aboutsummaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* podman: fix ro bind mounts if no* opts are on the sourceGiuseppe Scrivano2019-02-25
| | | | | | | | | | | | | | This is a workaround for the runc issue: https://github.com/opencontainers/runc/issues/1247 If the source of a bind mount has any of nosuid, noexec or nodev, be sure to propagate them to the bind mount so that when runc tries to remount using MS_RDONLY, these options are also used. Closes: https://github.com/containers/libpod/issues/2312 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2413 from baude/remotepodstopOpenShift Merge Robot2019-02-24
|\ | | | | Enable more podman-remote pod commands
| * Enable more podman-remote pod commandsbaude2019-02-22
| | | | | | | | | | | | enable pod start, stop, and kill subcommands for the remote-client. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2404 from baude/remoteerrorsOpenShift Merge Robot2019-02-23
|\ \ | | | | | | make remote-client error messaging more robust
| * | make remote-client error messaging more robustbaude2019-02-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | the remote-client is currently weak for carrying error messages over the varlink interface and displaying something useful to users and developers for the purposes of debug. this is a starting point to improve that user experience. Signed-off-by: baude <bbaude@redhat.com>
* | | rootless: force same cwd when re-execingGiuseppe Scrivano2019-02-22
| |/ |/| | | | | | | | | | | | | | | | | when joining an existing namespace, we were not maintaining the current working directory, causing commands like export -o to fail when they weren't referring to absolute paths. Closes: https://github.com/containers/libpod/issues/2381 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | podman-remote pod inspect|existsbaude2019-02-22
|/ | | | | | | | enable the remote client to be able to inspect a pod. also, bonus of enabling the podman pod exists command which returns a 0 or 1 depending on whether the given pod exists. Signed-off-by: baude <bbaude@redhat.com>
* podman-remote load imagebaude2019-02-21
| | | | | | | enable the ability to load an image into remote storage using the remote client. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2387 from baude/remotepodrmOpenShift Merge Robot2019-02-21
|\ | | | | enable podman-remote pod rm
| * enable podman-remote pod rmbaude2019-02-21
| | | | | | | | | | | | add the ability to delete a pod from the remote client. Signed-off-by: baude <bbaude@redhat.com>
* | Adjust LISTEN_PID for reexec in varlink modeHarald Hoyer2019-02-21
|/ | | | | | | | Because the varlink server honors the socket activation protocol, LISTEN_PID has to be adjusted with the new PID. https://varlink.org/FAQ.html#how-does-socket-activation-work Signed-off-by: Harald Hoyer <harald@redhat.com>
* podman-remote save [image]baude2019-02-20
| | | | | | | Add the ability to save an image from the remote-host to the remote-client. Signed-off-by: baude <bbaude@redhat.com>
* iopodman.SearchImages: add ImageSearchFilter to Varlink APIValentin Rothberg2019-02-20
| | | | | | | | | | | | Also add some argument checks to the Varlink function to avoid referencing nil pointers, and complement the API.md descriptions. The varlink endpoint can be tested via varlink CLI: $ varlink call -m unix:/run/podman/io.podman/io.podman.SearchImages \ '{"query": "ruby", "limit": 0, "tlsVerify": false, "filter": {}}' Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* image.SearchImages: use SearchFilter typeValentin Rothberg2019-02-20
| | | | | | | Use an `image.SearchFilter` instead of a `[]string` in the SearchImages API. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* SearchImages: extend API with filter parameterValentin Rothberg2019-02-20
| | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* podman-search: refactor code to libpod/image/search.goValentin Rothberg2019-02-20
| | | | | | | | Refactor the image-search logic from cmd/podman/search.go to libpod/image/search.go and update podman-search and the Varlink API to use it. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* podman-remote pullbaude2019-02-19
| | | | | | Add status for remote users and podman remote-client pull. Signed-off-by: baude <bbaude@redhat.com>
* OpenTracing support added to start, stop, run, create, pull, and psSebastian Jug2019-02-18
| | | | | | Drop context.Context field from cli.Context Signed-off-by: Sebastian Jug <sejug@redhat.com>
* Merge pull request #2354 from rhatdan/varlinkOpenShift Merge Robot2019-02-18
|\ | | | | Add registry name to fields returned by varlink image search
| * Add registry name to fields returned by varlink image searchDaniel J Walsh2019-02-15
