summaryrefslogtreecommitdiff
path: root/pkg/domain/infra/abi
Commit message (Collapse)AuthorAge
* Allow recursive dependency start with Init()Matthew Heon2020-06-18
| | | | | | | | | | | | | | | | | | | | As part of APIv2 Attach, we need to be able to attach to freshly created containers (in ContainerStateConfigured). This isn't something Libpod is interested in supporting, so we use Init() to get the container into ContainerStateCreated, in which attach is possible. Problem: Init() will fail if dependencies are not started, so a fresh container in a fresh pod will fail. The simplest solution is to extend the existing recursive start code from Start() to Init(), allowing dependency containers to be started when we initialize the container (optionally, controlled via bool). Also, update some comments in container_api.go to make it more clear how some of our major API calls work. Fixes #6646 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #6636 from mheon/add_warningsOpenShift Merge Robot2020-06-17
|\ | | | | Re-add resource limit warnings to Specgen
| * Re-add resource limit warnings to SpecgenMatthew Heon2020-06-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These were part of Podman v1.9, but were lost in the transition to using Specgen to create containers. Most resource limits are checked via the sysinfo package to ensure they are safe to use (the cgroup is mounted, kernel support is present, etc) and removed if not safe. Further, bounds checks are performed to ensure that values are valid. Ensure these warnings are printed client-side when they occur. This part is a little bit gross, as it happens in pkg/infra and not cmd/podman, which is largely down to how we implemented `podman run` - all the work is done in pkg/infra and it returns only once the container has exited, and we need warnings to print *before* the container runs. The solution here, while inelegant, avoid the need to extensively refactor our handling of run. Should fix blkio-limit warnings that were identified by the FCOS test suite. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Fix podman inspect on overlapping/missing objectsMatthew Heon2020-06-16
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | This started as a small fix to `podman inspect` where a container and image, with the same name/tag, were present, and `podman inspect` was run on that name. `podman inspect` in 1.9 (and `docker inspect`) will give you the container; in v2.0, we gave the image. This was an easy fix (just reorder how we check for image/container). Unfortunately, in the process of testing this fix, I determined that we regressed in a different area. When you run inspect on a number of containers, some of which do not exist, `podman inspect` should return an array of inspect results for the objects that exist, then print a number of errors, one for each object that could not be found. We were bailing after the first error, and not printing output for the containers that succeeded. (For reference, this applied to images as well). This required a much more substantial set of changes to properly handle - signatures for the inspect functions in ContainerEngine and ImageEngine, plus the implementations of these interfaces, plus the actual inspect frontend code needed to be adjusted to use this. Fixes #6556 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6601 from zhangguanzhang/podman-cp-dirOpenShift Merge Robot2020-06-15
|\ | | | | fix podman cp can create an extra directory when the source is the container's root directory
| * fix podman cp can create an extra directory levelzhangguanzhang2020-06-15
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Turn on More lintersDaniel J Walsh2020-06-15
| | | | | | | | | | | | | | | | | | - misspell - prealloc - unparam - nakedret Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6415 from vrothberg/systemd-new-podOpenShift Merge Robot2020-06-11
|\ \ | | | | | | podman-generate-systemd --new for pods
| * | generate systemd: wrap pod/ctr lookup errorsValentin Rothberg2020-06-11
| | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | generate systemd: refactorValentin Rothberg2020-06-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refactor the systemd-unit generation code and move all the logic into `pkg/systemd/generate`. The code was already hard to maintain but I found it impossible to wire the `--new` logic for pods in all the chaos. The code refactoring in this commit will make maintaining the code easier and should make it easier to extend as well. Further changes and refactorings may still be needed but they will easier. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | generate systemd: rephrase lookup errorValentin Rothberg2020-06-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | Rephrase the lookup error when the specified name or ID does not refer to a container or pod. Until, only the pod-lookup error has been returned which can be confusing when actually looking for a container; a user might have just mistyped the ID or name. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | podman-pod{rm,start,stop}: support --pod-id-fileValentin Rothberg2020-06-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support the `--pod-id-file` flag in the rm, start and stop pod commands. This completes the already support flag in pod-create and is another prerequisite for generating generic systemd unit files for pods. Also add completions, docs and tests. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6569 from giuseppe/create-slice-only-systemdOpenShift Merge Robot2020-06-11
