summaryrefslogtreecommitdiff
path: root/pkg/domain
Commit message (Collapse)AuthorAge
* Add --unsetenv & --unsetenv-all to remove def environment variablesDaniel J Walsh2021-11-15
| | | | | | | | | | | | | | | | Podman adds a few environment variables by default, and currently there is no way to get rid of them from your container. This option will allow you to specify which defaults you don't want. --unsetenv-all will remove all default environment variables. Default environment variables can come from podman builtin, containers.conf or from the container image. Fixes: https://github.com/containers/podman/issues/11836 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11076 from boaz0/closes_10275OpenShift Merge Robot2021-11-15
|\ | | | | Support template unit files in podman generate systemd
| * Support template unit files in podman generate systemdBoaz Shuster2021-10-22
| | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | Added optional container restore statisticsAdrian Reber2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the parameter '--print-stats' to 'podman container restore'. With '--print-stats' Podman will measure how long Podman itself, the OCI runtime and CRIU requires to restore a checkpoint and print out these information. CRIU already creates process restore statistics which are just read in addition to the added measurements. In contrast to just printing out the ID of the restored container, Podman will now print out JSON: # podman container restore --latest --print-stats { "podman_restore_duration": 305871, "container_statistics": [ { "Id": "47b02e1d474b5d5fe917825e91ac653efa757c91e5a81a368d771a78f6b5ed20", "runtime_restore_duration": 140614, "criu_statistics": { "forking_time": 5, "restore_time": 67672, "pages_restored": 14 } } ] } The output contains 'podman_restore_duration' which contains the number of microseconds Podman required to restore the checkpoint. The output also includes 'runtime_restore_duration' which is the time the runtime needed to restore that specific container. Each container also includes 'criu_statistics' which displays the timing information collected by CRIU. Signed-off-by: Adrian Reber <areber@redhat.com>
* | Added optional container checkpointing statisticsAdrian Reber2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the parameter '--print-stats' to 'podman container checkpoint'. With '--print-stats' Podman will measure how long Podman itself, the OCI runtime and CRIU requires to create a checkpoint and print out these information. CRIU already creates checkpointing statistics which are just read in addition to the added measurements. In contrast to just printing out the ID of the checkpointed container, Podman will now print out JSON: # podman container checkpoint --latest --print-stats { "podman_checkpoint_duration": 360749, "container_statistics": [ { "Id": "25244244bf2efbef30fb6857ddea8cb2e5489f07eb6659e20dda117f0c466808", "runtime_checkpoint_duration": 177222, "criu_statistics": { "freezing_time": 100657, "frozen_time": 60700, "memdump_time": 8162, "memwrite_time": 4224, "pages_scanned": 20561, "pages_written": 2129 } } ] } The output contains 'podman_checkpoint_duration' which contains the number of microseconds Podman required to create the checkpoint. The output also includes 'runtime_checkpoint_duration' which is the time the runtime needed to checkpoint that specific container. Each container also includes 'criu_statistics' which displays the timing information collected by CRIU. Signed-off-by: Adrian Reber <areber@redhat.com>
* | Merge pull request #12272 from hshiina/memory-swappinessOpenShift Merge Robot2021-11-13
|\ \ | | | | | | Enable 'podman run --memory-swappiness=0'
| * | Enable 'podman run --memory-swappiness=0'Hironori Shiina2021-11-12
| | | | | | | | | | | | | | | | | | | | | | | | '--memory-swappiness=0' used to work. This patch fixes the regression issue, which was caused by the change of infra container creation process. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
* | | Merge pull request #12270 from rhatdan/authOpenShift Merge Robot2021-11-13
|\ \ \ | |/ / |/| | --authfile command line argument for image sign command.
