summaryrefslogtreecommitdiff
path: root/pkg/bindings
Commit message (Collapse)AuthorAge
* libpod: fix race when closing STDINPaul Holzinger2021-10-06
| | | | | | | | | | | | | | | | There is a race where `conn.Close()` was called before `conn.CloseWrite()`. In this case `CloseWrite` will fail and an useless error is printed. To fix this we move the the `CloseWrite()` call to the same goroutine to remove the race. This ensures that `CloseWrite()` is called before `Close()` and never afterwards. Also fixed podman-remote run where the STDIN was never was closed. This is causing flakes in CI testing. [NO TESTS NEEDED] Fixes #11856 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Add --time out for podman * rm -f commandsDaniel J Walsh2021-10-04
| | | | | | | | | Add --time flag to podman container rm Add --time flag to podman pod rm Add --time flag to podman volume rm Add --time flag to podman network rm Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add podman play kube --no-hosts optionsDaniel J Walsh2021-10-01
| | | | | | | | | This option will setup the containers to not modify their /etc/hosts file and just use the one from the image. Fixes: https://github.com/containers/podman/issues/9500 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add guard for BuildOptions.CommonBuildOptsJhon Honce2021-09-30
| | | | | | | Existing images.Build() bindings code panicked when field was not initialized. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Remind user to check connection or use podman machineAshley Cui2021-09-28
| | | | | | | Remind user to check their remote linux connection or use podman machine. Move the warning from bindings to cmd/podman. Signed-off-by: Ashley Cui <acui@redhat.com>
* image prune: support removing external containersValentin Rothberg2021-09-28
| | | | | | | | Support removing external containers (e.g., build containers) during image prune. Fixes: #11472 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* remote build: EvalSymlinks() the context directoryNalin Dahyabhai2021-09-27
| | | | | | | Use EvalSymlinks() to find the context directory, in case there's shenanigans. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* standardize logrus messages to upper caseDaniel J Walsh2021-09-22
| | | | | | | | Remove ERROR: Error stutter from logrus messages also. [ NO TESTS NEEDED] This is just code cleanup. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman save: add `--uncompressed`Valentin Rothberg2021-09-22
| | | | | | | | | | Add an option to `podman save` to allow uncompressed layers when copying OCI images. Do the neccessary plumbing for the remote client, add tests and vendor in the latest commit from c/common to fetch the neccessary changes in libimage. Closes: #11613 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Wire network interface into libpodPaul Holzinger2021-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make use of the new network interface in libpod. This commit contains several breaking changes: - podman network create only outputs the new network name and not file path. - podman network ls shows the network driver instead of the cni version and plugins. - podman network inspect outputs the new network struct and not the cni conflist. - The bindings and libpod api endpoints have been changed to use the new network structure. The container network status is stored in a new field in the state. The status should be received with the new `c.getNetworkStatus`. This will migrate the old status to the new format. Therefore old containers should contine to work correctly in all cases even when network connect/ disconnect is used. New features: - podman network reload keeps the ip and mac for more than one network. - podman container restore keeps the ip and mac for more than one network. - The network create compat endpoint can now use more than one ipam config. The man pages and the swagger doc are updated to reflect the latest changes. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* build: take advantage of --platform listsNalin Dahyabhai2021-09-14
| | | | | | | | | | | The builder can take a list of platforms in the Platforms field of its BuildOptions argument, and we should definitely take advantage of that. The `bud-multiple-platform-values` test from buildah exercises support for this, so [NO TESTS NEEDED] Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Enhance bindings for IDE hintsJhon Honce2021-09-14
| | | | | | | | | | | * Follow https://pkg.go.dev/cmd/go#hdr-Generate_Go_files_by_processing_source for leading comment * Add godoc strings for all exposed methods for IDE support * Copy field godoc strings into generated code as function godoc string * Remove unused/unnecessary fields from generator.go structures * Cleanup code regarding template usage Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Stop outputting 'healthy' on healthcheckDaniel J Walsh2021-09-10
