summaryrefslogtreecommitdiff
path: root/pkg/domain/infra
Commit message (Collapse)AuthorAge
* Add support for mounting external containersDaniel J Walsh2020-11-04
| | | | | | | | | Continue progress on use of external containers. This PR adds the ability to mount, umount and list the storage containers whether they are in libpod or not. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Centralize cores and period/quota conversion codeJordan Christiansen2020-10-31
| | | | Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* Merge pull request #8100 from QiWang19/mirror-manifestOpenShift Merge Robot2020-10-31
|\ | | | | manifest list inspect single image
| * manifest list inspect single imageQi Wang2020-10-30
| | | | | | | | | | | | If the image name not a manifest list type, enable manifest inspect to return manifest of single image manifest type vnd.docker.distribution.manifest.v2+json. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #8177 from rhatdan/wrapOpenShift Merge Robot2020-10-30
|\ \ | | | | | | Stop excessive wrapping of errors
| * | Stop excessive wrapping of errorsDaniel J Walsh2020-10-30
| |/ | | | | | | | | | | | | | | | | | | | | | | Most of the builtin golang functions like os.Stat and os.Open report errors including the file system object path. We should not wrap these errors and put the file path in a second time, causing stuttering of errors when they get presented to the user. This patch tries to cleanup a bunch of these errors. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8191 from mheon/no_error_on_sigproxy_stoppedOpenShift Merge Robot2020-10-30
|\ \ | |/ |/| When container stops, drop sig-proxy errors to infos
| * When container stops, drop sig-proxy errors to infosMatthew Heon2020-10-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The sig-proxy code is set up to error on failing to forward signals to a container. This is reasonable in cases where the container is running, but something strange went wrong - but when the Kill fails because the container is stopped, we shouldn't bother with aggressive Error logging since this is an expected part of the container lifecycle - it stops, and then `podman run` also stops, but there is a timing window in between where signals will fail to be proxied, and we should not print angry errors during that. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #8178 from rhatdan/existsOpenShift Merge Robot2020-10-29
|\ \ | | | | | | NewFromLocal can return multiple images
| * | NewFromLocal can return multiple imagesDaniel J Walsh2020-10-28
| |/ | | | | | | | | | | | | | | | | | | If you use additional stores and pull the same image into writable stores, you can end up with the situation where you have the same image twice. This causes image exists to return the wrong error. It should return true in this situation rather then an error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8173 from giuseppe/improve-cannot-reexec-errorOpenShift Merge Robot2020-10-29
|\ \ | |/ |/| rootless: improve error message if cannot join namespaces
| * rootless: improve error message if cannot join namespacesGiuseppe Scrivano2020-10-29
| | | | | | | | | | | | | | | | | | if podman failed to join the rootless namespaces, give users a better errror message and possible solution. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1891220 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #8102 from ashley-cui/inspectOpenShift Merge Robot2020-10-27
|\ \ | | | | | | Add pod, volume, network to inspect package
| * | Add pod, volume, network to inspect packageAshley Cui2020-10-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman inspect only had the capabilities to inspect containers and images. if a user wanted to inspect a pod, volume, or network, they would have to use `podman network inspect`, `podman pod inspect` etc. Docker's cli allowed users to inspect both volumes and networks using regular inspect, so this commit gives the user the functionality If the inspect type is not specified using --type, the order of inspection is: containers images volumes networks pods meaning if container that has the same name as an image, podman inspect would return the container inspect. To avoid duplicate code, podman network inspect and podman volume inspect now use the inspect package as well. Podman pod inspect does not because podman pod inspect returns a single json object while podman inspect can return multiple) Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #8151 from vrothberg/fix-8148OpenShift Merge Robot2020-10-27
|\ \ \ | |/ / |/| | image list: check for all errors
| * | image list: check for all errorsValentin Rothberg2020-10-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | For unknown historical reasons, some errors were ignored when listing images. I assume that the basic assumption was that if we can properly list images, we can also successfully compute their sizes which turned out to be wrong. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | The cidfile should be created when the container is createdDaniel J Walsh2020-10-26
|/ / | | | | | | | | | | | | | | | | | | | | Currently if you run an interactive session of podman run and specifiy the --cidfile option, the cidfile will not get created until the container finishes running. If you run a detached container, it will get created right away. This Patch creates the cidfile as soon as the container is created. This could allow other tools to use the cidefile on all running containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | fix: podman-cp respects "--extract" flagMatej Vasek2020-10-25
| | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | save image remove signaturesQi Wang2020-10-21
| | | | | | | | | | | | | | remove signatures to podman save since the image formats do not support signatures Close: #7659 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #7999 from mheon/signal_handlerOpenShift Merge Robot2020-10-20
