summaryrefslogtreecommitdiff
path: root/pkg/domain/infra/abi
Commit message (Collapse)AuthorAge
* Modify PlayKubeReport to preserve pod->container mappingtheunrealgeek2020-06-02
| | | | Signed-off-by: Aditya Kamath <theunrealgeek@gmail.com>
* supporting k8s Deployment objectstheunrealgeek2020-06-02
| | | | Signed-off-by: Aditya Kamath <theunrealgeek@gmail.com>
* Enable detached exec for remoteMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | The biggest obstacle here was cleanup - we needed a way to remove detached exec sessions after they exited, but there's no way to tell if an exec session will be attached or detached when it's created, and that's when we must add the exit command that would do the removal. The solution was adding a delay to the exit command (5 minutes), which gives sufficient time for attached exec sessions to retrieve the exit code of the session after it exits, but still guarantees that they will be removed, even for detached sessions. This requires Conmon 2.0.17, which has the new `--exit-delay` flag. As part of the exit command rework, we can drop the hack we were using to clean up exec sessions (remove them as part of inspect). This is a lot cleaner, and I'm a lot happier about it. Otherwise, this is just plumbing - we need a bindings call for detached exec, and that needed to be added to the tunnel mode backend for entities. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add support for format {{.Label}}Brent Baude2020-06-01
| | | | | | | | the pod ps man page says .Label is valid go template format. i dont think the function was actually ever implemented. Fixes #6448 Signed-off-by: Brent Baude <bbaude@redhat.com>
* compat handlers: add X-Registry-Auth header supportValentin Rothberg2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add streaming ability to endpointBrent Baude2020-05-27
| | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* container stats: fix --no-stream raceValentin Rothberg2020-05-27
| | | | | | | | | Fix a race in `podman container stats` by waiting for the client to consume the data in the channel. This requires a `sync.WaitGroup` (or semaphore) in the client and to also close the channel the backend. Fixes: #6405 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6321 from Luap99/podman-generate-systemd-unit-prefixOpenShift Merge Robot2020-05-25
|\ | | | | Allow to change the generated systemd unit name prefix
| * Added new flags to 'podman generate systemd' to change the unit name prefixLuap992020-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | --container-prefix <string> - default 'container' Systemd unit name prefix for containers --pod-prefix <string> - default 'pod' Systemd unit name prefix for pods --separator <string> - default '-' Systemd unit name seperator between name/id and prefix Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Follow up PR to fix issues found in #6341Daniel J Walsh2020-05-22
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Attempt to turn on additional build testsDaniel J Walsh2020-05-22
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6312 from rhatdan/imageOpenShift Merge Robot2020-05-21
|\ \ | | | | | | Fix remote handling of podman images calls
| * | Fix remote handling of podman images callsDaniel J Walsh2020-05-21
| |/ | | | | | | | | | | | | Enable three more tests Fix handling of image filters Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6304 from baude/v2remotehctestsOpenShift Merge Robot2020-05-21
|\ \ | | | | | | Fix remote integration for healthchecks
| * | Fix remote integration for healthchecksBrent Baude2020-05-20
| | | | | | | | | | | | | | | | | | the one remaining test that is still skipped do to missing exec function Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6270 from mheon/detached_execOpenShift Merge Robot2020-05-21
|\ \ \ | |_|/ |/| | Implement detached exec
| * | Enable cleanup processes for detached execMatthew Heon2020-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The cleanup command creation logic is made public as part of this and wired such that we can call it both within SpecGen (to make container exit commands) and from the ABI detached exec handler. Exit commands are presently only used for detached exec, but theoretically could be turned on for all exec sessions if we wanted (I'm declining to do this because of potential overhead). I also forgot to copy the exit command from the exec config into the ExecOptions struct used by the OCI runtime, so it was not being added. There are also two significant bugfixes for exec in here. One is for updating the status of running exec sessions - this was always failing as I had coded it to remove the exit file *before* reading it, instead of after (oops). The second was that removing a running exec session would always fail because I inverted the check to see if it was running. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Add ability to clean up exec sessions with cleanupMatthew Heon2020-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to be able to use cleanup processes to remove exec sessions as part of detached exec. This PR adds that ability. A new flag is added to `podman container cleanup`, `--exec`, to specify an exec session to be cleaned up. As part of this, ensure that `ExecCleanup` can clean up exec sessions that were running, but have since exited. This ensures that we can come back to an exec session that was running but has since stopped, and clean it up. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Add CLI frontend for detached execMatthew Heon2020-05-20
| |/ | | | | | | | | | | | | | | | | | | | | Add a new ContainerEngine method for creating a detached exec session, and wire in the frontend code to do this. As part of this, move Streams out of ExecOptions to the function signature in an effort to share the struct between both methods. Fixes #5884 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6161 from kunalkushwaha/network-inspectOpenShift Merge Robot2020-05-20
|\ \ | |/ |/| `--format` and `--filter` options for `network ls` and `network inspect` command
| * filter option added to network ls command.Kunal Kushwaha2020-05-20
| | | | | | | | | | | | | | filter option helps to filter output based on name or supported plugins by CNI networks. Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
* | Merge pull request #6215 from maxm123/masterOpenShift Merge Robot2020-05-15
|\ \ | | | | | | Use the containers.conf cni_config_dir option for inspect and delete
| * | Use the libpod.conf cni_config_dir option for inspect and deleteMaximilian Müller2020-05-14
| |/ | | | | | | | | | | | | | | | | | | | | The pkg/network/files.go methods currently use the constant '/etc/cni/net.d' for network handling. This results in the unability of podman-network-inspect and podman-network-rm to locate the cni network configuration files. This commit propagates the libpod.Runtime through the networking methods and finally makes use of its configuration (config.Network.NetworkConfigDir). Closes #6212 Signed-off-by: Maximilian Müller <maxm123@techie.com>
* / Fix checkpoint --leave-runningAdrian Reber2020-05-14
|/ | | | | | | There was typo in the variable name and in one place it was not correctly passed to the next layer. Signed-off-by: Adrian Reber <areber@redhat.com>
* Merge pull request #6154 from baude/v2signOpenShift Merge Robot2020-05-12
|\ | | | | v2podman image sign
| * v2podman image signBrent Baude2020-05-11
| | | | | | | | | | | | this is a straight port to add the podman image sign command. no improvements or refactoring done Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6101 from sujil02/systemreset-v2OpenShift Merge Robot2020-05-12
|\ \ | | | | | | Adds tunnel routes for system reset.
