summaryrefslogtreecommitdiff
path: root/pkg/domain/infra/abi
Commit message (Collapse)AuthorAge
* Merge pull request #8571 from Luap99/podman-network-reloadOpenShift Merge Robot2020-12-08
|\ | | | | Implement pod-network-reload
| * Implement pod-network-reloadMatthew Heon2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a new command, 'podman network reload', to reload the networks of existing containers, forcing recreation of firewall rules after e.g. `firewall-cmd --reload` wipes them out. Under the hood, this works by calling CNI to tear down the existing network, then recreate it using identical settings. We request that CNI preserve the old IP and MAC address in most cases (where the container only had 1 IP/MAC), but there will be some downtime inherent to the teardown/bring-up approach. The architecture of CNI doesn't really make doing this without downtime easy (or maybe even possible...). At present, this only works for root Podman, and only locally. I don't think there is much of a point to adding remote support (this is very much a local debugging command), but I think adding rootless support (to kill/recreate slirp4netns) could be valuable. Signed-off-by: Matthew Heon <matthew.heon@pm.me> Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8581 from baude/kubegenOpenShift Merge Robot2020-12-07
|\ \ | | | | | | generate kube on multiple containers
| * | generate kube on multiple containersbaude2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add the ability to add multiple containers into a single k8s pod instead of just one. also fixed some bugs in the resulting yaml where an empty service description was being added on error causing the k8s validation to fail. Signed-off-by: baude <bbaude@redhat.com>
* | | image sign using per user registries.dQi Wang2020-12-07
|/ / | | | | | | | | | | Support per user ~/.config/containers/registries.d to allow rootless image sign configurations. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #8597 from QiWang19/rawsoureceOpenShift Merge Robot2020-12-04
|\ \ | | | | | | Close image rawSource when each loop ends
| * | Close image rawSource when each loop endsQi Wang2020-12-04
| | | | | | | | | | | | | | | | | | | | | Previously close rawSouce in the middle makes future use of rawSource invalid. Move the rawSource.Close() to the end of each loop. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #8494 from mlegenovic/masterOpenShift Merge Robot2020-12-04
|\ \ \ | | | | | | | | More docker compat API fixes
| * | | More docker compat API fixesMilivoje Legenovic2020-12-04
| |/ / | | | | | | | | | | | | | | | Fixes wrong VirtualSize, ParentId, Architecture, Author, Os and OsVersion value Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* | | Merge pull request #8570 from vrothberg/run-950OpenShift Merge Robot2020-12-04
|\ \ \ | |/ / |/| | rewrite container copy
| * | rewrite podman-cpValentin Rothberg2020-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add a new `pkg/copy` to centralize all container-copy related code. * The new code is based on Buildah's `copier` package. * The compat `/archive` endpoints use the new `copy` package. * Update docs and an several new tests. * Includes many fixes, most notably, the look-up of volumes and mounts. Breaking changes: * Podman is now expecting that container-destination paths exist. Before, Podman created the paths if needed. Docker does not do that and I believe Podman should not either as it's a recipe for masking errors. These errors may be user induced (e.g., a path typo), or internal typos (e.g., when the destination may be a mistakenly unmounted volume). Let's keep the magic low for such a security sensitive feature. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Jira RUN-1106 Image handlers updatesJhon Honce2020-12-03
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Audit and add tests for required fields. * Added issue for /images/load implementation Audit: - GET /images/json GetImages - POST /build BuildImage - POST /build/prune 404 not found - POST /images/create CreateImageFromImage/CreateImageFromSrc - GET /images/{name}/json GetImage - GET /images/{name}/history HistoryImage - POST /images/{name}/push PushImage - POST /images/{name}/tag TagImage - DELETE /images/{name} RemoveImage - POST /images/prune PruneImages - POST /commit CommitContainer - GET /images/{name}/get ExportImage - GET /images/get ExportImages - POST /images/load LoadImages See https://github.com/containers/podman/issues/8586 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #8556 from mheon/fix_8539OpenShift Merge Robot2020-12-02
|\ \ | |/ |/| Use Libpod tmpdir for pause path
| * Use Libpod tmpdir for pause pathMatthew Heon2020-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, we always computed pause path from the Rootless runtime directory. Problem: this does not match the behavior of Libpod when the directory changes. Libpod will continue to use the previous directory, cached in the database; Pause pidfiles will swap to the new path. This is problematic when the directory needs to exist to write the pidfile, and Libpod is what creates the directory. There are two potential solutions - allow the pause pidfile to move and just make the directory when we want to write it, or use the cached Libpod paths for a guaranteed location. This patch does the second, because it seems safer - we will never miss a previously-existing pidfile because the location is now consistent. Fixes #8539 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Do not pass name argument to Load APIQi Wang2020-12-02
