summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* clean up socket and pid files from podman machineBrent Baude2021-08-30
| | | | | | | | | | | to avoid segvs, we should clean up as much of the socket and regular files from podman machine as possible on stop. also, on start, we should add logic to remove these files before starting in case the start process is stopped prematurely (due to an error for example). [NO TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* InfraContainer Reworkcdoern2021-08-26
| | | | | | | | | | InfraContainer should go through the same creation process as regular containers. This change was from the cmd level down, involving new container CLI opts and specgen creating functions. What now happens is that both container and pod cli options are populated in cmd and used to create a podSpecgen and a containerSpecgen. The process then goes as follows FillOutSpecGen (infra) -> MapSpec (podOpts -> infraOpts) -> PodCreate -> MakePod -> createPodOptions -> NewPod -> CompleteSpec (infra) -> MakeContainer -> NewContainer -> newContainer -> AddInfra (to pod state) Signed-off-by: cdoern <cdoern@redhat.com>
* Merge pull request #11298 from baude/kubeupdownOpenShift Merge Robot2021-08-26
|\ | | | | teardown play kube
| * teardown play kubeBrent Baude2021-08-24
| | | | | | | | | | | | | | | | | | add the ability for play kube to tear down based on the yaml used to play it. it is indicated by --down in the play kube command. volumes are NOT deleted during the teardown. pods and their containers are stopped and removed. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #11208 from ashley-cui/streamsOpenShift Merge Robot2021-08-26
|\ \ | | | | | | [NO TESTS NEEDED] Allow setting of machine stream and image path from containers.conf
| * | Allow setting of machine stream and image path from containers.confAshley Cui2021-08-24
| | | | | | | | | | | | | | | | | | Default is "testing" Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #11218 from cdoern/untilBugOpenShift Merge Robot2021-08-26
|\ \ \ | | | | | | | | logFile until flag issue, negative duration replaced with positive
| * | | logFile until flag issuecdoern2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we were adding a negative duration in podman events, causing inputs like -5s to be correct and 5s to be incorrect. fixes #11158 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | Merge pull request #11103 from jwhonce/wip/bindingsOpenShift Merge Robot2021-08-25
|\ \ \ \ | | | | | | | | | | Fix file descriptor leaks in bindings and add test
| * | | | Fix file descriptor leaks and add testJhon Honce2021-08-24
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add response.Body.Close() where needed to release HTTP connections to API server. * Add tests to ensure no general leaks occur. 100% coverage would be required to ensure no leaks on any call. * Update code comments to be godoc correct Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #11314 from Luap99/expose-portsOpenShift Merge Robot2021-08-25
|\ \ \ \ | |_|_|/ |/| | | podman inspect show exposed ports
| * | | podman inspect show exposed portsPaul Holzinger2021-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman inspect has to show exposed ports to match docker. This requires storing the exposed ports in the container config. A exposed port is shown as `"80/tcp": null` while a forwarded port is shown as `"80/tcp": [{"HostIp": "", "HostPort": "8080" }]`. Also make sure to add the exposed ports to the new image when the container is commited. Fixes #10777 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #11263 from nalind/journal-readOpenShift Merge Robot2021-08-24
|\ \ \ \ | | | | | | | | | | libpod/Container.readFromJournal(): don't skip the first entry
| * | | | logs: adjust handling around partial log messagesNalin Dahyabhai2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In libpod/logs.LogLine.Write(), don't write a newline to stdout/stderr when the log message is only part of a line. In libpod.ConmonOCIRuntime.HTTPAttach(), don't send a newline over the HTTP connection when the log message is only part of a line. In pkg/api/handlers/compat.LogsFromContainer(), don't send a newline over the HTTP connection when the log message is only part of a line, and don't make doing so conditional on whether or not the client used the docker or podman endpoint. In pkg/domain/infra/tunnel.ContainerEngine.ContainerLogs(), don't add our own newline to log messages, since they already come through from the server when they need to. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | | | Merge pull request #11315 from vrothberg/fix-11304OpenShift Merge Robot2021-08-24
|\ \ \ \ \ | |_|_|/ / |/| | | | generate systemd: use --cidfile again
| * | | | generate systemd: use --cidfile againValentin Rothberg2021-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 9ac5267 changed the type of the generated systemd units from `forking` to `notify`. It further stopped using `--cidfile` and instead intended systemd to take care of stopping the container, which turned out to be a bad idea. Systemd will send the stop/kill signals to conmon which in turn may exit non-zero, depending on the signal, and ultimately breaking container cleanup. Hence, we need to use --cidfile again and let podman stop and remove the container to make sure that everything's in order. Fixes: #11304 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | Revert "generate systemd: custom stop signal"Valentin Rothberg2021-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 70801b3d714b067d64744697433c5841926dad4d. It turns out that letting systemd handle stopping the container is not working as I thought it will. Conmon is receiving the stop/kill signals and may exit non-zero, which in turn lets the systemd service transition into the `failed` state. We need to get back to letting Podman stop the containers and do a partial revert of commit 9ac5267 which removed using --cidfile. Happening in a following commit. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Network interfacePaul Holzinger2021-08-24
