summaryrefslogtreecommitdiff
path: root/pkg/domain
Commit message (Collapse)AuthorAge
* pkg/copy: add parsing APIValentin Rothberg2020-12-09
| | | | | | | | Add an API for parsing user input into a possibly specified container and path. This allows for sharing the parsing code between the local and the remote client (and bindings) in the future. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #8571 from Luap99/podman-network-reloadOpenShift Merge Robot2020-12-08
|\ | | | | Implement pod-network-reload
| * Implement pod-network-reloadMatthew Heon2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a new command, 'podman network reload', to reload the networks of existing containers, forcing recreation of firewall rules after e.g. `firewall-cmd --reload` wipes them out. Under the hood, this works by calling CNI to tear down the existing network, then recreate it using identical settings. We request that CNI preserve the old IP and MAC address in most cases (where the container only had 1 IP/MAC), but there will be some downtime inherent to the teardown/bring-up approach. The architecture of CNI doesn't really make doing this without downtime easy (or maybe even possible...). At present, this only works for root Podman, and only locally. I don't think there is much of a point to adding remote support (this is very much a local debugging command), but I think adding rootless support (to kill/recreate slirp4netns) could be valuable. Signed-off-by: Matthew Heon <matthew.heon@pm.me> Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8581 from baude/kubegenOpenShift Merge Robot2020-12-07
|\ \ | | | | | | generate kube on multiple containers
| * | generate kube on multiple containersbaude2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add the ability to add multiple containers into a single k8s pod instead of just one. also fixed some bugs in the resulting yaml where an empty service description was being added on error causing the k8s validation to fail. Signed-off-by: baude <bbaude@redhat.com>
* | | image sign using per user registries.dQi Wang2020-12-07
|/ / | | | | | | | | | | Support per user ~/.config/containers/registries.d to allow rootless image sign configurations. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #8597 from QiWang19/rawsoureceOpenShift Merge Robot2020-12-04
|\ \ | | | | | | Close image rawSource when each loop ends
| * | Close image rawSource when each loop endsQi Wang2020-12-04
| | | | | | | | | | | | | | | | | | | | | Previously close rawSouce in the middle makes future use of rawSource invalid. Move the rawSource.Close() to the end of each loop. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #8494 from mlegenovic/masterOpenShift Merge Robot2020-12-04
|\ \ \ | | | | | | | | More docker compat API fixes
| * | | More docker compat API fixesMilivoje Legenovic2020-12-04
| |/ / | | | | | | | | | | | | | | | Fixes wrong VirtualSize, ParentId, Architecture, Author, Os and OsVersion value Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* | | Merge pull request #8570 from vrothberg/run-950OpenShift Merge Robot2020-12-04
|\ \ \ | |/ / |/| | rewrite container copy
| * | rewrite podman-cpValentin Rothberg2020-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add a new `pkg/copy` to centralize all container-copy related code. * The new code is based on Buildah's `copier` package. * The compat `/archive` endpoints use the new `copy` package. * Update docs and an several new tests. * Includes many fixes, most notably, the look-up of volumes and mounts. Breaking changes: * Podman is now expecting that container-destination paths exist. Before, Podman created the paths if needed. Docker does not do that and I believe Podman should not either as it's a recipe for masking errors. These errors may be user induced (e.g., a path typo), or internal typos (e.g., when the destination may be a mistakenly unmounted volume). Let's keep the magic low for such a security sensitive feature. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Jira RUN-1106 Image handlers updatesJhon Honce2020-12-03
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Audit and add tests for required fields. * Added issue for /images/load implementation Audit: - GET /images/json GetImages - POST /build BuildImage - POST /build/prune 404 not found - POST /images/create CreateImageFromImage/CreateImageFromSrc - GET /images/{name}/json GetImage - GET /images/{name}/history HistoryImage - POST /images/{name}/push PushImage - POST /images/{name}/tag TagImage - DELETE /images/{name} RemoveImage - POST /images/prune PruneImages - POST /commit CommitContainer - GET /images/{name}/get ExportImage - GET /images/get ExportImages - POST /images/load LoadImages See https://github.com/containers/podman/issues/8586 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #8556 from mheon/fix_8539OpenShift Merge Robot2020-12-02
|\ \ | |/ |/| Use Libpod tmpdir for pause path
| * Use Libpod tmpdir for pause pathMatthew Heon2020-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, we always computed pause path from the Rootless runtime directory. Problem: this does not match the behavior of Libpod when the directory changes. Libpod will continue to use the previous directory, cached in the database; Pause pidfiles will swap to the new path. This is problematic when the directory needs to exist to write the pidfile, and Libpod is what creates the directory. There are two potential solutions - allow the pause pidfile to move and just make the directory when we want to write it, or use the cached Libpod paths for a guaranteed location. This patch does the second, because it seems safer - we will never miss a previously-existing pidfile because the location is now consistent. Fixes #8539 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Do not pass name argument to Load APIQi Wang2020-12-02
