summaryrefslogtreecommitdiff
path: root/pkg/api/server/server.go
Commit message (Collapse)AuthorAge
* Implement SecretsAshley Cui2021-02-09
| | | | | | | | | | | Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui <acui@redhat.com>
* Ensure shutdown handler access is syncronizedMatthew Heon2021-01-25
| | | | | | | | | | | | | | There was a potential race where two handlers could be added at the same time. Go Maps are not thread-safe, so that could do unpleasant things. Add a mutex to keep things safe. Also, swap the order or Register and Start for the handlers in Libpod runtime created. As written, there was a small gap between Start and Register where SIGTERM/SIGINT would be completely ignored, instead of stopping Podman. Swapping the two closes this gap. Signed-off-by: Matthew Heon <mheon@redhat.com>
* SpellingJosh Soref2020-12-22
| | | | Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* Make podman service log eventsJhon Honce2020-11-19
| | | | | | | | | * Log endpoint calls at level Info * Ensure API server started at level Info Fixes #8390 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Enforce LIFO ordering for shutdown handlersMatthew Heon2020-10-13
| | | | | | | | | | | This allows us to run both the Libpod and Server handlers at the same time without unregistering one. Also, pass the signal that killed us into the handlers, in case they want to use it to determine what to do (e.g. what exit code to set). Signed-off-by: Matthew Heon <mheon@redhat.com>
* Enable masking stop signals within container creationMatthew Heon2020-10-12
| | | | | | | | | | | | | | | | | Expand the use of the Shutdown package such that we now use it to handle signals any time we run Libpod. From there, add code to container creation to use the Inhibit function to prevent a shutdown from occuring during the critical parts of container creation. We also need to turn off signal handling when --sig-proxy is invoked - we don't want to catch the signals ourselves then, but instead to forward them into the container via the existing sig-proxy handler. Fixes #7941 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Add a shutdown handler packageMatthew Heon2020-10-12
| | | | | | | | | | | | | We need a unified package for handling signals that shut down Libpod and Podman. We need to be able to do different things on receiving such a signal (`system service` wants to shut down the service gracefully, while most other commands just want to exit) and we need to be able to inhibit this shutdown signal while we are waiting for some critical operations (e.g. creating a container) to finish. This takes the first step by defining the package that will handle this. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Fixes remote attach and exec to signal IdleTrackerJhon Honce2020-10-05
| | | | | | | | | | - Fixes issue where remote attach and exec only signaled the IdleTracker on errors. Needs to done anytime after connection has been hijacked - Fixes trying to send multiple http status codes to client - Changes pprof and API server shutdowns to run in parallel - Changes shutdown to run in sync.Once block Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Refactor IdleTracker to handle StateIdle transitionsJhon Honce2020-09-29
| | | | | | | | | | | * Remove stutter naming for package and types * Stop treating StateIdle the same as StateClosed, rather transitions to StateIdle will keep API timeout window open * Remove redundate code Fixes #7826 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* podman.service: use sdnotiyValentin Rothberg2020-08-13
| | | | | | | | | | | | | | | | Commit 2b6dd3fb4384 set the killmode of the podman.service to the systemd default which ultimately lead to the problem that systemd will kill *all* processes inside the unit's cgroup and hence kill all containers whenever the service is stopped. Fix it by setting the type to sdnotify and the killmode to process. `podman system service` will send the necessary notify messages when the NOTIFY_SOCKET is set and unset it right after to prevent the backend and container runtimes from jumping in between and send messages as well. Fixes: #7294 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix: Correct connection counters for hijacked connectionsKorhonen Sami (Samlink)2020-07-09
| | | | | | | | | | This patch fixes connection counters for v2 endpoints Idletracker was moved to a new package to prevent package cycle. Hijacking code still remains in wrong place and should be moved later to isolated package Signed-off-by: Sami Korhonen <skorhone@gmail.com>
* Remove hijacked connections from active connections listKorhonen Sami (Samlink)2020-07-09