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement a new network interface to abstract CNI from libpod. The interface is implemented for the CNI backend but in the future we can add more backends. The code is structured in three new packages: - `libpod/network/types`: contains the interface definition and the necessary types for it. - `libpod/network/cni` contains the interface implementation for the CNI backend. - `libpod/network/util` a set of utility functions related to networking. The CNI package uses ginkgo style unit tests. To test Setup/Teardown the test must be run as root. Each test will run in their own namespace to make the test independent from the host environment. New features with the CNI backend: - The default network will be created in memory if it does not exists on disk. - It can set more than one static IP per container network. - Networks are loaded once from disk and only if this interface is used, e.g. for commands such as `podman info` networks are not loaded. This reduces unnecessary disk IO. This commit only adds the interface it is not wired into libpod. This requires a lot of breaking changes which will be done in a followup commit. Once this is integrated into libpod the current network code under `libpod/network` should be removed. Also the dependency on OCICNI should be dropped. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / / / generate systemd: custom stop signalValentin Rothberg2021-08-24
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 9ac5267598c3 changed the type of the generated systemd units from forking to notify. Parts of these changes was also removing the need to pass any information via the file system (e.g., PIDFILE, container ID). That in turn implies that systemd takes care of stopping the container. By default, systemd first sends a SIGTERM and after a certain timeout, it'll send a SIGKILL. That's pretty much what Podman is doing, unless the container was created with a custom stop signal which is the case when the --stop-signal flag was used or systemd is mounted. Account for that by using systemd's KillSignal option which allows for changing SIGTERM to another signal. Also make sure that we're using the correct timeout for units generated with --new. Fixes: #11304 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #11290 from flouthoc/volume-exportOpenShift Merge Robot2021-08-23
|\ \ \ | |/ / |/| | volumes: Add support for `volume export` which allows exporting content to external path.
| * | volumes: Add support for exporting volumes to external tarflouthoc2021-08-23
| | | | | | | | | | | | | | | | | | | | | Adds support for transferring data between systems and backing up systems. Use cases: recover from disasters or move data between machines. Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | | Merge pull request #11296 from vrothberg/memory-profileOpenShift Merge Robot2021-08-21
|\ \ \ | | | | | | | | add flag to record memory profiles
| * | | add flag to record memory profilesValentin Rothberg2021-08-20
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Add a new flag `--memory-profile=$path` which creates a memory profile. The generated profile can later be analyzed via `go tool pprof`. [NO TESTS NEEDED] since it's a hidden flag, devs-only. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #11286 from jwhonce/issues/11227OpenShift Merge Robot2021-08-20
|\ \ \ | |/ / |/| | Update /version endpoint to add components
| * | Update /version endpoint to add componentsJhon Honce2021-08-19
| | | | | | | | | | | | | | | | | | | | | | | | * Include OCI and conmon information as components Fixes #11227 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #11280 from Luap99/info-pluginsOpenShift Merge Robot2021-08-19
|\ \ \ | |/ / |/| | Podman info output plugin information
| * | Podman info output plugin informationPaul Holzinger2021-08-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | For docker compat include information about available volume, log and network drivers which should be listed under the plugins key. Fixes #11265 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #11279 from guillaumerose/refactor1OpenShift Merge Robot2021-08-19
|\ \ \ | | | | | | | | machine: compute sha256 as we are reading the file
| * | | machine: compute sha256 as we read the image fileGuillaume Rose2021-08-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It avoids to have the full file in memory. [NO TESTS NEEDED] Signed-off-by: Guillaume Rose <gurose@redhat.com>
| * | | machine: check for file exists instead of listing directoryGuillaume Rose2021-08-19
| |/ / | | | | | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Guillaume Rose <gurose@redhat.com>
* | | Merge pull request #11271 from jwhonce/issues/8577OpenShift Merge Robot2021-08-19
|\ \ \ | |/ / |/| | Clean up swagger
