summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Merge pull request #6280 from mheon/switch_off_noexecOpenShift Merge Robot2020-05-21
|\ | | | | Turn off 'noexec' option by default for named volumes
| * Turn off 'noexec' option by default for named volumesMatthew Heon2020-05-20
| | | | | | | | | | | | | | | | | | We previously enforced this for security reasons, but as Dan has explained on several occasions, it's not very valuable there (it's trivially easy to bypass) and it does seriously annoy folks trying to use named volumes. Flip the default from 'on' to 'off'. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #6304 from baude/v2remotehctestsOpenShift Merge Robot2020-05-21
|\ \ | | | | | | Fix remote integration for healthchecks
| * | Fix remote integration for healthchecksBrent Baude2020-05-20
| | | | | | | | | | | | | | | | | | the one remaining test that is still skipped do to missing exec function Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6270 from mheon/detached_execOpenShift Merge Robot2020-05-21
|\ \ \ | | | | | | | | Implement detached exec
| * | | Enable cleanup processes for detached execMatthew Heon2020-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The cleanup command creation logic is made public as part of this and wired such that we can call it both within SpecGen (to make container exit commands) and from the ABI detached exec handler. Exit commands are presently only used for detached exec, but theoretically could be turned on for all exec sessions if we wanted (I'm declining to do this because of potential overhead). I also forgot to copy the exit command from the exec config into the ExecOptions struct used by the OCI runtime, so it was not being added. There are also two significant bugfixes for exec in here. One is for updating the status of running exec sessions - this was always failing as I had coded it to remove the exit file *before* reading it, instead of after (oops). The second was that removing a running exec session would always fail because I inverted the check to see if it was running. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Add ability to clean up exec sessions with cleanupMatthew Heon2020-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to be able to use cleanup processes to remove exec sessions as part of detached exec. This PR adds that ability. A new flag is added to `podman container cleanup`, `--exec`, to specify an exec session to be cleaned up. As part of this, ensure that `ExecCleanup` can clean up exec sessions that were running, but have since exited. This ensures that we can come back to an exec session that was running but has since stopped, and clean it up. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Add CLI frontend for detached execMatthew Heon2020-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new ContainerEngine method for creating a detached exec session, and wire in the frontend code to do this. As part of this, move Streams out of ExecOptions to the function signature in an effort to share the struct between both methods. Fixes #5884 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #6307 from baude/v2remoteinitOpenShift Merge Robot2020-05-21
|\ \ \ \ | | | | | | | | | | enable remote integration tests for init
| * | | | enable remote integration tests for initBrent Baude2020-05-20
| |/ / / | | | | | | | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #6284 from baude/v2remotetestfixesOpenShift Merge Robot2020-05-21
|\ \ \ \ | | | | | | | | | | Test fixes for remote integration
| * | | | Test fixes for remote integrationBrent Baude2020-05-20
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #6161 from kunalkushwaha/network-inspectOpenShift Merge Robot2020-05-20
|\ \ \ \ \ | | | | | | | | | | | | `--format` and `--filter` options for `network ls` and `network inspect` command
| * | | | | filter option added to network ls command.Kunal Kushwaha2020-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | filter option helps to filter output based on name or supported plugins by CNI networks. Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
* | | | | | Merge pull request #6305 from baude/v2podcreatetestOpenShift Merge Robot2020-05-20
|\ \ \ \ \ \ | | | | | | | | | | | | | | enable pod_create remote integration tests
| * | | | | | enable pod_create remote integration testsBrent Baude2020-05-20
| | |_|_|/ / | |/| | | | | | | | | | | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | | Merge pull request #6300 from baude/v2governattachOpenShift Merge Robot2020-05-20
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | govern remote attach and start
| * | | | | govern remote attach and startBrent Baude2020-05-20
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | fixes a race where container would start before attach could occur resulting in an error. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #6297 from mheon/minor_fix_attachOpenShift Merge Robot2020-05-20
|\ \ \ \ \ | | | | | | | | | | | | Print container state when erroring that it is improper
| * | | | | Print container state when erroring that it is improperMatthew Heon2020-05-20
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a nice little convenience - lets people know why we won't let them attach to a container. Signed-off-by: Matthew Heon <mheon@redhat.com>
* / / / / V2 API Version SupportJhon Honce2020-05-20
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Update blang/semver to allow ParseTolerant() support * Provide helper functions for API handlers to obtain client's 'version' path variable focused on API endpoint tree: libpod vs. compat * Introduce new errors: * version not given in path, endpoints may determine if this is a hard error (ErrVersionNotGiven) * given version not supported (ErrVersionNotSupported), only a soft error if the handler is going to hijack the connection * Added unit tests for version parsing * bindings check version on connect: * client <= Server API version connection is continued * client >= Server API version connection fails Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | / / [CI:DOCS] Image tree endpoint should return 404Brent Baude2020-05-20
| |/ / |/| | | | | | | | | | | | | | | | | | | | when trying to get an image tree for a missing image, it should return a 404. doc fix only. Fixes: #6289 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | v2 enable remote integration testsBrent Baude2020-05-19
| |/ |/| | | | | | | | | enable remote integration tests Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6249 from jwhonce/wip/resizeOpenShift Merge Robot2020-05-18
|\ \ | | | | | | V2 Implement terminal handling in bindings attach
| * | V2 Implement terminal handling in bindings attachJhon Honce2020-05-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Add support for /exec/{id}/resize * Add support for ErrSessionNotFound * Resize container TTY as stdin changes size * Refactor all resize functions into one handler Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #6188 from neVERberleRfellerER/autoupdate-systemd-envvarOpenShift Merge Robot2020-05-18
|\ \ \ | | | | | | | | Give `auto-update` ability to use per-container authfile specified by label.
