aboutsummaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* generate systemd: rename source filesValentin Rothberg2020-06-11
| | | | | | | Rename to `containers{_test}.go` to make some place for the upcoming pod changes. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* generate systemd: rephrase lookup errorValentin Rothberg2020-06-11
| | | | | | | | | Rephrase the lookup error when the specified name or ID does not refer to a container or pod. Until, only the pod-lookup error has been returned which can be confusing when actually looking for a container; a user might have just mistyped the ID or name. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* pod create: add `--infra-conmon-pidfile`Valentin Rothberg2020-06-11
| | | | | | | | | | | Add an `--infra-conmon-pidfile` flag to `podman-pod-create` to write the infra container's conmon process ID to a specified path. Several container sub-commands already support `--conmon-pidfile` which is especially helpful to allow for systemd to access and track the conmon processes. This allows for easily tracking the conmon process of a pod's infra container. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* generate systemd: rename "cid" to "ctr-id"Valentin Rothberg2020-06-11
| | | | | | | | | Rename the container ID file from "cid" to "ctr-id" to make the generated unit files a) easier to read and to b) pro-actively avoid any confusion when pod ID files are being added in the future. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* podman-pod{rm,start,stop}: support --pod-id-fileValentin Rothberg2020-06-11
| | | | | | | | | | Support the `--pod-id-file` flag in the rm, start and stop pod commands. This completes the already support flag in pod-create and is another prerequisite for generating generic systemd unit files for pods. Also add completions, docs and tests. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* systemd/generate: remove unused infra container fieldValentin Rothberg2020-06-11
| | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* pod config: add a `CreateCommand` fieldValentin Rothberg2020-06-11
| | | | | | | | | | | | | | Add a `CreateCommand` field to the pod config which includes the entire `os.Args` at pod-creation. Similar to the already existing field in a container config, we need this information to properly generate generic systemd unit files for pods. It's a prerequisite to support the `--new` flag for pods. Also add the `CreateCommand` to the pod-inspect data, which can come in handy for debugging, general inspection and certainly for the tests that are added along with the other changes. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6546 from rhatdan/lintOpenShift Merge Robot2020-06-10
|\ | | | | Turn on golint
| * Fix Id->ID where possible for lintDaniel J Walsh2020-06-10
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Fixup issues found by golintDaniel J Walsh2020-06-10
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Ensure signal validation happens first in pod killMatthew Heon2020-06-09
|/ | | | | | | | | | | | | This fixes an error in the system tests, which expect that when you try and kill a nonexistent pod with an incorrect signal, you receive an error about the signal, not the pod. At the same time, fix a missing return statement in the bindings, which could also have caused us grief. Fixes #6540 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add parallel operation to `podman stop`Matthew Heon2020-06-05
| | | | | | | | | | | | This is the other command that benefits greatly from being run in parallel, due to the potential 15-second timeout for containers that ignore SIGTERM. While we're at it, also clean up how stop timeout is set. This needs to be an optional parameter, so that the value set when the container is created with `--stop-timeout` will be respected. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix handling of systemd.Daniel J Walsh2020-06-05
| | | | | | | | | | Systemd enablement has to happen on the server side, since we need check if the image is running systemd. Also need to make sure user setting the StopSignal is not overriden on the server side. But if not set and using systemd, we set it correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6495 from mheon/parallel_executionOpenShift Merge Robot2020-06-05
|\ | | | | Add parallel execution code for container operations
| * Add parallel execution code for container operationsMatthew Heon2020-06-05
| | | | | | | | | | | | | | | | This code will run container operations in parallel, up to a given maximum number of threads. Currently, it has only been enabled for local `podman rm` as a proof of concept. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6498 from mheon/fix_pod_hostnameOpenShift Merge Robot2020-06-05
|\ \ | | | | | | Ensure that containers in pods properly set hostname
| * | Ensure that containers in pods properly set hostnameMatthew Heon2020-06-04
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we moved to the new Namespace types in Specgen, we made a distinction between taking a namespace from a pod, and taking it from another container. Due to this new distinction, some code that previously worked for both `--pod=$ID` and `--uts=container:$ID` has accidentally become conditional on only the latter case. This happened for Hostname - we weren't properly setting it in cases where the container joined a pod. Fortunately, this is an easy fix once we know to check the condition. Also, ensure that `podman pod inspect` actually prints hostname. Fixes #6494 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* / Fix handling of ThrottleWriteIOPSDeviceDaniel J Walsh2020-06-05
|/ | | | | | This is causing the UBuntu tests to fail. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6491 from vrothberg/fix-6490OpenShift Merge Robot2020-06-04
|\ | | | | /images/.../json: fix port parsing
| * /images/.../json: fix port parsingValentin Rothberg2020-06-04
| | | | | | | | | | | | | | | | | | | | Fix a bug when parsing the `ExposedPorts` of the image that lead to panics when the field was set. The OCI image spec allows three valid formats: `tcp/port`, `udp/port` and `port` Fixes: #6490 Reported-by: @jgallucci32 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6485 from QiWang19/remote-ignoreOpenShift Merge Robot2020-06-04
|\ \ | | | | | | fix remote test --ignore & turn on more tests
| * | fix remote test --ignore & turn on more testsQi Wang2020-06-03
| | | | | | | | | | | | | | | | | | fix remote test --ignore & turn on more tests Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #6481 from QiWang19/rm-test-stopOpenShift Merge Robot2020-06-04
|\ \ \ | | | | | | | | turn on remote stop_test
| * | | turn on remote stop_testQi Wang2020-06-03
| | | | | | | | | | | | | | | | | | | | | | | | turn on stop_test --cidfile Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #6486 from baude/v2infoaddsocketOpenShift Merge Robot2020-06-04
|\ \ \ \ | |_|_|/ |/| | | add socket information to podman info
