| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Increase timeout for tests to 10s
* To aid in debugging add PID to shutdown package logging
* Added new message for forced service shutdown
* Always wait for HTTP server to shutdown, duration of 0 not friendly
to clients
Note: The log event
"IdleTracker: StateClosed transition by connection marked un-managed"
denotes a TCP connection has been initiated but no HTTP request was sent.
And is expected during these tests.
Fixes #11921
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Refactor sidecar HTTP service for /debug/pprof endpoints to use a TCP
address given via new podman system service --pprof-address flag
* Allow same URL parsing in "system service" as bindings/connection.go
* Refactor NewServerWithSettings() to use entities.ServiceOptions
in place of deleted server.Options
* Updated godoc for impacted functions and types
* Fixed API service Shutdown() to do an orderly shutdown when
terminated and running with --time=0
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
| |
Remove ERROR: Error stutter from logrus messages also.
[ NO TESTS NEEDED] This is just code cleanup.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* To aid in debugging log API request and response bodies at trace
level. Events can be correlated using the X-Reference-Id.
* Server now echos X-Reference-Id from client if set, otherwise
generates an unique id.
* Move logic for X-Reference-Id into middleware
* Change uses of Header.Add() to Set() when setting Content-Type
* Log API operations in Apache format using gorilla middleware
* Port server code to use BaseContext and ConnContext
Fixes #10053
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Effectively sets timeout to infinity.
This is needed in order to make `podman` work with `pack`.
The `pack` CLI is keeping one connection for prolonged time.
Closing the connection breaks `pack`'s functionality.
[NO TESTS NEEDED]
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |
|
|
|
|
| |
[NO TESTS NEEDED]
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
[NO TESTS NEEDED]
* Log the routing table output at Trace vs. Debug level. Reduce noise
in debugging output.
* Tweak SDNotify message to report Warn when it fails. Previously
failures were silent.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
We missed bumping the go module, so let's do it now :)
* Automated go code with github.com/sirkon/go-imports-rename
* Manually via `vgrep podman/v2` the rest
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Implement podman secret create, inspect, ls, rm
Implement podman run/create --secret
Secrets are blobs of data that are sensitive.
Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file.
After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname]
This secret will not be commited to an image on a podman commit
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was a potential race where two handlers could be added at
the same time. Go Maps are not thread-safe, so that could do
unpleasant things. Add a mutex to keep things safe.
Also, swap the order or Register and Start for the handlers in
Libpod runtime created. As written, there was a small gap between
Start and Register where SIGTERM/SIGINT would be completely
ignored, instead of stopping Podman. Swapping the two closes this
gap.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
| |
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
| |
* Log endpoint calls at level Info
* Ensure API server started at level Info
Fixes #8390
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This allows us to run both the Libpod and Server handlers at the
same time without unregistering one.
Also, pass the signal that killed us into the handlers, in case
they want to use it to determine what to do (e.g. what exit code
to set).
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Expand the use of the Shutdown package such that we now use it
to handle signals any time we run Libpod. From there, add code to
container creation to use the Inhibit function to prevent a
shutdown from occuring during the critical parts of container
creation.
We also need to turn off signal handling when --sig-proxy is
invoked - we don't want to catch the signals ourselves then, but
instead to forward them into the container via the existing
sig-proxy handler.
Fixes #7941
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We need a unified package for handling signals that shut down
Libpod and Podman. We need to be able to do different things on
receiving such a signal (`system service` wants to shut down the
service gracefully, while most other commands just want to exit)
and we need to be able to inhibit this shutdown signal while we
are waiting for some critical operations (e.g. creating a
container) to finish. This takes the first step by defining the
package that will handle this.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
- Fixes issue where remote attach and exec only signaled the IdleTracker
on errors. Needs to done anytime after connection has been hijacked
- Fixes trying to send multiple http status codes to client
- Changes pprof and API server shutdowns to run in parallel
- Changes shutdown to run in sync.Once block
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* Remove stutter naming for package and types
* Stop treating StateIdle the same as StateClosed, rather transitions to
StateIdle will keep API timeout window open
* Remove redundate code
Fixes #7826
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 2b6dd3fb4384 set the killmode of the podman.service to the
systemd default which ultimately lead to the problem that systemd
will kill *all* processes inside the unit's cgroup and hence kill
all containers whenever the service is stopped.
Fix it by setting the type to sdnotify and the killmode to process.
`podman system service` will send the necessary notify messages
when the NOTIFY_SOCKET is set and unset it right after to prevent
the backend and container runtimes from jumping in between and send
messages as well.
Fixes: #7294
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patch fixes connection counters for v2 endpoints
Idletracker was moved to a new package to prevent package cycle.
Hijacking code still remains in wrong place and should be moved
later to isolated package
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
StateHijacked is a terminal state. If hijacked connection
is registered as an active connection, connection will
never be unregistered. This causes two issues
First issue is that active connection counters are off.
Second issue is a resource leak caused by connection
object that is stored to a map.
After this patch hijacked connections are no longer
visible in counters. If a counter for hijacked
connections is required, podman must track
connections returned by Hijacker.Hijack()
It might make sense to develop abstraction layer for
hijacking - and move all hijacking related code to a
separate package. Hijacking code is prone to resource
leaks and it should be thoroughly tested.
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the advent of Podman 2.0.0 we crossed the magical barrier of go
modules. While we were able to continue importing all packages inside
of the project, the project could not be vendored anymore from the
outside.
