From dc22350be5f59f612342bc53ec9689f0b2c2145a Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Wed, 24 Jun 2020 15:55:09 -0400 Subject: Print port mappings in `ps` for ctrs sharing network In Podman v1.9, we printed port mappings for the container, even if it shared its network namespace (and thus ports) with another container. We regressed on this in Podman v2.0, which is fixed here. Signed-off-by: Matthew Heon --- pkg/ps/ps.go | 8 ++++++-- test/e2e/ps_test.go | 17 +++++++++++++++++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/pkg/ps/ps.go b/pkg/ps/ps.go index b07eb7f9a..cbac2cb06 100644 --- a/pkg/ps/ps.go +++ b/pkg/ps/ps.go @@ -145,11 +145,15 @@ func ListContainerBatch(rt *libpod.Runtime, ctr *libpod.Container, opts entities } return nil }) - if batchErr != nil { return entities.ListContainer{}, batchErr } + portMappings, err := ctr.PortMappings() + if err != nil { + return entities.ListContainer{}, err + } + ps := entities.ListContainer{ Command: conConfig.Command, Created: conConfig.CreatedTime.Unix(), @@ -165,7 +169,7 @@ func ListContainerBatch(rt *libpod.Runtime, ctr *libpod.Container, opts entities Names: []string{conConfig.Name}, Pid: pid, Pod: conConfig.Pod, - Ports: conConfig.PortMappings, + Ports: portMappings, Size: size, StartedAt: startedTime.Unix(), State: conState.String(), diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go index 0dc8e01af..cfc0a415e 100644 --- a/test/e2e/ps_test.go +++ b/test/e2e/ps_test.go @@ -449,4 +449,21 @@ var _ = Describe("Podman ps", func() { Expect(len(output)).To(Equal(1)) Expect(output[0]).To(Equal(ctrName)) }) + + It("podman ps test with port shared with pod", func() { + podName := "testPod" + pod := podmanTest.Podman([]string{"pod", "create", "-p", "8080:80", "--name", podName}) + pod.WaitWithDefaultTimeout() + Expect(pod.ExitCode()).To(Equal(0)) + + ctrName := "testCtr" + session := podmanTest.Podman([]string{"run", "--name", ctrName, "-dt", "--pod", podName, ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + ps := podmanTest.Podman([]string{"ps", "--filter", fmt.Sprintf("name=%s", ctrName), "--format", "{{.Ports}}"}) + ps.WaitWithDefaultTimeout() + Expect(ps.ExitCode()).To(Equal(0)) + Expect(ps.OutputToString()).To(ContainSubstring("0.0.0.0:8080->80/tcp")) + }) }) -- cgit v1.2.3-54-g00ecf From 9de1581e9392c2f301778496cb624016de3d2c5c Mon Sep 17 00:00:00 2001 From: Jhon Honce Date: Thu, 25 Jun 2020 11:35:32 -0700 Subject: Revert sending --remote flag to containers * quick --remote fix, sent --remote to ctnrs as argument Signed-off-by: Jhon Honce --- cmd/podman/registry/config_tunnel.go | 7 ------- 1 file changed, 7 deletions(-) diff --git a/cmd/podman/registry/config_tunnel.go b/cmd/podman/registry/config_tunnel.go index 4f9f51163..bb3da947e 100644 --- a/cmd/podman/registry/config_tunnel.go +++ b/cmd/podman/registry/config_tunnel.go @@ -2,13 +2,6 @@ package registry -import ( - "os" -) - func init() { abiSupport = false - - // Enforce that podman-remote == podman --remote - os.Args = append(os.Args, "--remote") } -- cgit v1.2.3-54-g00ecf From c69ce171aa75462e7201b404909634b9f97793fe Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Thu, 25 Jun 2020 12:00:17 +0200 Subject: systemd generate: allow manual restart of container units in pods Allow manual restarts of container units that are part of a pod. This allows for configuring these containers for auto updates. Fixes: #6770 Signed-off-by: Valentin Rothberg --- pkg/systemd/generate/containers.go | 2 -- pkg/systemd/generate/containers_test.go | 2 -- 2 files changed, 4 deletions(-) diff --git a/pkg/systemd/generate/containers.go b/pkg/systemd/generate/containers.go index bf6cb81b8..333f8ef88 100644 --- a/pkg/systemd/generate/containers.go +++ b/pkg/systemd/generate/containers.go @@ -69,8 +69,6 @@ type containerInfo