| | | | | | | | | | | | | | | | | | | | | | | StateHijacked is a terminal state. If hijacked connection is registered as an active connection, connection will never be unregistered. This causes two issues First issue is that active connection counters are off. Second issue is a resource leak caused by connection object that is stored to a map. After this patch hijacked connections are no longer visible in counters. If a counter for hijacked connections is required, podman must track connections returned by Hijacker.Hijack() It might make sense to develop abstraction layer for hijacking - and move all hijacking related code to a separate package. Hijacking code is prone to resource leaks and it should be thoroughly tested. Signed-off-by: Sami Korhonen <skorhone@gmail.com>
* move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to `github.com/containers/libpod/v2`. The renaming of the imports was done via `gomove` [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Ensure umask is set appropriately for 'system service'Matthew Heon2020-06-26
| | | | | | | | | | | | We need a umask of 0022 to ensure containers are created correctly, but we set a different one prior to starting the server (to ensure the unix socket has the right permissions). Thus, we need to set the umask after the socket has been bound, but before the server begins accepting requests. Fixes #6787 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fixup issues found by golintDaniel J Walsh2020-06-10
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* v2 copy endpointsBrent Baude2020-05-26
| | | | | | add copy endpoint inputs and outputs. these endpoints are not implemented yet, nor are any bindings. this allows us to update this later without having to change our api version. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Add MethodNotAllowedHandler() to add in debuggingJhon Honce2020-05-22
| | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* enable podman v2 networking for remote clientBrent Baude2020-05-12
| | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* add {generate,play} kubeValentin Rothberg2020-05-06
| | | | | | | | | | | | | | | | | | | Add the `podman generate kube` and `podman play kube` command. The code has largely been copied from Podman v1 but restructured to not leak the K8s core API into the (remote) client. Both commands are added in the same commit to allow for enabling the tests at the same time. Move some exports from `cmd/podman/common` to the appropriate places in the backend to avoid circular dependencies. Move definitions of label annotations to `libpod/define` and set the security-opt labels in the frontend to make kube tests pass. Implement rest endpoints, bindings and the tunnel interface. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Instrumentation to answer #5765Jhon Honce2020-04-22
| | | | | | * currently wired to localhost:8888 to prevent access from off machine Signed-off-by: Jhon Honce <jhonce@redhat.com>
* V2 Fix support for tcp://[::]<port> connectionsJhon Honce2020-04-17
| | | | | | | | | | | | | * Fix support for socket activation, on remote and service $ systemd-socket-activate -l 8083 --fdname=podman bin/podman system service --log-level=debug --time=30 $ bin/podman-remote --remote=tcp://[::]:8083 image ls Or, use the podman.{socket,service} unit files $ bin/podman-remote --remote=unix:///run/podman/podman.sock image ls Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Refactor service idle supportJhon Honce2020-04-13
| | | | | | | | | | | * Move connection tracking into APIServer using ConnState() * Remove Connection counters from CLI code * Update events handler to support client not closing connection * Improve logging messages Fixes #5599 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* V2 podman system serviceJhon Honce2020-04-07
| | | | | | | | | | | | | | | * Added support for system service * Enabled linting on the varlinkapi source, needed to support V2 service command * Added support for PODMAN_SOCKET Skip linting deprecated code Rather than introduce bugs by correcting deprecated code, linting the code is being skipped. Code that is being ported into V2 is being checked. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #5540 from jwhonce/issues/5531OpenShift Merge Robot2020-03-18
|\ | | | | Reduce CPU usage when --timeout=0
| * Reduce CPU usage when --timeout=0Jhon Honce2020-03-18
| | | | | | | | | | | | | | | | | | * Add second go routine for when a Timer is not needed. * goimports updated some project files Fixes #5531 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | serve swagger when presentBrent Baude2020-03-18
