Commit Graph

4080 Commits

Author SHA1 Message Date
Florian Bezannier 585af039d7 feat: allow compatibility with podman v4 machine
Signed-off-by: Florian Bezannier <florian.bezannier@hotmail.fr>
2024-02-28 19:45:03 +01:00
Florian Bezannier 23d6377ac8 chore: rename var host hostIP
Signed-off-by: Florian Bezannier <florian.bezannier@hotmail.fr>
2024-02-28 19:45:03 +01:00
Florian Bezannier de845a5b42 feat: make inspect compatible with docker v1.44
Signed-off-by: Florian Bezannier <florian.bezannier@hotmail.fr>
2024-02-28 19:45:02 +01:00
Paul Holzinger 4078a44056
libpod/events: remove duplicated Details ID field
The ID filed in the Event struct is duplicated for no reason, since the
Details struct is directly embedded in the Event the ID filed is
basically duplicate on the same level multiple times. Removing this one
should be be safe and make no change to the resulting json.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2024-02-22 13:37:27 +01:00
openshift-merge-bot[bot] 70091d57e7
Merge pull request #21699 from vikas-goel/i21663
Comply to Kubernetes specifications for annotation size.
2024-02-21 15:00:25 +00:00
Vikas Goel 89b415ba37 Comply to Kubernetes specifications for annotation size.
An annotation is a pair of key-value. The key has two parts, viz. a name and an optional prefix in DNS format.

The limitations on name is 63, prefix 253 chars. The limitation on total size of all key+value pairs combined is 256KB.

https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set

Fixes: https://github.com/containers/podman/issues/21663

Signed-off-by: Vikas Goel <vikas.goel@gmail.com>
2024-02-20 14:58:35 -08:00
Romain Geissler f59a5f1351
Fix running container from docker client with rootful in rootless podman.
This effectively fix errors like "unable to upgrade to tcp, received
409" like #19930 in the special case where podman itself is running
rootful but inside a container which itself is rootless.

[NO NEW TESTS NEEDED]

Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
2024-02-18 15:09:14 +00:00
Vikas Goel 42a78c714c Add volumes-from support using annotation in kube yaml
The reserved annotation io.podman.annotations.volumes-from is made public to let user define volumes-from to have one container mount volumes of other containers.

The annotation format is: io.podman.annotations.volumes-from/tgtCtr: "srcCtr1:mntOpts1;srcCtr2:mntOpts;..."

Fixes: containers#16819

Signed-off-by: Vikas Goel <vikas.goel@gmail.com>
2024-02-14 07:31:43 -08:00
openshift-merge-bot[bot] 9bf3cf6584
Merge pull request #21611 from giuseppe/correctly-chown-to-existing-dir-in-userns
libpod: correctly map UID/GID for existing dirs
2024-02-13 02:48:26 +00:00
Giuseppe Scrivano c29fde2656
libpod: correctly map UID/GID for existing dirs
if the target mount path already exists and the container uses a user
namespace, correctly map the target UID/GID to the host values before
attempting a chown.

Closes: https://github.com/containers/podman/issues/21608

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2024-02-12 23:04:24 +01:00
Urvashi Mohnani 667311c7d5 Use persist dir for oom file
Conmon writes the exit file and oom file (if container
was oom killed) to the persist directory. This directory
is retained across reboots as well.
Update podman to create a persist-dir/ctr-id for the exit
and oom files for each container to be written to. The oom
state of container is set after reading the files
from the persist-dir/ctr-id directory.
The exit code still continues to read the exit file from
the exits directory.

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
2024-02-12 09:13:39 -05:00
Matt Heon 72f1617fac Bump Go module to v5
Moving from Go module v4 to v5 prepares us for public releases.

Move done using gomove [1] as with the v3 and v4 moves.

[1] https://github.com/KSubedi/gomove

Signed-off-by: Matt Heon <mheon@redhat.com>
2024-02-08 09:35:39 -05:00
openshift-merge-bot[bot] 4fc52ed068
Merge pull request #21534 from mheon/stats_per_interface
Send container stats over API on a per-interface basis
2024-02-08 14:19:08 +00:00
openshift-merge-bot[bot] 5e081e47aa
Merge pull request #21332 from rhatdan/timezone
Reuse timezone code from containers/common
2024-02-08 14:13:40 +00:00
openshift-merge-bot[bot] 9ad07d10b9
Merge pull request #21446 from vikas-goel/network
Set interface name to the network_interface name for macvlan and ipvlan networks
2024-02-08 13:32:41 +00:00
openshift-merge-bot[bot] 8a6165e592
Merge pull request #21522 from Luap99/restart-userns
fix userns + restart policy with slirp4netns
2024-02-08 10:41:54 +00:00
Matt Heon 3cf2f8ccf4 Handle more states during refresh
We were preserving ContainerStateExited, which is better than
nothing, but definitely not correct. A container that ran at any
point during the last boot should be moved to Exited state to
preserve the fact that they were run at least one. This means we
have to convert Running, Stopped, Stopping, Paused containers to
exited as well.