struct { const containerTemplate = headerTemplate + ` {{- if .BoundToServices}} -RefuseManualStart=yes -RefuseManualStop=yes BindsTo={{- range $index, $value := .BoundToServices -}}{{if $index}} {{end}}{{ $value }}.service{{end}} After={{- range $index, $value := .BoundToServices -}}{{if $index}} {{end}}{{ $value }}.service{{end}} {{- end}} diff --git a/pkg/systemd/generate/containers_test.go b/pkg/systemd/generate/containers_test.go index 80f0996a1..e108251ea 100644 --- a/pkg/systemd/generate/containers_test.go +++ b/pkg/systemd/generate/containers_test.go @@ -88,8 +88,6 @@ Description=Podman container-foobar.service Documentation=man:podman-generate-systemd(1) Wants=network.target After=network-online.target -RefuseManualStart=yes -RefuseManualStop=yes BindsTo=a.service b.service c.service pod.service After=a.service b.service c.service pod.service -- cgit v1.2.3-54-g00ecf From 68543bbece77d4cc478d98e45fae8b6296a96a3a Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Wed, 24 Jun 2020 16:49:04 +0200 Subject: podman run/create: support all transports Support all image transports in podman run/create. It seems we regressed with v2 on that. Also add tests to make sure we're not regressing again. Fixes: #6744 Signed-off-by: Valentin Rothberg --- cmd/podman/containers/create.go | 48 ++++++++++++++++++++++++++++------------- cmd/podman/containers/run.go | 9 +++++--- test/system/030-run.bats | 13 +++++++++++ 3 files changed, 52 insertions(+), 18 deletions(-) diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go index 45ce00c86..c48a739ff 100644 --- a/cmd/podman/containers/create.go +++ b/cmd/podman/containers/create.go @@ -6,11 +6,12 @@ import ( "os" "strings" - "github.com/containers/libpod/libpod/define" - "github.com/containers/common/pkg/config" + "github.com/containers/image/v5/storage" + "github.com/containers/image/v5/transports/alltransports" "github.com/containers/libpod/cmd/podman/common" "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/pkg/domain/entities" "github.com/containers/libpod/pkg/errorhandling" "github.com/containers/libpod/pkg/specgen" @@ -108,12 +109,15 @@ func create(cmd *cobra.Command, args []string) error { return err } + imageName := args[0] if !cliVals.RootFS { - if err := pullImage(args[0]); err != nil { + name, err := pullImage(args[0]) + if err != nil { return err } + imageName = name } - s := specgen.NewSpecGenerator(args[0], cliVals.RootFS) + s := specgen.NewSpecGenerator(imageName, cliVals.RootFS) if err := common.FillOutSpecGen(s, &cliVals, args); err != nil { return err } @@ -211,30 +215,44 @@ func createInit(c *cobra.Command) error { return nil } -func pullImage(imageName string) error { - br, err := registry.ImageEngine().Exists(registry.GetContext(), imageName) - if err != nil { - return err - } +func pullImage(imageName string) (string, error) { pullPolicy, err := config.ValidatePullPolicy(cliVals.Pull) if err != nil { - return err + return "", err } - if !br.Value || pullPolicy == config.PullImageAlways { + + // Check if the image is missing and hence if we need to pull it. + imageMissing := true + imageRef, err := alltransports.ParseImageName(imageName) + switch { + case err != nil: + // Assume we specified a local image withouth the explicit storage transport. + fallthrough + + case imageRef.Transport().Name() == storage.Transport.Name(): + br, err := registry.ImageEngine().Exists(registry.GetContext(), imageName) + if err != nil { + return "", err + } + imageMissing = !br.Value + } + + if imageMissing || pullPolicy == config.PullImageAlways { if pullPolicy == config.PullImageNever { - return errors.Wrapf(define.ErrNoSuchImage, "unable to find a name and tag match for %s in repotags", imageName) + return "", errors.Wrapf(define.ErrNoSuchImage, "unable to find a name and tag match for %s