|\ \ \ | | | | | | | | podman: create scope only if --cgroup-manager=systemd
| * | | podman: create scope only if --cgroup-manager=systemdGiuseppe Scrivano2020-06-11
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | drop check for current cgroup ownership if the cgroup manager is not set to systemd. Closes: https://github.com/containers/libpod/issues/4483 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #6256 from theunrealgeek/play_kube_deploymentOpenShift Merge Robot2020-06-11
|\ \ \ | |/ / |/| | Support k8s Deployment in play kube
| * | Update comment related to seccomp profiles in play kubetheunrealgeek2020-06-03
| | | | | | | | | | | | Signed-off-by: Aditya Kamath <theunrealgeek@gmail.com>
| * | Fix existing teststheunrealgeek2020-06-02
| | | | | | | | | | | | Signed-off-by: Aditya Kamath <theunrealgeek@gmail.com>
| * | Modify PlayKubeReport to preserve pod->container mappingtheunrealgeek2020-06-02
| | | | | | | | | | | | Signed-off-by: Aditya Kamath <theunrealgeek@gmail.com>
| * | supporting k8s Deployment objectstheunrealgeek2020-06-02
| | | | | | | | | | | | Signed-off-by: Aditya Kamath <theunrealgeek@gmail.com>
* | | Fix Id->ID where possible for lintDaniel J Walsh2020-06-10
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Fixup issues found by golintDaniel J Walsh2020-06-10
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Add parallel operation to `podman stop`Matthew Heon2020-06-05
| |/ |/| | | | | | | | | | | | | | | | | | | | | This is the other command that benefits greatly from being run in parallel, due to the potential 15-second timeout for containers that ignore SIGTERM. While we're at it, also clean up how stop timeout is set. This needs to be an optional parameter, so that the value set when the container is created with `--stop-timeout` will be respected. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Add parallel execution code for container operationsMatthew Heon2020-06-05
| | | | | | | | | | | | | | | | This code will run container operations in parallel, up to a given maximum number of threads. Currently, it has only been enabled for local `podman rm` as a proof of concept. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6486 from baude/v2infoaddsocketOpenShift Merge Robot2020-06-04
|\ \ | | | | | | add socket information to podman info
| * | add socket information to podman infoBrent Baude2020-06-03
| | | | | | | | | | | | | | | | | | | | | this is step 1 to self-discovery of remote ssh connections. we add a remotesocket struct to info to detect what the socket path might be. Co-authored-by: Jhon Honce <jhonce@redhat.com> Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6478 from rhatdan/abisupportOpenShift Merge Robot2020-06-03
|\ \ \ | | | | | | | | Remove use of ABISupport buildtag
| * | | Remove use of ABISupport buildtagDaniel J Walsh2020-06-03
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | We need to default to building podman. If you specify no build tags you will not build podman, not podman-remote. Just using remote flag to indicate podman-remote and !remote for podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | When stopping containers locally, ensure cleanup runsMatthew Heon2020-06-03
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | The cleanup process was already running and ensuring that mounts and networking configuration was cleaned up on container stop, but this was async from the actual `podman stop` command which breaks some expectations - the container is still mounted at the end of `podman stop` and will be cleaned up soon, but not immediately. Fortunately, it's a trivial change to resolve this. Fixes #5747 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6473 from mheon/fix_inspect_segfaultOpenShift Merge Robot2020-06-03
|\ \ | |/ |/| Fix a segfault in `podman inspect -l` w/ no containers
| * Fix a segfault in `podman inspect -l` w/ no containersMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | We also need to rework container/image inspect to be separate, but that can happen in another PR. Fixes #6472 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Enable detached exec for remoteMatthew Heon2020-06-02
|/ | | | | | | | | | | | | | | | | | | | | | | The biggest obstacle here was cleanup - we needed a way to remove detached exec sessions after they exited, but there's no way to tell if an exec session will be attached or detached when it's created, and that's when we must add the exit command that would do the removal. The solution was adding a delay to the exit command (5 minutes), which gives sufficient time for attached exec sessions to retrieve the exit code of the session after it exits, but still guarantees that they will be removed, even for detached sessions. This requires Conmon 2.0.17, which has the new `--exit-delay` flag. As part of the exit command rework, we can drop the hack we were using to clean up exec sessions (remove them as part of inspect). This is a lot cleaner, and I'm a lot happier about it. Otherwise, this is just plumbing - we need a bindings call for detached exec, and that needed to be added to the tunnel mode backend for entities. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add support for format {{.Label}}Brent Baude2020-06-01
