Rothberg2020-11-13
| | | | | | Add support for short-name aliasing. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #8304 from rhatdan/errorOpenShift Merge Robot2020-11-12
|\ | | | | Cleanup error reporting
| * Cleanup error reportingDaniel J Walsh2020-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The error message reported is overlay complicated and the added test does not really help the user. Currently the error looks like: podman run -p 80:80 fedora echo hello Error: failed to expose ports via rootlessport: "cannot expose privileged port 80, you might need to add "net.ipv4.ip_unprivileged_port_start=0" (currently 1024) to /etc/sysctl.conf, or choose a larger port number (>= 1024): listen tcp 0.0.0.0:80: bind: permission denied\n" After this change ./bin/podman run -p 80:80 fedora echo hello Error: cannot expose privileged port 80, you might need to add "net.ipv4.ip_unprivileged_port_start=0" (currently 1024) to /etc/sysctl.conf, or choose a larger port number (>= 1024): listen tcp 0.0.0.0:80: bind: permission denied Control chars have been eliminated. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8298 from mheon/db_network_connectOpenShift Merge Robot2020-11-12
|\ \ | | | | | | Add support for network connect / disconnect to DB
| * | Add support for network connect / disconnect to DBMatthew Heon2020-11-11
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Convert the existing network aliases set/remove code to network connect and disconnect. We can no longer modify aliases for an existing network, but we can add and remove entire networks. As part of this, we need to add a new function to retrieve current aliases the container is connected to (we had a table for this as of the first aliases PR, but it was not externally exposed). At the same time, remove all deconflicting logic for aliases. Docker does absolutely no checks of this nature, and allows two containers to have the same aliases, aliases that conflict with container names, etc - it's just left to DNS to return all the IP addresses, and presumably we round-robin from there? Most tests for the existing code had to be removed because of this. Convert all uses of the old container config.Networks field, which previously included all networks in the container, to use the new DB table. This ensures we actually get an up-to-date list of in-use networks. Also, add network aliases to the output of `podman inspect`. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #8307 from mheon/fix_8221OpenShift Merge Robot2020-11-12
|\ \ | |/ |/| Ensure we do not double-lock the same volume in create
| * Ensure we do not double-lock the same volume in createMatthew Heon2020-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | When making containers, we want to lock all named volumes we are adding the container to, to ensure they aren't removed from under us while we are working. Unfortunately, this code did not account for a container having the same volume mounted in multiple places so it could deadlock. Add a map to ensure that we don't lock the same name more than once to resolve this. Fixes #8221 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #8251 from baude/networkaliasesOpenShift Merge Robot2020-11-10
|\ \ | | | | | | network aliases for container creation
| * | network aliases for container creationbaude2020-11-09
| | | | | | | | | | | | | | | | | | | | | | | | podman can now support adding network aliases when running containers (--network-alias). It requires an updated dnsname plugin as well as an updated ocicni to work properly. Signed-off-by: baude <bbaude@redhat.com>
* | | enable ipv6 network configuration optionsAntonio Ojea2020-11-10
|/ / | | | | | | | | | | | | | | | | | | | | | | | | enable the ipv6 flag in podman network to be able to create dual-stack networks for containers. This is required to be compatible with docker, where --ipv6 really means dual stack. podman, unlike docker, support IPv6 only containers since 07e3f1bba9674c0cb93a0fa260930bfebbf75728. Signed-off-by: Antonio Ojea <aojea@redhat.com>
* / Show error on bad name filter in podman psJoel Smith2020-11-06
|/ | | | Signed-off-by: Joel Smith <joelsmith@redhat.com>
* fix: allow volume creation when the _data directory already existsYan Minari2020-11-05
| | | | | | This restores pre f7e72bc86aff2ff986290f190309deceb7f22099 behavior Signed-off-by: Yan Minari <yangm97@gmail.com>
* Merge pull request #8185 from rhatdan/mountOpenShift Merge Robot2020-11-05
|\ | | | | Add support for mounting external containers
| * Add support for mounting external containersDaniel J Walsh2020-11-04
| | | | | | | | | | | | | | | | | | Continue progress on use of external containers. This PR adds the ability to mount, umount and list the storage containers whether they are in libpod or not. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8205 from rhatdan/homeOpenShift Merge Robot2020-11-05
|\ \ | | | | | | Only use container/storage/pkg/unshare.HomeDir()
| * | Only use container/storage/pkg/homedir.Get()Daniel J Walsh2020-11-04
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are resolving the homedir of the user in many different places. This Patch consolodates them to use container/storage version. This PR also fixes a failure mode when the homedir does not exists, and the user sets a root path. In this situation podman should continue to work. Podman does not require a users homedir to exist in order to run. Finally the rootlessConfigHomeDirOnce and rootlessRuntimeDirOnce were broken, because if an error ever happened, they would not be recorded the second time, and "" would be returned as the path. Fixes: https://github.com/containers/podman/issues/8131 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8238 from joelsmith/masterOpenShift Merge Robot2020-11-05
|\ \ | |/ |/| Use regex for "pod ps" name filter to match "ps" behavior
| * Use regex for "pod ps" name filter to match "ps" behaviorJoel Smith2020-11-03
| | | | | | | | Signed-off-by: Joel Smith <joelsmith@redhat.com>
* | Merge pull request #8156 from mheon/add_net_aliases_dbOpenShift Merge Robot2020-11-04