in repotags", imageName) } - _, pullErr := registry.ImageEngine().Pull(registry.GetContext(), imageName, entities.ImagePullOptions{ + pullReport, pullErr := registry.ImageEngine().Pull(registry.GetContext(), imageName, entities.ImagePullOptions{ Authfile: cliVals.Authfile, Quiet: cliVals.Quiet, OverrideArch: cliVals.OverrideArch, OverrideOS: cliVals.OverrideOS, }) if pullErr != nil { - return pullErr + return "", pullErr } + imageName = pullReport.Images[0] } - return nil + return imageName, nil } func openCidFile(cidfile string) (*os.File, error) { diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go index b9c196b64..a16c2f89d 100644 --- a/cmd/podman/containers/run.go +++ b/cmd/podman/containers/run.go @@ -123,10 +123,13 @@ func run(cmd *cobra.Command, args []string) error { return err } + imageName := args[0] if !cliVals.RootFS { - if err := pullImage(args[0]); err != nil { + name, err := pullImage(args[0]) + if err != nil { return err } + imageName = name } if cliVals.Replace { @@ -163,7 +166,7 @@ func run(cmd *cobra.Command, args []string) error { } runOpts.Detach = cliVals.Detach runOpts.DetachKeys = cliVals.DetachKeys - s := specgen.NewSpecGenerator(args[0], cliVals.RootFS) + s := specgen.NewSpecGenerator(imageName, cliVals.RootFS) if err := common.FillOutSpecGen(s, &cliVals, args); err != nil { return err } @@ -193,7 +196,7 @@ func run(cmd *cobra.Command, args []string) error { return nil } if runRmi { - _, rmErrors := registry.ImageEngine().Remove(registry.GetContext(), []string{args[0]}, entities.ImageRemoveOptions{}) + _, rmErrors := registry.ImageEngine().Remove(registry.GetContext(), []string{imageName}, entities.ImageRemoveOptions{}) if len(rmErrors) > 0 { logrus.Errorf("%s", errors.Wrapf(errorhandling.JoinErrors(rmErrors), "failed removing image")) } diff --git a/test/system/030-run.bats b/test/system/030-run.bats index aa9ace332..7eea6e159 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -189,4 +189,17 @@ echo $rand | 0 | $rand "podman will not overwrite existing cidfile" } +@test "podman run docker-archive" { + tmpdir=$PODMAN_TMPDIR/run-archive + mkdir -p $tmpdir + archive=$tmpdir/archive.tar + + run_podman save $IMAGE -o $archive + + run_podman run docker-archive:$archive ls + + # Also make sure create eats the archive as well + run_podman create docker-archive:$archive ls +} + # vim: filetype=sh -- cgit v1.2.3-54-g00ecf From 723a9e308f586b5c265ab5ca11f9932b98ce4243 Mon Sep 17 00:00:00 2001 From: Ed Santiago Date: Wed, 24 Jun 2020 10:36:17 -0600 Subject: Friendly amendment for pr 6751 More robust system test for podman run/create docker-archive Signed-off-by: Ed Santiago --- test/system/030-run.bats | 42 +++++++++++++++++++++++++++++++++++------- 1 file changed, 35 insertions(+), 7 deletions(-) diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 7eea6e159..c7a9bf191 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -190,16 +190,44 @@ echo $rand | 0 | $rand } @test "podman run docker-archive" { - tmpdir=$PODMAN_TMPDIR/run-archive - mkdir -p $tmpdir - archive=$tmpdir/archive.tar + # Create an image that, when run, outputs a random magic string + expect=$(random_string 20) + run_podman run --name myc --entrypoint="[\"/bin/echo\",\"$expect\"]" $IMAGE + is "$output" "$expect" "podman run --entrypoint echo-randomstring" + + # Save it as a tar archive + run_podman commit myc myi + archive=$PODMAN_TMPDIR/archive.tar + run_podman save myi -o $archive + is "$output" "" "podman save" + + # Clean up image and container from container storage... + run_podman rmi myi + run_podman rm myc + + # ... then confirm we can run from archive. This re-imports the image + # and runs it, producing our random string as the last line. + run_podman run docker-archive:$archive + is "${lines[0]}" "Getting image source signatures" "podman run docker-archive, first line of output" + is "$output" ".