| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 2b6dd3fb4384 set the killmode of the podman.service to the
systemd default which ultimately lead to the problem that systemd
will kill *all* processes inside the unit's cgroup and hence kill
all containers whenever the service is stopped.
Fix it by setting the type to sdnotify and the killmode to process.
`podman system service` will send the necessary notify messages
when the NOTIFY_SOCKET is set and unset it right after to prevent
the backend and container runtimes from jumping in between and send
messages as well.
Fixes: #7294
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ListContainers API previously had a Pod parameter, which
determined if pod name was returned (but, notably, not Pod ID,
which was returned unconditionally). This was fairly confusing,
so we decided to deprecate/remove the parameter and return it
unconditionally.
To do this without serious performance implications, we need to
avoid expensive JSON decodes of pod configuration in the DB. The
way our Bolt tables are structured, retrieving name given ID is
actually quite cheap, but we did not expose this via the Libpod
API. Add a new GetName API to do this.
Fixes #7214
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
[CI:DOCS] apiv2 fix volumes not included field
|
| |
| |
| |
| |
| |
| | |
Do not use volume from docker since UsageData field is not need. It's nullable in docker API and expensive to add.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
Add test case for description being present in search result
|
| |/
| |
| |
| |
| |
| |
| | |
The HTTP API for image search was still lacking support of the NoTrunc
parameter.
Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
|
|/
|
|
|
|
| |
Fixes #7008
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The v2.0 reference [page](http://docs.podman.io/en/latest/Reference.html)
lists the API as experimental. Removed that word and reworked the first
paragraph a bit based on verbiage that @mheon put together for the
API intro blog.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|
|
|
|
|
| |
generate kube title and descritopn was same as play kube for apiv2 docs
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes connection counters for v2 endpoints
Idletracker was moved to a new package to prevent package cycle.
Hijacking code still remains in wrong place and should be moved
later to isolated package
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
StateHijacked is a terminal state. If hijacked connection
is registered as an active connection, connection will
never be unregistered. This causes two issues
First issue is that active connection counters are off.
Second issue is a resource leak caused by connection
object that is stored to a map.
After this patch hijacked connections are no longer
visible in counters. If a counter for hijacked
connections is required, podman must track
connections returned by Hijacker.Hijack()
It might make sense to develop abstraction layer for
hijacking - and move all hijacking related code to a
separate package. Hijacking code is prone to resource
leaks and it should be thoroughly tested.
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the advent of Podman 2.0.0 we crossed the magical barrier of go
modules. While we were able to continue importing all packages inside
of the project, the project could not be vendored anymore from the
outside.
Move the go module to new major version and change all imports to
`github.com/containers/libpod/v2`. The renaming of the imports
was done via `gomove` [1].
[1] https://github.com/KSubedi/gomove
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
| |
In response to input regarding the semantic difference for the `force`
parameter for volume removal between Docker and us, this change ensures
that we emulate the Dockr behaviour correctly when this parameter is
specified.
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change implements docker compatibile endpoint for interacting with
volumes. The code is mostly lifted from the `libpod` API handlers but
decodes and constructs data using types defined in the docker API
package.
Some notable support caveats with the current implementation:
* we don't return the nullable `Status` or `UsageData` keys when
returning volume information for inspect and create endpoints
* we don't support filters when pruning
* we return a fixed `0` for the `SpaceReclaimed` key when pruning
since we have no insight into how much space was freed from runtime
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need a umask of 0022 to ensure containers are created
correctly, but we set a different one prior to starting the
server (to ensure the unix socket has the right permissions).
Thus, we need to set the umask after the socket has been bound,
but before the server begins accepting requests.
Fixes #6787
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
APIv2:fix: Remove `/json` from compat network EPs
|
| |
| |
| |
| | |
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
|
|/
|
|
| |
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
| |
address problem when multiple -t were sent. and rework remote build's tarball if a context dir is given other than ".".
Fixes: #6578
Fixes: #6577
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\
| |
| | |
[CI:DOCS] Fixes #6548
|
| |
| |
| |
| |
| |
| | |
* Update swagger documentation
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
ReadTheDocs was wrapping lines and removing leading spaces unless there
a blank line in between. This adds the blank lines to make the
examples more readable on https://docs.podman.io/en/latest/_static/api.html
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|/
|
|
|
|
|
|
|
|
| |
Adds some quick start up directions to the top of the
API v2 documentation and a few examples.
This strongly leverages comments from @jgallucci32 in #6535.