|\ \ | | | | | | Add a shutdown signal handler
| * | Enable masking stop signals within container creationMatthew Heon2020-10-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Expand the use of the Shutdown package such that we now use it to handle signals any time we run Libpod. From there, add code to container creation to use the Inhibit function to prevent a shutdown from occuring during the critical parts of container creation. We also need to turn off signal handling when --sig-proxy is invoked - we don't want to catch the signals ourselves then, but instead to forward them into the container via the existing sig-proxy handler. Fixes #7941 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #8056 from xordspar0/invalid-imageOpenShift Merge Robot2020-10-19
|\ \ \ | | | | | | | | Make invalid image name error more specific
| * | | Make invalid image name error more specificJordan Christiansen2020-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, using an invalid image name would produce an error like this: Error: error encountered while bringing up pod test-pod-0: invalid reference format This message didn't specify that there was an problem with an image name, and it didn't specify which image name had a problem if there were multiple. Now the error reads: Error: error encountered while bringing up pod test-pod-0: Failed to parse image "./myimage": invalid reference format Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | | | Merge pull request #7908 from rhatdan/diffOpenShift Merge Robot2020-10-19
|\ \ \ \ | |/ / / |/| | | fix podman container exists and diff for storage containers
| * | | Add support for external containerDaniel J Walsh2020-10-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | External containers are containers created outside of Podman. For example Buildah and CRI-O Containers. $ buildah from alpine alpine-working-container $ buildah run alpine-working-container touch /test $ podman container exists --external alpine-working-container $ podman container diff alpine-working-container C /etc A /test Added --external flag to refer to external containers, rather then --storage. Added --external for podman container exists and modified podman ps to use --external rather then --storage. It was felt that --storage would confuse the user into thinking about changing the storage driver or options. --storage is still supported through the use of aliases. Finally podman contianer diff, does not require the --external flag, since it there is little change of users making the mistake, and would just be a pain for the user to remember the flag. podman container exists --external is required because it could fool scripts that rely on the existance of a Podman container, and there is a potential for a partial deletion of a container, which could mess up existing users. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | fix podman container exists and diff for storage containersDaniel J Walsh2020-10-15
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Current these commands only check if a container exists in libpod. With this fix, the commands will also check if they are in containers/storage. This allows users to look at differences within a buildah or CRI-O container. Currently buildah diff does not exists, so this helps out in that situation as well as in CRI-O since the cri does not implement a diff command. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8045 from ↵OpenShift Merge Robot2020-10-17
|\ \ \ | | | | | | | | | | | | | | | | andylibrian/podman-remote-cleanly-exit-on-detachkeyspressed Update podman-remote run and start to handle detach keys
| * | | Update podman-remote start --attach to handle detach keysAndy Librian2020-10-16
| | | | | | | | | | | | | | | | | | | | | | | | fixes #7979 Signed-off-by: Andy Librian <andylibrian@gmail.com>
| * | | Update podman-remote run to handle detach keysAndy Librian2020-10-16
| |/ / | | | | | | | | | | | | | | | addresses #7979 Signed-off-by: Andy Librian <andylibrian@gmail.com>
* / / Fix panic when runlabel is missingzhangguanzhang2020-10-16
|/ / | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Merge pull request #7955 from ParkerVR/7751-altOpenShift Merge Robot2020-10-13
|\ \ | |/ |/| Container detach newlines
| * newlines on all container detachesParker Van Roy2020-10-07
| | | | | | | | Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
* | Merge pull request #7853 from xordspar0/play-kube-limits-#7742OpenShift Merge Robot2020-10-12
|\ \ | | | | | | Add support for resource limits to play kube
| * | Add support for resource limits to play kubeJordan Christiansen2020-10-12
| | | | | | | | | | | | Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | | Search repository tags using --list-tagsQi Wang2020-10-09
|/ / | | | | | | | | | | | | For fix of BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1684263 Add --list-tags to podman search to return a table the repository tags. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #7891 from rhatdan/rmOpenShift Merge Robot2020-10-09
|\ \ | | | | | | This PR allows users to remove external containers directly
| * | This PR allows users to remove external containers directlyDaniel J Walsh2020-10-09
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currenly if a user specifies the name or ID of an external storage container, we report an error to them. buildah from scratch working-container-2 podman rm working-container-2 Error: no container with name or ID working-container-2 found: no such container Since the user specified the correct name and the container is in storage we force them to specify --storage to remove it. This is a bad experience for the user. This change will just remove the container from storage. If the container is known by libpod, it will remove the container from libpod as well. The podman rm --storage option has been deprecated, and removed from docs. Also cleaned documented options that are not available to podman-remote. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7910 from EduardoVega/7567-podman-configmapsOpenShift Merge Robot2020-10-09