| | | | | | | | | We should only print unhealthy if the check fails. Currently this is filling logs when users are running lots of healthchecks. Improves: https://github.com/containers/podman/issues/11157 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* pkg/bindings/images.nTar(): set ownership of build context to 0:0Nalin Dahyabhai2021-09-07
| | | | | | | | | | | | | | | | | | When attempting to run remote builds, users with UID/GID values that were high enough that they wouldn't be mapped into their default user namespace configurations would see their builds fail when the server attempted to extract the build contexts that they supplied, and failed to set ownership of the build context content to the UID/GID that were originally assigned to them. When archiving the build context at the client, set ownership of everything to 0:0, which we know is always mapped. Both ADD and COPY require that we set the ownership of newly-added content to 0:0 (unless the --chown flag is used), so throwing away the original ownership information doesn't hurt, anyway. As usual, tarballs that we extract as part of ADD aren't going to be affected. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Add filtering functionality to http api secrets listJakub Guzik2021-09-03
| | | | | | | | Filtering is missing in both compat API and libpod API, while docker has filtering functinality. This commit enables filtering option using name and id in both libpod and http API. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* InfraContainer Reworkcdoern2021-08-26
| | | | | | | | | | InfraContainer should go through the same creation process as regular containers. This change was from the cmd level down, involving new container CLI opts and specgen creating functions. What now happens is that both container and pod cli options are populated in cmd and used to create a podSpecgen and a containerSpecgen. The process then goes as follows FillOutSpecGen (infra) -> MapSpec (podOpts -> infraOpts) -> PodCreate -> MakePod -> createPodOptions -> NewPod -> CompleteSpec (infra) -> MakeContainer -> NewContainer -> newContainer -> AddInfra (to pod state) Signed-off-by: cdoern <cdoern@redhat.com>
* Merge pull request #11298 from baude/kubeupdownOpenShift Merge Robot2021-08-26
|\ | | | | teardown play kube
| * teardown play kubeBrent Baude2021-08-24
| | | | | | | | | | | | | | | | | | add the ability for play kube to tear down based on the yaml used to play it. it is indicated by --down in the play kube command. volumes are NOT deleted during the teardown. pods and their containers are stopped and removed. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Fix file descriptor leaks and add testJhon Honce2021-08-24
|/ | | | | | | | | | * Add response.Body.Close() where needed to release HTTP connections to API server. * Add tests to ensure no general leaks occur. 100% coverage would be required to ensure no leaks on any call. * Update code comments to be godoc correct Signed-off-by: Jhon Honce <jhonce@redhat.com>
* pkg/bindings/images.nTar(): slashify hdr.Name valuesNalin Dahyabhai2021-08-18
| | | | | | | | | | | | | When setting path names in the build context archive, convert path names to use forward slashes, as is normal for those archives, so that directory hierarchies archived on Windows hosts extract correctly everywhere. Not really sure how to run the remote client in CI on a system that uses `\` as a path separator, which is where this error crops up, so [NO TESTS NEEDED] Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Change connection error to be helpful for machine usersAshley Cui2021-08-11
| | | | | | | If a podman-remote connection fails, remind the user to check their linux system and podman machine vm Signed-off-by: Ashley Cui <acui@redhat.com>
* Bump Buildah to v1.22.0 [NO TESTS NEEDED]TomSweeneyRedHat2021-08-04
| | | | | | | | | Bump Buildah to v1.22.0 in preparation for RHEL 8.5 and RHEL 9.0beta. Also bump c/common to v0.42.1 [NO TESTS NEEDED] Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11003 from pascomnet/f_statsopenshift-ci[bot]2021-08-04
|\ | | | | stats: add a interval parameter to cli and api stats streaming
| * e2e tests: re-enable and fix podman stats testsThomas Weber2021-08-02
| | | | | | | | | | | | | | | | | | | | Renamed podman pod stats test specs to distinguish them from podman stats tests. podman stats tests where disabled by a +build flag. Fix podman stats format test, add negative test. Fix podman stats cli command, exit non-zero on invalid format string. Add tests for podman stats interval flag. Signed-off-by: Thomas Weber <towe75@googlemail.com>
| * stats: add a interval parameter to cli and api stream modeThomas Weber2021-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | podman stats polled by default in a 1 sec period. This can put quite some load on a machine if you run many containers. The default value is now 5 seconds. You can change this interval with a new, optional, --interval, -i cli flag. The api request got also a interval query parameter for the same purpose. Additionally a unused const was removed. Api and cli will fail the request if a 0 or negative value is passed in. Signed-off-by: Thomas Weber <towe75@googlemail.com>
