summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Add stubs for pkg/adapter/terminal_linux.goMiloslav Trmač2020-03-21
| | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Only run TestGetImageConfigStopSignal on LinuxMiloslav Trmač2020-03-21
| | | | | | ... because the implementation requires Linux-only pkg/signal Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Fix the pkg/specgen/SpecGenerator.getSeccompConfig stubMiloslav Trmač2020-03-20
| | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* podmanv2 enable remote waitBrent Baude2020-03-20
| | | | | | enable remote container wait with condition Signed-off-by: Brent Baude <bbaude@redhat.com>
* fix remote connection use of contextBrent Baude2020-03-20
| | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* use boolreport for containerexists responseBrent Baude2020-03-20
| | | | | | in the case of exists, use a boolreport structure so that responses can be consistent pointer and error Signed-off-by: Brent Baude <bbaude@redhat.com>
* podmanv2 container exists|waitBrent Baude2020-03-20
| | | | | | enable container exists and wait for podmanv2 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #5525 from baude/apiv2bindinglogsOpenShift Merge Robot2020-03-19
|\ | | | | apiv2 add bindings for logs|events
| * apiv2 add bindings for logs|eventsBrent Baude2020-03-19
| | | | | | | | | | | | add go-bindings for logs and events. tests were also added. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #5088 from mheon/begin_exec_reworkOpenShift Merge Robot2020-03-19
|\ \ | | | | | | Begin exec rework
| * | Add structure for new exec session tracking to DBMatthew Heon2020-03-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As part of the rework of exec sessions, we need to address them independently of containers. In the new API, we need to be able to fetch them by their ID, regardless of what container they are associated with. Unfortunately, our existing exec sessions are tied to individual containers; there's no way to tell what container a session belongs to and retrieve it without getting every exec session for every container. This adds a pointer to the container an exec session is associated with to the database. The sessions themselves are still stored in the container. Exec-related APIs have been restructured to work with the new database representation. The originally monolithic API has been split into a number of smaller calls to allow more fine-grained control of lifecycle. Support for legacy exec sessions has been retained, but in a deprecated fashion; we should remove this in a few releases. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #5546 from jwhonce/wip/entitiesOpenShift Merge Robot2020-03-19
|\ \ \ | | | | | | | | V2 podman command
| * | | V2 podman commandJhon Honce2020-03-18
| | | | | | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #5554 from baude/compatfixOpenShift Merge Robot2020-03-19
|\ \ \ \ | | | | | | | | | | fix reported compat issues
| * | | | fix reported compat issuesBrent Baude2020-03-19
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | honor -1 in in list containers for compatibility mode. it is commonly used to indicate no limit. change the json id parameter to Id in container create. Fixes: #5553 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #5445 from sujil02/podFilter-newOpenShift Merge Robot2020-03-19
|\ \ \ \ | |/ / / |/| | | Filter pods through pod list api
| * | | Filter pods through pod list apiSujil022020-03-17
| | |/ | |/| | | | | | | | | | | | | | | | Refactored current filter pods flow through the shared pod functions so filter pod functionalities can be shared between api and cmd. Signed-off-by: Sujil02 <sushah@redhat.com>
* | | rootless: fix usage with hidepid=1Giuseppe Scrivano2020-03-19
| |/ |/| | | | | | | | | | | | | | | | | | | when /proc is mounted with hidepid=1 a process doesn't see processes from the outer user namespace. This causes an issue reading the cmdline from the parent process. To address it, always read the command line from /proc/self instead of using /proc/PARENT_PID. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #5540 from jwhonce/issues/5531OpenShift Merge Robot2020-03-18
|\ \ | | | | | | Reduce CPU usage when --timeout=0
| * | Reduce CPU usage when --timeout=0Jhon Honce2020-03-18
| |/ | | | | | | | | | | | | | | | | * Add second go routine for when a Timer is not needed. * goimports updated some project files Fixes #5531 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #5544 from baude/apiv2serveswaggerOpenShift Merge Robot2020-03-18
|\ \ | | | | | | serve swagger when present
| * | serve swagger when presentBrent Baude2020-03-18
| | | | | | | | | | | | | | | | | | register the swagger endpoint and add some error handling for when the swagger file does not exist Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | swagger: more consistency fixesEd Santiago2020-03-18
