summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to github.com/containers/libpod/v2. The renaming of the imports was done via gomove [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Set syslog for exit commands on log-level=debugMatthew Heon2020-06-25
| | | | | | | | | | | | | | | | We have a flag, --syslog, for telling logrus to log to syslog as well as to the terminal. Previously, this flag also set the exit command for containers to use `--syslog` (otherwise all output from exit commands is lost). I attempted to replicate this with Podman v2.0, but quickly ran into circular import hell (the flag is defined in cmd/podman, I needed it in cmd/podman/containers, cmd/podman imports cmd/podman/containers already, etc). Instead, let's just set the syslog flag automatically on `--log-level=debug` so we log exit commands automatically when debug-level logs are requested. This is consistent with Conmon and seems to make sense. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* systemd generate: allow manual restart of container units in podsValentin Rothberg2020-06-25
| | | | | | | | Allow manual restarts of container units that are part of a pod. This allows for configuring these containers for auto updates. Fixes: #6770 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Print port mappings in `ps` for ctrs sharing networkMatthew Heon2020-06-25
| | | | | | | | | In Podman v1.9, we printed port mappings for the container, even if it shared its network namespace (and thus ports) with another container. We regressed on this in Podman v2.0, which is fixed here. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* utils: drop default mapping when running uid!=0Giuseppe Scrivano2020-06-24
| | | | | | | | | | this is a leftover from the first implementation of rootless. This code is never hit by podman rootless anymore as podman automatically creates a user namespace now. Fixes an issue with podman remote when used with uid != 0. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* APIv2: Return `StatusCreated` from volume creationmaybe-sybr2020-06-24
| | | | | | | | The swagdoc in `register_volumes.go` already correctly notes that a 201 should be returned upon success, so we only need to change the handler to match the spec. Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* APIv2:fix: Remove `/json` from compat network EPsmaybe-sybr2020-06-24
| | | | Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* Fix ssh-agent supportJhon Honce2020-06-24
| | | | | | | * An identity of "" implies ssh-agent and user/password to be used * Fixed example Signed-off-by: Jhon Honce <jhonce@redhat.com>
* APIv2:doc: Fix swagger doc to refer to volumesmaybe-sybr2020-06-24
| | | | Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* Add JSON output field for psBrent Baude2020-06-24
| | | | | | the toolbox team needs a field in our ps json that represents a human readable time. Signed-off-by: Brent Baude <bbaude@redhat.com>
* V2 podman system connectionJhon Honce2020-06-24
| | | | | | | | | * Implement command * Refactor podman-remote to pull from containers.conf by default * podman-remote defaults to --remote being true * Write podman-system-connection.1.md Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Fix conflicts between privileged and other flagsMatthew Heon2020-06-24
| | | | | | | | The `--privileged` flag does not conflict with `--group-add` (this one was breaking Toolbox) and does not conflict with most parts of `--security-opt` (this was breaking Openstack). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* rootless_linux: improve error messageDouglas Schilling Landgraf2020-06-24
| | | | | | | Improve the error message for rootless mode. Git-Url: https://github.com/containers/libpod/issues/6572 Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>
* correct the absolute path of `rm` executableYuan-Hao Chen2020-06-24
| | | | Signed-off-by: Yuan-Hao Chen <yhchen0906@gmail.com>
* Correct logic for demux'ing channelsJhon Honce2020-06-19
| | | | | | * Move check for requesting output into case statement Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Allow recursive dependency start with Init()Matthew Heon2020-06-18
| | | | | | | | | | | | | | | | | | | | As part of APIv2 Attach, we need to be able to attach to freshly created containers (in ContainerStateConfigured). This isn't something Libpod is interested in supporting, so we use Init() to get the container into ContainerStateCreated, in which attach is possible. Problem: Init() will fail if dependencies are not started, so a fresh container in a fresh pod will fail. The simplest solution is to extend the existing recursive start code from Start() to Init(), allowing dependency containers to be started when we initialize the container (optionally, controlled via bool). Also, update some comments in container_api.go to make it more clear how some of our major API calls work. Fixes #6646 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #6654 from rhatdan/keepidOpenShift Merge Robot2020-06-17