| | | | | | | | | | | | | | Not pass the name argument to Load API. Specify in the document the usage of the optional argument is tagging an additional image. Close #7337 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Add podman network create option for bridge mtuAnders F Björklund2020-12-01
| | | | | | | | Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | Merge pull request #8505 from Luap99/network-labelsOpenShift Merge Robot2020-12-01
|\ \ | |/ |/| podman network label support
| * podman network label supportPaul Holzinger2020-11-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add label support for podman network create. Use the `args` field in the cni config file to store the podman labels. Use `podman_labels` as key name and store the labels as map[string]string. For reference: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md#args-in-network-config https://github.com/containernetworking/cni/blob/spec-v0.4.0/SPEC.md#network-configuration Example snippet: ``` ... "args": { "podman_labels": { "key1":"value1", "key2":"value2" } } ... ``` Make podman network list support several filters. Supported filters are name, plugin, driver and label. Filters with different keys work exclusive. Several label filters work exclusive and the other filter keys are working inclusive. Also adjust the compat api to support labels in network create and list. Breaking changes: - podman network ls -f shortform is used for --filter instead --format This matches docker and other podman commands (container ps, volume ps) - libpod network list endpoint filter parameter is removed. Instead the filters paramter should be used as json encoded map[string][]string. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8400 from rhatdan/varlinkOpenShift Merge Robot2020-12-01
|\ \ | | | | | | Remove varlink support from podman
| * | Remove varlink support from PodmanDaniel J Walsh2020-11-26
| |/ | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8427 from rhatdan/psOpenShift Merge Robot2020-12-01
|\ \ | | | | | | Handle ps container created field as a time.Time
| * | Handle ps container created field as a time.TimeDaniel J Walsh2020-11-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the current code we were translating the created time from a time.Time to a unix epoch, this was leading to a loss of precession, and some unexpected results where the sorting order of containers was misordered because of the precession loss. If we pass around created as time.Time, we do not loose the precission. Fixes: https://github.com/containers/podman/issues/8414 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Document docker transport is the only supported remote transportDaniel J Walsh2020-11-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The goal is to improve errors when users use the wrong transport in certain cases we stutter, in other cases we don't give enough information. Remove stutters when failing to pull remote images, because of lack of support. Fix errors returned by reference.Parse to wrap in image that was being checked. Fixes: https://github.com/containers/podman/issues/7116 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Prepare support in kube play for other volume types than hostPathAlban Bedel2020-11-27
| |/ |/| | | | | | | | | | | | | | | | | Replace the simple map of names to paths with a map of names to a struct to allow passing more parameters. Also move the code to parse the volumes to its own file to avoid making the playKubePod() function overly complex. Finally rework the kube volumes test to also be ready to support more volume types. Signed-off-by: Alban Bedel <albeu@free.fr>
* | Merge pull request #8409 from mlegenovic/masterOpenShift Merge Robot2020-11-23
|\ \ | | | | | | Docker compat API fixes
| * | [WIP] Docker compat API fixesMilivoje Legenovic2020-11-23
| | | | | | | | | | | | | | | | | | | | | | | | These are the first fixes that are needed for development environments like Eclipse or IntelliJ that have Docker plug-ins and use the Docker API to speak with container engine (#7857) Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* | | Merge pull request #8263 from rhatdan/restartOpenShift Merge Robot2020-11-23
|\ \ \ | |/ / |/| | Allow containers to --restart on-failure with --rm
| * | Allow containers to --restart on-failure with --rmDaniel J Walsh2020-11-20
| |/ | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / REST API v2 - list of images - mandatory Created attributePetr Sakař2020-11-20
|/ | | | | | | | fixes https://github.com/containers/podman/issues/8418 created attribute is missing for images with created datetime set to 0 Unix time (January 1, 1970 UTC) because 0 is considered as default value, and thus attribute was ommited because of 'omitempty' flag Signed-off-by: Petr Sakař <petr.sakar@chare.eu>
* Merge pull request #8391 from baude/networkconnectdisconnectOpenShift Merge Robot2020-11-19
|\ | | | | add network connect|disconnect compat endpoints
| * add network connect|disconnect compat endpointsbaude2020-11-19
