Add new functions to update pods and add/remove containers from them
Use these new functions in place of manually modifying pods
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #229
Approved by: rhatdan
This won't matter during batched operatins, but if the container
leaks outside of the Batch() function it will segfault if asked
to do any operation that locks unless this is applied
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #226
Approved by: rhatdan
Also prevent containers with dependencies from being removed from
in memory states. SQLite already enforced this via FOREIGN KEY
constraints.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #220
Approved by: rhatdan
Remove existing code for sharing namespaces and replace with use
of this API
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #220
Approved by: rhatdan
If we start a container and it does not error, we can assume the
container is now running. Subsequent API calls will sync for us
to see if it died, so we can just set ContainerStateRunning
instead of launching the runtime to explicitly get state.
The same logic applies to pause and unpause.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #223
Approved by: rhatdan
Also moves port mappings out of the SQL DB and into a file on
disk. These could get very sizable (hundred to thousands of
ports) so moving them out to a file will keep the DB small and
fast.
Finally, add a foreign key reference from container ID to
container state ID. This ensures we never get into an
inconsistent state where we have data in one table but not the
other.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #225
Approved by: baude
Disabling locking/syncing in a batched operation not yet implemented
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #222
Approved by: rhatdan
It is desirable to have a --latest switch on the podman wait
command so we can wait on the latest container created to end.
Also, fixes a panic with latest where no containers are available.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #201
Approved by: baude
This can now be handled by CNI plugins, so let them manage ports
instead.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #189
Approved by: mheon
With certain short name usages, rmi still was unable to delete
certain images. This was also reflected in several commit tests
that were temporarily disabled.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #200
Approved by: rhatdan
It is desirable to have a shortcut for the most
recently created container. We can now use "**latest"
to represent the most recent container instead of its
container ID or name. For example:
Signed-off-by: baude <bbaude@redhat.com>
Closes: #179
Approved by: baude
Removing by shortname was not working. Also pruned
container storage's remove func from rmi and moved it into
an image.Remove func, which consolidates our usage of cs.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #188
Approved by: baude
While pulling by shortname (fedora-minimal) worked, running a container
by the short name did not due to a logic error.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #182
Approved by: rhatdan
This should help with performance when executing many operations
on a single container
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #185
Approved by: rhatdan
We don't want libkpod overrides for conmon's path to misdirect
the already set path for conmon from libpod.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #181
Approved by: baude
We should be pulling information out of the image to set the
defaults to use when setting up the container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #110
Approved by: mheon
In cases, like Ubuntu, where it uses systemd resolve
for DNS then do not copy /etc/resolv.conf but instead
the resolv.conf in the systemd resolve /run dir.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #177
Approved by: rhatdan
podman run/create have the ability to set the stop timeout flag.
We need to stop it in the database.
Also Allowing negative time for stop timeout makes no sense, so switching
to timeout of uint, allows user to specify huge timeout values.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #158
Approved by: TomSweeneyRedHat
podman commit allows the user to commit containers
as images with options of tagging th image, setting
a commit message, setting the auther, and making
changes to the instructions.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #143
Approved by: rhatdan
Stop Signal from kpod create/run was not fully plumbed in,
This will pass the stopsignal into the container database on
create and run of containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #156
Approved by: mheon
Also add --quiet option to kpod create/run since
this will help with writing tests.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #140
Approved by: TomSweeneyRedHat
User can select from 3 manifest types: oci, v2s1, or v2s2
e.g kpod push --format v2s2 alpine dir:my-directory
Added "compress" flag to enable compression when true
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #126
Approved by: rhatdan
Given that we don't have a good way of cleaning up locks, these
could potential cause issues if we ever reuse a container or pod
ID
Also changes locks dir to use tmpfs, as we can't directly clean
up locks
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #138
Approved by: rhatdan
Also includes misc other fixes - adding labels, fixing pod names
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #138
Approved by: rhatdan
For DNS to work properly, we need to copy the host's /etc/resolv.conf
into the container during Init(). We do this by copying it into the
containers rundir and then bind mounting it into the container.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #130
Approved by: baude
kpod inspect now uses the new libpod container state
and closely matches the output of docker inspect
some aspects of it are still WIP as the libpod container state
is still being worked on
Signed-off-by: umohnani8 <umohnani@redhat.com>
When loading an image, kpod load would print something like
"Trying to pull docker.io/library/alpine...", which is misleading
and makes it sound like its pulling it form the registry.
Fixed this by removing these print statements for kpod load
Signed-off-by: umohnani8 <umohnani@redhat.com>
Initial wiring of kpod exec. We wont support the following options
for exec:
* detach -- unsure of use case
* detach-keys -- not supported by runc
* interactive -- all terminals will be interactive
Not adding exec tests as we need to think about how to support a
test that requires console access but our CI tests have no console.
Signed-off-by: baude <bbaude@redhat.com>
Create an artifacts directory in the container's
static directory so store container information
coming from outside of libpod to specified files
An example is to hold data from user specified flags
in kpod run/create such as --cap-add, --ipcMode, etc...
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #108
Approved by: mheon
There are still two places that don't use the new function,
export and mount, but both can probably be converted to it
in the future.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #99
Approved by: rhatdan
Allow kpod create/run to create contianers in different network namespaces, uts namespaces and
IPC Namespaces.
This patch just handles the simple join the host, or another containers namespaces.
Lots more work needed to full integrate --net
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #64
Approved by: mheon
This ensures we don't open a DB with an earlier schema or a
config that differs from ours
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #86
Approved by: rhatdan
Also migrates kpod kill and kpod stop to libpod to use the new code
Fixes force removing containers, and actually deletes containers in runc when
removing them
Start is now capable of starting even when the container is unmounted
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #68
Approved by: rhatdan
As reported in Issue #50, we need to be able to run
or create a container based on an image ID (as well
as name).
Signed-off-by: baude <bbaude@redhat.com>
Closes: #76
Approved by: rhatdan
The new state for containers has been added
moved kpod mount and umount over to use it
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #57
Approved by: rhatdan
Wire this in to all state-bound container operations to ensure
syncronization of container state.
Also exposes PID of running containers via API.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #56
Approved by: rhatdan
The PR contains several enhancements to our CI testing.
- enable lint testing on Fedora
- add Centos Atomic as test platform
- integration tests on run on the OS natively (uncontainerized)
- builds are done in containers
- inclusion of Vagrant file for local testing
Signed-off-by: baude <bbaude@redhat.com>
Closes: #18
Approved by: mheon
Re-order the startup of a new container via run from
initialize > start > attach to initialize > attach > start.
This fixes output when running:
kpod run -i -t IMAGE command
and
kpod run IMAGE command
Signed-off-by: baude <bbaude@redhat.com>
Fixed the logic where we observed different performance
results when running an image by its fqname vs a shortname. In
the case of the latter, we resolve the name without using the
network.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #37
Approved by: rhatdan
When setting the `kpod load -q` flag, output was still going to the
screen. This patch adds a check to not output to the terminal unless
there is an io.Writer specified, and then to write to the io.Writer.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #23
Approved by: rhatdan
This should turn on handling of SELinux, NoNewPrivs, seccomp and Apparmor
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #15
Approved by: rhatdan
Matthew Heon
Daniel J Walsh
baude
umohnani8
Suraj Deshmukh
TomSweeneyRedHat