| * | --authfile command line argument for image sign command.José Guilherme Vanz2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds the --authfile command line argument to allow users to use alternative authfile paths when signing images. Replaces: https://github.com/containers/podman/pull/10975 Fixes: https://github.com/containers/podman/issues/10866 Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | play kube: don't force-pull infra imageValentin Rothberg2021-11-12
|/ / | | | | | | | | | | | | | | | | Do not force-pull the infra image in `play kube` but let the backend take care of that when creating the pod(s) which may build a local `podman-pause` image instead of using the default infra image. Fixes: #12254 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Add flag to overwrite network backend from configPaul Holzinger2021-11-11
| | | | | | | | | | | | | | To make testing easier we can overwrite the network backend with the global `--network-backend` option. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #12195 from boaz0/closes_11998OpenShift Merge Robot2021-11-09
|\ \ | | | | | | podman-generate-kube - remove empty structs from YAML
| * | podman-generate-kube - remove empty structs from YAMLBoaz Shuster2021-11-07
| | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | Merge pull request #11958 from cdoern/scpOpenShift Merge Robot2021-11-08
|\ \ \ | |/ / |/| | Podman Image SCP rootful to rootless transfer
| * | Podman Image SCP rootful to rootless transfercdoern2021-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added functionality for users to transfer images from root storage to rootless storage without using sshd. This is done through rootful podman by running `sudo podman image scp root@localhost::image user@localhost:: the user is needed in order to find and use their uid/gid to exec a new process. added necessary tests, and functions for this implementation. Created new image function Transfer so that the underlying code is majorly removed from CLI Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #11890 from Luap99/portsOpenShift Merge Robot2021-11-06
|\ \ \ | | | | | | | | libpod: deduplicate ports in db
| * | | libpod: deduplicate ports in dbPaul Holzinger2021-10-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The OCICNI port format has one big problem: It does not support ranges. So if a users forwards a range of 1k ports with podman run -p 1001-2000 we have to store each of the thousand ports individually as array element. This bloats the db and makes the JSON encoding and decoding much slower. In many places we already use a better port struct type which supports ranges, e.g. `pkg/specgen` or the new network interface. Because of this we have to do many runtime conversions between the two port formats. If everything uses the new format we can skip the runtime conversions. This commit adds logic to replace all occurrences of the old format with the new one. The database will automatically migrate the ports to new format when the container config is read for the first time after the update. The `ParsePortMapping` function is `pkg/specgen/generate` has been reworked to better work with the new format. The new logic is able to deduplicate the given ports. This is necessary the ensure we store them efficiently in the DB. The new code should also be more performant than the old one. To prove that the code is fast enough I added go benchmarks. Parsing 1 million ports took less than 0.5 seconds on my laptop. Benchmark normalize PortMappings in specgen: Please note that the 1 million ports are actually 20x 50k ranges because we cannot have bigger ranges than 65535 ports. ``` $ go test -bench=. -benchmem ./pkg/specgen/generate/ goos: linux goarch: amd64 pkg: github.com/containers/podman/v3/pkg/specgen/generate cpu: Intel(R) Core(TM) i7-10850H CPU @ 2.70GHz BenchmarkParsePortMappingNoPorts-12 480821532 2.230 ns/op 0 B/op 0 allocs/op BenchmarkParsePortMapping1-12 38972 30183 ns/op 131584 B/op 9 allocs/op BenchmarkParsePortMapping100-12 18752 60688 ns/op 141088 B/op 315 allocs/op BenchmarkParsePortMapping1k-12 3104 331719 ns/op 223840 B/op 3018 allocs/op BenchmarkParsePortMapping10k-12 376 3122930 ns/op 1223650 B/op 30027 allocs/op BenchmarkParsePortMapping1m-12 3 390869926 ns/op 124593840 B/op 4000624 allocs/op BenchmarkParsePortMappingReverse100-12 18940 63414 ns/op 141088 B/op 315 allocs/op BenchmarkParsePortMappingReverse1k-12 3015 362500 ns/op 223841 B/op 3018 allocs/op BenchmarkParsePortMappingReverse10k-12 343 3318135 ns/op 1223650 B/op 30027 allocs/op BenchmarkParsePortMappingReverse1m-12 3 403392469 ns/op 124593840 B/op 4000624 allocs/op BenchmarkParsePortMappingRange1-12 37635 28756 ns/op 131584 B/op 9 allocs/op BenchmarkParsePortMappingRange100-12 39604 28935 ns/op 131584 B/op 9 allocs/op BenchmarkParsePortMappingRange1k-12 38384 29921 ns/op 131584 B/op 9 allocs/op BenchmarkParsePortMappingRange10k-12 29479 40381 ns/op 131584 B/op 9 allocs/op BenchmarkParsePortMappingRange1m-12 927 1279369 ns/op 143022 B/op 164 allocs/op PASS ok github.com/containers/podman/v3/pkg/specgen/generate 25.492s ``` Benchmark convert old port format to new one: ``` go test -bench=. -benchmem ./libpod/ goos: linux goarch: amd64 pkg: github.com/containers/podman/v3/libpod