*Copying blob" "podman run docker-archive" + is "$output" ".*Copying config" "podman run docker-archive" + is "$output" ".*Writing manifest" "podman run docker-archive" + is "${lines[-1]}" "$expect" "podman run docker-archive: expected random string output" + + # Clean up container as well as re-imported image + run_podman rm -a + run_podman rmi myi - run_podman save $IMAGE -o $archive + # Repeat the above, with podman-create and podman-start. + run_podman create docker-archive:$archive + cid=${lines[-1]} - run_podman run docker-archive:$archive ls + run_podman start --attach $cid + is "$output" "$expect" "'podman run' of 'podman-create docker-archive'" - # Also make sure create eats the archive as well - run_podman create docker-archive:$archive ls + # Clean up. + run_podman rm $cid + run_podman rmi myi } # vim: filetype=sh -- cgit v1.2.3-54-g00ecf From 2ad9dcc07e3062653e3da0c5639a837d3af8b99e Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Mon, 22 Jun 2020 15:05:22 -0400 Subject: Set syslog for exit commands on log-level=debug We have a flag, --syslog, for telling logrus to log to syslog as well as to the terminal. Previously, this flag also set the exit command for containers to use `--syslog` (otherwise all output from exit commands is lost). I attempted to replicate this with Podman v2.0, but quickly ran into circular import hell (the flag is defined in cmd/podman, I needed it in cmd/podman/containers, cmd/podman imports cmd/podman/containers already, etc). Instead, let's just set the syslog flag automatically on `--log-level=debug` so we log exit commands automatically when debug-level logs are requested. This is consistent with Conmon and seems to make sense. Signed-off-by: Matthew Heon --- pkg/api/handlers/compat/exec.go | 3 ++- pkg/specgen/generate/container_create.go | 3 +-- pkg/specgen/specgen.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/api/handlers/compat/exec.go b/pkg/api/handlers/compat/exec.go index 8f7016903..dae76c061 100644 --- a/pkg/api/handlers/compat/exec.go +++ b/pkg/api/handlers/compat/exec.go @@ -62,7 +62,8 @@ func ExecCreateHandler(w http.ResponseWriter, r *http.Request) { utils.InternalServerError(w, err) return } - exitCommandArgs, err := generate.CreateExitCommandArgs(storageConfig, runtimeConfig, false, true, true) + // Automatically log to syslog if the server has log-level=debug set + exitCommandArgs, err := generate.CreateExitCommandArgs(storageConfig, runtimeConfig, logrus.IsLevelEnabled(logrus.DebugLevel), true, true) if err != nil { utils.InternalServerError(w, err) return diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index 2f7100e7e..59414e668 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -110,8 +110,7 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener } options = append(options, opts...) - // TODO: Enable syslog support - we'll need to put this in SpecGen. - exitCommandArgs, err := CreateExitCommandArgs(rt.StorageConfig(), rtc, false, s.Remove, false) + exitCommandArgs, err := CreateExitCommandArgs(rt.StorageConfig(), rtc, logrus.IsLevelEnabled(logrus.DebugLevel), s.Remove, false) if err != nil { return nil, err } diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go index 77b1353c4..03e840ab4 100644 --- a/pkg/specgen/specgen.go +++ b/pkg/specgen/specgen.go @@ -129,7 +129,7 @@ type ContainerBasicConfig struct { Sysctl map[string]string `json:"sysctl,omitempty"` // Remove indicates if the container should be removed once it has been started // and exits - Remove bool `json:"remove"` + Remove bool `json:"remove,omitempty"` } // ContainerStorageConfig contains information on the storage configuration of a -- cgit v1.2.3-54-g00ecf From 8bb986137b80aeb921de54ef820e3acce8032627 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 24 Jun 2020 11:05:39 -0400 Subject: Fix inspect to display multiple label: changes If the user runs a container like podman run --security-opt seccomp=unconfined --security-opt label=type:spc_t --security-opt label=level:s0 ... Podman inspect was only showing the second option This change will show "SecurityOpt": [ "label=type:spc_t,label=level:s0:c60", "seccomp=unconfined" ], Signed-off-by: Daniel J Walsh --- cmd/podman/common/specgen.