summaryrefslogtreecommitdiff
path: root/pkg/api
Commit message (Collapse)AuthorAge
* Merge pull request #7451 from mheon/fix_7195Ed Santiago2020-08-27
|\ | | | | Send HTTP Hijack headers after successful attach
| * Send HTTP Hijack headers after successful attachMatthew Heon2020-08-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Our previous flow was to perform a hijack before passing a connection into Libpod, and then Libpod would attach to the container's attach socket and begin forwarding traffic. A problem emerges: we write the attach header as soon as the attach complete. As soon as we write the header, the client assumes that all is ready, and sends a Start request. This Start may be processed *before* we successfully finish attaching, causing us to lose output. The solution is to handle hijacking inside Libpod. Unfortunately, this requires a downright extensive refactor of the Attach and HTTP Exec StartAndAttach code. I think the result is an improvement in some places (a lot more errors will be handled with a proper HTTP error code, before the hijack occurs) but other parts, like the relocation of printing container logs, are just *bad*. Still, we need this fixed now to get CI back into good shape... Fixes #7195 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | fix apiv2 will create containers with incorrect commandszhangguanzhang2020-08-24
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | fix /libpod/pods/json returns null when there are no podszhangguanzhang2020-08-21
|/ | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Merge pull request #7283 from mheon/pod_infra_has_exit_cmdOpenShift Merge Robot2020-08-17
|\ | | | | Ensure pod infra containers have an exit command
| * Clean up pods before returning from Pod Stop API callMatthew Heon2020-08-17
| | | | | | | | | | | | | | This should help alleviate races where the pod is not fully cleaned up before subsequent API calls happen. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | podman.service: use sdnotiyValentin Rothberg2020-08-13
|/ | | | | | | | | | | | | | | | Commit 2b6dd3fb4384 set the killmode of the podman.service to the systemd default which ultimately lead to the problem that systemd will kill *all* processes inside the unit's cgroup and hence kill all containers whenever the service is stopped. Fix it by setting the type to sdnotify and the killmode to process. `podman system service` will send the necessary notify messages when the NOTIFY_SOCKET is set and unset it right after to prevent the backend and container runtimes from jumping in between and send messages as well. Fixes: #7294 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Unconditionally retrieve pod names via APIMatthew Heon2020-08-10
| | | | | | | | | | | | | | | | | | The ListContainers API previously had a Pod parameter, which determined if pod name was returned (but, notably, not Pod ID, which was returned unconditionally). This was fairly confusing, so we decided to deprecate/remove the parameter and return it unconditionally. To do this without serious performance implications, we need to avoid expensive JSON decodes of pod configuration in the DB. The way our Bolt tables are structured, retrieving name given ID is actually quite cheap, but we did not expose this via the Libpod API. Add a new GetName API to do this. Fixes #7214 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #7215 from vrothberg/flatten-the-curveOpenShift Merge Robot2020-08-08
|\ | | | | images: speed up lists
| * image list: speed upValentin Rothberg2020-08-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Listing images has shown increasing performance penalties with an increasing number of images. Unless `--all` is specified, Podman will filter intermediate images. Determining intermediate images has been done by finding (and comparing!) parent images which is expensive. We had to query the storage many times which turned it into a bottleneck. Instead, create a layer tree and assign one or more images to nodes that match the images' top layer. Determining the children of an image is now exponentially faster as we already know the child images from the layer graph and the images using the same top layer, which may also be considered child images based on their history. On my system with 510 images, a rootful image list drops from 6 secs down to 0.3 secs. Also use the tree to compute parent nodes, and to filter intermediate images for pruning. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #7204 from baude/issue7197OpenShift Merge Robot2020-08-04
|\ \ | | | | | | Missing return after early exit
| * | Missing return after early exitBrent Baude2020-08-03
| |/ | | | | | | | | | | | | | | the exists code was plagued by a missing return statement meant to trigger an early exit. Fixes: #7197 Signed-off-by: Brent Baude <bbaude@redhat.com>
* / docker-compose uses application/tarBrent Baude2020-08-03
|/ | | | | | | | even though the official documentation suggests that application/x-tar should be used for tar files, it seems docker-compose uses application/tar. we now accept them and issue a warning. Fixes: #7185 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #7097 from QiWang19/usagedateOpenShift Merge Robot2020-08-03
|\ | | | | [CI:DOCS] apiv2 fix volumes not included field
| * [CI:DOCS] apiv2 fix volumes not inculded fieldQi Wang2020-07-29
| | | | | | | | | | | | Do not use volume from docker since UsageData field is not need. It's nullable in docker API and expensive to add. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #7188 from zhangguanzhang/network-404OpenShift Merge Robot2020-08-03