Signed-off-by: Matt Heon <mheon@redhat.com>
2024-02-07 08:33:56 -05:00
Vikas Goel a8b2256cc1 Set interface name to the network_interface name for macvlan and ipvlan networks
When interface_name attribute in containers.conf file is set to "device", then set interface names inside containers same as the network_interface names of the respective network.

The change applies to macvlan and ipvlan networks only. The interface_name attribute value has no impact on any other types of networks.

If the interface name is set in the user request, then that takes precedence.

Fixes: #21313

Signed-off-by: Vikas Goel <vikas.goel@gmail.com>
2024-02-06 19:05:16 -08:00
Matt Heon 6e0decbe03 Send container stats over API on a per-interface basis
This mirrors how the Docker API handles things, allowing us to be
more compatible with Docker and more verbose on the Libpod API.
Stats are given as per network interface in the container, but
still aggregated for `podman stats` and `podman pod stats`
display (so the CLI does not change, only the Libpod and Compat
APIs).

Signed-off-by: Matt Heon <mheon@redhat.com>
2024-02-06 17:05:07 -05:00
Matt Heon 9983e87440 Remove leftover autoremove containers during refresh
During system shutdown, Podman should go down gracefully, meaning
that we have time to spawn cleanup processes which remove any
containers set to autoremove. Unfortunately, this isn't always
the case. If we get a SIGKILL because the system is going down
immediately, we can't recover from this, and the autoremove
containers are not removed.

However, we can pick up any leftover autoremove containers when
we refesh the DB state, which is the first thing Podman does
after a reboot. By detecting any autoremove containers that have
actually run (a container that was created but never run doesn't
need to be removed) at that point and removing them, we keep the
fresh boot clean, even if Podman was terminated abnormally.

Fixes #21482

[NO NEW TESTS NEEDED] This requires a reboot to realistically
test.

Signed-off-by: Matt Heon <mheon@redhat.com>
2024-02-06 17:03:36 -05:00
openshift-merge-bot[bot] 75e6564138
Merge pull request #21497 from vikas-goel/volsfrom
Use semi-colon as the field separator for internal volumes-from inspect annotation
2024-02-06 14:35:34 +00:00
Paul Holzinger 7d15bc2efb
fix userns + restart policy with slirp4netns
Currently we deadlock in the slirp4netns setup code as we try to
configure an non exissting netns. The problem happens because we tear
down the netns in the userns case correctly since commit bbd6281ecc but
that introduces this slirp4netns problem. The code does a proper new
network setup later so we should only use the short cut when not in a
userns.

Fixes #21477

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2024-02-06 13:50:07 +01:00
Daniel J Walsh fcae702205
Reuse timezone code from containers/common
Replaces: https://github.com/containers/podman/pull/21077

[NO NEW TESTS NEEDED] Existing tests should handle this.

Signed-off-by: Sohan Kunkerkar <sohank2602@gmail.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2024-02-06 07:09:16 -05:00
Lokesh Mandvekar 01a8539ef0
Warn if cgroups-v1
Podman v5 will not support cgroups-v1. This commit will print a warning
if it detects a cgroups-v1 system. The warning can be hidden by setting
envvar `PODMAN_CGROUPSV1_WARNING`.

This warning is patched out for RHEL 9 builds as cgroups-v1 will still
be supported on RHEL 9 systems.

Resolves: https://issues.redhat.com/browse/RUN-1957

[NO NEW TESTS NEEDED]

Co-authored-by: Ed Santiago <santiago@redhat.com>
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
Co-authored-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
2024-02-06 16:18:05 +05:30
Vikas Goel a098899104 Use semi-colon as the field separator for internal volumes-from inspect annotation
The current field separator comma of the inspect annotation conflicts with the mount options of --volumes-from as the mount options itself can be comma separated.

Signed-off-by: Vikas Goel <vikas.goel@gmail.com>
2024-02-05 00:16:53 -08:00
Matt Heon 9fb57d346f Cease using deprecated runc userlookup
Instead switch to github.com/moby/sys/user, which we already had
as an indirect dependency.

Signed-off-by: Matt Heon <mheon@redhat.com>
2024-02-02 11:02:43 -05:00
Matt Heon 6a727fdbee Fix updated runc dep breaking pod devices cgroup
The update to runc broke creation of devices for containers in
the pod cgroup. We don't support the device cgroup for pods at
present, so just disable it for now, resolving the issue.