| | | | | | | | | | | | | | Not pass the name argument to Load API. Specify in the document the usage of the optional argument is tagging an additional image. Close #7337 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #8505 from Luap99/network-labelsOpenShift Merge Robot2020-12-01
|\ \ | |/ |/| podman network label support
| * podman network label supportPaul Holzinger2020-11-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add label support for podman network create. Use the `args` field in the cni config file to store the podman labels. Use `podman_labels` as key name and store the labels as map[string]string. For reference: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md#args-in-network-config https://github.com/containernetworking/cni/blob/spec-v0.4.0/SPEC.md#network-configuration Example snippet: ``` ... "args": { "podman_labels": { "key1":"value1", "key2":"value2" } } ... ``` Make podman network list support several filters. Supported filters are name, plugin, driver and label. Filters with different keys work exclusive. Several label filters work exclusive and the other filter keys are working inclusive. Also adjust the compat api to support labels in network create and list. Breaking changes: - podman network ls -f shortform is used for --filter instead --format This matches docker and other podman commands (container ps, volume ps) - libpod network list endpoint filter parameter is removed. Instead the filters paramter should be used as json encoded map[string][]string. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8400 from rhatdan/varlinkOpenShift Merge Robot2020-12-01
|\ \ | | | | | | Remove varlink support from podman
| * | Remove varlink support from PodmanDaniel J Walsh2020-11-26
| |/ | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / Prepare support in kube play for other volume types than hostPathAlban Bedel2020-11-27
|/ | | | | | | | | | Replace the simple map of names to paths with a map of names to a struct to allow passing more parameters. Also move the code to parse the volumes to its own file to avoid making the playKubePod() function overly complex. Finally rework the kube volumes test to also be ready to support more volume types. Signed-off-by: Alban Bedel <albeu@free.fr>
* Allow containers to --restart on-failure with --rmDaniel J Walsh2020-11-20
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8391 from baude/networkconnectdisconnectOpenShift Merge Robot2020-11-19
|\ | | | | add network connect|disconnect compat endpoints
| * add network connect|disconnect compat endpointsbaude2020-11-19
| | | | | | | | | | | | | | | | | | | | | | this enables the ability to connect and disconnect a container from a given network. it is only for the compatibility layer. some code had to be refactored to avoid circular imports. additionally, tests are being deferred temporarily due to some incompatibility/bug in either docker-py or our stack. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #8379 from rhatdan/remote2OpenShift Merge Robot2020-11-18
|\ \ | | | | | | Remove build \!remote flags from test phase 2
| * | podman-remote network rm --force is brokenDaniel J Walsh2020-11-18
| | | | | | | | | | | | | | | | | | | | | The --force parameter was not being handled correctly. This is leading to some race conditions in testing failures. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Align the podman pod ps --filter behavior with podman psPaul Holzinger2020-11-18
|/ / | | | | | | | | | | | | | | | | Filters with the same key work inclusive with the only exception being `label` which is exclusive. Filters with different keys always work exclusive. Also update the documentation with the new behavior. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8376 from Luap99/podman-filtersOpenShift Merge Robot2020-11-18
|\ \ | |/ |/| Align the podman ps --filter behavior with docker
| * Align the podman ps --filter behavior with dockerPaul Holzinger2020-11-18
| | | | | | | | | | | | | | | | | | | | All of our filters worked exclusive resulting in `--filter status=created --filter status=exited` to return nothing. In docker filters with the same key work inclusive with the only exception being `label` which is exclusive. Filters with different keys always work exclusive. This PR aims to match the docker behavior with podman. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8355 from baude/compatnetworkconnectdisconnectOpenShift Merge Robot2020-11-17
|\ \ | | | | | | add network connect|disconnect compat endpoints
| * | add network connect|disconnect compat endpointsbaude2020-11-17
| |/ | | | | | | | | | | | | | | | | | | | | this enables the ability to connect and disconnect a container from a given network. it is only for the compatibility layer. some code had to be refactored to avoid circular imports. additionally, tests are being deferred temporarily due to some incompatibility/bug in either docker-py or our stack. Signed-off-by: baude <bbaude@redhat.com>
* / Add an option to control if play kube should start the podAlban Bedel2020-11-17
|/ | | | | | | | | | Having play kube start the pod is not always appropriate, one might for example like to have the pod running as a set of systemd services. Add a `start` option to the command line and API to control if the pod should be started or not; it defaults to true for backward compatibility. Signed-off-by: Alban Bedel <albeu@free.fr>
* Wrap missing container errors with container IDDaniel J Walsh2020-11-15