cpu: Intel(R) Core(TM) i7-10850H CPU @ 2.70GHz Benchmark_ocicniPortsToNetTypesPortsNoPorts-12 663526126 1.663 ns/op 0 B/op 0 allocs/op Benchmark_ocicniPortsToNetTypesPorts1-12 7858082 141.9 ns/op 72 B/op 2 allocs/op Benchmark_ocicniPortsToNetTypesPorts10-12 2065347 571.0 ns/op 536 B/op 4 allocs/op Benchmark_ocicniPortsToNetTypesPorts100-12 138478 8641 ns/op 4216 B/op 4 allocs/op Benchmark_ocicniPortsToNetTypesPorts1k-12 9414 120964 ns/op 41080 B/op 4 allocs/op Benchmark_ocicniPortsToNetTypesPorts10k-12 781 1490526 ns/op 401528 B/op 4 allocs/op Benchmark_ocicniPortsToNetTypesPorts1m-12 4 250579010 ns/op 40001656 B/op 4 allocs/op PASS ok github.com/containers/podman/v3/libpod 11.727s ``` Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | rename rootless cni ns to rootless netnsPaul Holzinger2021-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since we want to use the rootless cni ns also for netavark we should pick a more generic name. The name is now "rootless network namespace" or short "rootless netns". The rename might cause some issues after the update but when the all containers are restarted or the host is rebooted it should work correctly. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | MAC address json unmarshal should allow stringsPaul Holzinger2021-11-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Create a new mac address type which supports json marshal/unmarshal from and to string. This change is backwards compatible with the previous versions as the unmarshal method still accepts the old byte array or base64 encoded string. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #12156 from matejvasek/docker-api-zero-value-fixesOpenShift Merge Robot2021-11-02
|\ \ \ \ | | | | | | | | | | Fix libpod API conformance to swagger
| * | | | More conforming libpod API and swagger typesMatej Vasek2021-11-01
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
| * | | | Fix libpod API conformance to swaggerMatej Vasek2021-11-01
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | * Return empty array when nothing has been pruned. * Use correct return type swagger doc-comment. Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | | Merge pull request #12051 from machacekondra/fix_http409_errorhandlingOpenShift Merge Robot2021-11-02
|\ \ \ \ | | | | | | | | | | Handle HTTP 409 error messages properly
| * | | | Handle HTTP 409 error messages properly for Pod actionsOndra Machacek2021-11-02
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | This PR fixes the case when the API return HTTP 409 response. Where the API return the body format different then for other HTTP error codes. Signed-off-by: Ondra Machacek <omachace@redhat.com>
* / / / Fix swagger definitionsMatej Vasek2021-11-01
|/ / / | | | | | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Matej Vasek <mvasek@redhat.com>
* / / Allow label and labels when creating volumesJhon Honce2021-10-28
|/ / | | | | | | | | | | | | | | | | JSON payload may have either key. Labels will override any values set via Label. Fixes #12102 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | container create: fix --tls-verify parsingValentin Rothberg2021-10-27
| | | | | | | | | | | | | | | | | | Make sure that the value is only set if specified on the CLI. c/image already defaults to true but if set in the system context, we'd skip settings in the registries.conf. Fixes: #11933 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Add support to play kube for --log-optDaniel J Walsh2021-10-25
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11727 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #11991 from rhatdan/sizeOpenShift Merge Robot2021-10-22
|\ \ | |/ |/| Allow API to specify size and inode quota
| * Allow API to specify size and inode quotaDaniel J Walsh2021-10-18
| | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11016 [NO NEW TESTS NEEDED] We have no easy way to tests this in CI/CD systems. Requires quota to be setup on directories to work. Fixes: https://github.com/containers/podman/issues/11016 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | tag: Support tagging manifest list instead of resolving to imagesAditya Rajan2021-10-21
|/ | | | | | | | | | Following commit makes sure when buildah tag is invoked on a manifest list, it tags the same manifest list instead of resolving to an image and tagging it. Port of: https://github.com/containers/buildah/pull/3483 Signed-off-by: Aditya Rajan <arajan@redhat.com>
* Refactor podman search to be more code friendlyJhon Honce2021-10-12
| | | | | | | | | | | * JSON and API description fields are no longer truncated. Formatting moved to client, better support of MVP. * --no-trunc now defaults to true * Updated tests for changes Closes #11894 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* podman stats: move cgroup validation to serverPaul Holzinger2021-10-11
| | | | | | | | | | | | Podman stats is not supported for rootless cgroupv1 setups. The check for this must be on the server side and not the client. [NO NEW TESTS NEEDED] we cannot test this because remote and server are always on the same machine in CI Fixes #11909 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11869 from jwhonce/wip/pprofOpenShift Merge Robot2021-10-10