| | | | | | | | | | | | | | | | | | | | | | this enables the ability to connect and disconnect a container from a given network. it is only for the compatibility layer. some code had to be refactored to avoid circular imports. additionally, tests are being deferred temporarily due to some incompatibility/bug in either docker-py or our stack. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #8379 from rhatdan/remote2OpenShift Merge Robot2020-11-18
|\ \ | | | | | | Remove build \!remote flags from test phase 2
| * | podman-remote network rm --force is brokenDaniel J Walsh2020-11-18
| | | | | | | | | | | | | | | | | | | | | The --force parameter was not being handled correctly. This is leading to some race conditions in testing failures. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Align the podman pod ps --filter behavior with podman psPaul Holzinger2020-11-18
|/ / | | | | | | | | | | | | | | | | Filters with the same key work inclusive with the only exception being `label` which is exclusive. Filters with different keys always work exclusive. Also update the documentation with the new behavior. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8376 from Luap99/podman-filtersOpenShift Merge Robot2020-11-18
|\ \ | |/ |/| Align the podman ps --filter behavior with docker
| * Align the podman ps --filter behavior with dockerPaul Holzinger2020-11-18
| | | | | | | | | | | | | | | | | | | | All of our filters worked exclusive resulting in `--filter status=created --filter status=exited` to return nothing. In docker filters with the same key work inclusive with the only exception being `label` which is exclusive. Filters with different keys always work exclusive. This PR aims to match the docker behavior with podman. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8355 from baude/compatnetworkconnectdisconnectOpenShift Merge Robot2020-11-17
|\ \ | | | | | | add network connect|disconnect compat endpoints
| * | add network connect|disconnect compat endpointsbaude2020-11-17
| |/ | | | | | | | | | | | | | | | | | | | | this enables the ability to connect and disconnect a container from a given network. it is only for the compatibility layer. some code had to be refactored to avoid circular imports. additionally, tests are being deferred temporarily due to some incompatibility/bug in either docker-py or our stack. Signed-off-by: baude <bbaude@redhat.com>
* / Add an option to control if play kube should start the podAlban Bedel2020-11-17
|/ | | | | | | | | | Having play kube start the pod is not always appropriate, one might for example like to have the pod running as a set of systemd services. Add a `start` option to the command line and API to control if the pod should be started or not; it defaults to true for backward compatibility. Signed-off-by: Alban Bedel <albeu@free.fr>
* Wrap missing container errors with container IDDaniel J Walsh2020-11-15
| | | | | | | | | | | | | | | While playing around with podman system df, I saw that my container database was in bad state. Basically podman new about containers that were no longer in container/storage. The podman system df was just erroring out early stating "container does not exist" with no indicator of which container. This Patch wraps the podman system df errors to indicate which container does not exist. It also logs errors on containers that get into this state, but continues on to work on all containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8252 from baude/playkubetospecgenOpenShift Merge Robot2020-11-10
|\ | | | | migrate play kube to spec gen
| * migrate play kube to spec genbaude2020-11-10
| | | | | | | | | | | | | | | | we need to migrate play kube away from using the old container creation method. the new approach is specgen and this aligns play kube with container creation in the rest of podman. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #8251 from baude/networkaliasesOpenShift Merge Robot2020-11-10
|\ \ | | | | | | network aliases for container creation
| * | network aliases for container creationbaude2020-11-09
| | | | | | | | | | | | | | | | | | | | | | | | podman can now support adding network aliases when running containers (--network-alias). It requires an updated dnsname plugin as well as an updated ocicni to work properly. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8143 from aojea/dualOpenShift Merge Robot2020-11-10
|\ \ \ | |_|/ |/| | enable ipv6 networks
| * | enable ipv6 network configuration optionsAntonio Ojea2020-11-10
| |/ | | | | | | | | | | | | | | | | | | | | | | | | enable the ipv6 flag in podman network to be able to create dual-stack networks for containers. This is required to be compatible with docker, where --ipv6 really means dual stack. podman, unlike docker, support IPv6 only containers since 07e3f1bba9674c0cb93a0fa260930bfebbf75728. Signed-off-by: Antonio Ojea <aojea@redhat.com>
* / Add --log-driver to play kubeAndy Librian2020-11-08
|/ | | | | | addresses #6604 Signed-off-by: Andy Librian <andylibrian@gmail.com>
* Add support for mounting external containersDaniel J Walsh2020-11-04
| | | | | | | | | Continue progress on use of external containers. This PR adds the ability to mount, umount and list the storage containers whether they are in libpod or not. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Centralize cores and period/quota conversion codeJordan Christiansen2020-10-31
| | | | Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>