summaryrefslogtreecommitdiff
path: root/pkg/domain/infra/abi/containers.go
Commit message (Collapse)AuthorAge
* Merge pull request #6636 from mheon/add_warningsOpenShift Merge Robot2020-06-17
|\ | | | | Re-add resource limit warnings to Specgen
| * Re-add resource limit warnings to SpecgenMatthew Heon2020-06-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These were part of Podman v1.9, but were lost in the transition to using Specgen to create containers. Most resource limits are checked via the sysinfo package to ensure they are safe to use (the cgroup is mounted, kernel support is present, etc) and removed if not safe. Further, bounds checks are performed to ensure that values are valid. Ensure these warnings are printed client-side when they occur. This part is a little bit gross, as it happens in pkg/infra and not cmd/podman, which is largely down to how we implemented `podman run` - all the work is done in pkg/infra and it returns only once the container has exited, and we need warnings to print *before* the container runs. The solution here, while inelegant, avoid the need to extensively refactor our handling of run. Should fix blkio-limit warnings that were identified by the FCOS test suite. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Fix podman inspect on overlapping/missing objectsMatthew Heon2020-06-16
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | This started as a small fix to `podman inspect` where a container and image, with the same name/tag, were present, and `podman inspect` was run on that name. `podman inspect` in 1.9 (and `docker inspect`) will give you the container; in v2.0, we gave the image. This was an easy fix (just reorder how we check for image/container). Unfortunately, in the process of testing this fix, I determined that we regressed in a different area. When you run inspect on a number of containers, some of which do not exist, `podman inspect` should return an array of inspect results for the objects that exist, then print a number of errors, one for each object that could not be found. We were bailing after the first error, and not printing output for the containers that succeeded. (For reference, this applied to images as well). This required a much more substantial set of changes to properly handle - signatures for the inspect functions in ContainerEngine and ImageEngine, plus the implementations of these interfaces, plus the actual inspect frontend code needed to be adjusted to use this. Fixes #6556 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Turn on More lintersDaniel J Walsh2020-06-15
| | | | | | | | | - misspell - prealloc - unparam - nakedret Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix Id->ID where possible for lintDaniel J Walsh2020-06-10
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fixup issues found by golintDaniel J Walsh2020-06-10
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add parallel operation to `podman stop`Matthew Heon2020-06-05
| | | | | | | | | | | | This is the other command that benefits greatly from being run in parallel, due to the potential 15-second timeout for containers that ignore SIGTERM. While we're at it, also clean up how stop timeout is set. This needs to be an optional parameter, so that the value set when the container is created with `--stop-timeout` will be respected. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add parallel execution code for container operationsMatthew Heon2020-06-05
| | | | | | | | This code will run container operations in parallel, up to a given maximum number of threads. Currently, it has only been enabled for local `podman rm` as a proof of concept. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* When stopping containers locally, ensure cleanup runsMatthew Heon2020-06-03
| | | | | | | | | | | | | The cleanup process was already running and ensuring that mounts and networking configuration was cleaned up on container stop, but this was async from the actual `podman stop` command which breaks some expectations - the container is still mounted at the end of `podman stop` and will be cleaned up soon, but not immediately. Fortunately, it's a trivial change to resolve this. Fixes #5747 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6473 from mheon/fix_inspect_segfaultOpenShift Merge Robot2020-06-03
|\ | | | | Fix a segfault in `podman inspect -l` w/ no containers
| * Fix a segfault in `podman inspect -l` w/ no containersMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | We also need to rework container/image inspect to be separate, but that can happen in another PR. Fixes #6472 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Enable detached exec for remoteMatthew Heon2020-06-02
|/ | | | | | | | | | | | | | | | | | | | | | | The biggest obstacle here was cleanup - we needed a way to remove detached exec sessions after they exited, but there's no way to tell if an exec session will be attached or detached when it's created, and that's when we must add the exit command that would do the removal. The solution was adding a delay to the exit command (5 minutes), which gives sufficient time for attached exec sessions to retrieve the exit code of the session after it exits, but still guarantees that they will be removed, even for detached sessions. This requires Conmon 2.0.17, which has the new `--exit-delay` flag. As part of the exit command rework, we can drop the hack we were using to clean up exec sessions (remove them as part of inspect). This is a lot cleaner, and I'm a lot happier about it. Otherwise, this is just plumbing - we need a bindings call for detached exec, and that needed to be added to the tunnel mode backend for entities. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* container stats: fix --no-stream raceValentin Rothberg2020-05-27