|\ \ | | | | | | API returns 500 in case network is not found instead of 404
| * | API returns 500 in case network is not found instead of 404zhangguanzhang2020-08-02
| | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | Merge pull request #7158 from rhatdan/commitOpenShift Merge Robot2020-08-03
|\ \ \ | | | | | | | | Handle single character images
| * | | Handle single character imagesDaniel J Walsh2020-07-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently you can only specify multiple character for image names when executing podman-remote commit podman-remote commit a b Will complete, but will save the image without a name. podman-remote commit a bb Works. This PR fixes and now returns an error if the user doees not specify an image name to commit to. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7141 from rhafer/image_descr_testOpenShift Merge Robot2020-08-03
|\ \ \ \ | |_|/ / |/| | | Add test case for description being present in search result
| * | | Make `search --no-trunc` work for podman remoteRalf Haferkamp2020-07-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The HTTP API for image search was still lacking support of the NoTrunc parameter. Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
| * | | API: Fix 'podman image search` missing descriptionRalf Haferkamp2020-07-31
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | `podman image search` returned wrong results for the image "Description" as it was mapped to the wrong field ("ID") in the search results. Basically cherry-picked into the api from commit cf5c63b5c492e41d72b6e3b6d75b5f39b0a957fd. Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
* / / Add versioned _ping endpointJhon Honce2020-07-31
|/ / | | | | | | | | | | Fixes #7008 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / Return NamesHistory when returning remote imagesDaniel J Walsh2020-07-29
|/ | | | | | | We are returning bogus data in podman-remote images --format json. This change will match the same data returned my podman images --format json. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6909 from rhatdan/podmanOpenShift Merge Robot2020-07-28
|\ | | | | Switch all references to github.com/containers/libpod -> podman
| * Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | compat/info.go: TrimPrefix(CGroupsVersion, "v")Akihiro Suda2020-07-28
|/ | | | | | For compatibility with Docker: https://github.com/moby/moby/blob/846b7e24ba549a972a2672ffdd88b140da688736/api/swagger.yaml#L4528-L4534 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* API events: fix parsing errorValentin Rothberg2020-07-27
| | | | | | | | Fix an error where an absent "filters" parameter led to JSON parsing errors. Fixes: #7078 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Remove 'experimental' from API docTomSweeneyRedHat2020-07-25
| | | | | | | | | The v2.0 reference [page](http://docs.podman.io/en/latest/Reference.html) lists the API as experimental. Removed that word and reworked the first paragraph a bit based on verbiage that @mheon put together for the API intro blog. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* Merge pull request #6742 from ↵OpenShift Merge Robot2020-07-24
|\ | | | | | | | | maybe-sybr/maybe/apiv2/fix-container-create-with-volumes APIv2:fix: Get volumes from `Binds` when creating
| * APIv2:fix: Get volumes from `Binds` when creatingmaybe-sybr2020-07-09
| | | | | | | | | | | | | | | | | | | | | | This change ensures that we pull volume bind specification strings from the correct spot in the POSTed data when creating containers. We should probably canity check that the mapping keys in `Volumes` are a superset of the binds listed in `HostConfig.Binds` but this cheap change removes an annoying behaviour where named volumes or host mount would be silently replaced with newly created anonymous volumes. Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* | Merge pull request #7035 from ashley-cui/api_genOpenShift Merge Robot2020-07-21
|\ \ | | | | | | Fix Generate API swagger title/description
| * | Fix Generate API title/descriptionAshley Cui2020-07-21
| | | | | | | | | | | | | | | | | | generate kube title and descritopn was same as play kube for apiv2 docs Signed-off-by: Ashley Cui <acui@redhat.com>
* | | events endpoint: backwards compat to old typeValentin Rothberg2020-07-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The versions Docker that the compat endpoints currently support are using another type for the `filters` parameter than later versions of Docker, which the libpod/events endpoint is also using. To prevent existing deplopyments from breaking while still achieving backward compat, we now support both types for the filters parameter. Tested manually. Fixes: #6899 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | events endpoint: fix panic and race conditionValentin Rothberg2020-07-20
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a potential panic in the events endpoint when parsing the filters parameter. Values of the filters map might be empty, so we need to account for that instead of uncondtitionally accessing the first item. Also apply a similar for race conditions as done in commit f4a2d25c0fca: Fix a race that could cause read errors to be masked. Masking such errors is likely to report red herrings since users don't see that reading failed for some reasons but that a given event could not be found. Another race was the handler closing event channel, which could lead to two kinds of panics: double close, send to close channel. The backend takes care of that. However, make sure that the backend stops working in case the context has been cancelled. Fixes: #6899 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | The compat create endpoint should 404 on no such imageMatthew Heon2020-07-16
| | | | | | | | | | | | | | | | | | | | This matches Docker behavior, and will make the Docker frontend work with `podman system service` (Docker tries to create, then if that fails with 404 sends a request to pull the image). Fixes #6960 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Fix handling of entrypointDaniel J Walsh2020-07-14
| | | | | | | | | | | | | | If a user specifies an entrypoint of "" then we should not use the images entrypoint. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Fix: Correct connection counters for hijacked connectionsKorhonen Sami (Samlink)2020-07-09
| | | | | | | | | | | | | | | | | | | | This patch fixes connection counters for v2 endpoints Idletracker was moved to a new package to prevent package cycle. Hijacking code still remains in wrong place and should be moved later to isolated package Signed-off-by: Sami Korhonen <skorhone@gmail.com>
* | Fix: Hijacking v2 endpoints to follow rfc 7230 semanticsKorhonen Sami (Samlink)2020-07-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After this patch v2 hijacking endpoints, exec/start and containers/attach follow rfc 7230 specification. Connection will only be upgraded, if client specifies upgrade headers: For tcp connections: Connection: Upgrade Upgrade: tcp For unix socket connections: Connection: Upgrade Upgrade: sock There are currently no checks if upgrade type actually matches with available protocols. Implementation just protocol that client requested Signed-off-by: Sami Korhonen <skorhone@gmail.com>
* | Remove hijacked connections from active connections listKorhonen Sami (Samlink)2020-07-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | StateHijacked is a terminal state. If hijacked connection is registered as an active connection, connection will never be unregistered. This causes two issues First issue is that active connection counters are off. Second issue is a resource leak caused by connection object that is stored to a map. After this patch hijacked connections are no longer visible in counters. If a counter for hijacked connections is required, podman must track connections returned by Hijacker.Hijack() It might make sense to develop abstraction layer for hijacking - and move all hijacking related code to a separate package. Hijacking code is prone to resource leaks and it should be thoroughly tested. Signed-off-by: Sami Korhonen <skorhone@gmail.com>
* | Merge pull request #6835 from zhangguanzhang/masterOpenShift Merge Robot2020-07-09
|\ \ | | | | | | fix API: Create container with an invalid configuration
| * | fix API: Create container with an invalid configurationzhangguanzhang2020-07-09
| |/ | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* / log API: add context to allow for cancellingValentin Rothberg2020-07-09
|/ | | | | | | | | Add a `context.Context` to the log APIs to allow for cancelling streaming (e.g., via `podman logs -f`). This fixes issues for the remote API where some go routines of the server will continue writing and produce nothing but heat and waste CPU cycles. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add support for Filter query parameter to list images apiKorhonen Sami (Samlink)2020-07-07
| | | | | | | | | | | | Docker api version 1.24 uses a query parameter named Filter for filtering images by names. In more recent versions of api name filter is in filters query parameter with other filters This patch adds a mapping that translates Filter query parameter to Filters={"reference": [""]} Signed-off-by: Sami Korhonen <skorhone@gmail.com>
* move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to `github.com/containers/libpod/v2`. The renaming of the imports was done via `gomove` [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6852 from skorhone/fix/6803_null_portsOpenShift Merge Robot2020-07-05
|\ | | | | Fix container inspect endpoint returning null for network settings / ports
| * Fix issue #6803 Container inspect endpoint returns null for ↵Korhonen Sami (Samlink)2020-07-03
| | | | | | | | | | | | | | | | NetworkSettings/Ports Implement mapping for NetworkSettings/Ports for Container inspect endpoint Signed-off-by: Sami Korhonen <skorhone@gmail.com>
* | Merge pull request #6838 from mheon/fix_panic_eventsOpenShift Merge Robot2020-07-02
|\ \ | |/ |/| Fix `system service` panic from early hangup in events
| * Fix `system service` panic from early hangup in eventsMatthew Heon2020-07-02
| | | | | | | | | | | | | | | | | | | | | | | | We weren't actually halting the goroutine that sent events, so it would continue sending even when the channel closed (the most notable cause being early hangup - e.g. Control-c on a curl session). Use a context to cancel the events goroutine and stop sending events. Fixes #6805 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | APIv2:fix: Handle docker volume force as expectedmaybe-sybr2020-07-02
| | | | | | | | | | | | | | | | | | In response to input regarding the semantic difference for the `force` parameter for volume removal between Docker and us, this change ensures that we emulate the Dockr behaviour correctly when this parameter is specified. Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>