aboutsummaryrefslogtreecommitdiff
path: root/pkg/api
Commit message (Collapse)AuthorAge
* podman manifest create: accept --amend and --insecure flagsNalin Dahyabhai2022-08-16
| | | | | | | | Accept a --amend flag in `podman manifest create`, and treat `--insecure` as we would `--tls-verify=false` in `podman manifest`'s "add", "create", and "push" subcommands. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Merge pull request #15270 from nicrowe00/kubegenerateOpenShift Merge Robot2022-08-16
|\ | | | | Add "podman kube generate" command
| * Add "podman kube generate" commandNiall Crowe2022-08-11
| | | | | | | | | | | | | | | | "podman kube generate" creates Kubernetes YAML from Podman containers, pods or volumes. Users will still be able to use "podman generate kube" as an alias of "kube generate". Signed-off-by: Niall Crowe <nicrowe@redhat.com>
* | Merge pull request #15285 from YoitoFes/fix-15210OpenShift Merge Robot2022-08-11
|\ \ | | | | | | remote manifest push: show copy progress
| * | remote manifest push: show copy progressNaoto Kobayashi2022-08-11
| |/ | | | | | | | | | | | | | | | | | | `podman-remote manifest push` has shown absolutely no progress at all. Fix that by doing the same as the remote-push code does. Like remote-push, `quiet` parameter is true by default for backwards compatibility. Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
* | Merge pull request #15157 from cdoern/apiLogOpenShift Merge Robot2022-08-11
|\ \ | |/ |/| fix LogConfig type for libpod API
| * fix LogConfig type for libpod APICharlie Doern2022-08-08
| | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] our native API was consuming the docker compat type for the API since the two have the exact same name. Fix this by renaming LogConfig to LogConfigLibpod resolves #15138 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | podman ssh work, using new c/common interfaceCharlie Doern2022-08-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | implement new ssh interface into podman this completely redesigns the entire functionality of podman image scp, podman system connection add, and podman --remote. All references to golang.org/x/crypto/ssh have been moved to common as have native ssh/scp execs and the new usage of the sftp package. this PR adds a global flag, --ssh to podman which has two valid inputs `golang` and `native` where golang is the default. Users should not notice any difference in their everyday workflows if they continue using the golang option. UNLESS they have been using an improperly verified ssh key, this will now fail. This is because podman was incorrectly using the ssh callback method to IGNORE the ssh known hosts file which is very insecure and golang tells you not yo use this in production. The native paths allows for immense flexibility, with a new containers.conf field `SSH_CONFIG` that specifies a specific ssh config file to be used in all operations. Else the users ~/.ssh/config file will be used. podman --remote currently only uses the golang path, given its deep interconnection with dialing multiple clients and urls. My goal after this PR is to go back and abstract the idea of podman --remote from golang's dialed clients, as it should not be so intrinsically connected. Overall, this is a v1 of a long process of offering native ssh, and one that covers some good ground with podman system connection add and podman image scp. Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | build: implement --cache-to,--cache-from and --cache-ttlAditya R2022-08-09
|/ | | | | | | [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
* remove image podman no pruneKarthik Elango2022-08-04
| | | | Signed-off-by: Karthik Elango <kelango@redhat.com>
* switch from "kube/play" endpoint to "play/kube" endpoint.Niall Crowe2022-08-02
| | | | | | | | | When podman kube play was added the endpoint for the kube play/play kube commands was switched from the "play kube" endpoint to the new "kube play" endpoint. This caused issues with the remote client, requiring the need to use the "play kube" endpoint again in order to avoid these issues. Signed-off-by: Niall Crowe <nicrowe@redhat.com>
* Add flag "--compression-format" to "podman manifest push" both in ↵Romain Geissler2022-07-30
| | | | | | | | | local/remote mode. Also Fix usage of flag "--compression-format" for remote "podman image push". Fix usage of flags "--format", "--remove-signatures" in remote "podman manifest push". Closes #15109. Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
* Use 8k buffer to help clients w/ broken parsingJason T. Greene2022-07-29
| | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Set TLSVerify=true by default for API endpointsVladimir Kochnev2022-07-26
| | | | | | | | | | | | | | | | | | | | | Option defaults in API must be the same as in CLI. ``` % podman image push --help % podman image pull --help % podman manifest push --help % podman image search --help ``` All of these CLI commands them have --tls-verify=true by default: ``` --tls-verify require HTTPS and verify certificates when accessing the registry (default true) ``` As for `podman image build`, it doesn't have any means to control `tlsVerify` parameter but it must be true by default. Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