|/ | | | | | register the swagger endpoint and add some error handling for when the swagger file does not exist Signed-off-by: Brent Baude <bbaude@redhat.com>
* apiv2 addition of manifestsBrent Baude2020-03-16
| | | | | | | | add endpoints for create, add, remove, inspect, and push. this allows manifests to be managed through the restful interfaces. also added go-bindings and tests Signed-off-by: Brent Baude <bbaude@redhat.com>
* update systemd & dbus dependenciesValentin Rothberg2020-03-10
| | | | | | | | Update the outdated systemd and dbus dependencies which are now provided as go modules. This will further tighten our dependencies and releases and pave the way for the upcoming auto-update feature. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Remove 1 sec delayJhon Honce2020-02-25
| | | | | | | | | * Stop closing net.Listener() twice on interrupt * Do not report error if closing server twice Fixes #5311 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Fix handler and systemd activation errorsJhon Honce2020-02-17
| | | | | | | | | | | | | | | | | | | On panic from handler: log warning and stack trace, report InternalServerError to client When using `podman system service` make determining the listening endpoint deterministic. // When determining _*THE*_ listening endpoint -- // 1) User input wins always // 2) systemd socket activation // 3) rootless honors XDG_RUNTIME_DIR // 4) if varlink -- adapter.DefaultVarlinkAddress // 5) lastly adapter.DefaultAPIAddress Fixes #5150 Fixes #5151 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #5074 from jwhonce/wip/swagger_endpointOpenShift Merge Robot2020-02-14
|\ | | | | Add /swagger/ endpoint to serve swagger yaml to clients
| * Add /swagger/ endpoint to serve swagger yaml to clientsJhon Honce2020-02-04
| | | | | | | | | | | | The provided yaml file will describe the current Podman REST API. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | apiv2 stream eventsBrent Baude2020-02-11
|/ | | | | | the events endpoint should be stream-based. it also needed to be registered to answer and not produce 404s. Signed-off-by: Brent Baude <bbaude@redhat.com>
* [CI:DOCS]add apiv2 endpoints for execBrent Baude2020-02-03
| | | | | | | | add the openapi/swagger documentation for exec. The subcommands added are create, inspect, resize, and start. at the time of this writing, no structure is declared for the inspect response. once the libpod work for this is complete, we can inherit and swaggerize it. Signed-off-by: Brent Baude <bbaude@redhat.com>
* fix longname handling for bindingsBrent Baude2020-01-31
| | | | | | the api needs to account for image input where the image is encoded as a fqd image name. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Add query parameter converters for complex typesJhon Honce2020-01-23
| | | | | | | | | | | | | | | | | | | | | * Add converter for URL query parameters of type map[string][]string * Add converter for URL query parameters of type time.Time * Added function to allocate and configure schema.Decoder for API use * Updated API handlers to leverage new converters, and correct handler code for filter type An encoding example for a client using filters: v := map[string][]string{ "dangling": {"true"}, } payload, err := jsoniter.MarshalToString(v) if err != nil { panic(err) } payload = "?filters=" + url.QueryEscape(payload) Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Enable swagger validation for each PRJhon Honce2020-01-22
| | | | | | | | | * Update swagger:operation's to pass validation * 'name' path parameter now used throughout API * Added #/response/ok for 200 returns, TBD values have been replaced with legal values. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #4912 from jwhonce/wip/swaggerOpenShift Merge Robot2020-01-22
|\ | | | | [CI:DOCS] Update build images
| * Update build imagesJhon Honce2020-01-21
| | | | | | | | | | | | | | | | | | | | | | | | | | * Add swagger annotations for all the query and response parameters for buildimages * Improve populating the BuildOptions struct * Improve swagger.json generation, removing tags.xml and move tag definiation into the swagger:meta block * Update Makefile to be more robust, added target for validation * TODO once validation passes add that step to the generation step Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Add service endpointbaude2020-01-21