| | | | | | | | | Fix a race in `podman container stats` by waiting for the client to consume the data in the channel. This requires a `sync.WaitGroup` (or semaphore) in the client and to also close the channel the backend. Fixes: #6405 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Enable cleanup processes for detached execMatthew Heon2020-05-20
| | | | | | | | | | | | | | | | | | | | | | The cleanup command creation logic is made public as part of this and wired such that we can call it both within SpecGen (to make container exit commands) and from the ABI detached exec handler. Exit commands are presently only used for detached exec, but theoretically could be turned on for all exec sessions if we wanted (I'm declining to do this because of potential overhead). I also forgot to copy the exit command from the exec config into the ExecOptions struct used by the OCI runtime, so it was not being added. There are also two significant bugfixes for exec in here. One is for updating the status of running exec sessions - this was always failing as I had coded it to remove the exit file *before* reading it, instead of after (oops). The second was that removing a running exec session would always fail because I inverted the check to see if it was running. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add ability to clean up exec sessions with cleanupMatthew Heon2020-05-20
| | | | | | | | | | | | | | We need to be able to use cleanup processes to remove exec sessions as part of detached exec. This PR adds that ability. A new flag is added to `podman container cleanup`, `--exec`, to specify an exec session to be cleaned up. As part of this, ensure that `ExecCleanup` can clean up exec sessions that were running, but have since exited. This ensures that we can come back to an exec session that was running but has since stopped, and clean it up. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add CLI frontend for detached execMatthew Heon2020-05-20
| | | | | | | | | | | Add a new ContainerEngine method for creating a detached exec session, and wire in the frontend code to do this. As part of this, move Streams out of ExecOptions to the function signature in an effort to share the struct between both methods. Fixes #5884 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix checkpoint --leave-runningAdrian Reber2020-05-14
| | | | | | | There was typo in the variable name and in one place it was not correctly passed to the next layer. Signed-off-by: Adrian Reber <areber@redhat.com>
* Merge pull request #6080 from baude/v2statsOpenShift Merge Robot2020-05-05
|\ | | | | v2 podman stats
| * v2 podman statsbaude2020-05-05
| | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #6060 from sujil02/systemprune-v2OpenShift Merge Robot2020-05-01
|\ \ | | | | | | And system prune feature for v2.
| * | And system prune feature for v2.Sujil022020-05-01
| | | | | | | | | | | | | | | | | | | | | | | | Adds podman system prune for v2. Refactoring for code reuse from pods containers images and volume prune. Adds and enables testcases to support the added feature. Signed-off-by: Sujil02 <sushah@redhat.com>
* | | Merge pull request #6062 from jwhonce/wip/docsOpenShift Merge Robot2020-05-01
|\ \ \ | |_|/ |/| | [CI:DOC] Bring README.md up to date
| * | [CI:DOCS] Bring README.md up to dateJhon Honce2020-05-01
| |/ | | | | | | | | | | | | * Add notes on helper functions * Update example Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #6016 from giuseppe/fix-createOpenShift Merge Robot2020-05-01
|\ \ | |/ |/| v2, podman: fix create and entrypoint tests
| * podman, start: propagate back the raw inputGiuseppe Scrivano2020-04-30
| | | | | | | | | | | | | | this is necessary as we expect "podman start $ID_NAME" to print the same arguments the user passed in instead of the full ID. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | testv2: enable attach testQi Wang2020-04-29
|/ | | | | | testv2: enable attach test Signed-off-by: Qi Wang <qiwan@redhat.com>
* system tests must passBrent Baude2020-04-28
| | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #6000 from mheon/volume_backend_flagsOpenShift Merge Robot2020-04-27
|\ | | | | Add support for volumes-from, image volumes, init
| * Add support for volumes-from, image volumes, initMatthew Heon2020-04-27
| | | | | | | | | | | | | | | | | | | | | | This should complete Podmanv2's support for volume-related flags. Most code was sourced from the old pkg/spec implementation with modifications to account for the split between frontend flags (volume, mount, tmpfs) and the backend flags implemented here. Also enables tests for podman run with volumes Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | enable integration tests for restartBrent Baude2020-04-27
|/ | | | | | enable integrations tests for container restart. fixed bug where --running was not being honored. Signed-off-by: Brent Baude <bbaude@redhat.com>
* containers, init: skip invalid state errors with --allGiuseppe Scrivano2020-04-24