| * | [NO TESTS NEEDED] Clean up swaggerJhon Honce2021-08-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Removed defined by unused responses * Added missing body definitions * Updated header input definitions Outstanding issues: * Supporting body ContainerConfig for /commit endpoint Fixes #8577 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #11260 from nalind/remote-build-pathOpenShift Merge Robot2021-08-19
|\ \ \ | | | | | | | | pkg/bindings/images.nTar(): slashify hdr.Name values
| * | | pkg/bindings/images.nTar(): slashify hdr.Name valuesNalin Dahyabhai2021-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When setting path names in the build context archive, convert path names to use forward slashes, as is normal for those archives, so that directory hierarchies archived on Windows hosts extract correctly everywhere. Not really sure how to run the remote client in CI on a system that uses `\` as a path separator, which is where this error crops up, so [NO TESTS NEEDED] Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | | Merge pull request #11269 from Luap99/rootlessport-flakeOpenShift Merge Robot2021-08-18
|\ \ \ \ | | | | | | | | | | fix rootlessport flake
| * | | | fix rootlessport flakePaul Holzinger2021-08-18
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the rootlessport process is started the stdout/stderr are attached to the podman process. However once everything is setup podman exits and when the rootlessport process tries to write to stdout it will fail with SIGPIPE. The code handles this signal and puts /dev/null to stdout and stderr but this is not robust. I do not understand the exact cause but sometimes the process is still killed by SIGPIPE. Either go lost the signal or the process got already killed before the goroutine could handle it. Instead of handling SIGPIPE just set /dev/null to stdout and stderr before podman exits. With this there should be no race and no way to run into SIGPIPE errors. [NO TESTS NEEDED] Fixes #11248 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / / / Add ability to build images in play kubeBrent Baude2021-08-18
|/ / / | | | | | | | | | | | | | | | | | | | | | When playing a kube YAML file, it can be desirable to be able to build an image on the fly. This is good for development of an image and YAML files and somewhat mocks what compose does. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #11212 from flouthoc/check-valid-systemd-sessionopenshift-ci[bot]2021-08-17
|\ \ \ | | | | | | | | cgroup-manager-systemd: Warn early if user is rootless and no relevent user session is present.
| * | | cgroup-manager-systemd:Fail early if user:rootless and relevent session is ↵flouthoc2021-08-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | not present. [NO TESTS NEEDED] Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | | | Merge pull request #11192 from ashley-cui/darwinwarn3openshift-ci[bot]2021-08-17
|\ \ \ \ | | | | | | | | | | [NO TESTS NEEDED] Change connection error to be helpful for machine users
| * | | | Change connection error to be helpful for machine usersAshley Cui2021-08-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a podman-remote connection fails, remind the user to check their linux system and podman machine vm Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | | Merge pull request #11231 from flouthoc/move-volume-dest-to-serveropenshift-ci[bot]2021-08-17
|\ \ \ \ \ | | | | | | | | | | | | volume: move validating volume dest from client to server.
| * | | | | fix: unifiedOverlays should be assigned if no conflicts found.flouthoc2021-08-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: flouthoc <flouthoc.git@gmail.com>
| * | | | | libpod/option.go remove error stutter from wrap/wrafflouthoc2021-08-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: flouthoc <flouthoc.git@gmail.com>
| * | | | | volume: move validating volume dest from client to server.flouthoc2021-08-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | | | | | Merge pull request #11224 from xatier/masteropenshift-ci[bot]2021-08-17
|\ \ \ \ \ \ | | | | | | | | | | | | | | Add space trimming check in ValidateSysctls
| * | | | | | Add space trimming check in ValidateSysctlsxatier2021-08-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is to catch invalid sysctl configs with extra spacing. See https://github.com/containers/common/issues/723#issuecomment-897395506 Signed-off-by: xatier <xatierlike@gmail.com>
* | | | | | | make sure that signal buffers are sufficiently bigValentin Rothberg2021-08-17
| |_|_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Dealing with os.Signal channels seems more like an art than science since signals may get lost. os.Notify doesn't block on an unbuffered channel, so users are expected to know what they're doing or hope for the best. In the recent past, I've seen a number of flakes and BZs on non-amd64 architectures where I was under the impression that signals may got lost, for instance, during stop and exec. [NO TESTS NEEDED] since this is art. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Merge pull request #11154 from cdoern/imagesPullopenshift-ci[bot]2021-08-16
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Libpod images pull changes
| * | | | | Libpod images pull changescdoern2021-08-09
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added quiet param to docs to limit stream output. Formatted JSON. fixes #10612 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>