| * | Adds tunnel routes for system reset.Sujil022020-05-11
| |/ | | | | | | | | | | | | | | Adds tunnel routes for system reset. Makes forces flag local as options are not propogated down the stack. Adds relevant test cases and swagger docs. Signed-off-by: Sujil02 <sushah@redhat.com>
* / auto-update: support authfilesValentin Rothberg2020-05-12
|/ | | | | | | | | | Support using custom authfiles for auto updates by adding a new `--authfile` flag and passing it down into the backend. Also do some minor fixes in the help text and the man page. Fixes: #6159 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* V2 Impliment tunnelled podman versionJhon Honce2020-05-08
| | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* v2 podman unshare commandBrent Baude2020-05-08
| | | | | | | | | | add unshare command add cp and init to container sub-command allow mount to run as rootless Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #6141 from giuseppe/rootless-fixOpenShift Merge Robot2020-05-08
|\ | | | | abi: do not attempt to setup rootless if euid==0
| * abi: do not attempt to setup rootless if euid==0Giuseppe Scrivano2020-05-08
| | | | | | | | | | | | if the process has already euid==0 do not attempt to setup rootless. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #6121 from vrothberg/v2-auto-updateOpenShift Merge Robot2020-05-08
|\ \ | | | | | | auto-update
| * | auto-updateValentin Rothberg2020-05-08
| |/ | | | | | | | | | | | | Add the `podman auto-update` command. There have been no tests in v1, so there are no in v2 either ... for now :) Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6117 from vrothberg/v2-runlabelOpenShift Merge Robot2020-05-08
|\ \ | |/ |/| container runlabel
| * container runlabelValentin Rothberg2020-05-07
| | | | | | | | | | | | Implement container runlabel for v2. Local client only. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #5961 from QiWang19/manifest-remove-pushOpenShift Merge Robot2020-05-07
|\ \ | | | | | | Manifest remove, push
| * | Manifest remove, pushQi Wang2020-05-06
| | | | | | | | | | | | | | | | | | Implements podman manifest remove and podman manifest push. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | v2trust set and showbaude2020-05-07
| |/ |/| | | | | | | | | | | | | add podman image trust set and show Signed-off-by: baude <bbaude@redhat.com> Signed-off-by: bbaude <bbaude@DESKTOP-SH5EG3J.localdomain> Signed-off-by: Brent Baude <bbaude@redhat.com>
* | add {generate,play} kubeValentin Rothberg2020-05-06
|/ | | | | | | | | | | | | | | | | | | Add the `podman generate kube` and `podman play kube` command. The code has largely been copied from Podman v1 but restructured to not leak the K8s core API into the (remote) client. Both commands are added in the same commit to allow for enabling the tests at the same time. Move some exports from `cmd/podman/common` to the appropriate places in the backend to avoid circular dependencies. Move definitions of label annotations to `libpod/define` and set the security-opt labels in the frontend to make kube tests pass. Implement rest endpoints, bindings and the tunnel interface. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6063 from QiWang19/manifest-annotateOpenShift Merge Robot2020-05-06
|\ | | | | manifest annotate
| * manifest annotateQi Wang2020-05-05
| | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #6081 from baude/v2systemOpenShift Merge Robot2020-05-05
|\ \ | |/ |/| v2 system subcommand
| * v2 system subcommandbaude2020-05-05
| | | | | | | | | | | | | | | | | | | | add system df, info, load, renumber, and migrate Refactor for specialized libpod engines add the ability to prune images, volumes, containers, and pods Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #6080 from baude/v2statsOpenShift Merge Robot2020-05-05
|\ \ | | | | | | v2 podman stats
| * | v2 podman statsbaude2020-05-05
| | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | | image removal: refactor part 2Valentin Rothberg2020-05-04
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Continue the refactoring of image removal. I didn't manage to break all the following changes into smaller and easier to digest commits due to time constraints: * Return an error slice instead of a single error. Use multierror only in the client/frontend. Reflect that in the types. * Use the batch image removal in the client while preserving the more rest-idiomatic single-image removal endpoint. * Add a new handler for the single-image removal endpoint to make it share the same code as the batch endpoint. * Expose bindings for the single and batch endpoints, so we can properly test them. * Add several convenience functions for error handling to pkg/errorhandling. * Set the correct error type in libpod to set the exit code to 2 when one or more containers are using an image. * Massage the bindings tests a bit and tackle compilation errors. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6060 from sujil02/systemprune-v2OpenShift Merge Robot2020-05-01
|\ \ | | | | | | And system prune feature for v2.
| * | And system prune feature for v2.Sujil022020-05-01
| | | | | | | | | | | | | | | | | | | | | | | | Adds podman system prune for v2. Refactoring for code reuse from pods containers images and volume prune. Adds and enables testcases to support the added feature. Signed-off-by: Sujil02 <sushah@redhat.com>