|\ \ | | | | | | Enable k8s configmaps as flags for play kube
| * | Enable k8s configmaps as flags for play kubeEduardo Vega2020-10-07
| | | | | | | | | | | | Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
* | | Merge pull request #7382 from mheon/pod_parallelOpenShift Merge Robot2020-10-07
|\ \ \ | |_|/ |/| | Move pod jobs to parallel execution
| * | Move pod jobs to parallel executionMatthew Heon2020-10-07
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make Podman pod operations that do not involve starting containers (which needs to be done in a specific order) use the same parallel operation code we use to make `podman stop` on large numbers of containers fast. We were previously stopping containers in a pod serially, which could take up to the timeout (default 15 seconds) for each container - stopping 100 containers that do not respond to SIGTERM would take 25 minutes. To do this, refactor the parallel operation code a bit to remove its dependency on libpod (damn circular import restrictions...) and use parallel functions that just re-use the standard container API operations - maximizes code reuse (previously each pod handler had a separate implementation of the container function it performed). This is a bit of a palate cleanser after fighting CI for two days - nice to be able to return to a land of sanity. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* / prevent unpredictable results with network create|removebaude2020-10-07
|/ | | | | | | | | | due to a lack of "locking" on cni operations, we could get ourselves in trouble when doing rapid creation or removal of networks. added a simple file lock to deal with the collision and because it is not considered a performent path, use of the file lock should be ok. if proven otherwise in the future, some generic shared memory lock should be implemented for libpod and also used here. moved pkog/network to libpod/network because libpod is now being pulled into the package and it has therefore lost its generic nature. this will make it easier to absorb into libpod as we try to make the network closer to core operations. Fixes: #7807 Signed-off-by: baude <bbaude@redhat.com>
* Lowercase some errorsKir Kolyshkin2020-10-05
| | | | | | | | | | | | | | | | | | | | | This commit is courtesy of ``` for f in $(git ls-files *.go | grep -v ^vendor/); do \ sed -i 's/\(errors\..*\)"Error /\1"error /' $f; done for f in $(git ls-files *.go | grep -v ^vendor/); do \ sed -i 's/\(errors\..*\)"Failed to /\1"failed to /' $f; done ``` etc. Self-reviewed using `git diff --word-diff`, found no issues. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* Remove excessive error wrappingKir Kolyshkin2020-10-05
| | | | | | | | | | | | | | | | | In case os.Open[File], os.Mkdir[All], ioutil.ReadFile and the like fails, the error message already contains the file name and the operation that fails, so there is no need to wrap the error with something like "open %s failed". While at it - replace a few places with os.Open, ioutil.ReadAll with ioutil.ReadFile. - replace errors.Wrapf with errors.Wrap for cases where there are no %-style arguments. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* Fix podman-remote ps --ns brokenzhangguanzhang2020-10-04
| | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Merge pull request #7887 from vrothberg/fix-7872OpenShift Merge Robot2020-10-02
|\ | | | | image prune: remove all candidates
| * image prune: remove all candidatesValentin Rothberg2020-10-02
| | | | | | | | | | | | | | | | Make sure to remove images until there's nothing left to prune. A single iteration may not be sufficient. Fixes: #7872 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #7867 from vrothberg/fix-7837OpenShift Merge Robot2020-10-02
|\ \ | |/ |/| remote: fix name and ID collisions of containers and pods
| * remote: fix name and ID collisions of containers and podsValentin Rothberg2020-10-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the look up of containers and pods in the remote client. User input can refer to both, names or IDs of containers and pods, so there is a fair chance of collisions (e.g., "c1" name with a "c1...." ID). Those collisions are well handled (and battle tested) in the local client which is directly using the libpod backend. Hence, the remote client should not attempt to introduce its own logic to prevent bugs and divergence between the local and the remote clients. To prevent collisions such as in #7837, do a container/pod inspect on the user-provided input to find the corresponding ID and eventually do full ID comparisons to avoid potential collisions with names. Note that this has a cost that I am not entirely happy with. Looking at issue #7837, the collisions are happening when removing the two containers. Remote container removal is now very chatty with the server as it first queries for all containers, then iterates over the provided names or IDs and does a remote inspect to figure out the IDs and find a matching container object. However, remote removal could just pass the names and IDs directly to the batch removal endpoint. Querying for all containers could be prevented if the batch removal endpoint would remove all if the slice is empty. In other words, the bug is fixed but there's room for performance improvements. Fixes: #7837 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #7735 from QiWang19/manifest-inspectOpenShift Merge Robot2020-10-01
|\ \ | | | | | | fix allowing inspect manifest of non-local image