|\ | | | | Enable /debug/pprof API service endpoints
| * Enable /debug/pprof API service endpointsJhon Honce2021-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactor sidecar HTTP service for /debug/pprof endpoints to use a TCP address given via new podman system service --pprof-address flag * Allow same URL parsing in "system service" as bindings/connection.go * Refactor NewServerWithSettings() to use entities.ServiceOptions in place of deleted server.Options * Updated godoc for impacted functions and types * Fixed API service Shutdown() to do an orderly shutdown when terminated and running with --time=0 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #11893 from vrothberg/vendor-commonOpenShift Merge Robot2021-10-10
|\ \ | |/ |/| faster image inspection
| * faster image inspectionValentin Rothberg2021-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Vendor the latest HEAD in c/common to pull in changes for a faster inspection of images. Previously, only the size computation was optional, now the one for the parent image is as well. In many cases, the parent image is not needed but it takes around 10ms on my local machine. With this change, we cut off 10ms from many code paths, most importantly, container creation. [NO NEW TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | [CI:DOCS] introduce --replace flag for play kubeChen Zhiwei2021-10-08
|/ | | | | | | | With this flag, users can easily sync up the yaml content with the existing pods. Fixes #11481 Signed-off-by: Chen Zhiwei <zhiweik@gmail.com>
* Add --time out for podman * rm -f commandsDaniel J Walsh2021-10-04
| | | | | | | | | Add --time flag to podman container rm Add --time flag to podman pod rm Add --time flag to podman volume rm Add --time flag to podman network rm Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11820 from jwhonce/issues/11810OpenShift Merge Robot2021-10-02
|\ | | | | [NO TESTS NEEDED] Ignore removed containers
| * [NO TESTS NEEDED] Ignore removed containersJhon Honce2021-10-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Ignore condition when containers are removed while listing them for ps output. No tests added at this time as they would create a race condition for CI. * Updated godocs See https://github.com/containers/podman/issues/11810 for reproducer. Fixes #11810 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Pod Volumes From Supportcdoern2021-10-01
|/ | | | | | | added support for a volumes from container. this flag just required movement of the volumes-from flag declaration out of the !IsInfra block, and minor modificaions to container_create.go Signed-off-by: cdoern <cdoern@redhat.com>
* Merge pull request #11707 from rhatdan/playOpenShift Merge Robot2021-10-01
|\ | | | | Add podman play kube --no-hosts options
| * Add podman play kube --no-hosts optionsDaniel J Walsh2021-10-01
| | | | | | | | | | | | | | | | | | This option will setup the containers to not modify their /etc/hosts file and just use the one from the image. Fixes: https://github.com/containers/podman/issues/9500 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #11686 from cdoern/podDeviceOptionsOpenShift Merge Robot2021-10-01
|\ \ | |/ |/| Pod Device-Read-BPS support
| * Pod Device-Read-BPS supportcdoern2021-09-28
| | | | | | | | | | | | | | | | | | added the option for the user to specify a rate, in bytes, at which they would like to be able to read from the device being added to the pod. This is the first in a line of pod device options. WARNING: changed pod name json tag to pod_name to avoid confusion when marshaling with the containerspec's name Signed-off-by: cdoern <cdoern@redhat.com>
* | Support selinux options with bind mounts play/genBrent Baude2021-09-30
| | | | | | | | | | | | | | | | | | | | | | | | When using play kube and generate kube, we need to support if bind mounts have selinux options. As kubernetes does not support selinux in this way, we tuck the selinux values into a pod annotation for generation of the kube yaml. Then on play, we check annotations to see if a value for the mount exists and apply it. Fixes BZ #1984081 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | libpod: add GetConfigNoCopy()Valentin Rothberg2021-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new function to libpod to directly access the runtime configuration without creating an expensive deep copy. Further migrate a number of callers to this new function. This drops the number of calls to JSONDeepCopy from 4 to 1 in a simple `podman run --rm -d busybox top`. Future work: Please note that there are more callers of GetConfig() that can me migrated to GetConfigNoCopy(). [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | image prune: support removing external containersValentin Rothberg2021-09-28
| | | | | | | | | | | | | | | | Support removing external containers (e.g., build containers) during image prune. Fixes: #11472 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | stop: Do nothing if container was never created in runtimeAditya Rajan2021-09-27
| | | | | | | | | | | | | | | | | | Following commit ensures we silently return container id on `stop` if container was never created in OCI runtime. Following behaviour ensures that we are in parity with docker. Signed-off-by: Aditya Rajan <arajan@redhat.com>