From 178cccbf9eaab103460694c37f16e6e40773866a Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 28 Jan 2022 06:24:01 -0500 Subject: Fix use of infra image to clarify default Signed-off-by: Daniel J Walsh --- cmd/podman/pods/create.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'cmd') diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go index 5d8a5aeab..4b32e7bb7 100644 --- a/cmd/podman/pods/create.go +++ b/cmd/podman/pods/create.go @@ -75,7 +75,7 @@ func init() { if !registry.IsRemote() { defInfraImage = containerConfig.Engine.InfraImage } - flags.StringVar(&infraImage, infraImageFlagName, defInfraImage, "The image of the infra container to associate with the pod") + flags.StringVar(&infraImage, infraImageFlagName, defInfraImage, "Image to use to override builtin infra container") _ = createCommand.RegisterFlagCompletionFunc(infraImageFlagName, common.AutocompleteImages) podIDFileFlagName := "pod-id-file" -- cgit v1.2.3-54-g00ecf From 8f3f0710ff0aeda0d590cd8f74453f3a085e5e15 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 31 Jan 2022 09:58:15 -0500 Subject: Only change network fields if they were actually changed by the user Fixes: https://github.com/containers/podman/issues/13065 Signed-off-by: Daniel J Walsh --- cmd/podman/common/netflags.go | 110 ++++++++++++++++++++++------------------ test/system/500-networking.bats | 21 ++++++++ 2 files changed, 82 insertions(+), 49 deletions(-) (limited to 'cmd') diff --git a/cmd/podman/common/netflags.go b/cmd/podman/common/netflags.go index 255996ac3..cfe4956b0 100644 --- a/cmd/podman/common/netflags.go +++ b/cmd/podman/common/netflags.go @@ -103,74 +103,86 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet) (*enti opts = &entities.NetOptions{} } - opts.AddHosts, err = flags.GetStringSlice("add-host") - if err != nil { - return nil, err - } - // Verify the additional hosts are in correct format - for _, host := range opts.AddHosts { - if _, err := parse.ValidateExtraHost(host); err != nil { + if flags.Changed("add-hosts") { + opts.AddHosts, err = flags.GetStringSlice("add-host") + if err != nil { return nil, err } + // Verify the additional hosts are in correct format + for _, host := range opts.AddHosts { + if _, err := parse.ValidateExtraHost(host); err != nil { + return nil, err + } + } } - servers, err := flags.GetStringSlice("dns") - if err != nil { - return nil, err - } - for _, d := range servers { - if d == "none" { - opts.UseImageResolvConf = true - if len(servers) > 1 { - return nil, errors.Errorf("%s is not allowed to be specified with other DNS ip addresses", d) - } - break + if flags.Changed("dns") { + servers, err := flags.GetStringSlice("dns") + if err != nil { + return nil, err } - dns := net.ParseIP(d) - if dns == nil { - return nil, errors.Errorf("%s is not an ip address", d) + for _, d := range servers { + if d == "none" { + opts.UseImageResolvConf = true + if len(servers) > 1 { + return nil, errors.Errorf("%s is not allowed to be specified with other DNS ip addresses", d) + } + break + } + dns := net.ParseIP(d) + if dns == nil { + return nil, errors.Errorf("%s is not an ip address", d) + } + opts.DNSServers = append(opts.DNSServers, dns) } - opts.DNSServers = append(opts.DNSServers, dns) } - options, err := flags.GetStringSlice("dns-opt") - if err != nil { - return nil, err + if flags.Changed("dns-opt") { + options, err := flags.GetStringSlice("dns-opt") + if err != nil { + return nil, err + } + opts.DNSOptions = options } - opts.DNSOptions = options - dnsSearches, err := flags.GetStringSlice("dns-search") - if err != nil { - return nil, err - } - // Validate domains are good - for _, dom := range dnsSearches { - if dom == "." { - if len(dnsSearches) > 1 { - return nil, errors.Errorf("cannot pass additional search domains when also specifying '.'") - } - continue - } - if _, err := parse.ValidateDomain(dom); err != nil { + if flags.Changed("dns-search") { + dnsSearches, err := flags.GetStringSlice("dns-search") + if err != nil { return nil, err } + // Validate domains are good + for _, dom := range dnsSearches { + if dom == "." { + if len(dnsSearches) > 1 { + return nil, errors.Errorf("cannot pass additional search domains when also specifying '.'") + } + continue + } + if _, err := parse.ValidateDomain(dom); err != nil { + return nil, err + } + } + opts.DNSSearch = dnsSearches } - opts.DNSSearch = dnsSearches - inputPorts, err := flags.GetStringSlice("publish") - if err != nil { - return nil, err - } - if len(inputPorts) > 0 { - opts.PublishPorts, err = specgenutil.CreatePortBindings(inputPorts) + if flags.Changed("publish") { + inputPorts, err := flags.GetStringSlice("publish") if err != nil { return nil, err } + if len(inputPorts) > 0 { + opts.PublishPorts, err = specgenutil.CreatePortBindings(inputPorts) + if err != nil { + return nil, err + } + } } - opts.NoHosts, err = flags.GetBool("no-hosts") - if err != nil { - return nil, err + if flags.Changed("no-host") { + opts.NoHosts, err = flags.GetBool("no-hosts") + if err != nil { + return nil, err + } } // parse the network only when network was changed diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 5a721c965..9f70c1c6c 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -589,4 +589,25 @@ load helpers run_podman network rm -t 0 -f $netname } +@test "podman run CONTAINERS_CONF dns options" { + skip_if_remote "CONTAINERS_CONF redirect does not work on remote" + # Test on the CLI and via containers.conf + containersconf=$PODMAN_TMPDIR/containers.conf + + searchIP="100.100.100.100" + cat >$containersconf < Date: Wed, 2 Feb 2022 18:17:23 +0100 Subject: system prune: remove all networks podman system prune should also remove all networks. When we want to users to migrate to the new network stack we recommend to run podman system reset. However this did not remove networks and if there were still networks around we would continue to use cni since this was considered an old system. There is one exception for the default network. It should not be removed since this could cause other issues when it no longer exists. The network backend detection logic ignores the default network so this is fine. Signed-off-by: Paul Holzinger --- cmd/podman/system/reset.go | 6 +++--- docs/source/markdown/podman-system-reset.1.md | 13 ++++++++++++- libpod/reset.go | 17 +++++++++++++++++ test/e2e/system_reset_test.go | 18 ++++++++++++++---- 4 files changed, 46 insertions(+), 8 deletions(-) (limited to 'cmd') diff --git a/cmd/podman/system/reset.go b/cmd/podman/system/reset.go index 85ee8557a..07904faaa 100644 --- a/cmd/podman/system/reset.go +++ b/cmd/podman/system/reset.go @@ -21,7 +21,7 @@ import ( var ( systemResetDescription = `Reset podman storage back to default state" - All containers will be stopped and removed, and all images, volumes and container content will be removed. + All containers will be stopped and removed, and all images, volumes, networks and container content will be removed. ` systemResetCommand = &cobra.Command{ Annotations: map[string]string{registry.EngineMode: registry.ABIMode}, @@ -55,11 +55,11 @@ func reset(cmd *cobra.Command, args []string) { // Prompt for confirmation if --force is not set if !forceFlag { reader := bufio.NewReader(os.Stdin) - fmt.Println(` -WARNING! This will remove: + fmt.Println(`WARNING! This will remove: - all containers - all pods - all images + - all networks - all build cache`) if len(listCtn) > 0 { fmt.Println(`WARNING! The following external containers will be purged:`) diff --git a/docs/source/markdown/podman-system-reset.1.md b/docs/source/markdown/podman-system-reset.1.md index 90bcb5f53..c463481e6 100644 --- a/docs/source/markdown/podman-system-reset.1.md +++ b/docs/source/markdown/podman-system-reset.1.md @@ -7,7 +7,7 @@ podman\-system\-reset - Reset storage back to initial state **podman system reset** [*options*] ## DESCRIPTION -**podman system reset** removes all pods, containers, images and volumes. +**podman system reset** removes all pods, containers, images, networks and