summaryrefslogtreecommitdiff
path: root/pkg/adapter
Commit message (Collapse)AuthorAge
* v2podman attach and execBrent Baude2020-04-05
| | | | | | | | add the ability to attach to a running container. the tunnel side of this is not enabled yet as we have work on the endpoints and plumbing to do yet. add the ability to exec a command in a running container. the tunnel side is also being deferred for same reason. Signed-off-by: Brent Baude <bbaude@redhat.com>
* podmanv2 checkpoint and restoreBrent Baude2020-04-03
| | | | | | add the ability to checkpoint and restore containers on v2podman Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #5649 from jwhonce/wip/varlinkOpenShift Merge Robot2020-03-31
|\ | | | | V2 Move varlink home
| * V2 Move varlink homeJhon Honce2020-03-30
| | | | | | | | | | | | | | | | * move cmd/podman/varlink/* to pkg/varlink to support podmanV2 refactor * update Makefile * reformatted all impacted code Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Switch to using --time as opposed to --timeout to better match Docker.Daniel J Walsh2020-03-31
|/ | | | | | | We need to consistently use --time rather then --timeout throughout the code. Fix locations where timeout defaults are not set correctly as well. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #4698 from rhatdan/containers.confOpenShift Merge Robot2020-03-27
|\ | | | | Add support for containers.conf
| * Add support for containers.confDaniel J Walsh2020-03-27
| | | | | | | | | | | | | | vendor in c/common config pkg for containers.conf Signed-off-by: Qi Wang qiwan@redhat.com Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #5642 from tylarb/5610_play_kube_networkOpenShift Merge Robot2020-03-27
|\ \ | |/ |/| Sanitize port parsing for pods in play kube
| * Sanitize port parsing for pods in play kubeTyler Ramer2020-03-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The logic used in parsing the ports to be utilized in a kubenetes api defined pod did not fully adhere to the kubenetes spec, nor did it map well to a podman context. This fix sanitizes the input of container ports to meet the following rules: - A defined containerPort with no defined hostPort does nothing in a podman context, or is informational. This is line with [usage in Kubernetes.](https://github.com/kubernetes/kubernetes/issues/4332) - A defined hostPort with no defined containerPort acts like a publish [hostPort]:[hostPort] - A defined containerPort and defined hostPort works like it does in kubernetes, as in a publish [hostPort]:[containerPort] Addresses https://github.com/containers/libpod/issues/5610 Signed-off-by: Tyler Ramer <tyaramer@gmail.com>
* | podmanv2 pod create using podspecgenBrent Baude2020-03-27
| | | | | | | | | | | | | | | | using the factory approach similar to container, we now create pods based on a pod spec generator. wired up the podmanv2 pod create command, podcreatewithspec binding, simple binding test, and apiv2 endpoint. also included some code refactoring as it introduced as easy circular import. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | podmanv2 container inspectBrent Baude2020-03-26
|/ | | | | | add ability to inspect a container Signed-off-by: Brent Baude <bbaude@redhat.com>
* podmanv2 volumesBrent Baude2020-03-24
| | | | | | add volume commands: create, inspect, ls, prune, and rm Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #5560 from QiWang19/remote_cedsOpenShift Merge Robot2020-03-23
|\ | | | | Use creds form PullImage remote
| * Use creds form PullImage remoteQi Wang2020-03-19
| | | | | | | | | | | | | | fix #5511 Adds creds argument to PullImage API and Enables podman-remote to pull image with --creds Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #5436 from QiWang19/rm_created_ctrOpenShift Merge Robot2020-03-23
|\ \ | | | | | | container prune remove state created, configured
| * | container prune remove state created, configuredQi Wang2020-03-10
| |/ | | | | | | | | | | podman container prune should remove containers with state Created, Configured to be compatible with docker Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Add stubs for pkg/adapter/terminal_linux.goMiloslav Trmač2020-03-21
| | | | | | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | Merge pull request #5088 from mheon/begin_exec_reworkOpenShift Merge Robot2020-03-19
|\ \ | | | | | | Begin exec rework
| * | Add structure for new exec session tracking to DBMatthew Heon2020-03-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As part of the rework of exec sessions, we need to address them independently of containers. In the new API, we need to be able to fetch them by their ID, regardless of what container they are associated with. Unfortunately, our existing exec sessions are tied to individual containers; there's no way to tell what container a session belongs to and retrieve it without getting every exec session for every container. This adds a pointer to the container an exec session is associated with to the database. The sessions themselves are still stored in the container. Exec-related APIs have been restructured to work with the new database representation. The originally monolithic API has been split into a number of smaller calls to allow more fine-grained control of lifecycle. Support for legacy exec sessions has been retained, but in a deprecated fashion; we should remove this in a few releases. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #5445 from sujil02/podFilter-newOpenShift Merge Robot2020-03-19
|\ \ \ | | | | | | | | Filter pods through pod list api
| * | | Filter pods through pod list apiSujil022020-03-17
