summaryrefslogtreecommitdiff
path: root/pkg/varlinkapi/containers.go
Commit message (Collapse)AuthorAge
* Move OCI runtime implementation behind an interfaceMatthew Heon2019-10-10
| | | | | | | | | | | | For future work, we need multiple implementations of the OCI runtime, not just a Conmon-wrapped runtime matching the runc CLI. As part of this, do some refactoring on the interface for exec (move to a struct, not a massive list of arguments). Also, add 'all' support to Kill and Stop (supported by runc and used a bit internally for removing containers). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* rm: add containers eviction with `rm --force`Marco Vedovati2019-09-25
| | | | | | | | | Add ability to evict a container when it becomes unusable. This may happen when the host setup changes after a container creation, making it impossible for that container to be used or removed. Evicting a container is done using the `rm --force` command. Signed-off-by: Marco Vedovati <mvedovati@suse.com>
* Report errors when trying to pause rootless containersDaniel J Walsh2019-09-13
| | | | | | | | If you are running a rootless container on cgroupV1 you can not pause the container. We need to report the proper error if this happens. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Implement healthcheck for remote clientAshley Cui2019-08-19
| | | | | | Previously unimplemented. Works the same way the local one does, except its remote. Signed-off-by: Ashley Cui <ashleycui16@gmail.com>
* varlink endpoint for containerstats requires rootbaude2019-08-12
| | | | | | | | | | | obtaining containerstats requires the use of cgroups. at present, rootless users do not have privileges to create cgroups. add an error message that catches this for the varlink endpoint and return a proper error. Fixes: #3749 Signed-off-by: baude <bbaude@redhat.com>
* Add new exit codes to rm & rmi for running containers & dependenciesDaniel J Walsh2019-08-01
| | | | | | | | | | | | This enables programs and scripts wrapping the podman command to handle 'podman rm' and 'podman rmi' failures caused by paused or running containers or due to images having other child images or dependent containers. These errors are common enough that it makes sense to have a more machine readable way of detecting them than parsing the standard error output. Signed-off-by: Ondrej Zoder <ozoder@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* refactor to reduce duplicated error parsingPeter Hunt2019-07-23
| | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* remove unnecessary conversionsPeter Hunt2019-07-23
| | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* add detach keys support for remotePeter Hunt2019-07-23
| | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* move editing of exitCode to runtimePeter Hunt2019-07-23
| | | | | | | | | There's no way to get the error if we successfully get an exit code (as it's just printed to stderr instead). instead of relying on the error to be passed to podman, and edit based on the error code, process it on the varlink side instead Also move error codes to define package Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Update e2e tests for remote execPeter Hunt2019-07-23
| | | | | | | including changing -l to the container id and separating a case of setting the env that remote can't handle Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Finish up remote exec implementationPeter Hunt2019-07-23
| | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Implement conmon execPeter Hunt2019-07-22
| | | | | | | | | | | | | | | | | | | | | | This includes: Implement exec -i and fix some typos in description of -i docs pass failed runtime status to caller Add resize handling for a terminal connection Customize exec systemd-cgroup slice fix healthcheck fix top add --detach-keys Implement podman-remote exec (jhonce) * Cleanup some orphaned code (jhonce) adapt remote exec for conmon exec (pehunt) Fix healthcheck and exec to match docs Introduce two new OCIRuntime errors to more comprehensively describe situations in which the runtime can error Use these different errors in branching for exit code in healthcheck and exec Set conmon to use new api version Signed-off-by: Jhon Honce <jhonce@redhat.com> Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Merge pull request #3584 from QiWang19/pssizeOpenShift Merge Robot2019-07-18
|\ | | | | podman-remote make --size optional in ps
| * podman-remote make --size optional in psQi Wang2019-07-18
| | | | | | | | | | | | Close #3578 Add `size` field to PsOpts in podman remote to receive size as an option. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Move the HostConfig portion of Inspect inside libpodMatthew Heon2019-07-17
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we first began writing Podman, we ran into a major issue when implementing Inspect. Libpod deliberately does not tie its internal data structures to Docker, and stores most information about containers encoded within the OCI spec. However, Podman must present a CLI compatible with Docker, which means it must expose all the information in 'docker inspect' - most of which is not contained in the OCI spec or libpod's Config struct. Our solution at the time was the create artifact. We JSON'd the complete CreateConfig (a parsed form of the CLI arguments to 'podman run') and stored it with the container, restoring it when we needed to run commands that required the extra info. Over the past month, I've been looking more at Inspect, and refactored large portions of it into Libpod - generating them from what we know about the OCI config and libpod's (now much expanded, versus previously) container configuration. This path comes close to completing the process, moving the last part of inspect into libpod and removing the need for the create artifact. This improves libpod's compatability with non-Podman containers. We no longer require an arbitrarily-formatted JSON blob to be present to run inspect. Fixes: #3500 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* libpod removal from main (phase 2)baude2019-06-27
