FFJSON has serialization differences versus stock Go - namely, it
does not respect the MarshalText() and UnmarshalText() methods,
particularly on []byte, which causes incompatability with
pre-FFJSON containers which contained DNS servers.
EasyJSON does not have these issues, and might even be slightly
faster.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1322
Approved by: mheon
I am often asked about the list of capabilities availabel to a container.
We should be listing this data in the inspect command for effective
capabilities and the bounding set.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1335
Approved by: TomSweeneyRedHat
Fixes to podman build for unknown image and ADD with url
when doing --layers.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1330
Approved by: mheon
As well as small style corrections, update pod_top_test to use CreatePod, and move handling of adding a container to the pod's namespace from container_internal_linux to libpod/option.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
This results in some functionality changes:
If a ErrCtrStateInvalid is returned to GetPodStats, the container is ommitted from the stats.
As such, if an empty slice of Container stats are returned to GetPodStats in varlink, an error will occur.
GetContainerStats will return the ErrCtrStateInvalid as well.
Finally, if ErrCtrStateInvalid is returned to the podman stats call, the container will be ommitted from the stats.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1319
Approved by: baude
Using the vendored changes from psgo, incorporate JoinNamespaceAndProcessInfoByPids to get process information for each pid namespace of running containers in the pod. Also added a man page, and tests.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1298
Approved by: mheon
Runc exec expects the --user flag to be formatted as UID:GID.
Use chrootuser code to translate whatever user is passed to exec
into this format.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1315
Approved by: vrothberg
This ensures that we can still use Podman even if a container or
pod with bad config JSON makes it into the state. We still can't
remove these containers, but at least we can do our best to make
things usable.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1294
Approved by: rhatdan
Do not set any hostname value in the OCI configuration when --uts=host
is used and the user didn't specify any value. This prevents an error
from the OCI runtime as it cannot set the hostname without a new UTS
namespace.
Differently, the HOSTNAME environment variable is always set. When
--uts=host is used, HOSTNAME gets the value from the host.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1280
Approved by: baude
To better reflect it's usage: to share functions between podman and varlink.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1275
Approved by: mheon
Need to get some small changes into libpod to pull back into buildah
to complete buildah transition.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1270
Approved by: mheon
Specifically, pod.Start() always returned CtrErrors, even if none failed. This cause podman start to not return the successfully started pod id.
Also, pod.Kill() didn't return an error along with ctrErrors.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1272
Approved by: rhatdan
Also, don't return the internal podState struct - instead return
a public inspect struct.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1258
Approved by: rhatdan
Currently we add mounts from images, volumes and internal.
We can accidently over mount an existing mount. This patch sorts the mounts
to make sure a parent directory is always mounted before its content.
Had to change the default propagation on image volume mounts from shared
to private to stop mount points from leaking out of the container.
Also switched from using some docker/docker/pkg to container/storage/pkg
to remove some dependencies on Docker.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1243
Approved by: mheon
This removes anything but structs and simple accessors from
pod.go itself, which is a target file for FFJSON generation. This
should reduce the amount of times FFJSON needs to run.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1247
Approved by: rhatdan
During refresh, we cannot hard-fail, as that would mean leaving a
partially-configured state behind, leaving libpod unable to start
without manual intervention.
Instead, log errors refreshing individual containers and pods and
continue. Individual containers and pods may be unusable and need
to be removed manually, but libpod itself will continue to
function.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1252
Approved by: rhatdan
When checking if the container has already been removed, use
c.state.HasContainer() instead of the runtime's API to avoid
trying to take the already acquired lock.
Fixes: #1245
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1251
Approved by: baude
If the stdout and stderr are not attach, podman will at least get
a messsage that the container has completed and finish.
This fixes the
`podman run -a stdin fedora true`
Hang issue.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1239
Approved by: mheon
...and some naming decisions.
This change ensures podman save doesn't incorrectly prepend localhost when saving an image.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1140
Approved by: rhatdan
When pulling a fully-qualified image that fails, we should not be talking about
registries/search registries in the the error message as it is not applicable. If
a image that is fq'd and fails to pull, the error should be simplified.
```
$ sudo podman pull this-does-not-exist.example.com/foo
Trying to pull this-does-not-exist.example.com/foo...Failed
error pulling image "this-does-not-exist.example.com/foo": unable to pull this-does-not-exist.example.com/foo: unable to pull image, or you do not have pull access
$
```
Resolves: #1212
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1216
Approved by: mheon
It will be handy to know the runc and conmon versions as our
code gets into the wild.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1207
Approved by: rhatdan
when pulling, we can fail to find an image (i.e. it doesn't exist) or we
can not have authority/access to pull it. the registries don't tell us
one way or another so the error message needs to cover both.