| |/ / | | | | | | | | | | | | | | | | | | Refactored current filter pods flow through the shared pod functions so filter pod functionalities can be shared between api and cmd. Signed-off-by: Sujil02 <sushah@redhat.com>
* / / auto updatesValentin Rothberg2020-03-17
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support to auto-update containers running in systemd units as generated with `podman generate systemd --new`. `podman auto-update` looks up containers with a specified "io.containers.autoupdate" label (i.e., the auto-update policy). If the label is present and set to "image", Podman reaches out to the corresponding registry to check if the image has been updated. We consider an image to be updated if the digest in the local storage is different than the one of the remote image. If an image must be updated, Podman pulls it down and restarts the container. Note that the restarting sequence relies on systemd. At container-creation time, Podman looks up the "PODMAN_SYSTEMD_UNIT" environment variables and stores it verbatim in the container's label. This variable is now set by all systemd units generated by `podman-generate-systemd` and is set to `%n` (i.e., the name of systemd unit starting the container). This data is then being used in the auto-update sequence to instruct systemd (via DBUS) to restart the unit and hence to restart the container. Note that this implementation of auto-updates relies on systemd and requires a fully-qualified image reference to be used to create the container. This enforcement is necessary to know which image to actually check and pull. If we used an image ID, we would not know which image to check/pull anymore. Fixes: #3575 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | eat signal 23 in signal proxyBrent Baude2020-03-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | due to a change in golang-1.14 and it's changes to make go funcs with tight loops preemptive, signals are now getting "through" that never were before. From the golang-1.14 announce: Goroutines are now asynchronously preemptible. As a result, loops without function calls no longer potentially deadlock the scheduler or significantly delay garbage collection. This is supported on all platforms except windows/arm, darwin/arm, js/wasm, and plan9/*. A consequence of the implementation of preemption is that on Unix systems, including Linux and macOS systems, programs built with Go 1.14 will receive more signals than programs built with earlier releases. This means that programs that use packages like syscall or golang.org/x/sys/unix will see more slow system calls fail with EINTR errors. Those programs will have to handle those errors in some way, most likely looping to try the system call again. For more information about this see man 7 signal for Linux systems or similar documentation for other systems. Fixes #5483 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | remove imagefilter for varlink remote clientBrent Baude2020-03-12
|/ | | | | | the api for getting images changed to use filters but back level podman versions cannot handle it. so temporarily disabling the filtering for remote clients until the restful approach can be used. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #4772 from boaz0/closes_4628OpenShift Merge Robot2020-03-04
|\ | | | | Add the rmi flag to podman-run to delete container image
| * Add the rmi flag to podman-run to delete container imageBoaz Shuster2020-03-03
| | | | | | | | | | | | | | | | | | | | The --rmi flag will delete the container image after its execution unless that image is already been used by another container(s). This is useful when one wants to execute a container once and remove any resources attached to it. Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | consolidate env handling into pkg/envValentin Rothberg2020-03-03
|/ | | | | | | | | Env-variable related code is scattered across several packages making it hard to maintain and extend. Consolidate the code into a new pkg/env package. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* network create should use firewall pluginBrent Baude2020-02-27
| | | | | | when creating a network, podman should add the firewall plugin to the config but not specify a backend. this will allow cni to determine whether it should use an iptables|firewalld backend. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Add basic deadlock detection for container start/removeMatthew Heon2020-02-24
| | | | | | | | | | | | | | | We can easily tell if we're going to deadlock by comparing lock IDs before actually taking the lock. Add a few checks for this in common places where deadlocks might occur. This does not yet cover pod operations, where detection is more difficult (and costly) due to the number of locks being involved being higher than 2. Also, add some error wrapping on the Podman side, so we can tell people to use `system renumber` when it occurs. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Friendly amendment: tests, and a help messageEd Santiago2020-02-23
| | | | | | | | | | | 1) Help message for podman port was missing [PORT] 2) Add test for 'podman port'. And, actually, an entire networking test that I'd written some weeks ago but apparently didn't 'git add'. Signed-off-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Brent Baude <bbaude@redhat.com>
* fix port list by container with portbaude2020-02-23
| | | | | | | | | code was erronously misinterpretting the port as a containername. Fixes: #1791832 Signed-off-by: baude <bbaude@redhat.com> Signed-off-by: Brent Baude <bbaude@redhat.com>
* disable generation of cni firewall pluginBrent Baude2020-02-21
