summaryrefslogtreecommitdiff
path: root/pkg/domain/infra
Commit message (Collapse)AuthorAge
* Add podman play kube --no-hosts optionsDaniel J Walsh2021-10-01
| | | | | | | | | This option will setup the containers to not modify their /etc/hosts file and just use the one from the image. Fixes: https://github.com/containers/podman/issues/9500 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Support selinux options with bind mounts play/genBrent Baude2021-09-30
| | | | | | | | | | | | When using play kube and generate kube, we need to support if bind mounts have selinux options. As kubernetes does not support selinux in this way, we tuck the selinux values into a pod annotation for generation of the kube yaml. Then on play, we check annotations to see if a value for the mount exists and apply it. Fixes BZ #1984081 Signed-off-by: Brent Baude <bbaude@redhat.com>
* libpod: add GetConfigNoCopy()Valentin Rothberg2021-09-29
| | | | | | | | | | | | | | | | Add a new function to libpod to directly access the runtime configuration without creating an expensive deep copy. Further migrate a number of callers to this new function. This drops the number of calls to JSONDeepCopy from 4 to 1 in a simple `podman run --rm -d busybox top`. Future work: Please note that there are more callers of GetConfig() that can me migrated to GetConfigNoCopy(). [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* image prune: support removing external containersValentin Rothberg2021-09-28
| | | | | | | | Support removing external containers (e.g., build containers) during image prune. Fixes: #11472 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* stop: Do nothing if container was never created in runtimeAditya Rajan2021-09-27
| | | | | | | | | Following commit ensures we silently return container id on `stop` if container was never created in OCI runtime. Following behaviour ensures that we are in parity with docker. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* Set context dir for play kube buildBrent Baude2021-09-23
| | | | | | | | When performing an image build with play kube, we need to set the context directory so things like file copies have the correct input path. Signed-off-by: Brent Baude <bbaude@redhat.com>
* podman save: enforce signature removalValentin Rothberg2021-09-23
| | | | | | | | | | | | | | Enforce the removal of signatures in `podman save` to restore behavior prior to the migration to libimage. We may consider improving on that in the future. For details, please refer to the excellent summary by @mtrmac [1]. [NO TESTS NEEDED] - manually verified but exisiting tests need some further investigation (see [1]). [1] https://github.com/containers/podman/pull/11669#issuecomment-925250264 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #11704 from rhatdan/kubeOpenShift Merge Robot2021-09-23
|\ | | | | podman generate kube should not include images command
| * podman generate kube should not include images commandDaniel J Walsh2021-09-22
| | | | | | | | | | | | | | | | | | If the command came from the underlying image, then we should not include it in the generate yaml file. Fixes: https://github.com/containers/podman/issues/11672 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | standardize logrus messages to upper caseDaniel J Walsh2021-09-22
|/ | | | | | | | Remove ERROR: Error stutter from logrus messages also. [ NO TESTS NEEDED] This is just code cleanup. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman save: add `--uncompressed`Valentin Rothberg2021-09-22
| | | | | | | | | | Add an option to `podman save` to allow uncompressed layers when copying OCI images. Do the neccessary plumbing for the remote client, add tests and vendor in the latest commit from c/common to fetch the neccessary changes in libimage. Closes: #11613 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add a backoff and retries to retrieving exited eventMatthew Heon2021-09-21
| | | | | | | | | | | | | | | | | | There's a potential race around extremely short-running containers and events with journald. Events may not be written for some time (small, but appreciable) after they are received, and as such we can fail to retrieve it if there is a sufficiently short time between us writing the event and trying to read it. Work around this by just retrying, with a 0.25 second delay between retries, up to 4 times. [NO TESTS NEEDED] because I have no idea how to reproduce this race in CI. Fixes #11633 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Remove references to kube being developmentBrent Baude2021-09-20
| | | | | | | | | | At this point and even though we are always improving the play and generate kube functions, I would say it no longers needs to be denoted as under development. [NO TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* remote untag: support digestsValentin Rothberg2021-09-20
| | | | | | | | | Fix a bug when remotely untagging an image via tag@digest. The digest has been lost in the remote client and hence led to a wrong behaviour on the server. Fixes: #11557 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #11606 from giuseppe/always-move-pause-process-to-scopeOpenShift Merge Robot2021-09-17
|\ | | | | runtime: move pause process to scope
| * system: move MovePauseProcessToScope to utilsGiuseppe Scrivano2021-09-16
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * system: always move pause process when running on systemdGiuseppe Scrivano2021-09-16