Resolves#1194
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1195
Approved by: rhatdan
Again, we only needed them split for tests; so, integrate them back.
Then drop all remaining references to pullRefName and pullGoalNames,
which are not used for anything.
Should not change behavior
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1198
Approved by: mheon
This more or less reverts 9c9401a96c
"Replace getPullRefPair with getPullRefName"; now that tests don't require
us to use pullRefName, move creation of storage references deeper into the
calls stack to reduce string use.
ir.getSinglePullRefNameGoal is accordingly updated to ir.getSinglePullRefPairGoal,
and we need to add a ~duplicate singlePullRefPairGoal; that duplication
of singlePullRefNameGoal will soon be resolved by dropping singlePullRefNameGoal.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1198
Approved by: mheon
Now that we don't need a separate pullGoalNamesFromImageReference for
running tests, inline it back.
This forces us to add some glue code to getSinglePullRefNameGoal
and to convert between pullGoal and *pullGoal; that is temporary
and will be cleaned up soon.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1198
Approved by: mheon
This merely wraps the
> return singlePullRefNameGoal(getPullRefName(... reference)), nil
pattern which is used for almost all getPullRefName uses. For now
it seems not really worth it, but it will result in shorter code
(and smaller migration) after we replace getPullRefName with
getPullRefPair, which can fail, again - the pullGoalNamesFromImageReference
will not have to add any error handling.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1198
Approved by: mheon
Similarly to pullGoalNamesFromImageReference, use a storage.Store and
test the actually created references; that is more representative,
and clearly shows the impact of further normalization in
storageReference (like defaulting to :latest on NameOnly references).
Only modifies tests, so does not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1198
Approved by: mheon
pullGoalNamesFromImageReference has been added only to allow testing without
a storage.Store, because I thought that a storage.Store can only be created
by root.
It turns out that non-root stores, at least good enough for reference
parsing and formatting, are possible (and have existed in c/image/storage
tests), so this creates such a store, and modifies the existing
test to test the created c/image/storage.storageReference values
instead of strings; that is more representative, and clearly shows
the impact of further normalization in storageReference (like
defaulting to :latest on NameOnly references).
Eventually we will want to get rid of pullGoalNames / pullRefName.
Only modifies tests, so does not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1198
Approved by: mheon
This is similar to the PushImageToHeuristicDestination RFC.
The goal is to be very explicit about which functions try to heuristically
guess what is the expected format of the string. Not quite "shaming"
the users, but making sure they stand out.
RFC:
- Is this at all acceptable? Desirable?
Should not change behavior (but does not add unit tests).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
FINALLY, (podman load) can pass through an ImageReference directly from
loadCmd all the way to pullGoalNamesFromImageReference, making sure not
to trigger the docker-like reference parsing heuristics.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
They are not used anywhere in the packagee.
Two of the values still have users in the CLI, but used only once.
So, use the .Transport.Name() calls in there directly, that is
likely to be cheaper (and makes the files depend directly
on the transports instead of referring to them indirectly through
libpod).
RFC: Should not change behavior in _this_ repo, but it is an
externally-observable API change. Is there any user that could
notice?
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
All callers of LoadFromArchive expect the input to be in the
transport:name format, or create it that way. So, pass a
types.ImageReference instead of a string.
That requires us to add an explicit parse step in (podman pull);
in (podman load) we can, instead of pasting strings, create
native objects directly.
Changes the error behavior of (podman pull), we no longer
try heuristically parsing docker-archive:... inputs as
Docker references.
Also changes the string reported by (podman load) if all parsing
attempts fail, to be only the path instead of dir:path. The error
message itself is likely to be the same (from directory.Transport).
(While at it, update a mismatched comment.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
Now that we have a pullGoal, separate determination of the goal from
performing it; we will then introduce another entry point with
a supplied types.ImageReference.
Also remove or correct some misleading comments.
Should not change behavior (but does not add unit tests).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
Use the parent types.SystemContext data instead.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
Use the parent types.SystemContext data instead.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
Use the parent types.SystemContext data instead.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
All callers of getCopyOptions also call GetSystemContext with the same three parameters;
we will want to simplify this by passing the first SystemContext to getCopyOptions,
which can then inherit this data instead of so many parameters everywhere.