|/ | | | | | | | | | | | | | | | | | | | | | | | | | add service endpoint for the new API. Also supports the varlink implementation. Signed-off-by: baude <bbaude@redhat.com> Refactor to allow developer more control of API server * Add api.NewServerWithSettings() to create an API server with custom settings * Add api.ListenUnix() to create a UDS net.Listener and setup UDS Signed-off-by: Jhon Honce <jhonce@redhat.com> Signed-off-by: baude <bbaude@redhat.com> More service completion Add podman service command that allows users to run either a RESTful or varlink protocol API service. Addition of docs and RESTful listening. Signed-off-by: baude <bbaude@redhat.com> Signed-off-by: Brent Baude <bbaude@redhat.com>
* [CI:DOCS] Add logo and dev statementBrent Baude2020-01-20
| | | | | | Add statement to the info section stating this is experimental only for now. Also add the podman logo to the right-hand navigation. Signed-off-by: Brent Baude <bbaude@redhat.com>
* make binaries: include serviceValentin Rothberg2020-01-16
| | | | | | | Include the service into make binaries such that we're it's being build in the CI. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* service: don't block sigtermValentin Rothberg2020-01-16
| | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Initial commit on compatible APIJhon Honce2020-01-10
Signed-off-by: Jhon Honce <jhonce@redhat.com> Create service command Use cd cmd/service && go build . $ systemd-socket-activate -l 8081 cmd/service/service & $ curl http://localhost:8081/v1.24/images/json Signed-off-by: Jhon Honce <jhonce@redhat.com> Correct Makefile Signed-off-by: Jhon Honce <jhonce@redhat.com> Two more stragglers Signed-off-by: Jhon Honce <jhonce@redhat.com> Report errors back as http headers Signed-off-by: Jhon Honce <jhonce@redhat.com> Split out handlers, updated output Output aligned to docker structures Signed-off-by: Jhon Honce <jhonce@redhat.com> Refactored routing, added more endpoints and types * Encapsulated all the routing information in the handler_* files. * Added more serviceapi/types, including podman additions. See Info Signed-off-by: Jhon Honce <jhonce@redhat.com> Cleaned up code, implemented info content * Move Content-Type check into serviceHandler * Custom 404 handler showing the url, mostly for debugging * Refactored images: better method names and explicit http codes * Added content to /info * Added podman fields to Info struct * Added Container struct Signed-off-by: Jhon Honce <jhonce@redhat.com> Add a bunch of endpoints containers: stop, pause, unpause, wait, rm images: tag, rmi, create (pull only) Signed-off-by: baude <bbaude@redhat.com> Add even more handlers * Add serviceapi/Error() to improve error handling * Better support for API return payloads * Renamed unimplemented to unsupported these are generic endpoints we don't intend to ever support. Swarm broken out since it uses different HTTP codes to signal that the node is not in a swarm. * Added more types * API Version broken out so it can be validated in the future Signed-off-by: Jhon Honce <jhonce@redhat.com> Refactor to introduce ServiceWriter Signed-off-by: Jhon Honce <jhonce@redhat.com> populate pods endpoints /libpod/pods/.. exists, kill, pause, prune, restart, remove, start, stop, unpause Signed-off-by: baude <bbaude@redhat.com> Add components to Version, fix Error body Signed-off-by: Jhon Honce <jhonce@redhat.com> Add images pull output, fix swarm routes * docker-py tests/integration/api_client_test.py pass 100% * docker-py tests/integration/api_image_test.py pass 4/16 + Test failures include services podman does not support Signed-off-by: Jhon Honce <jhonce@redhat.com> pods endpoint submission 2 add create and others; only top and stats is left. Signed-off-by: baude <bbaude@redhat.com> Update pull image to work from empty registry Signed-off-by: Jhon Honce <jhonce@redhat.com> pod create and container create first pass at pod and container create. the container create does not quite work yet but it is very close. pod create needs a partial rewrite. also broken off the DELETE (rm/rmi) to specific handler funcs. Signed-off-by: baude <bbaude@redhat.com> Add docker-py demos, GET .../containers/json * Update serviceapi/types to reflect libpod not podman * Refactored removeImage() to provide non-streaming return Signed-off-by: Jhon Honce <jhonce@redhat.com> create container part2 finished minimal config needed for create container. started demo.py for upcoming talk Signed-off-by: baude <bbaude@redhat.com> Stop server after honoring request * Remove casting for method calls * Improve WriteResponse() * Update Container API type to match docker API Signed-off-by: Jhon Honce <jhonce@redhat.com> fix namespace assumptions cleaned up namespace issues with libpod. Signed-off-by: baude <bbaude@redhat.com> wip Signed-off-by: baude <bbaude@redhat.com> Add sliding window when shutting down server * Added a Timeout rather