Move the go module to new major version and change all imports to
`github.com/containers/libpod/v2`. The renaming of the imports
was done via `gomove` [1].
[1] https://github.com/KSubedi/gomove
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We need a umask of 0022 to ensure containers are created
correctly, but we set a different one prior to starting the
server (to ensure the unix socket has the right permissions).
Thus, we need to set the umask after the socket has been bound,
but before the server begins accepting requests.
Fixes #6787
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
add copy endpoint inputs and outputs. these endpoints are not implemented yet, nor are any bindings. this allows us to update this later without having to change our api version.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
| |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
| |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the `podman generate kube` and `podman play kube` command. The code
has largely been copied from Podman v1 but restructured to not leak the
K8s core API into the (remote) client.
Both commands are added in the same commit to allow for enabling the
tests at the same time.
Move some exports from `cmd/podman/common` to the appropriate places in
the backend to avoid circular dependencies.
Move definitions of label annotations to `libpod/define` and set the
security-opt labels in the frontend to make kube tests pass.
Implement rest endpoints, bindings and the tunnel interface.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
| |
* currently wired to localhost:8888 to prevent access from off machine
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix support for socket activation, on remote and service
$ systemd-socket-activate -l 8083 --fdname=podman bin/podman system service --log-level=debug --time=30
$ bin/podman-remote --remote=tcp://[::]:8083 image ls
Or, use the podman.{socket,service} unit files
$ bin/podman-remote --remote=unix:///run/podman/podman.sock image ls
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* Move connection tracking into APIServer using ConnState()
* Remove Connection counters from CLI code
* Update events handler to support client not closing connection
* Improve logging messages
Fixes #5599
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Added support for system service
* Enabled linting on the varlinkapi source, needed to support V2
service command
* Added support for PODMAN_SOCKET
Skip linting deprecated code
Rather than introduce bugs by correcting deprecated code, linting the
code is being skipped. Code that is being ported into V2 is being
checked.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\
| |
| | |
Reduce CPU usage when --timeout=0
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add second go routine for when a Timer is not needed.
* goimports updated some project files
Fixes #5531
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |/
|
|
|
|
| |
register the swagger endpoint and add some error handling for when the swagger file does not exist
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
| |
add endpoints for create, add, remove, inspect, and push. this allows manifests to be managed through the restful interfaces.
also added go-bindings and tests
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
| |
Update the outdated systemd and dbus dependencies which are now provided
as go modules. This will further tighten our dependencies and releases
and pave the way for the upcoming auto-update feature.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
* Stop closing net.Listener() twice on interrupt
* Do not report error if closing server twice
Fixes #5311
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On panic from handler: log warning and stack trace, report
InternalServerError to client
When using `podman system service` make determining the listening endpoint deterministic.
// When determining _*THE*_ listening endpoint --
// 1) User input wins always
// 2) systemd socket activation
// 3) rootless honors XDG_RUNTIME_DIR
// 4) if varlink -- adapter.DefaultVarlinkAddress
// 5) lastly adapter.DefaultAPIAddress
Fixes #5150
Fixes #5151
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\
| |
| | |
Add /swagger/ endpoint to serve swagger yaml to clients
|
| | |
| |
| |
| |
| |
| | |
The provided yaml file will describe the current Podman REST API.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |/
|
|
|
|
| |
the events endpoint should be stream-based. it also needed to be registered to answer and not produce 404s.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
| |
add the openapi/swagger documentation for exec. The subcommands added are create, inspect, resize, and start.
at the time of this writing, no structure is declared for the inspect response. once the libpod work for this is complete, we can inherit and swaggerize it.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
| |
the api needs to account for image input where the image is encoded as a fqd image name.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add converter for URL query parameters of type map[string][]string
* Add converter for URL query parameters of type time.Time
* Added function to allocate and configure schema.Decoder for API use
* Updated API handlers to leverage new converters, and correct handler
code for filter type
An encoding example for a client using filters:
v := map[string][]string{
"dangling": {"true"},
}
payload, err := jsoniter.MarshalToString(v)
if err != nil {
panic(err)
}
payload = "?filters=" + url.QueryEscape(payload)
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
* Update swagger:operation's to pass validation
* 'name' path parameter now used throughout API
* Added #/response/ok for 200 returns, TBD values have been replaced
with legal values.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\
| |
| | |
[CI:DOCS] Update build images
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add swagger annotations for all the query and response parameters
for buildimages
* Improve populating the BuildOptions struct
* Improve swagger.json generation, removing tags.xml and move tag
definiation into the swagger:meta block
* Update Makefile to be more robust, added target for validation
* TODO once validation passes add that step to the generation step
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
add service endpoint for the new API. Also supports the varlink
implementation.
Signed-off-by: baude <bbaude@redhat.com>
Refactor to allow developer more control of API server
* Add api.NewServerWithSettings() to create an API server with custom
settings
* Add api.ListenUnix() to create a UDS net.Listener and setup UDS
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Signed-off-by: baude <bbaude@redhat.com>
More service completion
Add podman service command that allows users to run either a RESTful or
varlink protocol API service.
Addition of docs and RESTful listening.
Signed-off-by: baude <bbaude@redhat.com>
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
| |
Add statement to the info section stating this is experimental only for now. Also add the podman logo to the right-hand navigation.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