|\ \ | |/ |/| Add network aliases for containers to DB
| * Add tests for network aliasesMatthew Heon2020-11-03
| | | | | | | | | | | | | | | | | | | | | | | | As part of this, we need two new functions, for retrieving all aliases for a network and removing all aliases for a network, both required to test. Also, rework handling for some things the tests discovered were broken (notably conflicts between container name and existing aliases). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Add a way to retrieve all network aliases for a ctrMatthew Heon2020-10-27
| | | | | | | | | | | | | | | | | | The original interface only allowed retrieving aliases for a specific network, not for all networks. This will allow aliases to be retrieved for every network the container is present in, in a single DB operation. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Add network aliases for containers to DBMatthew Heon2020-10-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the database backend for network aliases. Aliases are additional names for a container that are used with the CNI dnsname plugin - the container will be accessible by these names in addition to its name. Aliases are allowed to change over time as the container connects to and disconnects from networks. Aliases are implemented as another bucket in the database to register all aliases, plus two buckets for each container (one to hold connected CNI networks, a second to hold its aliases). The aliases are only unique per-network, to the global and per-container aliases buckets have a sub-bucket for each CNI network that has aliases, and the aliases are stored within that sub-bucket. Aliases are formatted as alias (key) to container ID (value) in both cases. Three DB functions are defined for aliases: retrieving current aliases for a given network, setting aliases for a given network, and removing all aliases for a given network. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Make volume filters inclusiveAshley Cui2020-11-03
| | | | | | | | | | | | | | | | When using multiple filters, return a volume that matches any one of the used filters, rather than matching both of the filters. This is for compatibility with docker's cli, and more importantly, the apiv2 compat endpoint Closes #6765 Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #8166 from rhatdan/unbindableOpenShift Merge Robot2020-11-02
|\ \ | | | | | | Allow users to mount with unbindable flag
| * | Add better support for unbindable volume mountsDaniel J Walsh2020-11-02
| | | | | | | | | | | | | | | | | | | | | | | | Allow users to specify unbindable on volume command line Switch internal mounts to rprivate to help prevent leaks. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Centralize cores and period/quota conversion codeJordan Christiansen2020-10-31
|/ / | | | | | | Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | Merge pull request #8203 from Luap99/fix-8194OpenShift Merge Robot2020-10-31
|\ \ | | | | | | Fix dnsname when joining a different network namespace in a pod
| * | Fix dnsname when joining a different network namespace in a podPaul Holzinger2020-10-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When creating a container in a pod the podname was always set as the dns entry. This is incorrect when the container is not part of the pods network namespace. This happend both rootful and rootless. To fix this check if we are part of the pods network namespace and if not use the container name as dns entry. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8177 from rhatdan/wrapOpenShift Merge Robot2020-10-30
|\ \ \ | | | | | | | | Stop excessive wrapping of errors
| * | | Stop excessive wrapping of errorsDaniel J Walsh2020-10-30
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Most of the builtin golang functions like os.Stat and os.Open report errors including the file system object path. We should not wrap these errors and put the file path in a second time, causing stuttering of errors when they get presented to the user. This patch tries to cleanup a bunch of these errors. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8127 from ↵OpenShift Merge Robot2020-10-30
|\ \ \ | | | | | | | | | | | | | | | | andylibrian/grab-systemd-mount-flags-from-the-host-7661 Improve setupSystemd, grab mount options from the host
| * | | Improve setupSystemd, grab mount options from the hostAndy Librian2020-10-30
| |/ / | | | | | | | | | | | | | | | fixes #7661 Signed-off-by: Andy Librian <andylibrian@gmail.com>
* / / Pod's that share the IPC Namespace need to share /dev/shmDaniel J Walsh2020-10-30
|/ / | | | | | | | | | | | | | | | | | | | | | | | | Containers that share IPC Namespaces share each others /dev/shm, which means a private /dev/shm needs to be setup for the infra container. Added a system test and an e2e test to make sure the /dev/shm is shared. Fixes: https://github.com/containers/podman/issues/8181 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8174 from rhatdan/errorsOpenShift Merge Robot2020-10-29
|\ \ | | | | | | Podman often reports OCI Runtime does not exist, even if it does
| * | Podman often reports OCI Runtime does not exist, even if it doesDaniel J Walsh2020-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the OCI Runtime tries to set certain settings in cgroups it can get the error "no such file or directory", the wrapper ends up reporting a bogus error like: ``` Request Failed(Internal Server Error): open io.max: No such file or directory: OCI runtime command not found error {"cause":"OCI runtime command not found error","message":"open io.max: No such file or directory: OCI runtime command not found error","response":500} ``` On first reading of this, you would think the OCI Runtime (crun or runc) were not found. But the error is actually reporting message":"open io.max: No such file or directory Which is what we want the user to concentrate on. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8146 from vrothberg/image-mountsOpenShift Merge Robot2020-10-29
|\ \ \ | | | | | | | | new "image" mount type