Change API Handlers to use the same functions that the
local podman uses.
At the same time:
Cleanup and pass proper bindings. Remove cli options from
podman-remote push. Cleanup manifest push.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Fixup the bindings and the handling of the --external --por and --sort
flags.
The --storage option was renamed --external, make sure we use
external up and down the stack.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
podman-remote search had some FIXMEs in tests that were failing.
So I reworked the search handler to use the local abi. This
means the podman search and podman-remote search will use the
same functions.
While doing this, I noticed we were just outputing errors via
logrus.Error rather then returning them, which works ok for
podman but the messages get lost on podman-remote. Changed
the code to actually return the error messages to the caller.
This allows us to turn on the remaining podman-remote FIXME
tests.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
when using the compatibility api to create containers, now reflect the
use of k8s-file as json-file so that clients, which are
unaware of k8s-file, can work. specifically, if the container is using
k8s-file as the log driver, we change the log type in container
inspection to json-file. These terms are used interchangably in other
locations in libpod/podman.
this fixes log messages in compose as well.
[NO TESTS NEEDED]
Signed-off-by: baude <bbaude@redhat.com>
I found several problems with container remove
podman-remote rm --all
Was not handled
podman-remote rm --ignore
Was not handled
Return better errors when attempting to remove an --external container.
Currently we return the container does not exists, as opposed to container
is an external container that is being used.
This patch also consolidates the tunnel code to use the same code for
removing the container, as the local API, removing duplication of code
and potential problems.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Basic theory: We remove the container, but *only from the DB*.
We leave it in c/storage, we leave the lock allocated, we leave
it running (if it is). Then we create an identical container with
an altered name, and add that back to the database. Theoretically
we now have a renamed container.
The advantage of this approach is that it doesn't just apply to
rename - we can use this to make *any* configuration change to a
container that does not alter its container ID.
Potential problems are numerous. This process is *THOROUGHLY*
non-atomic at present - if you `kill -9` Podman mid-rename things
will be in a bad place, for example. Also, we can't rename
containers that can't be removed normally - IE, containers with
dependencies (pod infra containers, for example).
The largest potential improvement will be to move the majority of
the work into the DB, with a `RecreateContainer()` method - that
will add atomicity, and let us remove the container without
worrying about depencies and similar issues.
Potential problems: long-running processes that edit the DB and
may have an older version of the configuration around. Most
notable example is `podman run --rm` - the removal command needed
to be manually edited to avoid this one. This begins to get at
the heart of me not wanting to do this in the first place...
This provides CLI and API implementations for frontend, but no
tunnel implementation. It will be added in a future release (just
held back for time now - we need this in 3.0 and are running low
on time).
This is honestly kind of horrifying, but I think it will work.
Signed-off-by: Matthew Heon <mheon@redhat.com>
This implements support for mounting and unmounting volumes
backed by volume plugins. Support for actually retrieving
plugins requires a pull request to land in containers.conf and
then that to be vendored, and as such is not yet ready. Given
this, this code is only compile tested. However, the code for
everything past retrieving the plugin has been written - there is
support for creating, removing, mounting, and unmounting volumes,
which should allow full functionality once the c/common PR is
merged.
A major change is the signature of the MountPoint function for
volumes, which now, by necessity, returns an error. Named volumes
managed by a plugin do not have a mountpoint we control; instead,
it is managed entirely by the plugin. As such, we need to cache
the path in the DB, and calls to retrieve it now need to access
the DB (and may fail as such).
Notably absent is support for SELinux relabelling and chowning
these volumes. Given that we don't manage the mountpoint for
these volumes, I am extremely reluctant to try and modify it - we
could easily break the plugin trying to chown or relabel it.
Also, we had no less than *5* separate implementations of
inspecting a volume floating around in pkg/infra/abi and
pkg/api/handlers/libpod. And none of them used volume.Inspect(),
the only correct way of inspecting volumes. Remove them all and
consolidate to using the correct way. Compat API is likely still
doing things the wrong way, but that is an issue for another day.
Fixes#4304
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
when using the bindings to *only* make a connection, the binary was
rough 28MB. This PR reduces it down to 11. There is more work to do
but it will come in a secondary PR.