* Merge pull request #15040 from Luap99/api-umaskOpenShift Merge Robot2022-07-22
|\ | | | | API: libpod/create use correct default umask
| * API: libpod/create use correct default umaskPaul Holzinger2022-07-22
| | | | | | | | | | | | | | | | | | Make sure containers created via API have the correct umask from containers.conf set. Fixes #15036 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #15016 from Luap99/compat-netnameOpenShift Merge Robot2022-07-22
|\ \ | |/ |/| compat api: allow default bridge name for networks
| * compat api: always turn on network isolation for networksPaul Holzinger2022-07-21
| | | | | | | | | | | | | | | | | | Fix some network option parsing logic to use constants. Always use the isolate option since this is what docker does. Remove the icc option, this is different from isolate and it is not implemented. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * compat api: allow default bridge name for networksPaul Holzinger2022-07-21
| | | | | | | | | | | | | | | | | | | | Docker uses "bridge" as default network name so some tools expect this to work with network list or inspect. To fix this we change "bridge" to the podman default ("podman") name. Fixes #14983 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #14968 from jmguzik/compatOpenShift Merge Robot2022-07-22
|\ \ | | | | | | Compat API: unify pull/push and add missing progress info
| * | Compat API: unify pull/push and add missing progress infoJakub Guzik2022-07-21
| |/ | | | | | | | | | | | | | | | | Progress bar in JSONMessage is missing compared to docker output both in pull and push. Additionaly, pull was not using JSONMessage while push was using the type. [NO NEW TESTS NEEDED] Signed-off-by: Jakub Guzik <jguzik@redhat.com>
* / remote push: show copy progressValentin Rothberg2022-07-21
|/ | | | | | | | | | | | | | | `podman-remote push` has shown absolutely no progress at all. Fix that by doing essentially the same as the remote-pull code does. The get-free-out-of-jail-card for backwards compatibility is to let the `quiet` parameter default to true. Since the --quioet flag wasn't working before either, older Podman clients do not set it. Also add regression tests to make sure we won't regress again. Fixes: #11554 Fixes: #14971 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Podman stop --filter flagKarthik Elango2022-07-14
| | | | | | | Filter flag is added for podman stop and podman --remote stop. Filtering logic is implemented in getContainersAndInputByContext(). Start filtering can be manipulated to use this logic as well to limit redundancy. Signed-off-by: Karthik Elango <kelango@redhat.com>
* Switch to `github.com/blang/semver/v4`Sascha Grunert2022-07-14
| | | | | | | | Switch to the latest version of the now go module compatible release. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* Add "podman kube play" cmdNiall Crowe2022-07-13
| | | | | | | | | | | The "podman kube play" command is designed to be a replacement for the "podman play kube" command. It performs the same function as "play kube" while also still working with the same flags and options. The "podman play kube" command is still functional as an alias of "kube play". Closes #12475 Signed-off-by: Niall Crowe <nicrowe@redhat.com> Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #14818 from rhatdan/waitopenshift-ci[bot]2022-07-11
|\ | | | | podman wait can take multiple conditions
| * podman wait can take multiple conditionsDaniel J Walsh2022-07-08
| | | | | | | | | | | | | | | | Podman wait should not be defaulting to just stopped. By default wait API waits for stopped and exited. We should not override this on the client side. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | pkg: switch to golang native error wrappingSascha Grunert2022-07-08
|/ | | | | | | | | We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* Merge pull request #14825 from jmguzik/fix_streaming_pod_statsopenshift-ci[bot]2022-07-07
|\ | | | | Fix streaming for libpod/pods/stats endpoint
| * Fix streaming for libpod/pods/stats endpointJakub Guzik2022-07-05
| | | | | | | | | | | | | | | | This commit fixes libpod/pods/stats endpoint which should stream the data. Additional option param is added to disable streaming and the delay value to choose the desired delay between streamed messages (default 5s). Signed-off-by: Jakub Guzik <jguzik@redhat.com>
* | Merge pull request #14673 from idleroamer/fix-network-inspect-mainopenshift-ci[bot]2022-07-07
|\ \ | | | | | | Fix network inspect compat API discrepancy
| * | Fix network inspect compat API discrepancy🤓 Mostafa Emami2022-07-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | - containerInspect compat API expects field value PrefixLen instead of PrefixLength for type Address for SecondaryIPAddresses - Add tests for network part of containerInspect compat api Closes: containers#14674 Signed-off-by: 🤓 Mostafa Emami <mustafaemami@gmail.com>