|\ | | | | Don't ignore --user flag in rootless --userns keepid
| * Don't ignore --user flag in rootless --userns keepidDaniel J Walsh2020-06-17
| | | | | | | | | | | | | | | | Currently podman run --userns keep-id --user root:root fedora id The --user flag is ignored. Removing this makes the code work correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Handle dropping capabilties correctly when running as non root userDaniel J Walsh2020-06-17
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6620 from jgallucci32/api-logs-separateOpenShift Merge Robot2020-06-17
|\ | | | | Move logs functionality to separate file for APIv2
| * Move logs functionality to separate file for APIv2jgallucci322020-06-17
| | | | | | | | | | | | | | | | This simply moves the function for the log handler for APIv2 to a separate file to be consistent with other parts of the code base. Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
* | Merge pull request #6634 from baude/v2buildfixesOpenShift Merge Robot2020-06-17
|\ \ | | | | | | fix misc remote build issues
| * | fix misc remote build issuesBrent Baude2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | address problem when multiple -t were sent. and rework remote build's tarball if a context dir is given other than ".". Fixes: #6578 Fixes: #6577 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6522 from mheon/unless-stoppedOpenShift Merge Robot2020-06-17
|\ \ \ | |_|/ |/| | Add support for the unless-stopped restart policy
| * | Add support for the unless-stopped restart policyMatthew Heon2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We initially believed that implementing this required support for restarting containers after reboot, but this is not the case. The unless-stopped restart policy acts identically to the always restart policy except in cases related to reboot (which we do not support yet), but it does not require that support for us to implement it. Changes themselves are quite simple, we need a new restart policy constant, we need to remove existing checks that block creation of containers when unless-stopped was used, and we need to update the manpages. Fixes #6508 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6630 from ashley-cui/masterOpenShift Merge Robot2020-06-17
|\ \ \ | | | | | | | | Show Anon, GID, UID in v2 volumes
| * | | Show Anon, GID, UID in v2 volumesAshley Cui2020-06-16
| | | | | | | | | | | | | | | | | | | | | | | | Anon, GID, UID parameters previously hidden if empty in podman volume for API v2. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | generate systemd: `ExecStopPost` for all unitsValentin Rothberg2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add an `ExecStopPost` run even for units generated without `--new`. Although it may seem redundant to run `container/pod stop` twice at first glance, we really need the post run. If the main PID (i.e., conmon) is killed, systemd will not execute `ExecStop` but only the post one. We made this obeservation in a customer issue and could reproduce the behavior consistently. Hence, the post run is needed to properly clean up when conmon is killed and it's pretty much a NOP in all other cases. Credits to Ulrich Obergfell for throrough and detailed analyses, which ultimately lead to this fix. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #6631 from rhatdan/hooksOpenShift Merge Robot2020-06-17
|\ \ \ \ | |_|/ / |/| | | Fix handling of old oci hooks
| * | | Fix handling of old oci hooksDaniel J Walsh2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman is blowing up with oci-umount hook, because it was never rewritten to support the v1.0.0 value. This PR adds support for the older version and cleans up the hook handling. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6636 from mheon/add_warningsOpenShift Merge Robot2020-06-17
|\ \ \ \ | | | | | | | | | | Re-add resource limit warnings to Specgen
| * | | | Re-add resource limit warnings to SpecgenMatthew Heon2020-06-16
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These were part of Podman v1.9, but were lost in the transition to using Specgen to create containers. Most resource limits are checked via the sysinfo package to ensure they are safe to use (the cgroup is mounted, kernel support is present, etc) and removed if not safe. Further, bounds checks are performed to ensure that values are valid. Ensure these warnings are printed client-side when they occur. This part is a little bit gross, as it happens in pkg/infra and not cmd/podman, which is largely down to how we implemented `podman run` - all the work is done in pkg/infra and it returns only once the container has exited, and we need warnings to print *before* the container runs. The solution here, while inelegant, avoid the need to extensively refactor our handling of run. Should fix blkio-limit warnings that were identified by the FCOS test suite. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #6583 from mheon/inspect_ctr_before_imgOpenShift Merge Robot2020-06-17