| | | | | | | | it turns out that when the firewall plugin is not provided as part of the configuration, then the firewall cni plugin will dynamically figure out if it should use firewalld or iptables. also removing this from the default configuration file Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #5263 from baude/logsizeOpenShift Merge Robot2020-02-21
|\ | | | | implement reverse reader for log reads
| * implement reverse reader for log readsBrent Baude2020-02-20
| | | | | | | | | | | | | | | | in cases where the log file exceeds the available memory of a system, we had a bug that triggered an oom because the entire logfile was being read when the tail parameter was given. this reads in chunks and is more or less memory safe. fixes: #5131 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #5241 from mheon/pod_network_opts_addOpenShift Merge Robot2020-02-20
|\ \ | |/ |/| Add network opts to pods
| * Add network options to podman pod createMatthew Heon2020-02-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enables most of the network-related functionality from `podman run` in `podman pod create`. Custom CNI networks can be specified, host networking is supported, DNS options can be configured. Also enables host networking in `podman play kube`. Fixes #2808 Fixes #3837 Fixes #4432 Fixes #4718 Fixes #4770 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Fix handler and systemd activation errorsJhon Honce2020-02-17
|/ | | | | | | | | | | | | | | | | | | On panic from handler: log warning and stack trace, report InternalServerError to client When using `podman system service` make determining the listening endpoint deterministic. // When determining _*THE*_ listening endpoint -- // 1) User input wins always // 2) systemd socket activation // 3) rootless honors XDG_RUNTIME_DIR // 4) if varlink -- adapter.DefaultVarlinkAddress // 5) lastly adapter.DefaultAPIAddress Fixes #5150 Fixes #5151 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Refactor image tree for API usageSascha Grunert2020-02-17
| | | | Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* Merge pull request #5207 from rhatdan/selinuxOpenShift Merge Robot2020-02-14
|\ | | | | Fix SELinux labels of volumes
| * Fix SELinux labels of volumesDaniel J Walsh2020-02-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we attempt to label a volume and the file system does not support labeling, then just warn. SELinux may or may not work, on the volume. There is no way to setup a private label on a newly created volume without using the container mountlabel. If we don't have a mount label at the time of creation of the volume, the only option we have is to create a shared label. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #5209 from vrothberg/un-dockerOpenShift Merge Robot2020-02-14
|\ \ | | | | | | Undocker part 1)
| * | add pkg/signalValentin Rothberg2020-02-14
| |/ | | | | | | | | | | | | | | | | Add pkg/signal to deal with parts of signal processing and translating signals from string to numeric representations. The code has been copied from docker/docker (and attributed with the copyright) but been reduced to only what libpod needs (on Linux). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / fix bug "" disable detach keysQi Wang2020-02-13
|/ | | | | | | fix #5166 This patch enables `--detach-keys ""` to disable the feature. "ctrl-p, ctrl-q" will not work after this command. Signed-off-by: Qi Wang <qiwan@redhat.com>
* Fix up play kube to use image dataDaniel J Walsh2020-02-13
| | | | | | | | | | | podman play kube was ignoring the imageData.Config Volumes WorkingDir Labels StopSignal Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* sigproxy: return after closing the channelValentin Rothberg2020-01-31
| | | | | | | | | | When stopping signal handling (e.g., to properly handle ^C) we are also closing the signal channel. We should really return from the go-routine instead of continuing and risking double-closing the channel which leads to a panic. Fixes: #5034 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* honor pull policy in play kubeBrent Baude2020-01-28
| | | | | | | | When a container specification has a pull policy, we should honor it when recreating the pods/containers from yaml. furthermore, ini kube, if a tag is :latest, then the always pull policy is automatically instituted. Fixes: #4880 Signed-off-by: Brent Baude <bbaude@redhat.com>
* APIv2 review corrections #3Brent Baude2020-01-25
| | | | | | The third pass of corrections for the APIv2. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Add service endpointbaude2020-01-21
| | | | | | | | | | | | | | | | | | | | | | | | | | add service endpoint for the new API. Also supports the varlink implementation. Signed-off-by: baude <bbaude@redhat.com> Refactor to allow developer more control of API server * Add api.NewServerWithSettings() to create an API server with custom settings * Add api.ListenUnix() to create a UDS net.Listener and setup UDS Signed-off-by: Jhon Honce <jhonce@redhat.com> Signed-off-by: baude <bbaude@redhat.com> More service completion Add podman service command that allows users to run either a RESTful or varlink protocol API service. Addition of docs and RESTful listening. Signed-off-by: baude <bbaude@redhat.com> Signed-off-by: Brent Baude <bbaude@redhat.com>
* refactor top codeValentin Rothberg2020-01-15
| | | | | | | | Move the top logic from pkg/adapter into the (*libpod.Container).Top(). This way, we drop the dependency from pkg/api on pkg/adapters and have a clearer separation of concerns. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* top: use a separate pipe for the error streamValentin Rothberg2020-01-15
| | | | | | | Let's not mix apples and oranges and give stderr a dedicated pipe. This way, we don't return conmon log messages if run in debug mode. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>