From 3e77f960f65687dcb1d571ebe70278028c6de441 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 15 Sep 2021 10:41:52 -0400 Subject: Set default storage from containers.conf for temporary images Fixes: https://github.com/containers/podman/issues/11107 Signed-off-by: Daniel J Walsh --- cmd/podman/root.go | 6 +- contrib/tmpfile/podman.conf | 1 + docs/source/markdown/podman-info.1.md | 112 ++++++++++----------- go.mod | 2 +- go.sum | 3 +- libpod/define/info.go | 1 + libpod/info.go | 1 + test/e2e/containers_conf_test.go | 47 +++++++++ .../containers/common/pkg/config/config.go | 28 ++++++ .../containers/common/pkg/config/containers.conf | 18 +++- .../containers/common/pkg/config/default.go | 11 +- .../containers/common/version/version.go | 2 +- vendor/modules.txt | 2 +- 13 files changed, 162 insertions(+), 72 deletions(-) diff --git a/cmd/podman/root.go b/cmd/podman/root.go index c798e6634..02e6dcd27 100644 --- a/cmd/podman/root.go +++ b/cmd/podman/root.go @@ -174,7 +174,11 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error { } // Hard code TMPDIR functions to use /var/tmp, if user did not override if _, ok := os.LookupEnv("TMPDIR"); !ok { - os.Setenv("TMPDIR", "/var/tmp") + if tmpdir, err := cfg.ImageCopyTmpDir(); err != nil { + logrus.Warnf("failed to retrieve default tmp dir: %s", err.Error()) + } else { + os.Setenv("TMPDIR", tmpdir) + } } context := cmd.Root().LocalFlags().Lookup("context") diff --git a/contrib/tmpfile/podman.conf b/contrib/tmpfile/podman.conf index bd7dec5ce..729d1a549 100644 --- a/contrib/tmpfile/podman.conf +++ b/contrib/tmpfile/podman.conf @@ -3,5 +3,6 @@ x /tmp/podman-run-* x /tmp/containers-user-* x /tmp/run-*/libpod +D! /var/lib/containers/storage/tmp 0700 root root D! /run/podman 0700 root root D! /var/lib/cni/networks diff --git a/docs/source/markdown/podman-info.1.md b/docs/source/markdown/podman-info.1.md index 21ca35eef..4f873248d 100644 --- a/docs/source/markdown/podman-info.1.md +++ b/docs/source/markdown/podman-info.1.md @@ -31,7 +31,7 @@ Run podman info with plain text response: $ podman info host: arch: amd64 - buildahVersion: 1.22.3 + buildahVersion: 1.23.0 cgroupControllers: [] cgroupManager: systemd cgroupVersion: v2 @@ -64,7 +64,7 @@ host: kernel: 5.13.13-200.fc34.x86_64 linkmode: dynamic logDriver: journald - memFree: 1351262208 + memFree: 1833385984 memTotal: 16401895424 ociRuntime: name: crun @@ -95,9 +95,9 @@ host: libslirp: 4.4.0 SLIRP_CONFIG_VERSION_MAX: 3 libseccomp: 2.5.0 - swapFree: 16818888704 + swapFree: 15687475200 swapTotal: 16886259712 - uptime: 33h 57m 32.85s (Approximately 1.38 days) + uptime: 47h 15m 9.91s (Approximately 1.96 days) plugins: log: - k8s-file @@ -109,24 +109,18 @@ plugins: volume: - local registries: - localhost:5000: - Blocked: false - Insecure: true - Location: localhost:5000 - MirrorByDigestOnly: false - Mirrors: null - Prefix: localhost:5000 search: - registry.fedoraproject.org - registry.access.redhat.com - docker.io + - quay.io store: configFile: /home/dwalsh/.config/containers/storage.conf containerStore: - number: 2 + number: 9 paused: 0 running: 1 - stopped: 1 + stopped: 8 graphDriverName: overlay graphOptions: {} graphRoot: /home/dwalsh/.local/share/containers/storage @@ -135,26 +129,27 @@ store: Native Overlay Diff: "true" Supports d_type: "true" Using metacopy: "false" + imageCopyTmpDir: /home/dwalsh/.local/share/containers/storage/tmp imageStore: - number: 37 + number: 5 runRoot: /run/user/3267/containers volumePath: /home/dwalsh/.local/share/containers/storage/volumes version: - APIVersion: 3.3.1 - Built: 1631137208 - BuiltTime: Wed Sep 8 17:40:08 2021 - GitCommit: ab272d1e9bf4daac224fb230e0c9b5c56c4cab4d-dirty + APIVersion: 4.0.0 + Built: 1631648722 + BuiltTime: Tue Sep 14 15:45:22 2021 + GitCommit: 23677f92dd83e96d2bc8f0acb611865fb8b1a56d GoVersion: go1.16.6 OsArch: linux/amd64 - Version: 3.3.1 + Version: 4.0.0 ``` Run podman info with JSON formatted response: ``` -$ ./bin/podman info --format json +$ podman info --format json { "host": { "arch": "amd64", - "buildahVersion": "1.22.3", + "buildahVersion": "1.23.0", "cgroupManager": "systemd", "cgroupVersion": "v2", "cgroupControllers": [], @@ -172,33 +167,33 @@ $ ./bin/podman info --format json "hostname": "localhost.localdomain", "idMappings": { "gidmap": [ - { - "container_id": 0, - "host_id": 3267, - "size": 1 - }, - { - "container_id": 1, - "host_id": 100000, - "size": 65536 - } + { + "container_id": 0, + "host_id": 3267, + "size": 1 + }, + { + "container_id": 1, + "host_id": 100000, + "size": 65536 + } ], "uidmap": [ - { - "container_id": 0, - "host_id": 3267, - "size": 1 - }, - { - "container_id": 1, - "host_id": 100000, - "size": 65536 - } + { + "container_id": 0, + "host_id": 3267, + "size": 1 + }, + { + "container_id": 1, + "host_id": 100000, + "size": 65536 + } ] }, "kernel": "5.13.13-200.fc34.x86_64", "logDriver": "journald", - "memFree": 1274040320, + "memFree": 1785753600, "memTotal": 16401895424, "ociRuntime": { "name": "crun", @@ -224,21 +219,22 @@ $ ./bin/podman info --format json "package": "slirp4netns-1.1.12-2.fc34.x86_64", "version": "slirp4netns version 1.1.12\ncommit: 7a104a101aa3278a2152351a082a6df71f57c9a3\nlibslirp: 4.4.0\nSLIRP_CONFIG_VERSION_MAX: 3\nlibseccomp: 2.5.0" }, - "swapFree": 16818888704, + "swapFree": 15687475200, "swapTotal": 16886259712, - "uptime": "33h 59m 25.69s (Approximately 1.38 days)", + "uptime": "47h 17m 29.75s (Approximately 1.96 days)", "linkmode": "dynamic" }, "store": { "configFile": "/home/dwalsh/.config/containers/storage.conf", "containerStore": { - "number": 2, + "number": 9, "paused": 0, "running": 1, - "stopped": 1 + "stopped": 8 }, "graphDriverName": "overlay", "graphOptions": { + }, "graphRoot": "/home/dwalsh/.local/share/containers/storage", "graphStatus": { @@ -247,25 +243,19 @@ $ ./bin/podman info --format json "Supports d_type": "true", "Using metacopy": "false" }, + "imageCopyTmpDir": "/home/dwalsh/.local/share/containers/storage/tmp", "imageStore": { - "number": 37 + "number": 5 }, "runRoot": "/run/user/3267/containers", "volumePath": "/home/dwalsh/.local/share/containers/storage/volumes" }, "registries": { - "localhost:5000": { - "Prefix": "localhost:5000", - "Location": "localhost:5000", - "Insecure": true, - "Mirrors": null, - "Blocked": false, - "MirrorByDigestOnly": false -}, "search": [ "registry.fedoraproject.org", "registry.access.redhat.com", - "docker.io" + "docker.io", + "quay.io" ] }, "plugins": { @@ -283,12 +273,12 @@ $ ./bin/podman info --format json ] }, "version": { - "APIVersion": "3.3.1", - "Version": "3.3.1", + "APIVersion": "4.0.0", + "Version": "4.0.0", "GoVersion": "go1.16.6", - "GitCommit": "", - "BuiltTime": "Mon Aug 30 16:46:36 