For now, just add a *types.SystemContext parameter without using it.
Should not change behavior (but does not add unit tests).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
pullImage (now) only uses Image.InputName; it is really used to _create_
an Image object, based on the pull results (as is most visible in the
LoadFromArchive caller), so it should not be a method on it.
This also simplifies a bit the number of different kids of uses of
Image.InputName; still apparently not enough to clearly document
the field, though.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
... when we even only count them.
This eliminates a rare error case, and saves time re-reading and re-parsing
the input.
(We still compute registryPath redundantly, and it may get out of sync.)
Should not change behavior (but does not add unit tests).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
Instead of duplicating the hasRegistry logic, just record whether we
did use search or not.
Should not change behavior (but does not add unit tests for all of it).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
Instead, encode it explicitly in pullGoal.pullAllPairs.
Should not change behavior (but does not add unit tests for
all of it).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
This is an intermediate version of pullGoal, which exists basically
only for easier testing without containers-storage: (i.e. root access)
in unit tests.
Like pullGoal, we will add more members to make it useful in the future.
RFC: Unlike pullGoal, the return value is *pullGoalNames, because there are
quite a few (return nil, err) cases which would be more difficult to read
when returning a value.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
The eventual goal is to cleanly capture semantics like "pull all images
for DockerArchive" and "did a search through $registries" without
hard-coding it through; and to allow a pullImage variant where
the caller can pass an imageReference directly.
For now, this just wraps []pullRefPair and should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
We are passing the values, don't really need the pointer sharing semantics,
and the structures are small enough, and the arrays short enough,
that we very likely lose on the indirect accesses more than we save on
quicker copying of the slices when extending them. Value semantics
is safer anyway.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
We are passing the values, don't really need the pointer sharing semantics,
and the structures are small enough, and the arrays short enough,
that we very likely lose on the indirect accesses more than we save on
quicker copying of the slices when extending them. Value semantics
is safer anyway.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
All but two cases returning a []*pullRefName only return a single
item. Introduce a helper for that case, which seems not
worth it now, but the return value will get a bit more complex
and introducing the helper now will minimize code changes in future
commits.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
We will introduce helpers for the "single image" case, and having a separate
return statement will make them applicable here.
(Also allows us to reduce the scope of some variables a bit.)
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
The goal is to be very explicit about which functions try to heuristically
guess what is the expected format of the string. Not quite "shaming"
the users, but making sure they stand out.
RFC:
- Is this at all acceptable? Desirable?
- varlink ExportImage says "destination must have transport type";
should it be using alltransports.ParseImageReference
+ PushImageToReference, then?
(While touching the call in cmd/podman, also remove a commented-out
older version of the call.)
Should not change behavior (but does not add unit tests).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
When the string is formatted including a constant transport name,
just call the transport to create or parse a reference explicitly.
This avoids unnecessary string formatting and parsing.
Then drop image.TarballTransport, which has no remaining users.
Should not change behavior (but does not add unit tests).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
This retains the existing string parsing heuristic for users
who must continue to use it (notably the varlink API - or is
it still subject to change?), but allows callers who can get
precise references to supply them without having to deal
with string formatting.
Should not change behavior (but does not add unit tests).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
We already have a c/image/docker/reference.Named; no need to
round-trip it through a string. This also eliminates the theoretical
parsing failure, and the unchecked .(reference.Named) cast.
Also add a check for DockerReference() == nil to be extra paranoid,
although that should never happen.
Should not change behavior (but does not add unit tests).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
(... but keep it in DefaultTransport, which remains irregular.)
This makes DockerTransport consistent with the others, and much more importantly,
allows several instances to do
> imgRef.Transport().Name() == DockerTransport
instead of the current
> strings.HasPrefix(DockerTransport, imgRef.Transport().Name())
, which currently works but is pretty nonsensical (it does not check
the "docker://" prefix against the _full reference_, but it checks
the _transport name_ as a prefix of "docker://", i.e. a transport named
"d" would be accepted.
Should not change behavior, because the only currently existing transport
which has a name that is a prefix of "docker://" is c/image/docker.Transport
(but does not add unit tests).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
They are not used anywhere AFAICS, and the underlying idea
that transport-specific image names are reusable across transports
is very dubious anyway. So, drop them instead of documenting
or fixing them.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
This has no ambition to change the design, just to be clear about
what the design is.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
This avoids another "append an only item to an empty array"
pattern, and will allow us to get rid of the "dest" variable
entirely.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
This should not change behavior, only to make future edits
for an early exit easier to review.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
Almost all paths appended to pullNames exactly once; just construct a
single-element array in place and return it.