volumes. This command must be run **before** changing any of the following fields in the `containers.conf` or `storage.conf` files: `driver`, `static_dir`, `tmp_dir` @@ -28,6 +28,17 @@ Print usage statement ## EXAMPLES +``` +$ podman system reset +WARNING! This will remove: + - all containers + - all pods + - all images + - all networks + - all build cache +Are you sure you want to continue? [y/N] y +``` + ### Switching rootless user from VFS driver to overlay with fuse-overlayfs If the user ran rootless containers without having the `fuse-overlayfs` program diff --git a/libpod/reset.go b/libpod/reset.go index 2b2b586bc..28d0ee3f6 100644 --- a/libpod/reset.go +++ b/libpod/reset.go @@ -7,6 +7,7 @@ import ( "path/filepath" "github.com/containers/common/libimage" + "github.com/containers/common/libnetwork/types" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/errorhandling" "github.com/containers/podman/v4/pkg/rootless" @@ -70,6 +71,22 @@ func (r *Runtime) Reset(ctx context.Context) error { } } + // remove all networks + nets, err := r.network.NetworkList() + if err != nil { + return err + } + for _, net := range nets { + // do not delete the default network + if net.Name == r.network.DefaultNetworkName() { + continue + } + // ignore not exists errors because of the TOCTOU problem + if err := r.network.NetworkRemove(net.Name); err != nil && !errors.Is(err, types.ErrNoSuchNetwork) { + logrus.Errorf("Removing network %s: %v", net.Name, err) + } + } + xdgRuntimeDir := filepath.Clean(os.Getenv("XDG_RUNTIME_DIR")) _, prevError := r.store.Shutdown(true) graphRoot := filepath.Clean(r.store.GraphRoot()) diff --git a/test/e2e/system_reset_test.go b/test/e2e/system_reset_test.go index 641f98c38..f413ce147 100644 --- a/test/e2e/system_reset_test.go +++ b/test/e2e/system_reset_test.go @@ -38,6 +38,10 @@ var _ = Describe("podman system reset", func() { SkipIfRemote("system reset not supported on podman --remote") // system reset will not remove additional store images, so need to grab length + // change the network dir so that we do not conflict with other tests + // that would use the same network dir and cause unnecessary flakes + podmanTest.NetworkConfigDir = tempdir + session := podmanTest.Podman([]string{"rmi", "--force", "--all"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) @@ -56,16 +60,16 @@ var _ = Describe("podman system reset", func() { session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) + session = podmanTest.Podman([]string{"network", "create"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + session = podmanTest.Podman([]string{"system", "reset", "-f"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) Expect(session.ErrorToString()).To(Not(ContainSubstring("Failed to add pause process"))) - // If remote then the API service should have exited - // On local tests this is a noop - podmanTest.StartRemoteService() - session = podmanTest.Podman([]string{"images", "-n"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) @@ -80,5 +84,11 @@ var _ = Describe("podman system reset", func() { session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) Expect(session.OutputToStringArray()).To(BeEmpty()) + + session = podmanTest.Podman([]string{"network", "ls", "-q"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + // default network should exists + Expect(session.OutputToStringArray()).To(HaveLen(1)) }) }) -- cgit v1.2.3-54-g00ecf From 6d747dca22c8a232273be468304d59c6fe802d5d Mon Sep 17 00:00:00 2001 From: cdoern Date: Wed, 26 Jan 2022 23:40:42 -0500 Subject: podman image scp syntax correction [NO NEW TESTS NEEDED] image scp was reading the localhost syntax too loosely causing some errors with domains or hosts containing the word localhost. Fixed that and added a few lines to make sure the pure localhost connections do not touch sshd resolves #13021 Signed-off-by: cdoern --- cmd/podman/images/scp.go | 11 +++++++++++ cmd/podman/images/scp_utils.go | 3 ++- 2 files changed, 13 insertions(+), 1 deletion(-) (limited