| | | | | | | | | | | | | | when running on a systemd with systemd, always try to move the pause process to its own scope. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * system: avoid reading pause pid fileGiuseppe Scrivano2021-09-16
| | | | | | | | | | | | | | we already know the path to the pause PID file, no need to calculate it again. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Do not allow network modes to be used as network namesPaul Holzinger2021-09-16
|/ | | | | | | | | `podman network create` should not allow users to create networks with a name which is already used for a network mode in `podman run --network`. Fixes #11448 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11322 from Luap99/network-libpodOpenShift Merge Robot2021-09-15
|\ | | | | Wire network interface into libpod
| * Wire network interface into libpodPaul Holzinger2021-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make use of the new network interface in libpod. This commit contains several breaking changes: - podman network create only outputs the new network name and not file path. - podman network ls shows the network driver instead of the cni version and plugins. - podman network inspect outputs the new network struct and not the cni conflist. - The bindings and libpod api endpoints have been changed to use the new network structure. The container network status is stored in a new field in the state. The status should be received with the new `c.getNetworkStatus`. This will migrate the old status to the new format. Therefore old containers should contine to work correctly in all cases even when network connect/ disconnect is used. New features: - podman network reload keeps the ip and mac for more than one network. - podman container restore keeps the ip and mac for more than one network. - The network create compat endpoint can now use more than one ipam config. The man pages and the swagger doc are updated to reflect the latest changes. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | container runlabel remove image tag from namePaul Holzinger2021-09-15
|/ | | | | | | | | | | When no name is given for podman container runlabel it will default to the image base name. However this can contain a tag. Since podman does not accept container names with a colon the run command will fail if it contains something like `podman run --name NAME ...`. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2004263 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Add init containers to generate and play kubeUrvashi Mohnani2021-09-10
| | | | | | | | | | | | | | | Kubernetes has a concept of init containers that run and exit before the regular containers in a pod are started. We added init containers to podman pods as well. This patch adds support for generating init containers in the kube yaml when a pod we are converting had init containers. When playing a kube yaml, it detects an init container and creates such a container in podman accordingly. Note, only init containers created with the init type set to "always" will be generated as the "once" option deletes the init container after it has run and exited. Play kube will always creates init containers with the "always" init container type. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* Merge pull request #11447 from chenzhiwei/respect-configOpenShift Merge Robot2021-09-09
|\ | | | | fix play kube can't use infra_image in config file
| * fix play kube can't use infra_image in config fileChen Zhiwei2021-09-08
| | | | | | | | Signed-off-by: Chen Zhiwei <zhiweik@gmail.com>
* | Merge pull request #11476 from vrothberg/fix-11392OpenShift Merge Robot2021-09-08
|\ \ | | | | | | container inspect: improve error handling
| * | container inspect: improve error handlingValentin Rothberg2021-09-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Improve the error handling of `container inspect` to properly handle when the container has been removed _between_ the lookup and the inspect. That will yield the correct "no such object" error message in `inspect`. [NO TESTS NEEDED] since I do not know have a reliable and cheap reproducer. It's fixing a CI flake, so there's already an indicator. Fixes: #11392 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #11468 from Luap99/play-kube-slirpOpenShift Merge Robot2021-09-08
|\ \ \ | |/ / |/| | fix play kube --network options
| * | fix play kube --network optionsPaul Holzinger2021-09-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 092902b45555 introduced advanced network options for podman play kube. However this never worked because it unconditionally set the network mode to bridge after it parsed the network option. Added a test to ensure the correct mode is set. Truly fixes #10807 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #11431 from jmguzik/secrets-ls-filtersOpenShift Merge Robot2021-09-07
|\ \ \ | | | | | | | | Add filtering functionality to http api secrets list
| * | | Add filtering functionality to http api secrets listJakub Guzik2021-09-03
| | |/ | |/| | | | | | | | | | | | | | | | | | | Filtering is missing in both compat API and libpod API, while docker has filtering functinality. This commit enables filtering option using name and id in both libpod and http API. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | Merge pull request #11427 from flouthoc/kube-pod-logsOpenShift Merge Robot2021-09-07
|\ \ \ | |_|/ |/| | kube: Add support for `podman pod logs`.