Thanks to Giuseppe for finding this one!

[NO NEW TESTS NEEDED] This is a fix for broken tests

Signed-off-by: Matt Heon <mheon@redhat.com>
2024-02-02 09:15:35 -05:00
openshift-merge-bot[bot] 1698fa0ad8
Merge pull request #21388 from ashley-cui/healthcheck
Return nil health when inspecting containers without healthchecks
2024-01-31 13:48:36 +00:00
Ashley Cui a1c47f0299 Return nil health when inspecting containers without healthchecks
When inspecting a container that does not define any health check, the health field should return nil. This matches docker behavior.

Signed-off-by: Ashley Cui <acui@redhat.com>
2024-01-30 23:09:13 -05:00
Daniel J Walsh 8d14d41555
Run codespell on code
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2024-01-28 07:30:52 -05:00
Matt Heon cf0b436b96 Deprecate BoltDB, preventing creation of new databases.
This is one of the breaking changes in Podman 5.0: removing the
ability to create new instances of the old Bolt database. This
does not remove support for the database entirely, as existing
Bolt databases will still be usable, but all new installs will
use SQLite after this point - if Bolt is forced by config, we'll
just error.

We don't have plans to outright remove the Bolt code. If that
were to happen, it'd be Podman 6.0 at least, and a significant
enough change it'd warrant a lot of discussion and planning. We
do intend to start winding down support of BoltDB, though, and
new features may be added only to SQLite from here on.

I have added an escape hatch via an undocumented environment
variable that allows us to continue testing BoltDB in CI (and, if
necessary, locally) but I don't want this to be used for any
purpose except continued testing of the old DB to ensure we don't
break it.

Signed-off-by: Matt Heon <mheon@redhat.com>
2024-01-23 12:56:49 -05:00
openshift-merge-bot[bot] eb7746264a
Merge pull request #21060 from edsantiago/labels-space
Man pages: tighter documenting of --format fields
2024-01-17 08:22:55 +00:00
openshift-merge-bot[bot] 85921e5ff6
Merge pull request #21253 from bcooksley/main
[FreeBSD] Fix crash when running podman inspect
2024-01-16 12:23:43 +00:00
Ben Cooksley 971f2eb45a [NO NEW TESTS NEEDED] [FreeBSD] Fix crash when running podman inspect
When preparing container inspection output, ensure we actually have masked paths to work with.
These will only be available on Linux, which is no longer always true as we also support FreeBSD now.

Fixes #21117

Signed-off-by: Ben Cooksley <bcooksley@kde.org>
2024-01-16 15:31:21 +13:00
Ed Santiago dbe0e67897 Man pages: tighter documenting of --format fields
Initial impetus was #20958 (ps --format .Label abc). This is
a complicated solution to a simple-seeming problem.

The problem: .Label is a cobra *function*, something I did not
know about nor handle.

Solution: recognize cobra functions. Switch to __complete,
not __completeNoDesc, so we can see the number of arguments
required. Invent new man-page format for documenting functions.
And, finally, start enforcing how functions (and cobra structs)
are documented.

This discovered a never-used completion function, .Recycle(),
in podman-events. Remove it.

[NO NEW TESTS NEEDED] - the .go change is an excision of dead code.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2024-01-15 13:11:27 -07:00
openshift-merge-bot[bot] dd4b0ae445
Merge pull request #21226 from mheon/force_remove_on_system_reset
Fix `podman system reset` with external containers
2024-01-15 08:39:19 +00:00
Matt Heon b94be90a16 Remove Libpod special-init conditions
Before this, for some special Podman commands (system reset,
system migrate, system renumber), Podman would create a first
Libpod runtime to do initialization and flag parsing, then stop
that runtime and create an entirely new runtime to perform the
actual task. This is an artifact of the pre-Podman 2.0 days, when
there was almost no indirection between Libpod and the CLI, and
we only used one runtime because we didn't need a second runtime
for flag parsing and basic init.

This system was clunky, and apparently, very buggy. When we
migrated to SQLite, some logic was introduced where we'd select a
different database location based on whether or not Libpod's
StaticDir was manually set - which differed between the first
invocation of Libpod and the second. So we'd get a different
database for some commands (like `system reset`) and they would
not be able to see existing containers, meaning they would not
function properly.

The immediate cause is obviously the SQLite behavior, but I'm
certain there's a lot more baggage hiding behind this multiple
Libpod runtime logic, so let's just refactor it out. It doesn't
make sense, and complicates the code. Instead, make Reset,
Renumber, and Migrate methods of the libpod Runtime. For Reset
and Renumber, we can shut the runtime down afterwards to achieve
the desired effect (no valid runtime after). Then pipe all of
them through the ContainerEngine so cmd/podman can access them.