That way we can add empty lines as separators, and still come out shorter.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
Because srcRef is created by parsing imgName, both hard-code assumptions
about transport-specific formats of the strings, so that is neither better nor worse;
but we do less explicit parsing.
Should not change behavior for dir:, nor for fully-correct docker-archive:.
docker-archive:, though, also supports docker-archive:path:reference, where
the reference is ignored (with a warning) on read; in such cases the previous
code would use the reference only (not the path), the new code uses both
as the path. Neither works, we just change the failure mode (but
"error opening path:reference" is now more suggestive of the correct usage).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
This is a bit more specific as to what "ref" or "list" means,
and consistent with refPairsFromPossiblyUnqualifiedName
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
Again, that makes the core logic independent from Runtime == containers-storage,
and easier to test independently.
So, this also adds tests.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
... and use pullRefPairsFromRefNames to convert to the
desired data structure later.
This will make both getPullRefName, and later the bulk of
getPullListFromRef, independent of the storage, and thus much easier to test.
Then add tests for getPullRefName. (Ideally they should be shorter,
e.g. hopefully the .image member can be eliminated.)
Should not change behavior, except that error messages on invalid
dstName will now include the value.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
podman umount will currently only unmount file system if not other
process is using it, otherwise the umount decrements the container
storage to indicate that the caller is no longer using the mount
point, once the count gets to 0, the file system is actually unmounted.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1184
Approved by: TomSweeneyRedHat
refresh() is the only major command we had that did not perform a
sync before running, and thus was not guaranteed to pick up a
good copy of the state. Fix this by updating the state before a
refresh().
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1186
Approved by: rhatdan
Pod and container State structs are now allowed to be empty on
first being retrieved from the database. Rework pod and container
equality functions used in testing to account for this change.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1186
Approved by: rhatdan
The new state changes are potentially confusing to people writing
API functions on containers or pods. Add comments to the structs
on how to safely use them.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1186
Approved by: rhatdan
It's not necessary to fill in state immediately, as we'll be
overwriting it on any API call accessing it thanks to
syncContainer(). It is also causing races when we fetch it
without holding the container lock (which syncContainer() does).
As such, just don't retrieve the state on initial pull from the
database with Bolt.
Also, refactor some Linux-specific netns handling functions out
of container_internal_linux.go into boltdb_linux.go.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1186
Approved by: rhatdan
If an image is created from another and it is deleted,
only delete the actual image and not the parent images
if the parent images have names/references.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1174
Approved by: mheon
Added Pause() and Unpause() to libpod/pod.go
Added man pages, tests and completions
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1126
Approved by: rhatdan
The CNI plugins upstream removed their network namespace creation
code, making it a test package only. Copy it into our repository
and slightly modify it for our use (most notably, use MNT_DETACH
when unmounting namespaces).
This new CNI code splits closing and unmounting network
namespaces, which allows us to greatly reduce the number of
occasions on which we call teardownNetwork() and make more errors
in that function fatal instead of warnings. Instead, we can call
Close() and just close the open file descriptor in cases where
the namespace has already been cleaned up.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1165
Approved by: baude
This just muves the Linux implementation, unchanged, to the
platform-agnostic file. Should not change behavior on Linux.
On non-Linux platforms, reading containers from BoltDB now works
(and rejects containers with namespace data). The checkRuntimeConfig
validation ensures that each BoltDB database is only used on one platform,
so network namespaces should never exist in non-Linux BoltDB files.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
This is the actual platform-specific part of getContainerFromDB.
Factor it out, unchanged, on Linux. On other platforms, introduce
a stub which fails if any data exists; this stub is not yet called.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
On macOS NewImageRuntimeFromOptions fails with chown EPERM because the
"vfs" driver tries to chown its home to root:root 0700; in fact running
as root seems to be a generic requirement. So, skip the tests if not
running as root.
(This could maybe benefit from an extra state, maybe an environment
variable like RUNNING_IN_CI, to make sure the tests are actually
run often enough.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
Moved contents of RestartWithTimeout to restartWithTimeout in container_internal to be able to call restart without locking in function.
Refactored startNode to be able to either start or restart a node.