* | Merge pull request #11067 from vrothberg/fix-10154-2OpenShift Merge Robot2021-07-28
|\ \ | | | | | | remote build: fix streaming and error handling
| * | remote build: fix streaming and error handlingValentin Rothberg2021-07-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Address a number of issues in the streaming logic in remote build, most importantly an error in using buffered channels on the server side. The pattern below does not guarantee that the channel is entirely read before the context fires. for { select { case <- bufferedChannel: ... case <- ctx.Done(): ... } } Fixes: #10154 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10910 from ↵OpenShift Merge Robot2021-07-28
|\ \ \ | |/ / |/| | | | | | | | adrianreber/2021-07-12-checkpoint-restore-into-pod Add support for checkpoint/restore into and out of pods
| * | Support checkpoint/restore with podsAdrian Reber2021-07-27
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support to checkpoint containers out of pods and restore container into pods. It is only possible to restore a container into a pod if it has been checkpointed out of pod. It is also not possible to restore a non pod container into a pod. The main reason this does not work is the PID namespace. If a non pod container is being restored in a pod with a shared PID namespace, at least one process in the restored container uses PID 1 which is already in use by the infrastructure container. If someone tries to restore container from a pod with a shared PID namespace without a shared PID namespace it will also fail because the resulting PID namespace will not have a PID 1. Signed-off-by: Adrian Reber <areber@redhat.com>
* / support container to container copyMehul Arora2021-07-27
|/ | | | | | | | | Implement container to container copy. Previously data could only be copied from/to the host. Fixes: #7370 Co-authored-by: Mehul Arora <aroram18@mcmaster.ca> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* podman-remote build use .containerignore over .dockerignoreDaniel J Walsh2021-07-14
| | | | | | | | | | | | | | | | | | | | | | $ mkdir zzz;cd zzz $ printf "FROM quay.io/libpod/testimage:20210610\nCOPY ./ ./\nCOPY subdir ./\n" >Dockerfile $ printf "*\nsubdir\n\!*/sub1*\n" >.dockerignore $ mkdir subdir; touch subdir/sub1.txt $ ../bin/podman-remote build . Should fail, but succeeds because we are not sending over the .dockerignore file to the server side. This PR will send the .dockerignore so the server side and use it. Fixes: #10907 Also if both .containerignore and .dockerignore in the context directory, podman-remote should prefer .containerignore and not use .dockerignore. Fixes: #10908 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #10916 from mheon/fix_7360OpenShift Merge Robot2021-07-14
|\ | | | | Perform a one-sided close of HTTP attach conn on EOF
| * Perform a one-sided close of HTTP attach conn on EOFMatthew Heon2021-07-13
| | | | | | | | | | | | | | | | | | | | | | On EOF of STDIN, we need to perform a one-sided close of the attach connection on the client side, to ensure that STDIN finishing will also cause the exec session to terminate, instead of hang. Fixes #7360 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Don't exclude Dockerfile, Containerfiles from tar contentDaniel J Walsh2021-07-10
|/ | | | | | | | | | | | | If the user specifies "*" in a .dockerignore or a .containerignore then podman-remote build should not exclude the Dockerfile or Containerfile or any content pointed to by `-f` in the context directory. We still need these files on the server side to complete the build. Fixes: https://github.com/containers/podman/issues/9867 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Replace old RESTful tutorial with updated READMEBrent Baude2021-07-07
| | | | | | | | | | | Remove outdated information on go bindings. Moved the tips for debugging into the REAME and tidied up relevant links. Fixes: #9334 [CI_DOCS] [NO TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #10836 from Luap99/diffOpenShift Merge Robot2021-07-03
|\ | | | | podman diff accept two images or containers
| * podman diff accept two images or containersPaul Holzinger2021-07-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First, make podman diff accept optionally a second argument. This allows the user to specify a second image/container to compare the first with. If it is not set the parent layer will be used as before. Second, podman container diff should only use containers and podman image diff should only use images. Previously, podman container diff would use the image when both an image and container with this name exists. To make this work two new parameters have been added to the api. If they are not used the previous behaviour is used. The same applies to the bindings. Fixes #10649 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Implement --archive flag for podman cpMatej Vasek2021-07-01