Signed-off-by: baude <bbaude@redhat.com>
* Restore correct API endpoint payloads including reclaimed space numbers
* Include tests for API prune endpoints
* Clean up function signatures with unused parameters
* Update swagger for /networks/prune
Fixes#8891
Signed-off-by: Jhon Honce <jhonce@redhat.com>
This change adds code to report the reclaimed space after a prune.
Reclaimed space from volumes, images, and containers is recorded
during the prune call in a PruneReport struct. These structs are
collected into a slice during a system prune and processed afterwards
to calculate the total reclaimed space.
Closes#8658
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
Per the conversation on pull/8724 I am consolidating filter logic
and helper functions under the pkg/domain/filters dir.
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
Implement `podman-remote cp` and break out the logic from the previously
added `pkg/copy` into it's basic building blocks and move them up into
the `ContainerEngine` interface and `cmd/podman`.
The `--pause` and `--extract` flags are now deprecated and turned into
nops.
Note that this commit is vendoring a non-release version of Buildah to
pull in updates to the copier package.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This change adds support for the `--filter` / `?filters` arguments on
the `podman volume prune` subcommand.
* Adds ParseFilterArgumentsIntoFilters helper for consistent
Filter string slice handling
* Adds `--filter` support to podman volume prune cli
* Adds `?filters...` support to podman volume prune api
* Updates apiv2 / e2e tests
Closes#8672
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
The podman events aren't read until the given timestamp if the
timestamp is in the future. It just reads all events until now
and exits afterwards.
This does not make sense and does not match docker. The correct
behavior is to read all events until the given time is reached.
This fixes a bug where the wrong event log file path was used
when running first time with a new storage location.
Fixes#8694
This also fixes the events api endpoint which only exited when
an error occurred. Otherwise it just hung after reading all events.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Network create could panic when used with a json body like this:
`{"Name":"net","IPAM":{"Config":[]}}`
The network scope for list and inspect should not be empty. It can
be swarm, global or local. We only support local networks so
hardcode this field to local.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Currently the --layers flag set by the user is ignored, and only the BUILDAH_LAYERS
environment variable being set is observed.
Fixes: https://github.com/containers/podman/issues/8643
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Introduce a `Copier` object to separate the copy-rule enforcement from
copying. That allows for a better error reporting of the REST API.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Move handling the stat header into `pkg/copy`. All copy-related should
ideally be located in this package to increase locality and reduce
scattering where possible.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Update tests to reflect system endpoints
* First implementation of compat /system/df, only fields that are
populated by libpod are set
Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Add network API tests
* Update network create endpoint to return ID not Name
Audit:
- GET /networks ListNetworks
- GET /networks/{id} InspectNetwork
- DELETE /networks/{id} RemoveNetwork
- POST /networks/create CreateNetwork
- POST /networks/prune 405 not implemented
Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Add a new `pkg/copy` to centralize all container-copy related code.
* The new code is based on Buildah's `copier` package.
* The compat `/archive` endpoints use the new `copy` package.
* Update docs and an several new tests.
* Includes many fixes, most notably, the look-up of volumes and mounts.
Breaking changes:
* Podman is now expecting that container-destination paths exist.
Before, Podman created the paths if needed. Docker does not do
that and I believe Podman should not either as it's a recipe for
masking errors. These errors may be user induced (e.g., a path
typo), or internal typos (e.g., when the destination may be a
mistakenly unmounted volume). Let's keep the magic low for such
a security sensitive feature.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Audit and add tests for required fields.