* | | use c/common code for resize and CopyDetachablePaul Holzinger2022-07-06
| |/ |/| | | | | | | | | | | | | | | Since conmon-rs also uses this code we moved it to c/common. Now podman should has this also to prevent duplication. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | libpod: switch to golang native error wrappingSascha Grunert2022-07-05
| | | | | | | | | | | | | | | | | | We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* | Merge pull request #14534 from jakecorrenti/docker-compose-update-network-mtuopenshift-ci[bot]2022-07-05
|\ \ | | | | | | (rootful) docker-compose now updates network MTU
| * | (rootful) docker-compose now updates network MTUJake Correnti2022-07-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, the following network block did not update using docker-compose: ``` networks: default: driver: bridge driver_opts: mtu: 9000 ``` In the API, the network options were previously not being handled when the network was being created. I translated the docker options into podman options, and added the options to the network. When doing `podman network inspect <network>`, the results now contain `"mtu": "9000"` Fixes: #14482 Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* | | libpod/runtime: switch to golang native error wrappingSascha Grunert2022-07-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* | | api,images: add support for LookupManifest to Image remove APIAditya R2022-06-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ImagesBatchRemoval and ImageRemoval now honors and accepts `LookupManifest` parameter which further tells libimage to resolve to manifest list if it exists instead of actual image. Following PR also makes `podman-remote manifest rm` functional which was broken till now. Closes: https://github.com/containers/podman/issues/14763 Signed-off-by: Aditya R <arajan@redhat.com>
* | | Merge pull request #14400 from cdoern/scpopenshift-ci[bot]2022-06-28
|\ \ \ | | | | | | | | podman image scp remote support & podman image scp tagging
| * | | podman image scp remote support & podman image scp taggingcdoern2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add support for podman-remote image scp as well as direct access via the API. This entailed a full rework of the layering of image scp functions as well as the usual API plugging and type creation also, implemented podman image scp tagging. which makes the syntax much more readable and allows users t tag the new image they are loading to the local/remote machine: allow users to pass a "new name" for the image they are transferring `podman tag` as implemented creates a new image im `image list` when tagging, so this does the same meaning that when transferring images with tags, podman on the remote machine/user will load two images ex: `podman image scp computer1::alpine computer2::foobar` creates alpine:latest and localhost/foobar on the remote host implementing tags means removal of the flexible syntax. In the currently released podman image scp, the user can either specify `podman image scp source::img dest::` or `podman image scp dest:: source::img`. However, with tags this task becomes really hard to check which is the image (src) and which is the new tag (dst). Removal of that streamlines the arg parsing process Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | Merge pull request #14700 from shuttle-hq/bug/docker-compat-initializedopenshift-ci[bot]2022-06-28
|\ \ \ \ | |/ / / |/| | | Docker compat returning unknown "initialized" for `status.status`
| * | | Docker compat returning unknown "initialized" for `status.status`chesedo2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some background for this PR is in discussion #14641. In short, ever so often a container inspect will return a `status.status` of `initialized` from the Docker compat socket. From the discussion I found these lines which tries to fix a "configured" status to "created". https://github.com/containers/podman/blob/c936d1e61154b6826e9d8df46e9660aba6c86cfe/pkg/api/handlers/compat/containers.go#L291-L294 However, commit 141de8686289 (Revamp Libpod state strings for Docker compat) removed the "configured" return value from the `String()` method called on line 291 above. Thus, making the `if` check redundant as it will never hit. But the same commit also introduces a return for "initialized" which this `if` should probably have been adapted for. Signed-off-by: Pieter Engelbrecht <pieter@shuttle.rs>
* | | | Merge pull request #14654 from cdoern/cgroupopenshift-ci[bot]2022-06-27
|\ \ \ \ | | | | | | | | | | podman cgroup enhancement