As part of this, remove the SystemEngine part of pkg/domain. This
was supposed to encompass these "special" commands, but every
command in SystemEngine is actually a ContainerEngine command.
Reset, Renumber, Migrate - they all need a full Libpod and access
to all containers. There's no point to a separate engine if it
just wraps Libpod in the exact same way as ContainerEngine. This
consolidation saves us a bit more code and complexity.

Signed-off-by: Matt Heon <mheon@redhat.com>
2024-01-12 09:19:34 -05:00
openshift-merge-bot[bot] 83f89db6c8
Merge pull request #20961 from karuboniru/patch-1
fix checking of relative idmapped mount
2024-01-11 17:20:56 +00:00
Matt Heon a60fe34fde Fix `podman system reset` with external containers
It looks like we had some logic for this from #10789 but it does
not appear to have ever worked; we can't pull external containers
out of the DB, so the ContainerRm call failed unconditionally.

Instead, just handle them in Libpod when we're removing images.
We're removing every image, so setting Force when removing images
should get rid of all external containers. It's a little later in
the process than the current (nonfunctional) solution is but I
can't think of a reason why that would be bad.

[NO NEW TESTS NEEDED] We do not currently test `system reset`.
We should probably reevaluate that at some point this year.

Fixes https://issues.redhat.com/browse/RHEL-21261

Signed-off-by: Matt Heon <mheon@redhat.com>
2024-01-11 09:00:06 -05:00
Philip Dubé 522934d5cf Replace strings.SplitN with strings.Cut
Cut is a cleaner & more performant api relative to SplitN(_, _, 2) added in go 1.18

Previously applied this refactoring to buildah:
https://github.com/containers/buildah/pull/5239

Signed-off-by: Philip Dubé <philip@peerdb.io>
2024-01-11 13:50:15 +00:00
Egor Makrushin 380fa1c836 Remove redundant code in generateSpec()
Conditional expression duplicates the
code above, therefore, remove it

Found by Linux Verification Center (linuxtesting.org) with SVACE.

[NO NEW TESTS NEEDED]

Signed-off-by: Egor Makrushin <emakrushin@astralinux.ru>
2024-01-09 17:26:03 +03:00
Oleksandr Redko 8bdf77aa20 Refactor: replace StringInSlice with slices.Contains
Signed-off-by: Oleksandr Redko <Oleksandr_Redko@epam.com>
2024-01-05 16:25:56 +02:00
Oleksandr Redko 2a2d0b0e18 chore: delete obsolete // +build lines
Signed-off-by: Oleksandr Redko <Oleksandr_Redko@epam.com>
2024-01-04 11:53:38 +02:00
Gavin Lam db68764d8b
Fix Docker API compatibility with network alias (#17167)
* Add BaseHostsFile to container configuration
* Do not copy /etc/hosts file from host when creating a container using Docker API

Signed-off-by: Gavin Lam <gavin.oss@tutamail.com>
2023-12-14 23:31:44 -05:00
Dan Čermák 5c7f745468
Remove deprecated field ContainerState.NetworkStatusOld
This field drags in a dependency on CNI and thereby blocks us from disabling CNI
support via a build tag

[NO NEW TESTS NEEDED]

Signed-off-by: Dan Čermák <dcermak@suse.com>
2023-12-12 17:09:39 +01:00
Karuboniru e7eb97b84a
fix checking of relative idmapped mount
Like stated in [PR for crun](https://github.com/containers/crun/pull/1372)

that HostID is what being mapped here, so we should be checking `HostID` instead of `ContainerID`. `v.ContainerID` here is the id of owner of files on filesystem, that can be totally unrelated to the uid maps.

Signed-off-by: Karuboniru <yanqiyu01@gmail.com>
2023-12-09 20:16:38 +00:00
Paul Holzinger 03d411abc0
libpod: split out cgroups call into linux specific file
So that we do not cause compile error on freebsd.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-12-07 11:24:47 +01:00
Paul Holzinger a687c38860
use rootless netns from c/common
Use the new rootlessnetns logic from c/common, drop the podman code
here and make use of the new much simpler API.

ref: https://github.com/containers/common/pull/1761

[NO NEW TESTS NEEDED]

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-12-07 11:24:46 +01:00
openshift-merge-bot[bot] 67aae8e62e
Merge pull request #20866 from giuseppe/add-preserve-fds-list
podman: new option --preserve-fd
2023-12-06 13:34:34 +00:00
openshift-merge-bot[bot] 100089f411
Merge pull request #20885 from IceWreck/userns-kube
Add support for the userns annotation in kube play
2023-12-05 13:55:20 +00:00