|/ / | | | | | | | | | | Some new 'manifests' entries have the wrong {name} parameter Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #5480 from vrothberg/auto-updatesOpenShift Merge Robot2020-03-18
|\ \ | |/ |/| auto update containers in systemd units
| * auto updatesValentin Rothberg2020-03-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support to auto-update containers running in systemd units as generated with `podman generate systemd --new`. `podman auto-update` looks up containers with a specified "io.containers.autoupdate" label (i.e., the auto-update policy). If the label is present and set to "image", Podman reaches out to the corresponding registry to check if the image has been updated. We consider an image to be updated if the digest in the local storage is different than the one of the remote image. If an image must be updated, Podman pulls it down and restarts the container. Note that the restarting sequence relies on systemd. At container-creation time, Podman looks up the "PODMAN_SYSTEMD_UNIT" environment variables and stores it verbatim in the container's label. This variable is now set by all systemd units generated by `podman-generate-systemd` and is set to `%n` (i.e., the name of systemd unit starting the container). This data is then being used in the auto-update sequence to instruct systemd (via DBUS) to restart the unit and hence to restart the container. Note that this implementation of auto-updates relies on systemd and requires a fully-qualified image reference to be used to create the container. This enforcement is necessary to know which image to actually check and pull. If we used an image ID, we would not know which image to check/pull anymore. Fixes: #3575 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * pkg/systemd: add dbus supportValentin Rothberg2020-03-17
| | | | | | | | | | | | | | Move the dbus-connection code from libpod's healthcheck to pkg/systemd to allow for sharing the logic. Needed for the auto-updates work. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #5449 from baude/manifestsOpenShift Merge Robot2020-03-17
|\ \ | |/ |/| apiv2 addition of manifests
| * apiv2 addition of manifestsBrent Baude2020-03-16
| | | | | | | | | | | | | | | | add endpoints for create, add, remove, inspect, and push. this allows manifests to be managed through the restful interfaces. also added go-bindings and tests Signed-off-by: Brent Baude <bbaude@redhat.com>
* | fix systemd generate testsValentin Rothberg2020-03-16
| | | | | | | | | | | | Add the `default.target` to the failing tests. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #5439 from ttys3/fixup-systemdgen-with-new-paramOpenShift Merge Robot2020-03-16
|\ \ | | | | | | systemd generator: force run container detached if CreateCommand has no detach param
| * | force run container detached if container CreateCommand missing the detach param荒野無燈2020-03-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the podman generated systemd service file has `Type=forking` service, so the command after `ExecStart=` should not run in front. if someone created a container and has the detach(`-d`) param missing like this ``` podman create --name ngxdemo -P nginxdemos/hello ``` and generate the file with `--new` param: ``` podman generate systemd --name --new ngxdemo ``` because `podman run xxx` has no `-d` param, so the container is not run in background and nerver exit. and systemd will fail to start the service: ``` sudo systemctl start container-ngxdemo.service Job for container-ngxdemo.service failed because a timeout was exceeded. See "systemctl status container-ngxdemo.service" and "journalctl -xe" for details. ``` Signed-off-by: 荒野無燈 <ttys3@outlook.com>
* | | Merge pull request #5496 from baude/preemptiveOpenShift Merge Robot2020-03-14
|\ \ \ | | | | | | | | eat signal 23 in signal proxy
| * | | eat signal 23 in signal proxyBrent Baude2020-03-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | due to a change in golang-1.14 and it's changes to make go funcs with tight loops preemptive, signals are now getting "through" that never were before. From the golang-1.14 announce: Goroutines are now asynchronously preemptible. As a result, loops without function calls no longer potentially deadlock the scheduler or significantly delay garbage collection. This is supported on all platforms except windows/arm, darwin/arm, js/wasm, and plan9/*. A consequence of the implementation of preemption is that on Unix systems, including Linux and macOS systems, programs built with Go 1.14 will receive more signals than programs built with earlier releases. This means that programs that use packages like syscall or golang.org/x/sys/unix will see more slow system calls fail with EINTR errors. Those programs will have to handle those errors in some way, most likely looping to try the system call again. For more information about this see man 7 signal for Linux systems or similar documentation for other systems. Fixes #5483 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | add apiv2 healthcheck codeBrent Baude2020-03-13