Fixes: #6535
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The biggest obstacle here was cleanup - we needed a way to remove
detached exec sessions after they exited, but there's no way to
tell if an exec session will be attached or detached when it's
created, and that's when we must add the exit command that would
do the removal. The solution was adding a delay to the exit
command (5 minutes), which gives sufficient time for attached
exec sessions to retrieve the exit code of the session after it
exits, but still guarantees that they will be removed, even for
detached sessions. This requires Conmon 2.0.17, which has the new
`--exit-delay` flag.
As part of the exit command rework, we can drop the hack we were
using to clean up exec sessions (remove them as part of inspect).
This is a lot cleaner, and I'm a lot happier about it.
Otherwise, this is just plumbing - we need a bindings call for
detached exec, and that needed to be added to the tunnel mode
backend for entities.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
|
|
|
| |
This adds bindings for starting exec sessions, and then uses them
to wire up detached exec. Code is heavily based on Attach code
for containers, slightly modified to handle exec sessions.
Bindings are presently attached-only, detached is pending on a
Conmon update landing in CI. I'll probably get to that next.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
v2 copy endpoints
|
| |
| |
| |
| |
| |
| | |
add copy endpoint inputs and outputs. these endpoints are not implemented yet, nor are any bindings. this allows us to update this later without having to change our api version.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Support the `X-Registry-Auth` http-request header.
* The content of the header is a base64 encoded JSON payload which can
either be a single auth config or a map of auth configs (user+pw or
token) with the corresponding registries being the keys. Vanilla
Docker, projectatomic Docker and the bindings are transparantly
supported.
* Add a hidden `--registries-conf` flag. Buildah exposes the same
flag, mostly for testing purposes.
* Do all credential parsing in the client (i.e., `cmd/podman`) pass
the username and password in the backend instead of unparsed
credentials.
* Add a `pkg/auth` which handles most of the heavy lifting.
* Go through the authentication-handling code of most commands, bindings
and endpoints. Migrate them to the new code and fix issues as seen.
A final evaluation and more tests is still required *after* this
change.
* The manifest-push endpoint is missing certain parameters and should
use the ABI function instead. Adding auth-support isn't really
possible without these parts working.
* The container commands and endpoints (i.e., create and run) have not
been changed yet. The APIs don't yet account for the authfile.
* Add authentication tests to `pkg/bindings`.
Fixes: #6384
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Add streaming ability to endpoint
|
| |/
| |
| |
| | |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
The swagger documentation for the libpod push endpoint were not in sync
with the implementation. Correct these docs to reflect the parameters
that are actually supported.
Fixes: #6388
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
network compatibility endpoints for API
|
| |
| |
| |
| |
| |
| | |
add endpoints for networking compatibility with the API.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|/
|
|
| |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|
|
|
|
|
|
| |
As system reset too dangerous for remote use, deleting the functionality
and the test case.
Signed-off-by: Sujil02 <sushah@redhat.com>
|
|
|
|
|
|
| |
this is a very basic implementation of build. some of the more advanced options need to be included still as well. i think the endpoints for compat and libpod will have to split given buildahs more advanced set of options. that should probably be done by someone more experienced with build internals.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
| |
when trying to get an image tree for a missing image, it should return a 404. doc fix only.
Fixes: #6289
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
| |
* Add support for /exec/{id}/resize
* Add support for ErrSessionNotFound
* Resize container TTY as stdin changes size
* Refactor all resize functions into one handler
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
the endpoint for single image removal (on the libpod side) should be as follows:
versionedPath/libpod/images/IMAGENAME
The DELETE method then signifies the removal of the image.
Fixes: #6261
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
|
|
|
|
| |
Jhon is working on an alternative version that will combine
container and exec session resize, so we'll wait for that.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
|
| |
Most importantly, note the pruning behavior of compat Inspect.
Less importantly, note that the Tty parameter to Start is only
ignored, as opposed to being not supported.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
|
|
|
| |
This is still very early not not well tested, and missing resize
capability, but it does provide the first bits of exec.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
| |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
|
| |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
| |
Adds tunnel routes for system reset.
Makes forces flag local as options are not propogated down the stack.
Adds relevant test cases and swagger docs.
Signed-off-by: Sujil02 <sushah@redhat.com>
|
|
|
|
| |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the `podman generate kube` and `podman play kube` command. The code
has largely been copied from Podman v1 but restructured to not leak the
K8s core API into the (remote) client.
Both commands are added in the same commit to allow for enabling the
tests at the same time.
Move some exports from `cmd/podman/common` to the appropriate places in
the backend to avoid circular dependencies.
Move definitions of label annotations to `libpod/define` and set the
security-opt labels in the frontend to make kube tests pass.
Implement rest endpoints, bindings and the tunnel interface.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|