than closing down service on each call * Added gorilla/schema dependency for Decode'ing query parameters * Improved error handling * Container logs returned and multiplexed for stdout and stderr * .../containers/{name}/logs?stdout=True&stderr=True * Container stats * .../containers/{name}/stats Signed-off-by: Jhon Honce <jhonce@redhat.com> Improve error handling * Add check for at least one std stream required for /containers/{id}/logs * Add check for state in /containers/{id}/top * Fill in more fields for /info * Fixed error checking in service start code Signed-off-by: Jhon Honce <jhonce@redhat.com> get rest of image tests for pass Signed-off-by: baude <bbaude@redhat.com> linting our content Signed-off-by: baude <bbaude@redhat.com> more linting Signed-off-by: baude <bbaude@redhat.com> more linting Signed-off-by: baude <bbaude@redhat.com> pruning Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]apiv2 pods migrate from using args in the url to using a json struct in body for pod create. Signed-off-by: baude <bbaude@redhat.com> fix handler_images prune prune's api changed slightly to deal with filters. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]enabled base container create tests enabling the base container create tests which allow us to get more into the stop, kill, etc tests. many new tests now pass. Signed-off-by: baude <bbaude@redhat.com> serviceapi errors: append error message to API message I dearly hope this is not breaking any other tests but debugging "Internal Server Error" is not helpful to any user. In case, it breaks tests, we can rever the commit - that's why it's a small one. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> serviceAPI: add containers/prune endpoint Signed-off-by: Valentin Rothberg <rothberg@redhat.com> add `service` make target Also remove the non-functional sub-Makefile. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> add make targets for testing the service * `sudo make run-service` for running the service. * `DOCKERPY_TEST="tests/integration/api_container_test.py::ListContainersTest" \ make run-docker-py-tests` for running a specific tests. Run all tests by leaving the env variable empty. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> Split handlers and server packages The files were split to help contain bloat. The api/server package will contain all code related to the functioning of the server while api/handlers will have all the code related to implementing the end points. api/server/register_* will contain the methods for registering endpoints. Additionally, they will have the comments for generating the swagger spec file. See api/handlers/version.go for a small example handler, api/handlers/containers.go contains much more complex handlers. Signed-off-by: Jhon Honce <jhonce@redhat.com> [CI:DOCS]enabled more tests Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]libpod endpoints small refactor for libpod inclusion and began adding endpoints. Signed-off-by: baude <bbaude@redhat.com> Implement /build and /events * Include crypto libraries for future ssh work Signed-off-by: Jhon Honce <jhonce@redhat.com> [CI:DOCS]more image implementations convert from using for to query structs among other changes including new endpoints. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]add bindings for golang Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]add volume endpoints for libpod create, inspect, ls, prune, and rm Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]apiv2 healthcheck enablement wire up container healthchecks for the api. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]Add mount endpoints via the api, allow ability to mount a container and list container mounts. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]Add search endpoint add search endpoint with golang bindings Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]more apiv2 development misc population of methods, etc Signed-off-by: baude <bbaude@redhat.com> rebase cleanup and epoch reset Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]add more network endpoints also, add some initial error handling and convenience functions for standard endpoints. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]use helper funcs for bindings use the methods developed to make writing bindings less duplicative and easier to use. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]add return info for prereview begin to add return info and status codes for errors so that we can review the apiv2 Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]first pass at adding swagger docs for api Signed-off-by: baude <bbaude@redhat.com>