| * | | | podman cgroup enhancementcdoern2022-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | currently, setting any sort of resource limit in a pod does nothing. With the newly refactored creation process in c/common, podman ca now set resources at a pod level meaning that resource related flags can now be exposed to podman pod create. cgroupfs and systemd are both supported with varying completion. cgroupfs is a much simpler process and one that is virtually complete for all resource types, the flags now just need to be added. systemd on the other hand has to be handeled via the dbus api meaning that the limits need to be passed as recognized properties to systemd. The properties added so far are the ones that podman pod create supports as well as `cpuset-mems` as this will be the next flag I work on. Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | | libpod: fix wait and exit-code logicValentin Rothberg2022-06-23
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit addresses three intertwined bugs to fix an issue when using Gitlab runner on Podman. The three bug fixes are not split into separate commits as tests won't pass otherwise; avoidable noise when bisecting future issues. 1) Podman conflated states: even when asking to wait for the `exited` state, Podman returned as soon as a container transitioned to `stopped`. The issues surfaced in Gitlab tests to fail [1] as `conmon`'s buffers have not (yet) been emptied when attaching to a container right after a wait. The race window was extremely narrow, and I only managed to reproduce with the Gitlab runner [1] unit tests. 2) The clearer separation between `exited` and `stopped` revealed a race condition predating the changes. If a container is configured for autoremoval (e.g., via `run --rm`), the "run" process competes with the "cleanup" process running in the background. The window of the race condition was sufficiently large that the "cleanup" process has already removed the container and storage before the "run" process could read the exit code and hence waited indefinitely. Address the exit-code race condition by recording exit codes in the main libpod database. Exit codes can now be read from a database. When waiting for a container to exit, Podman first waits for the container to transition to `exited` and will then query the database for its exit code. Outdated exit codes are pruned during cleanup (i.e., non-performance critical) and when refreshing the database after a reboot. An exit code is considered outdated when it is older than 5 minutes. While the race condition predates this change, the waiting process has apparently always been fast enough in catching the exit code due to issue 1): `exited` and `stopped` were conflated. The waiting process hence caught the exit code after the container transitioned to `stopped` but before it `exited` and got removed. 3) With 1) and 2), Podman is now waiting for a container to properly transition to the `exited` state. Some tests did not pass after 1) and 2) which revealed the third bug: `conmon` was executed with its working directory pointing to the OCI runtime bundle of the container. The changed working directory broke resolving relative paths in the "cleanup" process. The "cleanup" process error'ed before actually cleaning up the container and waiting "main" process ran indefinitely - or until hitting a timeout. Fix the issue by executing `conmon` with the same working directory as Podman. Note that fixing 3) *may* address a number of issues we have seen in the past where for *some* reason cleanup processes did not fire. [1] https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27119#note_970712864 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com> [MH: Minor reword of commit message] Signed-off-by: Matthew Heon <mheon@redhat.com>
* / / / Fix spelling "setup" -> "set up" and similarErik Sjölund2022-06-22
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | * Replace "setup", "lookup", "cleanup", "backup" with "set up", "look up", "clean up", "back up" when used as verbs. Replace also variations of those. * Improve language in a few places. Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | Merge pull request #14662 from Luap99/api-jsonopenshift-ci[bot]2022-06-21
|\ \ \ | | | | | | | | API: containers/json always set application/json content type
| * | | API: containers/json always set application/json content typePaul Holzinger2022-06-20
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | When we return no containers we just return `[]` but we still have to keep the content type header `application/json` so external tools can correctly parse the output. Fixes #14647 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / | api: show the memory limit specified for the containerGiuseppe Scrivano2022-06-21
|/ / | | | | | | | | | | | | | | | | | | | | use the memory limit specified for the container instead of reading it from the cgroup. It is not reliable to read it from the cgroup since the container could have been moved to a different cgroup and in general the OCI runtime might create a sub-cgroup (like crun does). Closes: https://github.com/containers/podman/issues/14676 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #14585 from Luap99/nolintopenshift-ci[bot]2022-06-14
|\ \ | | | | | | golangci-lint: enable nolintlint