|/ / / | | | | | | | | | | | | | | | reworking binding and endpoint to actually work. added documentation in swagger for and various return code possibilities. add a good start on tests though we need some other container functions not yet implemented for that. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | / remove imagefilter for varlink remote clientBrent Baude2020-03-12
| |/ |/| | | | | | | | | the api for getting images changed to use filters but back level podman versions cannot handle it. so temporarily disabling the filtering for remote clients until the restful approach can be used. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | rootlessport: detect rootless-child exitGiuseppe Scrivano2020-03-12
| | | | | | | | | | | | | | otherwise the rootless parent process might wait indefinitely when the rootless-child process exits early. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #5458 from baude/apiv2eventslibpodOpenShift Merge Robot2020-03-11
|\ \ | | | | | | [CI:DOCS]Add libpod event endpoint
| * | [CI:DOCS]Add libpod event endpointBrent Baude2020-03-11
| | | | | | | | | | | | | | | | | | add an endpoint for events on the libpod side of the house. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Update start stop api to use pod status function.Sujil022020-03-10
|/ / | | | | | | | | | | | | Update the strat and stop api to validate pod status based on status functions rather than iterating over all the containers in the pod. (Addressing the TO-DO) Signed-off-by: Sujil02 <sushah@redhat.com>
* | Merge pull request #5448 from vrothberg/update-systemdOpenShift Merge Robot2020-03-10
|\ \ | | | | | | update systemd & dbus dependencies
| * | update systemd & dbus dependenciesValentin Rothberg2020-03-10
| | | | | | | | | | | | | | | | | | | | | | | | Update the outdated systemd and dbus dependencies which are now provided as go modules. This will further tighten our dependencies and releases and pave the way for the upcoming auto-update feature. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Refactor handler packagesJhon Honce2020-03-10
|/ / | | | | | | | | | | | | To help with packaging, the handlers in pkg/api/handlers are now found in pkg/api/handler/compat. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #5427 from containers/systemd-defaultMatthew Heon2020-03-09
|\ \ | | | | | | generate systemd: add `default.target` to INSTALL
| * | generate systemd: add `default.target` to INSTALLValentin Rothberg2020-03-09
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When enabling a systemd service we can specify which target will start it by specifying it in the `[INSTALL]` section. In case of root, this is commonly set to `multi-user.target` which is used to start other essential system services such as the network manager, D-BUS and more. However, the `multi-user.target` is not enough on all systems, especially when running rootless and enabling user services. Multiple users have reported issues that there isn't even an attempt to start the service. Setting the INSTALL target to `default.target` will fix the rootless case. However, `default.target` may vary among systems. Fedora Workstation, for instance, sets the `default.target` to the graphical target (i.e., runlevel 5) while Fedora Server sets it to `multi-user.target` which is on runlevel 2 and hence way earlier in the startup sequence. As INSTALL allows for specifying multiple INSTALL targets, we can set it to `multi-user.target` to continue supporting existing workloads AND to `default.target` which MAY redundantly attempt to start it at a later point; effectively a NOP for the root case and essential for rootless. Fixes: #5423 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / use storage/pkg/ioutilsValentin Rothberg2020-03-09
|/ | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #5412 from rhatdan/tmpdirOpenShift Merge Robot2020-03-08
|\ | | | | Allow users to set TMPDIR environment
| * Allow users to set TMPDIR environmentDaniel J Walsh2020-03-06
| | | | | | | | | | | | | | Some users have small /var/tmp directories and need to be able to specify a different location for temporary files, which includes more space. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Fix spelling mistakes in code found by codespellDaniel J Walsh2020-03-07
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #5374 from baude/createOpenShift Merge Robot2020-03-07
|\ \ | | | | | | add default network for apiv2 create
| * | add default network for apiv2 createBrent Baude2020-03-06
| |/ | | | | | | | | | | | | | | | | | | | | | | | | during container creation, if no network is provided, we need to add a default value so the container can be later started. use apiv2 container creation for RunTopContainer instead of an exec to the system podman. RunTopContainer now also returns the container id and an error. added a libpod commit endpoint. also, changed the use of the connections and bindings slightly to make it more convenient to write tests. Fixes: 5366 Signed-off-by: Brent Baude <bbaude@redhat.com>