| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the look up of containers and pods in the remote client. User input
can refer to both, names or IDs of containers and pods, so there is a
fair chance of collisions (e.g., "c1" name with a "c1...." ID).
Those collisions are well handled (and battle tested) in the local
client which is directly using the libpod backend. Hence, the remote
client should not attempt to introduce its own logic to prevent bugs and
divergence between the local and the remote clients. To prevent
collisions such as in #7837, do a container/pod inspect on the
user-provided input to find the corresponding ID and eventually do full
ID comparisons to avoid potential collisions with names.
Note that this has a cost that I am not entirely happy with. Looking at
issue #7837, the collisions are happening when removing the two
containers. Remote container removal is now very chatty with the server
as it first queries for all containers, then iterates over the provided
names or IDs and does a remote inspect to figure out the IDs and find a
matching container object. However, remote removal could just pass the
names and IDs directly to the batch removal endpoint. Querying for all
containers could be prevented if the batch removal endpoint would remove
all if the slice is empty.
In other words, the bug is fixed but there's room for performance
improvements.
Fixes: #7837
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
image look up: consult registries.conf
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The registries package should be retired. It was introduced as an
easier to use wrapper around c/image `sysregistries` which has been
replaced by `sysregistriesv2` a long while ago.
Users should either use the `sysregistriesv2` package directly or, even
better, we cache the config in libpod's image runtime to prevent
redundant (and ~expensive) parsing of the registries.conf files.
For now, just add a note in hope we'll not forgert about it when we find
time in the future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| | |
| | | |
Use local image if input image is a manifest list
|
| | | |
| | |
| | |
| | |
| | |
| | | |
If run&create image returns error: image contains manifest list, not a runnable image, find the local image that has digest matching the digest from the list and use the image from local storage for the command.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\ \ \
| | | |
| | | | |
capabilities: always set ambient and inheritable
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
change capabilities handling to reflect what docker does.
Bounding: set to caplist
Inheritable: set to caplist
Effective: if uid != 0 then clear; else set to caplist
Permitted: if uid != 0 then clear; else set to caplist
Ambient: clear
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
Refactor IdleTracker to handle StateIdle transitions
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Remove stutter naming for package and types
* Stop treating StateIdle the same as StateClosed, rather transitions to
StateIdle will keep API timeout window open
* Remove redundate code
Fixes #7826
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \
| | |
| | | |
fix remote untag
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix the remote client to untag all tags of the specified image.
Instead of querying the image on the client side, support the
case where both, repo and tag, are empty and remove all tags.
Reuse the ABI implementation where possible. In retrospective,
the libpod untag endpoint should support a slice of strings to
batch remove tags rather than reaching out for each tag individually.
Enable the skipped test.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| | |
| | | |
We already set container=podman environment variable
|
| | |/
| |
| |
| |
| |
| | |
Only need to set container, no need for containers
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
In podman containers rm and podman images rm, the commands
exit with error code 1 if the object does not exists.
This PR implements similar functionality to volumes, networks, and Pods.
Similarly if volumes or Networks are in use by other containers, and return
exit code 2.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Add support for slirp network for pods
|
| | |
| |
| |
| |
| |
| | |
flag --network=slirp4netns[options] for root and rootless pods
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \
| | |
| | | |
Ignore containers.conf sysctl when namespaces set to host
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If user sets namespace to host, then default sysctls need to be ignored
that are specific to that namespace.
--net=host ignore sysctls that begin with net.
--ipc=host ignore fs.mqueue
--uts=host ignore kernel.domainname and kernel.hostname
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
in the compatibility layer, creating a volume with a name that already does not result in an error. instead a 201 response with the existing volume's information is returned. while it seems like a bug on the part of docker and they agree, no attempt has been made to fix it in five years. See https://github.com/moby/moby/issues/16068
Fixes: #7740
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
Properly handle podman run --pull command
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently the --pull missing|always|never is ignored
This PR implements this for local API. For remote we
need to default to pullpolicy specified in the containers.conf
file.
Also fixed an issue when images were matching other images names
based on prefix, causing images to always be pulled.
I had named an image myfedora and when ever I pulled fedora, the system
thought that it there were two images named fedora since it was checking
for the name fedora as well as the prefix fedora. I changed it to check
for fedora and the prefix /fedora, to prefent failures like I had.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The podman remote client ignored the force option due a typo.
If an error occured the remote client would panic with an
index out of range error.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |/ /
| |
| |
| |
| |
| | |
I added a test to prevent a future regression.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| | |
| | | |
rootless: fix hang when newidmap is not installed
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when newidmap is not installed the code would hit the
reexec_in_user_namespace_wait code and wait for the child process to
be terminated. The child process is blocked waiting on the w pipe.
So make sure to unblock the child process first and then clean it up.
Closes: https://github.com/containers/podman/issues/7776
Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
|
| |\ \ \
| | | |
| | | | |
Evict containers before removing via V2 API
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes #7535
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
remote load: check if input is directory
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The remote client does not support loading directories yet. To prevent
confusing error messages and to make the behaviour more explicit, check
if the input points to a directory and throw an error if needed.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
remote stats
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Have a clear separation of concerns for the CLI-only options (and their
logic) from the backend. The backend logic is now easier to understand
(e.g., `stream` instead of `noStream`).
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add a new endpoint for container stats allowing for batch operations on
more than one container. The new endpoint deprecates the
single-container endpoint which will eventually be removed with the next
major release.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Refactor the entities' stats API to simplify using it and reduce the
risk of running into concurrency issues at the call sites. Further
simplify the stats code by de-spaghetti-ing the logic and reducing
duplicate code.
`ContainerStats` now returns a data channel and an error. If the error
is nil, callers can read from the channel.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
set interactive mode with compat create endpoint
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
when creating a container using the compat endpoint, the interactive bool was being hard set to false and ignoring the user's input.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
apiv2 /containers/json limit differ from docker-api
|
| | | |/ / /
| |/| | |
| | | | |
| | | | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Most have been fixed, others I replaced with SkipIfRemote
Fix ContainerStart on tunnel, it needs to wait for the exit status
before returning.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
fix build with varlink
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
also add a cirrus task for building binaries with varlink.
From: Chris Evich <cevich@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
add missing return for compat kill
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
on an error condition in kill for the compatibility layer, we were missing a return.
Signed-off-by: baude <bbaude@redhat.com>
|
| | |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | | |
Aids in reading logs of different services
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
pkg/hooks: support all hooks
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add support for the missing hook types [1]:
- createContainer
- createRuntime
- startContainer
Otherwise, Podman won't inject them into the runtime config (and pass it
on to runc/crun) but error out.
[1] https://github.com/opencontainers/runtime-spec/blob/44341cdd36f6fee6ddd73e602f9e3eca1466052f/runtime.md#lifecycle
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Fix up attach tests for podman remote
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When we execute podman-remote attach, we were not checking if the
container was in the correct state, this is leading to timeouts and
we had turned off remote testing.
Also added an IfRemote() function so we can turn on more tests when
using the "-l" flag for local, but use container name for remote.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
Fix podman image unmount to only report images unmounted
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently `podman image unmount` report every image that is mounted
when it unmounts them. We should only report unmounted actually mounted images.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
id is the last image id from the set of id's returned via the images
stanza.
id may be deprecated in a future version of the API
Created test_rest_v2_0_0.py to reflect the bump in the API Version.
Fixes #7686
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