| | | | | | | | | | | | | | | | | | | | | | Cockpit team wants to list the registry name where the image was found. Also fix up SearchImages code to check if the user specified a registry in his call to use that rather then all the registries, This matches podman search command. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | pod infra container is started before a container in a pod is run, started, ↵Peter Hunt2019-02-15
|/ | | | | | | | | | or attached. Prior, a pod would have to be started immediately when created, leading to confusion about what a pod state should be immediately after creation. The problem was podman run --pod ... would error out if the infra container wasn't started (as it is a dependency). Fix this by allowing for recursive start, where each of the container's dependencies are started prior to the new container. This is only applied to the case where a new container is attached to a pod. Also rework container_api Start, StartAndAttach, and Init functions, as there was some duplicated code, which made addressing the problem easier to fix. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Merge pull request #2305 from rhatdan/tlsverifyOpenShift Merge Robot2019-02-15
|\ | | | | Add tlsVerify bool to SearchImage for varlink
| * Add tlsVerify bool to SearchImage for varlinkDaniel J Walsh2019-02-14
| | | | | | | | | | | | | | | | | | | | Cockpit wants to be able to search images on systems without tlsverify turned on. tlsverify should be an optional parameter, if not set then we default to the system defaults defined in /etc/containers/registries.conf. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2332 from baude/remotevolumepruneOpenShift Merge Robot2019-02-14
|\ \ | | | | | | volume prune
| * | enable podman-remote volume prunebaude2019-02-14
| |/ | | | | | | | | | | | | | | | | | | | | | | | | allow users to remotely prune volumes. this is the last volume command for remote enablement. as such, the volume commands are being folded back into main because they are supported for both local and remote clients. also, enable all volume tests that do not use containers as containers are not enabled for the remote client yet. Signed-off-by: baude <bbaude@redhat.com>
* / Fix volume handling in podmanDaniel J Walsh2019-02-14
|/ | | | | | | | | | | | | | | | | | iFix builtin volumes to work with podman volume Currently builtin volumes are not recored in podman volumes when they are created automatically. This patch fixes this. Remove container volumes when requested Currently the --volume option on podman remove does nothing. This will implement the changes needed to remove the volumes if the user requests it. When removing a volume make sure that no container uses the volume. Signed-off-by: Daniel J Walsh dwalsh@redhat.com Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2321 from baude/remotebuildOpenShift Merge Robot2019-02-14
|\ | | | | podman-remote build
| * podman-remote buildbaude2019-02-13
| | | | | | | | | | | | | | add the ability to build images using files local to the remote-client but over a varlink interface to a "remote" server. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2319 from mheon/unconditional_cleanupOpenShift Merge Robot2019-02-13
|\ \ | |/ |/| Fix manual detach from containers to not wait for exit
| * Fix manual detach from containers to not wait for exitMatthew Heon2019-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At present, when manually detaching from an attached container (using the detach hotkeys, default C-p C-q), Podman will still wait for the container to exit to obtain its exit code (so we can set Podman's exit code to match). This is correct in the case where attach finished because the container exited, but very wrong for the manual detach case. As a result of this, we can no longer guarantee that the cleanup and --rm functions will fire at the end of 'podman run' - we may be exiting before we get that far. Cleanup is easy enough - we swap to unconditionally using the cleanup processes we've used for detached and rootless containers all along. To duplicate --rm we need to also teach 'podman cleanup' to optionally remove containers instead of cleaning them up. (There is an argument for just using 'podman rm' instead of 'podman cleanup --rm', but cleanup does have different semantics given that we only ever expect it to run when the container has just exited. I think it might be useful to keep the two separate for things like 'podman events'...) Signed-off-by: Matthew Heon <mheon@redhat.com>
* | podman-remote volume inspect|lsbaude2019-02-13
| | | | | | | | | | | | | | add the ability to list and inspect volumes using the remote client and varlink Signed-off-by: baude <bbaude@redhat.com>
* | podman-remote pushbaude2019-02-13
| | | | | | | | | | | | | | | | | | | | enable podman-remote push so that users can push images from a remote client. change in push API to deal with the need to see output over the varlink connection. Signed-off-by: baude <bbaude@redhat.com>
* | varlink: Rename `SearchImage` to `SearchImages`Lars Karlitski2019-02-12