| | | | | | reintroduce the same check that exists in v1.9. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* V2 restore libpod.Shutdown() when exiting podman commandsJhon Honce2020-04-22
| | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* v2podman portBrent Baude2020-04-21
| | | | | | add port command to podman. Signed-off-by: Brent Baude <bbaude@redhat.com>
* podman rmi: refactor logicValentin Rothberg2020-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | While this commit was initially meant to fix #5847, it has turned into a bigger refactoring which I did not manage to break into smaller pieces: * Fix #5847 by refactoring the image-removal logic. * Make the api handler for image-removal use the ABI code. This way, both (i.e., ABI and Tunnel) end up using the same code. Achieving this code share required to move some code around to prevent circular dependencies. * Everything in pkg/api (excluding pkg/api/types) must now only be accessed from code using `ABISupport`. * Avoid imports from entities on handlers to prevent circular dependencies. * Move `podman system service` logic into `cmd` to prevent circular dependencies - it depends on pkg/api. * Also remove the build header from infra/abi files. It will otherwise confuse swagger and other tools; errors we cannot fix as go doesn't expose a build-tag env variable. Fixes: #5847 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Fixes for system testsBrent Baude2020-04-17
| | | | | | Various fixes to protect against regressions in system tests Signed-off-by: Brent Baude <bbaude@redhat.com>
* V2 Enable rootlessJhon Honce2020-04-16
| | | | | | | | | | | | | * Enable running podman V2 rootless * Fixed cobra.PersistentPreRunE usage in all the commands * Leveraged cobra.PersistentPreRunE/cobra.PersistentPostRunE to manage: * rootless * trace (--trace) * profiling (--cpu-profile) * initializing the registry copies of Image/Container engines * Help and Usage templates autoset for all sub-commands Signed-off-by: Jhon Honce <jhonce@redhat.com>
* v2 bloat pruning phase 2Brent Baude2020-04-15
| | | | | | this is second phase of removing unneeded bloat in the remote client. this is important to be able to reduce the client size as well as possible native compilation for windows/mac. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Ability to prune container in api V2Sujil022020-04-15
| | | | | | | Adds ability to prune containers for v2. Adds client side prompt with force flag and filters options to prune. Signed-off-by: Sujil02 <sushah@redhat.com>
* Add support for the global flags and config filesJhon Honce2020-04-14
| | | | | | | Note: This PR doesn't provide full rootless support that will be addressed in a future PR Signed-off-by: Jhon Honce <jhonce@redhat.com>
* podmanv2 mount and umountBrent Baude2020-04-14
| | | | | | add the ability to mount and unmount containers for the local client only Signed-off-by: Brent Baude <bbaude@redhat.com>
* v2podman add container initBrent Baude2020-04-13
| | | | | | add the ability to init a container both local and remote Signed-off-by: Brent Baude <bbaude@redhat.com>
* v2podman container cleanupBrent Baude2020-04-09
| | | | | | | | add the ability to clean up after a container has attempted to run. this is also important for podman run --rm --rmi. also included are fixes and tweaks to various code bits to correct regressions on output. Signed-off-by: Brent Baude <bbaude@redhat.com>
* podmanV2: implement logsValentin Rothberg2020-04-09
| | | | | | | | | | | Implement the `podman {container} logs` for the v2 client. The remote client does not yet support it. There's some more work needed for the rest api; some options are missing (e.g., printing names) while others are broken (e.g., the until http parameter). The remote parts will be tackled in a future change. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* V2 podman diff(changes) supportJhon Honce2020-04-07
| | | | | | | | | * Ported CLI command * Added API endpoint * Added bindings * Updated swagger (TODO: n endpoints, one handler) Signed-off-by: Jhon Honce <jhonce@redhat.com>
* v2podman runBrent Baude2020-04-06
| | | | | | add the ability to run a container Signed-off-by: Brent Baude <bbaude@redhat.com>
* podmanv2 psBrent Baude2020-04-06
| | | | | | add the ability to list containers Signed-off-by: Brent Baude <bbaude@redhat.com>
* podmanv2 startBrent Baude2020-04-06
| | | | | | add the ability to start containers Signed-off-by: Brent Baude <bbaude@redhat.com>
* v2podman attach and execBrent Baude2020-04-05
| | | | | | | | add the ability to attach to a running container. the tunnel side of this is not enabled yet as we have work on the endpoints and plumbing to do yet. add the ability to exec a command in a running container. the tunnel side is also being deferred for same reason. Signed-off-by: Brent Baude <bbaude@redhat.com>
* v2podman container createBrent Baude2020-04-03
| | | | | | create a container in podmanv2 using specgen approach. this is the core implementation and still has quite a bit of code commented out specifically around volumes, devices, and namespaces. need contributions from smes on these parts. Signed-off-by: Brent Baude <bbaude@redhat.com>
* podmanv2 checkpoint and restoreBrent Baude2020-04-03
| | | | | | add the ability to checkpoint and restore containers on v2podman Signed-off-by: Brent Baude <bbaude@redhat.com>