| | | | | | | | the pod ps man page says .Label is valid go template format. i dont think the function was actually ever implemented. Fixes #6448 Signed-off-by: Brent Baude <bbaude@redhat.com>
* compat handlers: add X-Registry-Auth header supportValentin Rothberg2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add streaming ability to endpointBrent Baude2020-05-27
| | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* container stats: fix --no-stream raceValentin Rothberg2020-05-27
| | | | | | | | | Fix a race in `podman container stats` by waiting for the client to consume the data in the channel. This requires a `sync.WaitGroup` (or semaphore) in the client and to also close the channel the backend. Fixes: #6405 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6321 from Luap99/podman-generate-systemd-unit-prefixOpenShift Merge Robot2020-05-25
|\ | | | | Allow to change the generated systemd unit name prefix
| * Added new flags to 'podman generate systemd' to change the unit name prefixLuap992020-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | --container-prefix <string> - default 'container' Systemd unit name prefix for containers --pod-prefix <string> - default 'pod' Systemd unit name prefix for pods --separator <string> - default '-' Systemd unit name seperator between name/id and prefix Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Follow up PR to fix issues found in #6341Daniel J Walsh2020-05-22
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Attempt to turn on additional build testsDaniel J Walsh2020-05-22
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6312 from rhatdan/imageOpenShift Merge Robot2020-05-21
|\ \ | | | | | | Fix remote handling of podman images calls
| * | Fix remote handling of podman images callsDaniel J Walsh2020-05-21
| |/ | | | | | | | | | | | | Enable three more tests Fix handling of image filters Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6304 from baude/v2remotehctestsOpenShift Merge Robot2020-05-21
|\ \ | | | | | | Fix remote integration for healthchecks
| * | Fix remote integration for healthchecksBrent Baude2020-05-20
| | | | | | | | | | | | | | | | | | the one remaining test that is still skipped do to missing exec function Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6270 from mheon/detached_execOpenShift Merge Robot2020-05-21
|\ \ \ | |_|/ |/| | Implement detached exec
| * | Enable cleanup processes for detached execMatthew Heon2020-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The cleanup command creation logic is made public as part of this and wired such that we can call it both within SpecGen (to make container exit commands) and from the ABI detached exec handler. Exit commands are presently only used for detached exec, but theoretically could be turned on for all exec sessions if we wanted (I'm declining to do this because of potential overhead). I also forgot to copy the exit command from the exec config into the ExecOptions struct used by the OCI runtime, so it was not being added. There are also two significant bugfixes for exec in here. One is for updating the status of running exec sessions - this was always failing as I had coded it to remove the exit file *before* reading it, instead of after (oops). The second was that removing a running exec session would always fail because I inverted the check to see if it was running. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Add ability to clean up exec sessions with cleanupMatthew Heon2020-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to be able to use cleanup processes to remove exec sessions as part of detached exec. This PR adds that ability. A new flag is added to `podman container cleanup`, `--exec`, to specify an exec session to be cleaned up. As part of this, ensure that `ExecCleanup` can clean up exec sessions that were running, but have since exited. This ensures that we can come back to an exec session that was running but has since stopped, and clean it up. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Add CLI frontend for detached execMatthew Heon2020-05-20
| |/ | | | | | | | | | | | | | | | | | | | | Add a new ContainerEngine method for creating a detached exec session, and wire in the frontend code to do this. As part of this, move Streams out of ExecOptions to the function signature in an effort to share the struct between both methods. Fixes #5884 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6161 from kunalkushwaha/network-inspectOpenShift Merge Robot2020-05-20
|\ \ | |/ |/| `--format` and `--filter` options for `network ls` and `network inspect` command
| * filter option added to network ls command.Kunal Kushwaha2020-05-20
| | | | | | | | | | | | | | filter option helps to filter output based on name or supported plugins by CNI networks. Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
* | Merge pull request #6215 from maxm123/masterOpenShift Merge Robot2020-05-15
|\ \ | | | | | | Use the containers.conf cni_config_dir option for inspect and delete