| | | | | | | | | | | | | | | While playing around with podman system df, I saw that my container database was in bad state. Basically podman new about containers that were no longer in container/storage. The podman system df was just erroring out early stating "container does not exist" with no indicator of which container. This Patch wraps the podman system df errors to indicate which container does not exist. It also logs errors on containers that get into this state, but continues on to work on all containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* migrate play kube to spec genbaude2020-11-10
| | | | | | | | we need to migrate play kube away from using the old container creation method. the new approach is specgen and this aligns play kube with container creation in the rest of podman. Signed-off-by: baude <bbaude@redhat.com>
* Add --log-driver to play kubeAndy Librian2020-11-08
| | | | | | addresses #6604 Signed-off-by: Andy Librian <andylibrian@gmail.com>
* Add support for mounting external containersDaniel J Walsh2020-11-04
| | | | | | | | | Continue progress on use of external containers. This PR adds the ability to mount, umount and list the storage containers whether they are in libpod or not. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Centralize cores and period/quota conversion codeJordan Christiansen2020-10-31
| | | | Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* Merge pull request #8100 from QiWang19/mirror-manifestOpenShift Merge Robot2020-10-31
|\ | | | | manifest list inspect single image
| * manifest list inspect single imageQi Wang2020-10-30
| | | | | | | | | | | | If the image name not a manifest list type, enable manifest inspect to return manifest of single image manifest type vnd.docker.distribution.manifest.v2+json. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #8177 from rhatdan/wrapOpenShift Merge Robot2020-10-30
|\ \ | | | | | | Stop excessive wrapping of errors
| * | Stop excessive wrapping of errorsDaniel J Walsh2020-10-30
| |/ | | | | | | | | | | | | | | | | | | | | | | Most of the builtin golang functions like os.Stat and os.Open report errors including the file system object path. We should not wrap these errors and put the file path in a second time, causing stuttering of errors when they get presented to the user. This patch tries to cleanup a bunch of these errors. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8191 from mheon/no_error_on_sigproxy_stoppedOpenShift Merge Robot2020-10-30
|\ \ | |/ |/| When container stops, drop sig-proxy errors to infos
| * When container stops, drop sig-proxy errors to infosMatthew Heon2020-10-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The sig-proxy code is set up to error on failing to forward signals to a container. This is reasonable in cases where the container is running, but something strange went wrong - but when the Kill fails because the container is stopped, we shouldn't bother with aggressive Error logging since this is an expected part of the container lifecycle - it stops, and then `podman run` also stops, but there is a timing window in between where signals will fail to be proxied, and we should not print angry errors during that. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #8178 from rhatdan/existsOpenShift Merge Robot2020-10-29
|\ \ | | | | | | NewFromLocal can return multiple images
| * | NewFromLocal can return multiple imagesDaniel J Walsh2020-10-28
| |/ | | | | | | | | | | | | | | | | | | If you use additional stores and pull the same image into writable stores, you can end up with the situation where you have the same image twice. This causes image exists to return the wrong error. It should return true in this situation rather then an error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8173 from giuseppe/improve-cannot-reexec-errorOpenShift Merge Robot2020-10-29
|\ \ | |/ |/| rootless: improve error message if cannot join namespaces
| * rootless: improve error message if cannot join namespacesGiuseppe Scrivano2020-10-29
| | | | | | | | | | | | | | | | | | if podman failed to join the rootless namespaces, give users a better errror message and possible solution. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1891220 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #8102 from ashley-cui/inspectOpenShift Merge Robot2020-10-27
|\ \ | | | | | | Add pod, volume, network to inspect package
| * | Add pod, volume, network to inspect packageAshley Cui2020-10-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman inspect only had the capabilities to inspect containers and images. if a user wanted to inspect a pod, volume, or network, they would have to use `podman network inspect`, `podman pod inspect` etc. Docker's cli allowed users to inspect both volumes and networks using regular inspect, so this commit gives the user the functionality If the inspect type is not specified using --type, the order of inspection is: containers images volumes networks pods meaning if container that has the same name as an image, podman inspect would return the container inspect. To avoid duplicate code, podman network inspect and podman volume inspect now use the inspect package as well. Podman pod inspect does not because podman pod inspect returns a single json object while podman inspect can return multiple) Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #8151 from vrothberg/fix-8148OpenShift Merge Robot2020-10-27
|\ \ \ | |/ / |/| | image list: check for all errors
| * | image list: check for all errorsValentin Rothberg2020-10-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | For unknown historical reasons, some errors were ignored when listing images. I assume that the basic assumption was that if we can properly list images, we can also successfully compute their sizes which turned out to be wrong. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>