| | | | | | | | | | | | | | Also rename image result struct to `ImageSearchResult` and make `limit` parameter optional. Signed-off-by: Lars Karlitski <lars@karlitski.net>
* | varlink: Rename `ContainerInList` to `Container`Lars Karlitski2019-02-12
| | | | | | | | | | | | Container more clearly describes what the type represents. Signed-off-by: Lars Karlitski <lars@karlitski.net>
* | varlink: Rename `ImageInList` to `Image`Lars Karlitski2019-02-12
| | | | | | | | | | | | | | | | | | Image more clearly describes what the type represents. Also, only include the image name in the `ImageNotFound` error returned by `GetImage()`, not the full error message. Signed-off-by: Lars Karlitski <lars@karlitski.net>
* | varlink: Simplify GetVersion() callLars Karlitski2019-02-12
| | | | | | | | | | | | | | Not having the `Version` wrapper type makes it easier for clients to work with the returned data. Signed-off-by: Lars Karlitski <lars@karlitski.net>
* | varlink: Return all times in RFC 3339 formatLars Karlitski2019-02-12
| | | | | | | | | | | | | | | | | | This is more consistent and eaiser to parse than the format that golang's time.String() returns. Fixes #2260 Signed-off-by: Lars Karlitski <lars@karlitski.net>
* | varlink: Remove the Ping() methodLars Karlitski2019-02-12
| | | | | | | | | | | | | | | | There are other ways for developers to "ensure their varlink setup is working", for example by calling `GetVersion()` or any call on the org.varlink.service interface. Signed-off-by: Lars Karlitski <lars@karlitski.net>
* | varlink: Remove `NotImplemented` typeLars Karlitski2019-02-12
|/ | | | | | | | Remove the `NotImplemented` type and comment out the methods that use it. This way we can keep track of the methods that still need to be implemented without committing them to stable API. Signed-off-by: Lars Karlitski <lars@karlitski.net>
* podman-remote volume rmbaude2019-02-11
| | | | | | | add the ability to remove/delete volumes with the podman remote client. Signed-off-by: baude <bbaude@redhat.com>
* podman-remote volume createbaude2019-02-11
| | | | | | create a volume using the remote client over varlink Signed-off-by: baude <bbaude@redhat.com>
* Migrate to cobra CLIbaude2019-02-08
| | | | | | | | We intend to migrate to the cobra cli from urfave/cli because the project is more well maintained. There are also some technical reasons as well which extend into our remote client work. Signed-off-by: baude <bbaude@redhat.com>
* cleanup: use the correct runtimeGiuseppe Scrivano2019-02-07
| | | | | | | make sure "containers cleanup" uses the correct runtime if it was overriden. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2278 from rhatdan/varlinkOpenShift Merge Robot2019-02-07
|\ | | | | Fix handling of memory limits via varlink
| * Fix handling of memory limits via varlinkDaniel J Walsh2019-02-06
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently handlin memory via varlink is hard coded to 0 Changing to Memory: create.Resources.Memory, MemoryReservation: create.Resources.Memory_reservation, MemorySwap: create.Resources.Memory_swap, MemorySwappiness: int(create.Resources.Memory_swappiness), KernelMemory: create.Resources.Kernel_memory, Allows callers to modify these memory settings. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2268 from mheon/force_storage_refreshOpenShift Merge Robot2019-02-06
|\ \ | | | | | | Unconditionally refresh storage options from config
| * | Unconditionally refresh storage options from configMatthew Heon2019-02-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to our unconditionally setting some storage options, we are not always reading storage options from storage.conf. This can lead to some fields in the storage config (most notably extra storage options) being ignored, despite being set in storage.conf. Resolve this by unconditionally refreshing our storage config from storage.conf (this was previously only done for rootless Podman) Fixes #2217 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #2279 from giuseppe/pts-no-override-if-not-neededOpenShift Merge Robot2019-02-06
|\ \ \ | |_|/ |/| | rootless: do not override /dev/pts if not needed
| * | rootless: do not override /dev/pts if not neededGiuseppe Scrivano2019-02-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when running in rootless mode we were unconditionally overriding /dev/pts to take ride of gid=5. This is not needed when multiple gids are present in the namespace, which is always the case except when running the tests suite with only one mapping. So change it to check how many gids are present before overriding the default mount. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | podman-remote import|exportbaude2019-02-05
| |/ |/| | | | | | | | | | | | | addition of import and export for the podman-remote client. This includes the ability to send and receive files between the remote-client and the "podman" host using an upgraded varlink connection. Signed-off-by: baude <bbaude@redhat.com>