|/ | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* Bump github.com/containers/storage from 1.32.3 to 1.32.5Daniel J Walsh2021-06-29
| | | | | | | | | | | | | | | | | Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.32.3 to 1.32.5. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.32.3...v1.32.5) --- updated-dependencies: - dependency-name: github.com/containers/storage dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* read secret config from config file if no user data.Tino Rusch2021-06-24
| | | | | | | | | | | | feat: read secret config from config file if the user hasn't entered explicit config values feat: allow to specify `--driver-opts opt1=val1,opt2=val2` in the secret create command to allow overriding the default values fix: show driver options in `podman secret inspect` Signed-off-by: Tino Rusch <tino.rusch@gmail.com>
* create: support images with invalid platformValentin Rothberg2021-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Much to my regret, there is a number of images in the wild with invalid platforms breaking the platform checks in libimage that want to make sure that a local image is matching the expected platform. Imagine a `podman run --arch=arm64 fedora` with a local amd64 fedora image. We really shouldn't use the local one in this case and pull down the arm64 one. The strict platform checks in libimage in combination with invalid platforms in images surfaced in Podman being able to pull an image but failing to look it up in subsequent presence checks. A `podman run` would hence pull such an image but fail to create the container. Support images with invalid platforms by vendoring the latest HEAD from containers/common. Also remove the partially implemented pull-policy logic from Podman and let libimage handle that entirely. However, whenever --arch, --os or --platform are specified, the pull policy will be forced to "newer". This way, we pessimistically assume that the local image has an invalid platform and we reach out to the registry. If there's a newer image (i.e., one with a different digest), we'll pull it down. Please note that most of the logic has either already been implemented in libimage or been moved down which allows for removing some clutter from Podman. [NO TESTS NEEDED] since c/common has new tests. Podman can rely on the existing tests. Fixes: #10648 Fixes: #10682 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Fix resize race with podman exec -itPaul Holzinger2021-06-16
| | | | | | | | | | | When starting a process with `podman exec -it` the terminal is resized after the process is started. To fix this allow exec start to accept the terminal height and width as parameter and let it resize right before the process is started. Fixes #10560 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Add support for podman remote build -f - .Daniel J Walsh2021-06-11
| | | | | | Fixes: https://github.com/containers/podman/issues/10621 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman-remote build should handle -f option properlyDaniel J Walsh2021-06-08
| | | | | | | | | | podman-remote build has to handle multiple different locations for the Containerfile. Currently this works in local mode but not when using podman-remote. Fixes: https://github.com/containers/podman/issues/9871 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* remote: always send resize before the container startsPaul Holzinger2021-06-04
| | | | | | | | | | | | | There is race condition in the remote client attach logic. Because the resize api call was handled in an extra goroutine the container was started before the resize call happend. To fix this we have to call resize in the same goroutine as attach. When the first resize is done start a goroutine to listen on SIGWINCH in the background and resize again if the signal is received. Fixes #9859 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Handle hard links in different directoriesDaniel J Walsh2021-05-24
| | | | | | Fixes: https://github.com/containers/podman/issues/10444 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Handle hard links in remote buildsDaniel J Walsh2021-05-22
| | | | | | Fixes: https://github.com/containers/podman/issues/9893 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix podman-remote build --rm=false ...Daniel J Walsh2021-05-10
| | | | | | | | | Fixes: https://github.com/containers/podman/issues/9869 [NO TESTS NEEDED] Since the podman-remote buildah tests will test this, and this is clearly correct. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* build: improve regex for iidfileGiuseppe Scrivano2021-05-06
| | | | | | | | | | | improve the regex to match only at the beginning of the line. It prevents matching "Copying %s $CHECKSUM" messages returned by the containers/image copy process. Closes: https://github.com/containers/podman/issues/10233 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #10208 from Luap99/play-kube-macOpenShift Merge Robot2021-05-05
|\ | | | | add --mac-address to podman play kube