Built pod Restart() with new startNode with refresh true.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1152
Approved by: rhatdan
Per https://www.sqlite.org/src/artifact/c230a7a24?ln=994-1081,
POSIX file advisory locks are unsafe to use within a single
process if multiple file descriptors are open for the same file.
Unfortunately, this has a strong potential to happen for
multithreaded usage of libpod, and could result in DB corruption.
To prevent this, wrap all access to BoltDB within a single
libpod instance in a mutex to ensure concurrent access cannot
occur.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Better explain the inner workings of both state types in comments
to make reviews and changes easier.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
New containers and pods will default to the namespace of the
runtime, but this can be overridden by With... options if
desired.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
All BoltDB access and update functions now understand namespaces.
Accessing containers outside of your namespace will produce
errors, except for Lookup and All functions, which will perform
their tasks only on containers within your namespace.
The "" namespace remains a reserved, no-restrictions namespace.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Dependency containers must be in the same namespace, to ensure
there are never problems resolving a dependency.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Add basic awareness of namespaces to the database. As part of
this, add constraints so containers can only be added to pods in
the same namespace.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Addresses a regression in `podman mount` due to our mount changes
to allow concurrency by letting c/storage handle mounting and
unmounting.
Combine Mounted() and Mountpoint() into one function and query
c/storage directly to ensure we get accurate information.
Fixes: #1143
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1144
Approved by: baude
No need to do a separate string search when reference.Parse has already
determined this.
Changes behavior: non-SHA256 digest formats are now recognized as well.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1112
Approved by: rhatdan
... which finally makes it very easy to add comprehensive tests; so do that.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1112
Approved by: rhatdan
The functionality only depends on Image.InputName, and we will want
to make the only user of this independent of the fairly complex Image type.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1112
Approved by: rhatdan
One part creates []*pullRefName; the other just trivially converts it
into []*pullRefPair.
Also use much more explicit names to explain the functionality.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1112
Approved by: rhatdan
We will use it not only in createNamesToPull, but also in
getPullListFromRef soon.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1112
Approved by: rhatdan
"Struct" is meaningless, and we will need the "reference pair"
mentioned to distinguish srcRef+dstRef from srcRef+dstName.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1112
Approved by: rhatdan
This consolidates the shaPullName logic into a single place,
(and eliminates the unclear shaPullName member name completely).
The resulting nameToPull will shortly be more generally useful.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1112
Approved by: rhatdan
shaPullName is only used internally in createNamesToPull; so, introduce
a nameToPull as a variant of pullStruct which has shaPullName (and does not
have destRef).
Eventually, we want to split pullStruct preparation into easily-testable
store-independent name preparation, and a store-dependent and difficult-to-test
but trivial conversion using StorageTransport.ParseStoreReference.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1112
Approved by: rhatdan
... so that it can be tested without side effects, and add the tests.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1112
Approved by: rhatdan
It has no users, and it depends on the incorrect imageParts.hasRegistry.
So, just drop it instead of worrying whether it is OK to change its semantics.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1112
Approved by: rhatdan
This also eliminates a duplicate call to reference.Parse() and
removes an impossible erorr path.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1112
Approved by: rhatdan
Currently we unmount storage that is still in use.
We should not be unmounting storeage that we mounted
via a different command or by podman mount. This
change relies on containers/storage to umount keep track of
how many times the storage was mounted before really unmounting
it from the system.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Use github.com/containers/psgo instead of execing `ps (1)`. The psgo
library enables a much more flexible interface with respect to which
data to be printed (e.g., capabilities, seccomp mode, PID, PCPU, etc.)
while the output can be parsed reliably. The library does not use
ps (1) but parses /proc and /dev instead. To list the processes of a
given container, psgo will join the mount namespace of the given
container and extract all data from there.
Notice that this commit breaks compatibility with docker-top.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1113
Approved by: rhatdan
vendor in containers/storage
vendor in containers/image
vendor in projectatomic/buildah
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1114
Approved by: mheon
Bind all the specified TCP and UDP ports so that another process
cannot reuse them. The fd of the listener is then leaked into conmon
so that the socket is kept busy until the container exits.
Closes: https://github.com/projectatomic/libpod/issues/210
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1100
Approved by: mheon
Use this to supplement exit codes returned from containers, to
make sure we know when exit codes are invalid (as the container
has not yet exited)
Signed-off-by: Matthew Heon <mheon@redhat.com>
Matthew Heon