| * | kube: Add support for podman pod logsAditya Rajan2021-09-05
| |/ | | | | | | | | | | | | | | | | | | | | Following PR adds support for `kubectl` like `pod logs` to podman. Usage `podman pod logs <podIDorName` gives a stream of logs for all the containers within the pod with **containername** as a field. Just like **`kubectl`** also supports `podman pod logs -c ctrIDorName podIDorName` to limit the log stream to any of the specificied container which belongs to pod. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* / generate systemd: handle --restartValentin Rothberg2021-09-07
|/ | | | | | | | | Handle custom restart policies of containers when generating the unit files; those should be set on the unit level and removed from ExecStart flags. Fixes: #11438 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* manifest: rm should not remove referenced images.Aditya Rajan2021-09-02
| | | | | | | | | | Following PR makes sure that `podman manifest rm <list>` only removes the named manifest list and not referenced images. Bumping and squashing c/common to v0.43.3-0.20210902095222-a7acc160fb25 in same commit in order to make sure build commit test passes. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* podman stop always cleanupPaul Holzinger2021-09-01
| | | | | | | | | | | | | | | When a container is configured for auto removal podman stop should still do cleanup, there is no guarantee the the cleanup process spawned by conmon will be successful. Also a user expects after podman stop that the network/mounts are cleaned up. Therefore podman stop should not return early and instead do the cleanup and ignore errors if the container was already removed. [NO TESTS NEEDED] I don't know how to test this. Fixes #11384 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* InfraContainer Reworkcdoern2021-08-26
| | | | | | | | | | InfraContainer should go through the same creation process as regular containers. This change was from the cmd level down, involving new container CLI opts and specgen creating functions. What now happens is that both container and pod cli options are populated in cmd and used to create a podSpecgen and a containerSpecgen. The process then goes as follows FillOutSpecGen (infra) -> MapSpec (podOpts -> infraOpts) -> PodCreate -> MakePod -> createPodOptions -> NewPod -> CompleteSpec (infra) -> MakeContainer -> NewContainer -> newContainer -> AddInfra (to pod state) Signed-off-by: cdoern <cdoern@redhat.com>
* Merge pull request #11298 from baude/kubeupdownOpenShift Merge Robot2021-08-26
|\ | | | | teardown play kube
| * teardown play kubeBrent Baude2021-08-24
| | | | | | | | | | | | | | | | | | add the ability for play kube to tear down based on the yaml used to play it. it is indicated by --down in the play kube command. volumes are NOT deleted during the teardown. pods and their containers are stopped and removed. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #11103 from jwhonce/wip/bindingsOpenShift Merge Robot2021-08-25
|\ \ | | | | | | Fix file descriptor leaks in bindings and add test
| * | Fix file descriptor leaks and add testJhon Honce2021-08-24
| |/ | | | | | | | | | | | | | | | | | | * Add response.Body.Close() where needed to release HTTP connections to API server. * Add tests to ensure no general leaks occur. 100% coverage would be required to ensure no leaks on any call. * Update code comments to be godoc correct Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / logs: adjust handling around partial log messagesNalin Dahyabhai2021-08-23
|/ | | | | | | | | | | | | | | | | | | In libpod/logs.LogLine.Write(), don't write a newline to stdout/stderr when the log message is only part of a line. In libpod.ConmonOCIRuntime.HTTPAttach(), don't send a newline over the HTTP connection when the log message is only part of a line. In pkg/api/handlers/compat.LogsFromContainer(), don't send a newline over the HTTP connection when the log message is only part of a line, and don't make doing so conditional on whether or not the client used the docker or podman endpoint. In pkg/domain/infra/tunnel.ContainerEngine.ContainerLogs(), don't add our own newline to log messages, since they already come through from the server when they need to. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* volumes: Add support for exporting volumes to external tarflouthoc2021-08-23
| | | | | | | Adds support for transferring data between systems and backing up systems. Use cases: recover from disasters or move data between machines. Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* Add ability to build images in play kubeBrent Baude2021-08-18
| | | | | | | | When playing a kube YAML file, it can be desirable to be able to build an image on the fly. This is good for development of an image and YAML files and somewhat mocks what compose does. Signed-off-by: Brent Baude <bbaude@redhat.com>
* make sure that signal buffers are sufficiently bigValentin Rothberg2021-08-17
| | | | | | | | | | | | | | | Dealing with os.Signal channels seems more like an art than science since signals may get lost. os.Notify doesn't block on an unbuffered channel, so users are expected to know what they're doing or hope for the best. In the recent past, I've seen a number of flakes and BZs on non-amd64 architectures where I was under the impression that signals may got lost, for instance, during stop and exec. [NO TESTS NEEDED] since this is art. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #11011 from baude/initcontainersopenshift-ci[bot]2021-08-05
|\ | | | | implement init containers in podman
| * implement init containers in podmanBrent Baude2021-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | this is the first pass at implementing init containers for podman pods. init containersare made popular by k8s as a way to run setup for pods before the pods standard containers run. unlike k8s, we support two styles of init containers: always and oneshot. always means the container stays in the pod and starts whenever a pod is started. this does not apply to pods restarting. oneshot means the container runs onetime when the pod starts and then is removed. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Fix podman unpause,pause,kill --all to work like podman stop --allDaniel J Walsh2021-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if you execute podman unpause --all, podman pause --all Podman shows attempts to unpause containers that are not paused and prints an error. This PR catches this error and only prints errors if a paused container was not able to be unpaused. Currently if you execute podman pause --all or podman kill --all, Podman Podman shows attempts to pause or kill containers that are not running and prints an error. This PR catches this error and only prints errors if a running container was not able to be paused or killed. Also change printing of multiple errors to go to stderr and to prefix "Error: " in front to match the output of the last error. Fixes: https://github.com/containers/podman/issues/11098 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10973 from rhatdan/quotaopenshift-ci[bot]2021-08-04
|\ \ | | | | | | Support size options on builtin volumes
| * | Support size and inode options on builtin volumesDaniel J Walsh2021-08-02
| |/ | | | | | | | | | | | | | | [NO TESTS NEEDED] Since it is difficult to setup xfs quota Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1982164 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>