| | | | | | this is phase 2 for the removal of libpod from main. Signed-off-by: baude <bbaude@redhat.com>
* remove libpod from mainbaude2019-06-25
| | | | | | | | | | | | | the compilation demands of having libpod in main is a burden for the remote client compilations. to combat this, we should move the use of libpod structs, vars, constants, and functions into the adapter code where it will only be compiled by the local client. this should result in cleaner code organization and smaller binaries. it should also help if we ever need to compile the remote client on non-Linux operating systems natively (not cross-compiled). Signed-off-by: baude <bbaude@redhat.com>
* enable integration tests for remote-clientbaude2019-05-07
| | | | | | | first pass at enabling a swath of integration tests for the remote-client. Signed-off-by: baude <bbaude@redhat.com>
* Add an InvalidState varlink error for InitMatthew Heon2019-05-02
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add basic structure of podman init commandMatthew Heon2019-05-01
| | | | | | | | | | | | | As part of this, rework the number of workers used by various Podman tasks to match original behavior - need an explicit fallthrough in the switch statement for that block to work as expected. Also, trivial change to Podman cleanup to work on initialized containers - we need to reset to a different state after cleaning up the OCI runtime. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* enable podman remote topbaude2019-04-25
| | | | | | | add the ability for the remote client to display a container's running processes. Signed-off-by: baude <bbaude@redhat.com>
* podman-remote pause|unpausebaude2019-04-18
| | | | | | | | Add the ability to pause and unpause containers with the remote client. Also turned on the pause tests! Signed-off-by: baude <bbaude@redhat.com>
* Add the ability to attach remotely to a containerbaude2019-04-10
| | | | | | | | | | | | | | | | | | | | | Also, you can now podman-remote run -it. There are some bugs that need to be ironed out but I would prefer to merge this so we can make both progress on start and exec as well as the bugs. * when doing podman-remote run -it foo /bin/bash, you have to press enter to get the prompt to display. with the localized podman, we had to teach it connect to the console first and then start the container so we did not miss anything. * when executing "exit" in the console, we get a hard lockup likely because nobody knows what to do. * custom detach keys are not supported * podman-remote run -it alpine ls does not currently work. only dropping to a shell works. Signed-off-by: baude <bbaude@redhat.com>
* podman-remote psbaude2019-04-09
| | | | | | add the ability to run ps on containers using the remote client. Signed-off-by: baude <bbaude@redhat.com>
* podman-remote create|runbaude2019-04-08
| | | | | | | | | | | | | | add the ability to create and run containers via the podman-remote client. we now create an intermediate layer from the the create/run cli flags. the intermediate layer can be converted into a createconfig or into a varlink struct. Once transported, the varlink struct can be converted back to an intermediate layer and then to a createconfig. remote terminals are not supported yet. Signed-off-by: baude <bbaude@redhat.com>
* size is optional for container inspectionbaude2019-03-26
| | | | | | | | | | on the remote client, if a user wants to know the rootfs size of a container, a -s should be passed. this corrects a behavior where size was shown by default. Fixes #2765 Signed-off-by: baude <bbaude@redhat.com>
* display logs for multiple containers at the same timebaude2019-03-15
| | | | | | | | | | | | | | add the ability for users to specify more than one container at a time while using podman logs. If more than one container is being displayed, podman will also prepend a shortened container id of the container on the log line. also, enabled the podman-remote logs command during the refactoring of the above ability. fixes issue #2219 Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2534 from jwhonce/wip/remote_waitOpenShift Merge Robot2019-03-06
|\ | | | | Implement podman-remote wait command and container subcommand
| * Implement podman-remote wait command and container subcommandJhon Honce2019-03-06
| | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | podman-remote pod top|statsbaude2019-03-06
|/ | | | | | | this is the final enablement for the pod subcommand. it includes the ability to run podman-remote pod top and stats. Signed-off-by: baude <bbaude@redhat.com>
* Support podman-remote stop container(s)Jhon Honce2019-03-02
| | | | | | | | | | * Clean up adapter code * Add GetContainersByContext to Varlink API * Add missing comments * Restore save command * Restore error type mapping when using varlink Signed-off-by: Jhon Honce <jhonce@redhat.com>
* make remote-client error messaging more robustbaude2019-02-22
| | | | | | | | | the remote-client is currently weak for carrying error messages over the varlink interface and displaying something useful to users and developers for the purposes of debug. this is a starting point to improve that user experience. Signed-off-by: baude <bbaude@redhat.com>