| * | | add socket information to podman infoBrent Baude2020-06-03
| | |/ | |/| | | | | | | | | | | | | | | | this is step 1 to self-discovery of remote ssh connections. we add a remotesocket struct to info to detect what the socket path might be. Co-authored-by: Jhon Honce <jhonce@redhat.com> Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6478 from rhatdan/abisupportOpenShift Merge Robot2020-06-03
|\ \ \ | | | | | | | | Remove use of ABISupport buildtag
| * | | Remove use of ABISupport buildtagDaniel J Walsh2020-06-03
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | We need to default to building podman. If you specify no build tags you will not build podman, not podman-remote. Just using remote flag to indicate podman-remote and !remote for podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | When stopping containers locally, ensure cleanup runsMatthew Heon2020-06-03
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | The cleanup process was already running and ensuring that mounts and networking configuration was cleaned up on container stop, but this was async from the actual `podman stop` command which breaks some expectations - the container is still mounted at the end of `podman stop` and will be cleaned up soon, but not immediately. Fortunately, it's a trivial change to resolve this. Fixes #5747 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6469 from jwhonce/wip/authOpenShift Merge Robot2020-06-03
|\ \ | | | | | | V2 Add support for ssh authentication methods
| * | V2 Add support for ssh authentication methodsJhon Honce2020-06-03
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * podman --remote ssh://<user>:<password>@<host>:<port><path> * podman --remote ssh://<user>:<password>@<host>:<port><path> \ --identity <path> --passphrase <phrase> * ssh-add <key> podman --remote ssh://<user>@<host><path> * Fix `podman help` to run even if podman missing components * Prompt for passphrase on stdin IFF key is protected and passphrase not given via any other configuration * cobra flags do not support optional value flags therefore refactored --remote to be a boolean and --url will now contain the URI to Podman service Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #6473 from mheon/fix_inspect_segfaultOpenShift Merge Robot2020-06-03
|\ \ | |/ |/| Fix a segfault in `podman inspect -l` w/ no containers
| * Fix a segfault in `podman inspect -l` w/ no containersMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | We also need to rework container/image inspect to be separate, but that can happen in another PR. Fixes #6472 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Turn on remote rm_test --cidfileQi Wang2020-06-02
| | | | | | | | | | | | Turn on remote rm_test --cidfile Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #6468 from mheon/remote_detached_execOpenShift Merge Robot2020-06-03
|\ \ | | | | | | Enable detached exec for remote
| * | Enable detached exec for remoteMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The biggest obstacle here was cleanup - we needed a way to remove detached exec sessions after they exited, but there's no way to tell if an exec session will be attached or detached when it's created, and that's when we must add the exit command that would do the removal. The solution was adding a delay to the exit command (5 minutes), which gives sufficient time for attached exec sessions to retrieve the exit code of the session after it exits, but still guarantees that they will be removed, even for detached sessions. This requires Conmon 2.0.17, which has the new `--exit-delay` flag. As part of the exit command rework, we can drop the hack we were using to clean up exec sessions (remove them as part of inspect). This is a lot cleaner, and I'm a lot happier about it. Otherwise, this is just plumbing - we need a bindings call for detached exec, and that needed to be added to the tunnel mode backend for entities. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6467 from baude/v2windowsenvOpenShift Merge Robot2020-06-02
|\ \ \ | |_|/ |/| | make env handling os dependent
| * | make env handling os dependentBrent Baude2020-06-02
| |/ | | | | | | | | | | environment variables are handled differently on windows vs linux. here we split them to be handled but no actually processing of windows environment variables was done. it can be added for future. hoowever, now we dont get errors on windows about processing them. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6435 from QiWang19/uidOpenShift Merge Robot2020-06-02
|\ \ | |/ |/| check --user range for rootless containers
| * check --user range for rootless containersQi Wang2020-06-02
| | | | | | | | | | | | Check --user range if it's a uid for rootless containers. Returns error if it is out of the range. From https://github.com/containers/libpod/issues/6431#issuecomment-636124686 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #6411 from mheon/exec_bindingsOpenShift Merge Robot2020-06-02
|\ \ | | | | | | Add bindings for exec and enable attached remote exec
| * | Add bindings for exec and enable attached remoteMatthew Heon2020-06-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds bindings for starting exec sessions, and then uses them to wire up detached exec. Code is heavily based on Attach code for containers, slightly modified to handle exec sessions. Bindings are presently attached-only, detached is pending on a Conmon update landing in CI. I'll probably get to that next. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6453 from jwhonce/wip/errorsOpenShift Merge Robot2020-06-01
|\ \ \ | |/ / |/| | Add invalid value to error message
| * | Add invalid value to error messageJhon Honce2020-06-01
| |/ | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / Add support for format {{.Label}}Brent Baude2020-06-01
|/ | | | | | | | the pod ps man page says .Label is valid go template format. i dont think the function was actually ever implemented. Fixes #6448 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Fix leak of empty tarballBrent Baude2020-06-01
| | | | | | | | In cases of trying to export an image, if the image was not found, we leaked an empty tarball or directory depending on the format. Fixes: #6409 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #6356 from baude/v2copyendpointsOpenShift Merge Robot2020-05-30
|\ | | | | v2 copy endpoints
| * v2 copy endpointsBrent Baude2020-05-26
| | | | | | | | | | | | add copy endpoint inputs and outputs. these endpoints are not implemented yet, nor are any bindings. this allows us to update this later without having to change our api version. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | compat handlers: add X-Registry-Auth header supportValentin Rothberg2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6419 from mheon/signal_parse_windowsOpenShift Merge Robot2020-05-29
|\ \ | | | | | | Ensure that signal names can be parsed on Windows
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-14 13:52:05 +0000