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go index 26d18faf0..8c3b10a7c 100644 --- a/cmd/podman/common/specgen.go +++ b/cmd/podman/common/specgen.go @@ -520,7 +520,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string case "label": // TODO selinux opts and label opts are the same thing s.ContainerSecurityConfig.SelinuxOpts = append(s.ContainerSecurityConfig.SelinuxOpts, con[1]) - s.Annotations[define.InspectAnnotationLabel] = con[1] + s.Annotations[define.InspectAnnotationLabel] = strings.Join(s.ContainerSecurityConfig.SelinuxOpts, ",label=") case "apparmor": s.ContainerSecurityConfig.ApparmorProfile = con[1] s.Annotations[define.InspectAnnotationApparmor] = con[1] -- cgit v1.2.3-54-g00ecf From f7b16d0173a363c322b9bc0ded590d410339626f Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Thu, 25 Jun 2020 15:48:57 -0400 Subject: Update release notes with further v2.0.1 changes Signed-off-by: Matthew Heon --- RELEASE_NOTES.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index be9861518..44b64f977 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -5,6 +5,7 @@ - The `podman system connection` command was mistakenly omitted from the 2.0 release, and has been included here. - The `podman ps --format=json` command once again includes container's creation time in a human-readable format in the `CreatedAt` key. - The `podman inspect` commands on containers now displays forwarded ports in a format compatible with `docker inspect`. +- The `--log-level=debug` flag to `podman run` and `podman exec` will enable syslog for exit commands, ensuring that debug logs are collected for these otherwise-unlogged commands. ### Bugfixes - Fixed a bug where `podman build` did not properly handle the `--http-proxy` and `--cgroup-manager` flags. @@ -18,11 +19,19 @@ - Fixed a bug where SSH agent authentication support was not properly working in the `podman-remote` and `podman --remote` commands. - Fixed a bug where the `podman untag` command was not erroring when no matching image was found. - Fixed a bug where stop signal for containers was not being set properly if not explicitly provided. +- Fixed a bug where the `podman ps` command was not showing port mappings for containers which share a network namespace with another container (e.g. are part of a pod). +- Fixed a bug where the `--remote` flag could unintentionally be forwarded into containers when using `podman-remote`. +- Fixed a bug where unit files generated for pods by `podman generate systemd` would not allow individual containers to be restarted ([#6770](https://github.com/containers/libpod/issues/6770)). +- Fixed a bug where the `podman run` and `podman create` commands did not support all transports that `podman pull` does ([#6744](https://github.com/containers/libpod/issues/6744)). +- Fixed a bug where the `label` option to `--security-opt` would only be shown once in `podman inspect`, even if provided multiple times. ### API - Fixed a bug where network endpoint URLs in the compatability API were mistakenly suffixed with `/json`. - Fixed a bug where the Libpod volume creation endpoint returned 200 instead of 201 on success. +### Misc +- Updated containers/common to v0.14.3 + ## 2.0.0 ### Features - The REST API and `podman system service` are no longer experimental, and ready for use! -- cgit v1.2.3-54-g00ecf