* Added issue for /images/load implementation
Audit:
- GET /images/json GetImages
- POST /build BuildImage
- POST /build/prune 404 not found
- POST /images/create CreateImageFromImage/CreateImageFromSrc
- GET /images/{name}/json GetImage
- GET /images/{name}/history HistoryImage
- POST /images/{name}/push PushImage
- POST /images/{name}/tag TagImage
- DELETE /images/{name} RemoveImage
- POST /images/prune PruneImages
- POST /commit CommitContainer
- GET /images/{name}/get ExportImage
- GET /images/get ExportImages
- POST /images/load LoadImages See https://github.com/containers/podman/issues/8586
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Mostly audit and minor changes to nil from ""
Audit:
- GET /containers/json ListContainers
- POST /containers/create CreateContainer
- GET /containers/{id}/json GetContainer
- GET /containers/{id}/top TopContainer
- GET /containers/{id}/logs LogsFromContainer
- GET /containers/{id}/changes Changes
- GET /containers/{id}/export ExportContainer
- GET /containers/{id}/stats StatsContainer
- POST /containers/{id}/resize ResizeTTY
- POST /containers/{id}/start StartContainer
- POST /containers/{id}/stop StopContainer
- POST /containers/{id}/restart RestartContainer
- POST /containers/{id}/kill KillContainer
- POST /containers/{id}/update 404 not supported
- POST /containers/{id}/rename 404 not supported
- POST /containers/{id}/pause PauseContainer
- POST /containers/{id}/unpause UnpauseContainer
- POST /containers/{id}/attach AttachContainer
- GET /containers/{id}/attach/ws 404 not supported
- POST /containers/{id}/wait WaitContainer
- DELETE /containers/{id} RemoveContainer
- HEAD /containers/{id}/archive Archive
- GET /containers/{id}/archive Archive
- PUT /containers/{id}/archive Archive
- POST /containers/prune PruneContainers
Images etc PR's will follow.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Our users are missing certain warning messages that would
make debugging issues with Podman easier.
For example if you do a podman build with a Containerfile
that contains the SHELL directive, the Derective is silently
ignored.
If you run with the log-level warn you get a warning message explainging
what happened.
$ podman build --no-cache -f /tmp/Containerfile1 /tmp/
STEP 1: FROM ubi8
STEP 2: SHELL ["/bin/bash", "-c"]
STEP 3: COMMIT
--> 7a207be102a
7a207be102aa8993eceb32802e6ceb9d2603ceed9dee0fee341df63e6300882e
$ podman --log-level=warn build --no-cache -f /tmp/Containerfile1 /tmp/
STEP 1: FROM ubi8
STEP 2: SHELL ["/bin/bash", "-c"]
STEP 3: COMMIT
WARN[0000] SHELL is not supported for OCI image format, [/bin/bash -c] will be ignored. Must use `docker` format
--> 7bd96fd25b9
7bd96fd25b9f755d8a045e31187e406cf889dcf3799357ec906e90767613e95f
These messages will no longer be lost, when we default to WARNing level.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Not pass the name argument to Load API. Specify in the document the usage of the optional argument is tagging an additional image.
Close#7337
Signed-off-by: Qi Wang <qiwan@redhat.com>
The network ID is not stored. It is just the sha256 hash from
the network name. There is a risk of a potential hash collision.
However it's very unlikely and even if we hit this it will
complain that more than network with this ID exists.
The main benefit is that the compat api can have proper
network ID support. Also this adds the support for
`podman network ls --format "{{.ID}}"` and `--filter id=<ID>`.
It also ensures that we can do network rm <ID> and network
inspect <ID>.
Since we use a hash this commit is backwards compatible even for
already existing networks.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Add label support for podman network create. Use the `args`
field in the cni config file to store the podman labels.
Use `podman_labels` as key name and store the labels as
map[string]string.
For reference: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md#args-in-network-confighttps://github.com/containernetworking/cni/blob/spec-v0.4.0/SPEC.md#network-configuration
Example snippet:
```
...
"args": {
"podman_labels": {
"key1":"value1",
"key2":"value2"
}
}
...
```
Make podman network list support several filters. Supported filters are name,
plugin, driver and label. Filters with different keys work exclusive. Several label
filters work exclusive and the other filter keys are working inclusive.
Also adjust the compat api to support labels in network create and list.
Breaking changes:
- podman network ls -f shortform is used for --filter instead --format
This matches docker and other podman commands (container ps, volume ps)
- libpod network list endpoint filter parameter is removed. Instead the
filters paramter should be used as json encoded map[string][]string.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Make endpoint compatibile with docker-py network expectations
* Update specgen helper when called from compat endpoint
* Update godoc on types
* Add test for network/container create using docker-py method
* Add syslog logging when DEBUG=1 for tests
Fixes#8361
Signed-off-by: Jhon Honce <jhonce@redhat.com>
These are the first fixes that are needed for development environments like
Eclipse or IntelliJ that have Docker plug-ins and use the Docker API to speak
with container engine (#7857)
Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
Add some more tests, document cases where remote will not work
Add FIXMEs for tests that should work on podman-remote but currently
do not.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The --force parameter was not being handled correctly.