| * | | Give `auto-update` ability to use per-container authfile specified by label.Ondřej Kraus2020-05-17
| | | | | | | | | | | | | | | | Signed-off-by: Ondřej Kraus <neverberlerfellerer@gmail.com>
* | | | Fix EOM for SendFileBrent Baude2020-05-18
| |/ / |/| | | | | | | | | | | | | | | | | | | | To terminate a connection of varlink, say after sending a file, we need to send a message containing a delimiter of ':' so the client knows to hang up. Fixes: #6237 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | v2endpoint remove image path correctionBrent Baude2020-05-18
|/ / | | | | | | | | | | | | | | | | | | | | | | the endpoint for single image removal (on the libpod side) should be as follows: versionedPath/libpod/images/IMAGENAME The DELETE method then signifies the removal of the image. Fixes: #6261 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #5831 from mheon/exec_http_attachOpenShift Merge Robot2020-05-15
|\ \ | | | | | | APIv2 ExecStart (Attached Only)
| * | Drop APIv2 resize endpointMatthew Heon2020-05-15
| | | | | | | | | | | | | | | | | | | | | Jhon is working on an alternative version that will combine container and exec session resize, so we'll wait for that. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Fix lintMatthew Heon2020-05-14
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Update API documentation for InspectMatthew Heon2020-05-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | Most importantly, note the pruning behavior of compat Inspect. Less importantly, note that the Tty parameter to Start is only ignored, as opposed to being not supported. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Parameters for ExecStart are body, not queryMatthew Heon2020-05-14
| | | | | | | | | | | | | | | | | | | | | Oops. Misread the docs when I initially implemented this. Nice and easy fix, at least. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Prune stale exec sessions on inspectMatthew Heon2020-05-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The usual flow for exec is going to be: - Create exec session - Start and attach to exec session - Exec session exits, attach session terminates - Client does an exec inspect to pick up exit code The safest point to remove the exec session, without doing any database changes to track stale sessions, is to remove during the last part of this - the single inspect after the exec session exits. This is definitely different from Docker (which would retain the exec session for up to 10 minutes after it exits, where we will immediately discard) but should be close enough to be not noticeable in regular usage. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Add APIv2 handler for resizing exec sessionsMatthew Heon2020-05-14
| | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | Wire in endpoint for ExecStartMatthew Heon2020-05-14
| | | | | | | | | | | | | | | | | | | | | This is still very early not not well tested, and missing resize capability, but it does provide the first bits of exec. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | v2 podman remote attach, start, and runBrent Baude2020-05-15
| | | | | | | | | | | | | | | | | | for the remote client, add the ability to attach to a container, start a container, and run a container. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6215 from maxm123/masterOpenShift Merge Robot2020-05-15
|\ \ \ | | | | | | | | Use the containers.conf cni_config_dir option for inspect and delete
| * | | Use the libpod.conf cni_config_dir option for inspect and deleteMaximilian Müller2020-05-14
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The pkg/network/files.go methods currently use the constant '/etc/cni/net.d' for network handling. This results in the unability of podman-network-inspect and podman-network-rm to locate the cni network configuration files. This commit propagates the libpod.Runtime through the networking methods and finally makes use of its configuration (config.Network.NetworkConfigDir). Closes #6212 Signed-off-by: Maximilian Müller <maxm123@techie.com>
* | | Merge pull request #6227 from adrianreber/typoOpenShift Merge Robot2020-05-15
|\ \ \ | | | | | | | | Fix checkpoint --leave-running
| * | | Fix checkpoint --leave-runningAdrian Reber2020-05-14
| | |/ | |/| | | | | | | | | | | | | | | | There was typo in the variable name and in one place it was not correctly passed to the next layer. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | Make convenience boxed true/false easier to useJhon Honce2020-05-14
| |/ |/| | | | | | | | | | | * changed PFalse to &false * changed PTrue to &true Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | V2 Update attach bindings to use Readers/Writers vs chanJhon Honce2020-05-14
|/ | | | | | | | * Change function call to use readers/writers in place channels * Support stdin for pushing data from client to container * Add bindings test Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #6211 from baude/v2remoteimagetreeOpenShift Merge Robot2020-05-13
|\ | | | | enable remote image tree
| * enable remote image treeBrent Baude2020-05-13
| | | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6203 from jwhonce/wip/attachOpenShift Merge Robot2020-05-13
|\ \ | | | | | | V2 attach bindings and test
| * | WIP V2 attach bindings and testJhon Honce2020-05-13
| |/ | | | | | | | | | | | | | | * Add ErrLostSync to report lost of sync when de-mux'ing stream * Add logus.SetLevel(logrus.DebugLevel) when `go test -v` given * Add context to debugging messages Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #6197 from baude/v2remotenetworkOpenShift Merge Robot2020-05-13
|\ \ | |/ |/| enable podman v2 networking for remote client
| * enable podman v2 networking for remote clientBrent Baude2020-05-12
| | | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>