to 'cmd') diff --git a/cmd/podman/images/scp.go b/cmd/podman/images/scp.go index 81dcda123..d07a5d99d 100644 --- a/cmd/podman/images/scp.go +++ b/cmd/podman/images/scp.go @@ -146,6 +146,17 @@ func scp(cmd *cobra.Command, args []string) (finalErr error) { return err } + allLocal := true // if we are all localhost, do not validate connections but if we are using one localhost and one non we need to use sshd + for _, val := range cliConnections { + if !strings.Contains(val, "@localhost::") { + allLocal = false + break + } + } + if allLocal { + cliConnections = []string{} + } + var serv map[string]config.Destination serv, err = GetServiceInformation(cliConnections, cfg) if err != nil { diff --git a/cmd/podman/images/scp_utils.go b/cmd/podman/images/scp_utils.go index c488616c9..a85687a42 100644 --- a/cmd/podman/images/scp_utils.go +++ b/cmd/podman/images/scp_utils.go @@ -17,12 +17,13 @@ func parseImageSCPArg(arg string) (*entities.ImageScpOptions, []string, error) { cliConnections := []string{} switch { - case strings.Contains(arg, "@localhost"): // image transfer between users + case strings.Contains(arg, "@localhost::"): // image transfer between users location.User = strings.Split(arg, "@")[0] location, err = validateImagePortion(location, arg) if err != nil { return nil, nil, err } + cliConnections = append(cliConnections, arg) case strings.Contains(arg, "::"): location, err = validateImagePortion(location, arg) if err != nil { -- cgit v1.2.3-54-g00ecf From 48f10e1d0d5873c7baa0613156294307f8c9942d Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 1 Feb 2022 15:58:27 -0500 Subject: Move each search dns to its own line Alpine does not seem to use search correctly when there are multiple search domains on the same line. It only uses the first with the advent. When podman runs within a separate network we are appending on dns.podman as a search, if you add a search domain, then this causes the local search on network to fail. Signed-off-by: Daniel J Walsh --- cmd/podman/common/netflags.go | 10 ++++------ pkg/resolvconf/resolvconf.go | 8 +++----- test/system/500-networking.bats | 7 ++++++- 3 files changed, 13 insertions(+), 12 deletions(-) (limited to 'cmd') diff --git a/cmd/podman/common/netflags.go b/cmd/podman/common/netflags.go index cfe4956b0..9dfe81d62 100644 --- a/cmd/podman/common/netflags.go +++ b/cmd/podman/common/netflags.go @@ -103,7 +103,7 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet) (*enti opts = &entities.NetOptions{} } - if flags.Changed("add-hosts") { + if flags.Changed("add-host") { opts.AddHosts, err = flags.GetStringSlice("add-host") if err != nil { return nil, err @@ -178,11 +178,9 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet) (*enti } } - if flags.Changed("no-host") { - opts.NoHosts, err = flags.GetBool("no-hosts") - if err != nil { - return nil, err - } + opts.NoHosts, err = flags.GetBool("no-hosts") + if err != nil { + return nil, err } // parse the network only when network was changed diff --git a/pkg/resolvconf/resolvconf.go b/pkg/resolvconf/resolvconf.go index f23cd61b0..d7505e049 100644 --- a/pkg/resolvconf/resolvconf.go +++ b/pkg/resolvconf/resolvconf.go @@ -221,11 +221,9 @@ func GetOptions(resolvConf []byte) []string { // dnsSearch, and an "options" entry for every element in dnsOptions. func Build(path string, dns, dnsSearch, dnsOptions []string) (*File, error) { content := bytes.NewBuffer(nil) - if len(dnsSearch) > 0 { - if searchString := strings.Join(dnsSearch, " "); strings.Trim(searchString, " ") != "." { - if _, err := content.WriteString("search " + searchString + "\n"); err != nil { - return nil, err - } + for _, search := range dnsSearch { + if _, err := content.WriteString("search " + search + "\n"); err != nil { + return nil, err } } for _, dns := range dns { diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 9f70c1c6c..e54b8d26a 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -597,7 +597,7 @@ load helpers searchIP="100.100.100.100" cat >$containersconf <