This is leading to some race conditions in testing failures.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
All of our filters worked exclusive resulting in `--filter status=created --filter status=exited` to return nothing.
In docker filters with the same key work inclusive with the only exception being `label` which is exclusive. Filters with different keys always work exclusive.
This PR aims to match the docker behavior with podman.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
this enables the ability to connect and disconnect a container from a
given network. it is only for the compatibility layer. some code had to
be refactored to avoid circular imports.
additionally, tests are being deferred temporarily due to some
incompatibility/bug in either docker-py or our stack.
Signed-off-by: baude <bbaude@redhat.com>
* Update reference to docker-py to docker to reflect change in library
name
* Update tests to create storage sandbox
* Enable all tests that endpoints support
* Refactor containers/{id}/rename to return 404 not 500
* Refactor tests to use quay.io vs. docker.io
Signed-off-by: Jhon Honce <jhonce@redhat.com>
when running container creation as rootless on the compatibility layer,
we need to make sure settings are not being done for memory and memory
swappiness.
Signed-off-by: baude <bbaude@redhat.com>
Add endpoints for the compat layer for network connect and disconnect. As of now, these two endpoints do nothing to change the network state of a container. They do some basic data verification and return the proper 200 response. This at least allows for scripts to work on the compatibility layer instead of getting 404s.
Signed-off-by: baude <bbaude@redhat.com>
when using the compatibility endpoint for creating a network, if the driver is not provided, we need to set it to the default network driver ... which is bridge.
Signed-off-by: baude <bbaude@redhat.com>
when using the compatibility layer to create containers, it used code paths to the pkg/spec which is the old implementation of containers. it is error prone and no longer being maintained. rather that fixing things in spec, migrating to specgen usage seems to make the most sense. furthermore, any fixes to the compat create will not need to be ported later.
Signed-off-by: baude <bbaude@redhat.com>
These options are now fully supported in the remote API and should no
longer be hidden and/or documented as non supported.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* system df
* events
* fix error handling from go routine
* update tests to use gomega matchers for better error messages
* system info
* version
* volume inspect
Signed-off-by: Jhon Honce <jhonce@redhat.com>
we need to alter the return error message when a GET (inspect) is performed on an image using the compatibility layer. docker-py bindings look for a initial capped error message.
Signed-off-by: baude <bbaude@redhat.com>
with the recent inclusion of dealing with multiple images in a tar archive, we can now add a compatibility endpoint that was missing images/get?names=one,two.
Fixes: #7950
Signed-off-by: baude <bbaude@redhat.com>
when using the compatibility mode as rootless, containers that were created were not setting their host names correctly due to the netmode not being set.
Fixes: #7934
Signed-off-by: baude <bbaude@redhat.com>
due to a lack of "locking" on cni operations, we could get ourselves in trouble when doing rapid creation or removal of networks. added a simple file lock to deal with the collision and because it is not considered a performent path, use of the file lock should be ok. if proven otherwise in the future, some generic shared memory lock should be implemented for libpod and also used here.
moved pkog/network to libpod/network because libpod is now being pulled into the package and it has therefore lost its generic nature. this will make it easier to absorb into libpod as we try to make the network closer to core operations.
Fixes: #7807
Signed-off-by: baude <bbaude@redhat.com>
This commit is courtesy of
```
for f in $(git ls-files *.go | grep -v ^vendor/); do \
sed -i 's/\(errors\..*\)"Error /\1"error /' $f;
done
for f in $(git ls-files *.go | grep -v ^vendor/); do \
sed -i 's/\(errors\..*\)"Failed to /\1"failed to /' $f;
done
```
etc.
Self-reviewed using `git diff --word-diff`, found no issues.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
- Fixes issue where remote attach and exec only signaled the IdleTracker
on errors. Needs to done anytime after connection has been hijacked
- Fixes trying to send multiple http status codes to client
- Changes pprof and API server shutdowns to run in parallel
- Changes shutdown to run in sync.Once block
Signed-off-by: Jhon Honce <jhonce@redhat.com>
The `tag` parameter of the compat `images/create` endpoint can be both,
a tag and a digest. