From c8fd65ea6aa8f8e252a52b1c2cc32dae2a9434d5 Mon Sep 17 00:00:00 2001 From: Matej Vasek Date: Thu, 16 Sep 2021 00:36:13 +0200 Subject: fix inverted condition [NO TESTS NEEDED] Signed-off-by: Matej Vasek --- pkg/api/handlers/compat/images_push.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/api/handlers/compat/images_push.go b/pkg/api/handlers/compat/images_push.go index 07ff76819..8b6d3d56a 100644 --- a/pkg/api/handlers/compat/images_push.go +++ b/pkg/api/handlers/compat/images_push.go @@ -152,7 +152,7 @@ loop: // break out of for/select infinite loop case err := <-pushErrChan: if err != nil { var msg string - if errors.Cause(err) != storage.ErrImageUnknown { + if errors.Is(err, storage.ErrImageUnknown) { msg = "An image does not exist locally with the tag: " + imageName } else { msg = err.Error() -- cgit v1.2.3-54-g00ecf From 1a25a90a4ec01fb254b617a8350683cbf28c6ca5 Mon Sep 17 00:00:00 2001 From: Matej Vasek Date: Wed, 15 Sep 2021 19:12:31 +0200 Subject: Fix /auth compat endpoint Signed-off-by: Matej Vasek --- pkg/api/handlers/compat/auth.go | 16 +++++++++++++--- test/apiv2/60-auth.at | 9 +++++++-- 2 files changed, 20 insertions(+), 5 deletions(-) (limited to 'pkg') diff --git a/pkg/api/handlers/compat/auth.go b/pkg/api/handlers/compat/auth.go index 2244adc3d..cf53e060c 100644 --- a/pkg/api/handlers/compat/auth.go +++ b/pkg/api/handlers/compat/auth.go @@ -50,9 +50,19 @@ func Auth(w http.ResponseWriter, r *http.Request) { Status: "Login Succeeded", }) } else { - utils.WriteResponse(w, http.StatusBadRequest, entities.AuthReport{ - IdentityToken: "", - Status: "login attempt to " + authConfig.ServerAddress + " failed with status: " + err.Error(), + var msg string + + var unauthErr DockerClient.ErrUnauthorizedForCredentials + if errors.As(err, &unauthErr) { + msg = "401 Unauthorized" + } else { + msg = err.Error() + } + + utils.WriteResponse(w, http.StatusInternalServerError, struct { + Message string `json:"message"` + }{ + Message: "login attempt to " + authConfig.ServerAddress + " failed with status: " + msg, }) } } diff --git a/test/apiv2/60-auth.at b/test/apiv2/60-auth.at index cfde519c1..1e087d12b 100644 --- a/test/apiv2/60-auth.at +++ b/test/apiv2/60-auth.at @@ -5,10 +5,15 @@ start_registry +# Test unreachable +t POST /v1.40/auth username=$REGISTRY_USERNAME password=WrOnGPassWord serveraddress=does.not.exist.io:1234/ \ + 500 \ + .message~'.*no such host.*' + # Test with wrong password. Confirm bad status and appropriate error message t POST /v1.40/auth username=$REGISTRY_USERNAME password=WrOnGPassWord serveraddress=localhost:$REGISTRY_PORT/ \ - 400 \ - .Status~'.* invalid username/password' + 500 \ + .message~'.* 401 Unauthorized' # Test with the right password. Confirm status message t POST /v1.40/auth username=$REGISTRY_USERNAME password=$REGISTRY_PASSWORD serveraddress=localhost:$REGISTRY_PORT/ \ -- cgit v1.2.3-54-g00ecf From d27fcbdc21a4c5fc201997068f871cf1e91561a1 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Wed, 15 Sep 2021 15:36:00 +0200 Subject: container runlabel remove image tag from name When no name is given for podman container runlabel it will default to the image base name. However this can contain a tag. Since podman does not accept container names with a colon the run command will fail if it contains something like `podman run --name NAME ...`. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2004263 Signed-off-by: Paul Holzinger --- pkg/domain/infra/abi/containers_runlabel.go | 3 +++ test/e2e/runlabel_test.go | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+) (limited to 'pkg') diff --git a/pkg/domain/infra/abi/containers_runlabel.go b/pkg/domain/infra/abi/containers_runlabel.go index d448627dc..435baa8c8 100644 --- a/pkg/domain/infra/abi/containers_runlabel.go +++ b/pkg/domain/infra/abi/containers_runlabel.go @@ -133,6 +133,9 @@ func generateRunlabelCommand(runlabel string, img *libimage.Image, inputName str } splitImageName := strings.Split(normalize, "/") name = splitImageName[len(splitImageName)-1] + // make sure to remove the tag from the image name, otherwise the name cannot + // be used as container name because a colon is an illegal character + name = strings.SplitN(name, ":", 2)[0] } // Append the user-specified arguments to the runlabel (command). diff --git a/test/e2e/runlabel_test.go b/test/e2e/runlabel_test.go index e67b6cba1..656eaaceb 100644 --- a/test/e2e/runlabel_test.go +++ b/test/e2e/runlabel_test.go @@ -22,6 +22,10 @@ var GlobalDockerfile = fmt.Sprintf(` FROM %s LABEL RUN echo \$GLOBAL_OPTS`, ALPINE) +var PodmanRunlabelNameDockerfile = fmt.Sprintf(` +FROM %s +LABEL RUN podman run --name NAME IMAGE`, ALPINE) + var _ = Describe("podman container runlabel", func() { var ( tempdir string @@ -128,4 +132,18 @@ var _ = Describe("podman container runlabel", func() { result.WaitWithDefaultTimeout() Expect(result).Should(Exit(0)) }) + + It("podman container runlabel name removes tag from image", func() { + image := "podman-runlabel-name:sometag" + podmanTest.BuildImage(PodmanRunlabelNameDockerfile, image, "false") + + result := podmanTest.Podman([]string{"container", "runlabel", "--display", "RUN", image}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(Equal("command: " + podmanTest.PodmanBinary + " run --name podman-runlabel-name localhost/" + image)) + + result = podmanTest.Podman([]string{"rmi", image}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + }) }) -- cgit v1.2.3-54-g00ecf From 7bfe9ca3daec52cc5599688db8db121060b17623 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Mon, 20 Sep 2021 12:50:16 +0200 Subject: remote untag: support digests Fix a bug when remotely untagging an image via tag@digest. The digest has been lost in the remote client and hence led to a wrong behaviour on the server. Fixes: #11557 Signed-off-by: Valentin Rothberg --- pkg/domain/infra/tunnel/images.go | 3 +++ test/system/001-basic.bats | 3 +++ 2 files changed, 6 insertions(+) (limited to 'pkg') diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go index db4e14aba..9a746d68c 100644 --- a/pkg/domain/infra/tunnel/images.go +++ b/pkg/domain/infra/tunnel/images.go @@ -165,6 +165,9 @@ func (ir *ImageEngine) Untag(ctx context.Context, nameOrID string, tags []string if t, ok := ref.(reference.Tagged); ok { tag = t.Tag() } + if t, ok := ref.(reference.Digested); ok { + tag += "@" + t.Digest().String() + } if r, ok := ref.(reference.Named); ok { repo = r.Name() } diff --git a/test/system/001-basic.bats b/test/system/001-basic.bats index 963c89281..888c075b8 100644 --- a/test/system/001-basic.bats +++ b/test/system/001-basic.bats @@ -57,6 +57,9 @@ function setup() { # Now untag the digest reference again. run_podman untag $IMAGE $IMAGE@$digest + + # Make sure the original image is still present (#11557). + run_podman image exists $IMAGE } # PR #7212: allow --remote anywhere before subcommand, not just as 1st flag -- cgit v1.2.3-54-g00ecf From 863ea75c4f29add42bfff517974c8b4f36925334 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 20 Sep 2021 13:43:30 +0200 Subject: compat API: /images/json prefix image id with sha256 Docker adds the `sha256:` prefix to the image ID, so our compat endpoint has to do this as well. Fixes #11623 Signed-off-by: Paul Holzinger --- pkg/api/handlers/types.go | 3 ++- test/apiv2/python/rest_api/test_v2_0_0_image.py | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/api/handlers/types.go b/pkg/api/handlers/types.go index b82c586ea..fedab3bb3 100644 --- a/pkg/api/handlers/types.go +++ b/pkg/api/handlers/types.go @@ -183,7 +183,8 @@ func ImageToImageSummary(l *libimage.Image) (*entities.ImageSummary, error) { } is := entities.ImageSummary{ - ID: l.ID(), + // docker adds sha256: in front of the ID + ID: "sha256:" + l.ID(), ParentId: imageData.Parent, RepoTags: imageData.RepoTags, RepoDigests: imageData.RepoDigests, diff --git a/test/apiv2/python/rest_api/test_v2_0_0_image.py b/test/apiv2/python/rest_api/test_v2_0_0_image.py index bcacaa935..58d03b149 100644 --- a/test/apiv2/python/rest_api/test_v2_0_0_image.py +++ b/test/apiv2/python/rest_api/test_v2_0_0_image.py @@ -32,6 +32,9 @@ class ImageTestCase(APITestCase): for k in required_keys: self.assertIn(k, item) + # Id should be prefixed with sha256: (#11645) + self.assertIn("sha256:",item['Id']) + def test_inspect(self): r = requests.get(self.podman_url + "/v1.40/images/alpine/json") self.assertEqual(r.status_code, 200, r.text) @@ -59,6 +62,8 @@ class ImageTestCase(APITestCase): for item in required_keys: self.assertIn(item, image) _ = parse(image["Created"]) + # Id should be prefixed with sha256: (#11645) + self.assertIn("sha256:",image['Id']) def test_delete(self): r = requests.delete(self.podman_url + "/v1.40/images/alpine?force=true") -- cgit v1.2.3-54-g00ecf From a98e0371ee81e2364e5307499d9fda700fa9e974 Mon Sep 17 00:00:00 2001 From: Brent Baude Date: Mon, 20 Sep 2021 12:44:14 -0500 Subject: Remove references to kube being development At this point and even though we are always improving the play and generate kube functions, I would say it no longers needs to be denoted as under development. [NO TESTS NEEDED] Signed-off-by: Brent Baude --- docs/source/markdown/podman-generate-kube.1.md | 8 -------- pkg/domain/infra/abi/generate.go | 4 +--- 2 files changed, 1 insertion(+), 11 deletions(-) (limited to 'pkg') diff --git a/docs/source/markdown/podman-generate-kube.1.md b/docs/source/markdown/podman-generate-kube.1.md index 2e9f68bf3..9ae3941ec 100644 --- a/docs/source/markdown/podman-generate-kube.1.md +++ b/docs/source/markdown/podman-generate-kube.1.md @@ -37,8 +37,6 @@ random port is assigned by Podman in the specification. Create Kubernetes Pod YAML for a container called `some-mariadb`. ``` $ sudo podman generate kube some-mariadb -# Generation of Kubernetes YAML is still under development! -# # Save the output of this file and use kubectl create -f to import # it into Kubernetes. # @@ -93,8 +91,6 @@ status: {} Create Kubernetes Pod YAML for a container with the directory `/home/user/my-data` on the host bind-mounted in the container to `/volume`. ``` $ podman generate kube my-container-with-bind-mounted-data -# Generation of Kubernetes YAML is still under development! -# # Save the output of this file and use kubectl create -f to import # it into Kubernetes. # @@ -147,8 +143,6 @@ status: {} Create Kubernetes Pod YAML for a container with the named volume `priceless-data` mounted in the container at `/volume`. ``` $ podman generate kube my-container-using-priceless-data -# Generation of Kubernetes YAML is still under development! -# # Save the output of this file and use kubectl create -f to import # it into Kubernetes. # @@ -200,8 +194,6 @@ status: {} Create Kubernetes Pod YAML for a pod called `demoweb` and include a service. ``` $ sudo podman generate kube -s demoweb -# Generation of Kubernetes YAML is still under development! -# # Save the output of this file and use kubectl create -f to import # it into Kubernetes. # diff --git a/pkg/domain/infra/abi/generate.go b/pkg/domain/infra/abi/generate.go index 2d7bc15f5..1e614ce58 100644 --- a/pkg/domain/infra/abi/generate.go +++ b/pkg/domain/infra/abi/generate.go @@ -210,9 +210,7 @@ func generateKubeYAML(kubeKind interface{}) ([]byte, error) { func generateKubeOutput(content [][]byte) ([]byte, error) { output := make([]byte, 0) - header := `# Generation of Kubernetes YAML is still under development! -# -# Save the output of this file and use kubectl create -f to import + header := `# Save the output of this file and use kubectl create -f to import # it into Kubernetes. # # Created with podman-%s -- cgit v1.2.3-54-g00ecf From d45cbbda3445d204588723c03609ff2641a70781 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Tue, 21 Sep 2021 14:24:23 -0400 Subject: Add a backoff and retries to retrieving exited event There's a potential race around extremely short-running containers and events with journald. Events may not be written for some time (small, but appreciable) after they are received, and as such we can fail to retrieve it if there is a sufficiently short time between us writing the event and trying to read it. Work around this by just retrying, with a 0.25 second delay between retries, up to 4 times. [NO TESTS NEEDED] because I have no idea how to reproduce this race in CI. Fixes #11633 Signed-off-by: Matthew Heon --- pkg/domain/infra/abi/containers.go | 55 +++++++++++++++++--------------------- 1 file changed, 25 insertions(+), 30 deletions(-) (limited to 'pkg') diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go index dc5f7a0df..affed64d1 100644 --- a/pkg/domain/infra/abi/containers.go +++ b/pkg/domain/infra/abi/containers.go @@ -830,21 +830,7 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri } return reports, errors.Wrapf(err, "unable to start container %s", ctr.ID()) } - - if ecode, err := ctr.Wait(ctx); err != nil { - if errors.Cause(err) == define.ErrNoSuchCtr { - // Check events - event, err := ic.Libpod.GetLastContainerEvent(ctx, ctr.ID(), events.Exited) - if err != nil { - logrus.Errorf("Cannot get exit code: %v", err) - exitCode = define.ExecErrorCodeNotFound - } else { - exitCode = event.ContainerExitCode - } - } - } else { - exitCode = int(ecode) - } + exitCode = ic.GetContainerExitCode(ctx, ctr) reports = append(reports, &entities.ContainerStartReport{ Id: ctr.ID(), RawInput: rawInput, @@ -985,21 +971,7 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta report.ExitCode = define.ExitCode(err) return &report, err } - - if ecode, err := ctr.Wait(ctx); err != nil { - if errors.Cause(err) == define.ErrNoSuchCtr { - // Check events - event, err := ic.Libpod.GetLastContainerEvent(ctx, ctr.ID(), events.Exited) - if err != nil { - logrus.Errorf("Cannot get exit code: %v", err) - report.ExitCode = define.ExecErrorCodeNotFound - } else { - report.ExitCode = event.ContainerExitCode - } - } - } else { - report.ExitCode = int(ecode) - } + report.ExitCode = ic.GetContainerExitCode(ctx, ctr) if opts.Rm && !ctr.ShouldRestart(ctx) { if err := ic.Libpod.RemoveContainer(ctx, ctr, false, true); err != nil { if errors.Cause(err) == define.ErrNoSuchCtr || @@ -1013,6 +985,29 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta return &report, nil } +func (ic *ContainerEngine) GetContainerExitCode(ctx context.Context, ctr *libpod.Container) int { + exitCode, err := ctr.Wait(ctx) + if err == nil { + return int(exitCode) + } + if errors.Cause(err) != define.ErrNoSuchCtr { + logrus.Errorf("Could not retrieve exit code: %v", err) + return define.ExecErrorCodeNotFound + } + // Make 4 attempt with 0.25s backoff between each for 1 second total + var event *events.Event + for i := 0; i < 4; i++ { + event, err = ic.Libpod.GetLastContainerEvent(ctx, ctr.ID(), events.Exited) + if err != nil { + time.Sleep(250 * time.Millisecond) + continue + } + return int(event.ContainerExitCode) + } + logrus.Errorf("Could not retrieve exit code from event: %v", err) + return define.ExecErrorCodeNotFound +} + func (ic *ContainerEngine) ContainerLogs(ctx context.Context, containers []string, options entities.ContainerLogsOptions) error { if options.StdoutWriter == nil && options.StderrWriter == nil { return errors.New("no io.Writer set for container logs") -- cgit v1.2.3-54-g00ecf From 72e19cf51e88cdbdc8431c242e4670323eac3379 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 21 Sep 2021 09:03:28 -0400 Subject: Generate kube should'd add podman default environment vars Currently we add the default PATH, TERM and container from Podman to every kubernetes.yaml file. These values should not be recorded in the yaml files. Signed-off-by: Daniel J Walsh Signed-off-by: Matthew Heon --- libpod/kube.go | 5 +++++ pkg/env/env.go | 5 +++-- test/e2e/play_kube_test.go | 24 ------------------------ 3 files changed, 8 insertions(+), 26 deletions(-) (limited to 'pkg') diff --git a/libpod/kube.go b/libpod/kube.go index 812bb101b..af3b0916e 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -10,6 +10,7 @@ import ( "time" "github.com/containers/podman/v3/libpod/define" + "github.com/containers/podman/v3/pkg/env" "github.com/containers/podman/v3/pkg/lookup" "github.com/containers/podman/v3/pkg/namespaces" "github.com/containers/podman/v3/pkg/specgen" @@ -570,12 +571,16 @@ func ocicniPortMappingToContainerPort(portMappings []ocicni.PortMapping) ([]v1.C // libpodEnvVarsToKubeEnvVars converts a key=value string slice to []v1.EnvVar func libpodEnvVarsToKubeEnvVars(envs []string) ([]v1.EnvVar, error) { + defaultEnv := env.DefaultEnvVariables() envVars := make([]v1.EnvVar, 0, len(envs)) for _, e := range envs { split := strings.SplitN(e, "=", 2) if len(split) != 2 { return envVars, errors.Errorf("environment variable %s is malformed; should be key=value", e) } + if defaultEnv[split[0]] == split[1] { + continue + } ev := v1.EnvVar{ Name: split[0], Value: split[1], diff --git a/pkg/env/env.go b/pkg/env/env.go index 0d55e5560..ecd2d62a5 100644 --- a/pkg/env/env.go +++ b/pkg/env/env.go @@ -17,8 +17,9 @@ const whiteSpaces = " \t" // DefaultEnvVariables returns a default environment, with $PATH and $TERM set. func DefaultEnvVariables() map[string]string { return map[string]string{ - "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "TERM": "xterm", + "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM": "xterm", + "container": "podman", } } diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index fcda89fbc..0d5b9d52c 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -63,12 +63,6 @@ spec: - -d - "1.5" env: - - name: PATH - value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - - name: TERM - value: xterm - - name: container - value: podman - name: HOSTNAME value: label-pod image: quay.io/libpod/alpine:latest @@ -171,12 +165,6 @@ spec: - -d - "1.5" env: - - name: PATH - value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - - name: TERM - value: xterm - - name: container - value: podman - name: HOSTNAME value: label-pod image: quay.io/libpod/alpine:latest @@ -287,13 +275,7 @@ spec: - {{.}} {{ end }} env: - - name: PATH - value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - - name: TERM - value: xterm - name: HOSTNAME - - name: container - value: podman {{ range .Env }} - name: {{ .Name }} {{ if (eq .ValueFrom "configmap") }} @@ -453,13 +435,7 @@ spec: - {{.}} {{ end }} env: - - name: PATH - value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - - name: TERM - value: xterm - name: HOSTNAME - - name: container - value: podman image: {{ .Image }} name: {{ .Name }} imagePullPolicy: {{ .PullPolicy }} -- cgit v1.2.3-54-g00ecf