| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Send HTTP Hijack headers after successful attach
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Our previous flow was to perform a hijack before passing a
connection into Libpod, and then Libpod would attach to the
container's attach socket and begin forwarding traffic.
A problem emerges: we write the attach header as soon as the
attach complete. As soon as we write the header, the client
assumes that all is ready, and sends a Start request. This Start
may be processed *before* we successfully finish attaching,
causing us to lose output.
The solution is to handle hijacking inside Libpod. Unfortunately,
this requires a downright extensive refactor of the Attach and
HTTP Exec StartAndAttach code. I think the result is an
improvement in some places (a lot more errors will be handled
with a proper HTTP error code, before the hijack occurs) but
other parts, like the relocation of printing container logs, are
just *bad*. Still, we need this fixed now to get CI back into
good shape...
Fixes #7195
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|/
|
|
| |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\
| |
| | |
Ensure pod infra containers have an exit command
|
| |
| |
| |
| |
| |
| |
| | |
This should help alleviate races where the pod is not fully
cleaned up before subsequent API calls happen.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 2b6dd3fb4384 set the killmode of the podman.service to the
systemd default which ultimately lead to the problem that systemd
will kill *all* processes inside the unit's cgroup and hence kill
all containers whenever the service is stopped.
Fix it by setting the type to sdnotify and the killmode to process.
`podman system service` will send the necessary notify messages
when the NOTIFY_SOCKET is set and unset it right after to prevent
the backend and container runtimes from jumping in between and send
messages as well.
Fixes: #7294
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ListContainers API previously had a Pod parameter, which
determined if pod name was returned (but, notably, not Pod ID,
which was returned unconditionally). This was fairly confusing,
so we decided to deprecate/remove the parameter and return it
unconditionally.
To do this without serious performance implications, we need to
avoid expensive JSON decodes of pod configuration in the DB. The
way our Bolt tables are structured, retrieving name given ID is
actually quite cheap, but we did not expose this via the Libpod
API. Add a new GetName API to do this.
Fixes #7214
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
images: speed up lists
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Listing images has shown increasing performance penalties with an
increasing number of images. Unless `--all` is specified, Podman
will filter intermediate images. Determining intermediate images
has been done by finding (and comparing!) parent images which is
expensive. We had to query the storage many times which turned it
into a bottleneck.
Instead, create a layer tree and assign one or more images to nodes that
match the images' top layer. Determining the children of an image is
now exponentially faster as we already know the child images from the
layer graph and the images using the same top layer, which may also be
considered child images based on their history.
On my system with 510 images, a rootful image list drops from 6 secs
down to 0.3 secs.
Also use the tree to compute parent nodes, and to filter intermediate
images for pruning.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Missing return after early exit
|
| |/
| |
| |
| |
| |
| |
| |
| | |
the exists code was plagued by a missing return statement meant to trigger an early exit.
Fixes: #7197
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
| |
even though the official documentation suggests that application/x-tar should be used for tar files, it seems docker-compose uses application/tar. we now accept them and issue a warning.
Fixes: #7185
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\
| |
| | |
[CI:DOCS] apiv2 fix volumes not included field
|
| |
| |
| |
| |
| |
| | |
Do not use volume from docker since UsageData field is not need. It's nullable in docker API and expensive to add.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
API returns 500 in case network is not found instead of 404
|
| | |
| | |
| | |
| | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\ \ \
| | | |
| | | | |
Handle single character images
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently you can only specify multiple character for image names
when executing podman-remote commit
podman-remote commit a b
Will complete, but will save the image without a name.
podman-remote commit a bb
Works.
This PR fixes and now returns an error if the user doees not specify an
image name to commit to.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Add test case for description being present in search result
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The HTTP API for image search was still lacking support of the NoTrunc
parameter.
Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`podman image search` returned wrong results for the image "Description" as
it was mapped to the wrong field ("ID") in the search results.
Basically cherry-picked into the api from
commit cf5c63b5c492e41d72b6e3b6d75b5f39b0a957fd.
Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
|
|/ /
| |
| |
| |
| |
| | |
Fixes #7008
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|/
|
|
|
|
|
| |
We are returning bogus data in podman-remote images --format json.
This change will match the same data returned my podman images --format json.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Switch all references to github.com/containers/libpod -> podman
|
| |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
| |
For compatibility with Docker: https://github.com/moby/moby/blob/846b7e24ba549a972a2672ffdd88b140da688736/api/swagger.yaml#L4528-L4534
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
|
|
|
|
|
|
|
| |
Fix an error where an absent "filters" parameter led to JSON parsing
errors.
Fixes: #7078
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The v2.0 reference [page](http://docs.podman.io/en/latest/Reference.html)
lists the API as experimental. Removed that word and reworked the first
paragraph a bit based on verbiage that @mheon put together for the
API intro blog.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\
| |
| |
| |
| | |
maybe-sybr/maybe/apiv2/fix-container-create-with-volumes
APIv2:fix: Get volumes from `Binds` when creating
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change ensures that we pull volume bind specification strings from
the correct spot in the POSTed data when creating containers. We should
probably canity check that the mapping keys in `Volumes` are a superset
of the binds listed in `HostConfig.Binds` but this cheap change removes
an annoying behaviour where named volumes or host mount would be
silently replaced with newly created anonymous volumes.
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
|
|\ \
| | |
| | | |
Fix Generate API swagger title/description
|
| | |
| | |
| | |
| | |
| | |
| | | |
generate kube title and descritopn was same as play kube for apiv2 docs
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The versions Docker that the compat endpoints currently support are
using another type for the `filters` parameter than later versions
of Docker, which the libpod/events endpoint is also using.
To prevent existing deplopyments from breaking while still achieving
backward compat, we now support both types for the filters parameter.
Tested manually.
Fixes: #6899
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a potential panic in the events endpoint when parsing the filters
parameter. Values of the filters map might be empty, so we need to
account for that instead of uncondtitionally accessing the first item.
Also apply a similar for race conditions as done in commit f4a2d25c0fca:
Fix a race that could cause read errors to be masked. Masking
such errors is likely to report red herrings since users don't
see that reading failed for some reasons but that a given event
could not be found.
Another race was the handler closing event channel, which could lead to
two kinds of panics: double close, send to close channel. The backend
takes care of that. However, make sure that the backend stops working
in case the context has been cancelled.
Fixes: #6899
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This matches Docker behavior, and will make the Docker frontend
work with `podman system service` (Docker tries to create, then
if that fails with 404 sends a request to pull the image).
Fixes #6960
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| | |
If a user specifies an entrypoint of "" then we should not use the images
entrypoint.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch fixes connection counters for v2 endpoints
Idletracker was moved to a new package to prevent package cycle.
Hijacking code still remains in wrong place and should be moved
later to isolated package
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
After this patch v2 hijacking endpoints, exec/start and
containers/attach follow rfc 7230 specification.
Connection will only be upgraded, if client specifies upgrade
headers:
For tcp connections:
Connection: Upgrade
Upgrade: tcp
For unix socket connections:
Connection: Upgrade
Upgrade: sock
There are currently no checks if upgrade type actually matches with
available protocols. Implementation just protocol that client
requested
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
StateHijacked is a terminal state. If hijacked connection
is registered as an active connection, connection will
never be unregistered. This causes two issues
First issue is that active connection counters are off.
Second issue is a resource leak caused by connection
object that is stored to a map.
After this patch hijacked connections are no longer
visible in counters. If a counter for hijacked
connections is required, podman must track
connections returned by Hijacker.Hijack()
It might make sense to develop abstraction layer for
hijacking - and move all hijacking related code to a
separate package. Hijacking code is prone to resource
leaks and it should be thoroughly tested.
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
|
|\ \
| | |
| | | |
fix API: Create container with an invalid configuration
|
| |/
| |
| |
| | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|/
|
|
|
|
|
|
|
| |
Add a `context.Context` to the log APIs to allow for cancelling
streaming (e.g., via `podman logs -f`). This fixes issues for
the remote API where some go routines of the server will continue
writing and produce nothing but heat and waste CPU cycles.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Docker api version 1.24 uses a query parameter named Filter
for filtering images by names. In more recent versions of
api name filter is in filters query parameter with other
filters
This patch adds a mapping that translates Filter query
parameter to Filters={"reference": [""]}
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the advent of Podman 2.0.0 we crossed the magical barrier of go
modules. While we were able to continue importing all packages inside
of the project, the project could not be vendored anymore from the
outside.
Move the go module to new major version and change all imports to
`github.com/containers/libpod/v2`. The renaming of the imports
was done via `gomove` [1].
[1] https://github.com/KSubedi/gomove
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Fix container inspect endpoint returning null for network settings / ports
|
| |
| |
| |
| |
| |
| |
| |
| | |
NetworkSettings/Ports
Implement mapping for NetworkSettings/Ports for Container inspect endpoint
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
|
|\ \
| |/
|/| |
Fix `system service` panic from early hangup in events
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We weren't actually halting the goroutine that sent events, so it
would continue sending even when the channel closed (the most
notable cause being early hangup - e.g. Control-c on a curl
session). Use a context to cancel the events goroutine and stop
sending events.
Fixes #6805
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In response to input regarding the semantic difference for the `force`
parameter for volume removal between Docker and us, this change ensures
that we emulate the Dockr behaviour correctly when this parameter is
specified.
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
|