* pod infra container is started before a container in a pod is run, started, ↵Peter Hunt2019-02-15
| | | | | | | | | | or attached. Prior, a pod would have to be started immediately when created, leading to confusion about what a pod state should be immediately after creation. The problem was podman run --pod ... would error out if the infra container wasn't started (as it is a dependency). Fix this by allowing for recursive start, where each of the container's dependencies are started prior to the new container. This is only applied to the case where a new container is attached to a pod. Also rework container_api Start, StartAndAttach, and Init functions, as there was some duplicated code, which made addressing the problem easier to fix. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Fix volume handling in podmanDaniel J Walsh2019-02-14
| | | | | | | | | | | | | | | | | | iFix builtin volumes to work with podman volume Currently builtin volumes are not recored in podman volumes when they are created automatically. This patch fixes this. Remove container volumes when requested Currently the --volume option on podman remove does nothing. This will implement the changes needed to remove the volumes if the user requests it. When removing a volume make sure that no container uses the volume. Signed-off-by: Daniel J Walsh dwalsh@redhat.com Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* varlink: Rename `ContainerInList` to `Container`Lars Karlitski2019-02-12
| | | | | | Container more clearly describes what the type represents. Signed-off-by: Lars Karlitski <lars@karlitski.net>
* varlink: Remove `NotImplemented` typeLars Karlitski2019-02-12
| | | | | | | | Remove the `NotImplemented` type and comment out the methods that use it. This way we can keep track of the methods that still need to be implemented without committing them to stable API. Signed-off-by: Lars Karlitski <lars@karlitski.net>
* podman-remote import|exportbaude2019-02-05
| | | | | | | | addition of import and export for the podman-remote client. This includes the ability to send and receive files between the remote-client and the "podman" host using an upgraded varlink connection. Signed-off-by: baude <bbaude@redhat.com>
* podman-remote inspectbaude2019-01-18
| | | | | | base enablement of the inspect command. Signed-off-by: baude <bbaude@redhat.com>
* Adding more varlink endpointsbaude2018-12-03
| | | | | | | | | | | * runlabel * checkpoint * restore * container|image exists * mount * unmount Signed-off-by: baude <bbaude@redhat.com>
* Refactor Wait() to not require a timeoutMatthew Heon2018-09-21
| | | | | | | | | | | We added a timeout for convenience, but most invocations don't care about it. Refactor it into WaitWithTimeout() and add a Wait() that doesn't require a timeout and uses the default. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1527 Approved by: mheon
* Add --interval flag to podman waitDaniel J Walsh2018-09-13
| | | | | | | Waiting uses a lot of CPU, so drop back to checking once/second and allow user to pass in the interval. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Changed GetContainerStats to return ErrCtrStateInvalidhaircommander2018-08-23
| | | | | | | | | | | | | | This results in some functionality changes: If a ErrCtrStateInvalid is returned to GetPodStats, the container is ommitted from the stats. As such, if an empty slice of Container stats are returned to GetPodStats in varlink, an error will occur. GetContainerStats will return the ErrCtrStateInvalid as well. Finally, if ErrCtrStateInvalid is returned to the podman stats call, the container will be ommitted from the stats. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1319 Approved by: baude
* Change batchcontainer to sharedhaircommander2018-08-16
| | | | | | | | | To better reflect it's usage: to share functions between podman and varlink. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1275 Approved by: mheon
* switch projectatomic to containersDaniel J Walsh2018-08-16
| | | | | | | | | | Need to get some small changes into libpod to pull back into buildah to complete buildah transition. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1270 Approved by: mheon
* Rename varlink socket and interfacebaude2018-08-06
| | | | | | | | | io.projectatomic.podman -> io.podman Signed-off-by: baude <bbaude@redhat.com> Closes: #1204 Approved by: mheon
* Make one runtime for the varlink servicebaude2018-08-05
| | | | | | | | | | | | | Rather than making a runtime each time a client hits a varlink endpoint, we now make a single runtime when the varlink service starts up. This fixes a problem where we hit a max inotify limit from CNI. Resolves: #1211 Signed-off-by: baude <bbaude@redhat.com> Closes: #1215 Approved by: rhatdan
* Fix varlink API usage of psgoJhon Honce2018-07-24
| | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* create conmon sockets when getting their pathsbaude2018-07-11
| | | | | | | | | | | | when using the getattachsockets endpoint, which returns the sockets needed to create and use a terminal, we should check if the container is just in the configured state. if so, we need to perform a container init to have conmon create the required sockets so we can attach to them prior to starting the container. Signed-off-by: baude <bbaude@redhat.com> Closes: #1067 Approved by: jwhonce
* conmon no longer writes to syslogDaniel J Walsh2018-06-29
| | | | | | | | | | | If the caller sets up the app to be in logrus.DebugLevel, then we will add the --syslog flag to conmon to get all of the messages. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1014 Approved by: TomSweeneyRedHat