2021", - "Built": 1630356396, + "GitCommit": "23677f92dd83e96d2bc8f0acb611865fb8b1a56d", + "BuiltTime": "Tue Sep 14 15:45:22 2021", + "Built": 1631648722, "OsArch": "linux/amd64" } } diff --git a/go.mod b/go.mod index c498a33e9..9b2189d1f 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/containernetworking/cni v0.8.1 github.com/containernetworking/plugins v0.9.1 github.com/containers/buildah v1.23.0 - github.com/containers/common v0.44.0 + github.com/containers/common v0.44.1-0.20210914173811-fcaa2e0de285 github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.16.0 github.com/containers/ocicrypt v1.1.2 diff --git a/go.sum b/go.sum index d76abfdf7..57318a69d 100644 --- a/go.sum +++ b/go.sum @@ -246,8 +246,9 @@ github.com/containernetworking/plugins v0.9.1 h1:FD1tADPls2EEi3flPc2OegIY1M9pUa9 github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8= github.com/containers/buildah v1.23.0 h1:qGIeSNOczUHzvnaaOS29HSMiYAjw6JgIXYksAyvqnLs= github.com/containers/buildah v1.23.0/go.mod h1:K0iMKgy/MffkkgELBXhSXwTy2HTT6hM0X8qruDR1FwU= -github.com/containers/common v0.44.0 h1:YpjfOxmWrnVyxugYgiWV1Vo/Xg8JUfe32QZz3SAMfUk= github.com/containers/common v0.44.0/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo= +github.com/containers/common v0.44.1-0.20210914173811-fcaa2e0de285 h1:sXBzh8CcqR5cGGY9cM/AUIk58CJKHbyljVtFh8HYyLY= +github.com/containers/common v0.44.1-0.20210914173811-fcaa2e0de285/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.16.0 h1:WQcNSzb7+ngS2cfynx0vUwhk+scpgiKlldVcsF8GPbI= diff --git a/libpod/define/info.go b/libpod/define/info.go index f4aa0031c..61f2f4c75 100644 --- a/libpod/define/info.go +++ b/libpod/define/info.go @@ -108,6 +108,7 @@ type StoreInfo struct { GraphOptions map[string]interface{} `json:"graphOptions"` GraphRoot string `json:"graphRoot"` GraphStatus map[string]string `json:"graphStatus"` + ImageCopyTmpDir string `json:"imageCopyTmpDir"` ImageStore ImageStore `json:"imageStore"` RunRoot string `json:"runRoot"` VolumePath string `json:"volumePath"` diff --git a/libpod/info.go b/libpod/info.go index 2eba4bbff..7b60ee46f 100644 --- a/libpod/info.go +++ b/libpod/info.go @@ -288,6 +288,7 @@ func (r *Runtime) storeInfo() (*define.StoreInfo, error) { info := define.StoreInfo{ ImageStore: imageInfo, + ImageCopyTmpDir: os.Getenv("TMPDIR"), ContainerStore: conInfo, GraphRoot: r.store.GraphRoot(), RunRoot: r.store.RunRoot(), diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go index 08fc4e6cc..f5e85e723 100644 --- a/test/e2e/containers_conf_test.go +++ b/test/e2e/containers_conf_test.go @@ -397,4 +397,51 @@ var _ = Describe("Podman run", func() { Expect(session).Should(Exit(0)) Expect(session.OutputToString()).To(Equal(profile)) }) + + It("podman info image_copy_tmp_dir", func() { + session := podmanTest.Podman([]string{"info", "--format", "{{.Store.ImageCopyTmpDir}}"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).To(Equal("/var/tmp")) + + configPath := filepath.Join(podmanTest.TempDir, "containers.conf") + os.Setenv("CONTAINERS_CONF", configPath) + + containersConf := []byte(fmt.Sprintf("[engine]\nimage_copy_tmp_dir=\"/foobar\"")) + err = ioutil.WriteFile(configPath, containersConf, os.ModePerm) + Expect(err).To(BeNil()) + + if IsRemote() { + podmanTest.RestartRemoteService() + } + + session = podmanTest.Podman([]string{"info", "--format", "{{.Store.ImageCopyTmpDir}}"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).To(Equal("/foobar")) + + containersConf = []byte(fmt.Sprintf("[engine]\nimage_copy_tmp_dir=\"storage\"")) + err = ioutil.WriteFile(configPath, containersConf, os.ModePerm) + Expect(err).To(BeNil()) + if IsRemote() { + podmanTest.RestartRemoteService() + } + + session = podmanTest.Podman([]string{"info", "--format", "{{.Store.ImageCopyTmpDir}}"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.LineInOutputContains("containers/storage/tmp")).To(BeTrue()) + + containersConf = []byte(fmt.Sprintf("[engine]\nimage_copy_tmp_dir=\"storage1\"")) + err = ioutil.WriteFile(configPath, containersConf, os.ModePerm) + Expect(err).To(BeNil()) + if IsRemote() { + podmanTest.RestartRemoteService() + } + + session = podmanTest.Podman([]string{"info", "--format", "{{.Store.ImageCopyTmpDir}}"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.ErrorToString()).To(ContainSubstring("invalid image_copy_tmp_dir")) + }) }) diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go index 3a6ce8780..b982aa552 100644 --- a/vendor/github.com/containers/common/pkg/config/config.go +++ b/vendor/github.com/containers/common/pkg/config/config.go @@ -234,6 +234,9 @@ type EngineConfig struct { // EventsLogger determines where events should be logged. EventsLogger string `toml:"events_logger,omitempty"` + // graphRoot internal stores the location of the graphroot + graphRoot string + // HelperBinariesDir is a list of directories which are used to search for // helper binaries. HelperBinariesDir []string `toml:"helper_binaries_dir"` @@ -384,6 +387,12 @@ type EngineConfig struct { // before sending kill signal. StopTimeout uint `toml:"stop_timeout,omitempty"` + // ImageCopyTmpDir is the default location for storing temporary + // container image content, Can be overridden with the TMPDIR + // environment variable. If you specify "storage", then the + // location of the container/storage tmp directory will be used. + ImageCopyTmpDir string `toml:"image_copy_tmp_dir,omitempty"` + // TmpDir is the path to a temporary directory to store per-boot container // files. Must be stored in a tmpfs. TmpDir string `toml:"tmp_dir,omitempty"` @@ -1148,3 +1157,22 @@ func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error) } return "", errors.Errorf("could not find %q in one of %v", name, c.Engine.HelperBinariesDir) } + +// ImageCopyTmpDir default directory to store tempory image files during copy +func (c *Config) ImageCopyTmpDir() (string, error) { + if path, found := os.LookupEnv("TMPDIR"); found { + return path, nil + } + switch c.Engine.ImageCopyTmpDir { + case "": + return "", nil + case "storage": + return filepath.Join(c.Engine.graphRoot, "tmp"), nil + default: + if filepath.IsAbs(c.Engine.ImageCopyTmpDir) { + return c.Engine.ImageCopyTmpDir, nil + } + } + + return "", errors.Errorf("invalid image_copy_tmp_dir value %q (relative paths are not accepted)", c.Engine.ImageCopyTmpDir) +} diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index fc61ed709..dc38f8ec6 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -451,15 +451,20 @@ default_sysctls = [ # List of the OCI runtimes that support --format=json. When json is supported # engine will use it for reporting nicer errors. # -#runtime_supports_json = ["crun", "runc", "kata", "runsc"] +#runtime_supports_json = ["crun", "runc", "kata", "runsc", "krun"] # List of the OCI runtimes that supports running containers with KVM Separation. # -#runtime_supports_kvm = ["kata"] +#runtime_supports_kvm = ["kata", "krun"] # List of the OCI runtimes that supports running containers without cgroups. # -#runtime_supports_nocgroups = ["crun"] +#runtime_supports_nocgroups = ["crun", "krun"] + +# Default location for storing temporary container image content. Can be overridden with the TMPDIR environment +# variable. If you specify "storage", then the location of the +# container/storage tmp directory will be used. +# image_copy_tmp_dir="/var/tmp" # Directory for persistent engine files (database, etc) # By default, this will be configured relative to where the containers/storage @@ -498,7 +503,7 @@ default_sysctls = [ # #volume_path = "/var/lib/containers/storage/volumes" -# Paths to look for a valid OCI runtime (crun, runc, kata, runsc, etc) +# Paths to look for a valid OCI runtime (crun, runc, kata, runsc, krun, etc) [engine.runtimes] #crun = [ # "/usr/bin/crun", @@ -541,6 +546,11 @@ default_sysctls = [ # "/run/current-system/sw/bin/runsc", #] +#krun = [ +# "/usr/bin/krun", +# "/usr/local/bin/krun", +#] + [engine.volume_plugins] #testplugin = "/run/podman/plugins/test.sock" diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index db5ba6936..5ce73bd2a 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -244,6 +244,8 @@ func defaultConfigFromMemory() (*EngineConfig, error) { logrus.Warnf("Storage configuration is unset - using hardcoded default graph root %q", _defaultGraphRoot) storeOpts.GraphRoot = _defaultGraphRoot } + c.graphRoot = storeOpts.GraphRoot + c.ImageCopyTmpDir = "/var/tmp" c.StaticDir = filepath.Join(storeOpts.GraphRoot, "libpod") c.VolumePath = filepath.Join(storeOpts.GraphRoot, "volumes") @@ -297,6 +299,10 @@ func defaultConfigFromMemory() (*EngineConfig, error) { "/sbin/runsc", "/run/current-system/sw/bin/runsc", }, + "krun": { + "/usr/bin/krun", + "/usr/local/bin/krun", + }, } // Needs to be called after populating c.OCIRuntimes c.OCIRuntime = c.findRuntime() @@ -320,9 +326,10 @@ func defaultConfigFromMemory() (*EngineConfig, error) { "runc", "kata", "runsc", + "krun", } - c.RuntimeSupportsNoCgroups = []string{"crun"} - c.RuntimeSupportsKVM = []string{"kata", "kata-runtime", "kata-qemu", "kata-fc"} + c.RuntimeSupportsNoCgroups = []string{"crun", "krun"} + c.RuntimeSupportsKVM = []string{"kata", "kata-runtime", "kata-qemu", "kata-fc", "krun"} c.InitPath = DefaultInitPath c.NoPivotRoot = false diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go index f248f0c7a..ba4dda5e6 100644 --- a/vendor/github.com/containers/common/version/version.go +++ b/vendor/github.com/containers/common/version/version.go @@ -1,4 +1,4 @@ package version // Version is the version of the build. -const Version = "0.44.0" +const Version = "0.44.1-dev" diff --git a/vendor/modules.txt b/vendor/modules.txt index 925ecca22..00f3dd743 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -99,7 +99,7 @@ github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.44.0 +# github.com/containers/common v0.44.1-0.20210914173811-fcaa2e0de285 github.com/containers/common/libimage github.com/containers/common/libimage/manifests github.com/containers/common/pkg/apparmor -- cgit v1.2.3-54-g00ecf