|\ \ \ \ | |_|_|/ |/| | | Fix podman inspect on overlapping/missing objects
| * | | Fix podman inspect on overlapping/missing objectsMatthew Heon2020-06-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This started as a small fix to `podman inspect` where a container and image, with the same name/tag, were present, and `podman inspect` was run on that name. `podman inspect` in 1.9 (and `docker inspect`) will give you the container; in v2.0, we gave the image. This was an easy fix (just reorder how we check for image/container). Unfortunately, in the process of testing this fix, I determined that we regressed in a different area. When you run inspect on a number of containers, some of which do not exist, `podman inspect` should return an array of inspect results for the objects that exist, then print a number of errors, one for each object that could not be found. We were bailing after the first error, and not printing output for the containers that succeeded. (For reference, this applied to images as well). This required a much more substantial set of changes to properly handle - signatures for the inspect functions in ContainerEngine and ImageEngine, plus the implementations of these interfaces, plus the actual inspect frontend code needed to be adjusted to use this. Fixes #6556 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #6622 from goochjj/podman_fix_initOpenShift Merge Robot2020-06-17
|\ \ \ \ | |_|_|/ |/| | | Fix --init and --init-path
| * | | Fix --init and --init-pathJoseph Gooch2020-06-16
| | |/ | |/| | | | | | | | | | | | | | | | Init properly passed into specgen Allow --init with --systemd=true but not --systemd=always. Signed-off-by: Joseph Gooch <mrwizard@dok.org>
* | | Merge pull request #6638 from jwhonce/issues/6548OpenShift Merge Robot2020-06-17
|\ \ \ | | | | | | | | [CI:DOCS] Fixes #6548
| * | | [CI:DOCS] Fixes #6548Jhon Honce2020-06-16
| | | | | | | | | | | | | | | | | | | | | | | | * Update swagger documentation Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Add <return> to lines returen in podman-remote logsDaniel J Walsh2020-06-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Every line is sent back individually over the APIv2 as logs, but we are not adding the '\n' to give us line breaks. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Fix podman-remote imagesDaniel J Walsh2020-06-16
| |/ / |/| | | | | | | | | | | | | | Looks like we went too far with the linters. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | handlers/compat: fix lint errorValentin Rothberg2020-06-16
| | | | | | | | | | | | | | | | | | | | | Fix a lint error of an used parameter. The error must have sneaked in with a PR that was merged after the recent linter enablement. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | auto-update: use image's archValentin Rothberg2020-06-16
| |/ |/| | | | | | | | | | | | | | | Use the architecture of the local image when looking for a new image on a registry. It seems to be common practice on ARM to tweak the architecture choice to pull the correct image. Fixes: #6613 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6589 from rhatdan/attachOpenShift Merge Robot2020-06-15
|\ \ | | | | | | Handle errors on attach properly
| * | Handle errors on attach properlyDaniel J Walsh2020-06-15
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6601 from zhangguanzhang/podman-cp-dirOpenShift Merge Robot2020-06-15
|\ \ \ | | | | | | | | fix podman cp can create an extra directory when the source is the container's root directory
| * | | fix podman cp can create an extra directory levelzhangguanzhang2020-06-15
| | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | Merge pull request #6590 from zhangguanzhang/masterOpenShift Merge Robot2020-06-15
|\ \ \ \ | | | | | | | | | | Add the missing return in the API handlers' image_build method
| * | | | Add the missing returnzhangguanzhang2020-06-12
| | | | | | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | | Merge pull request #6603 from sujil02/python-testOpenShift Merge Robot2020-06-15
|\ \ \ \ \ | | | | | | | | | | | | Adds more docker py test
| * | | | | Adds more docker py testSujil022020-06-15
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Addes more docker py test Optimize test to import images from cache Rename test class and dir for python unittest framework Signed-off-by: Sujil02 <sushah@redhat.com>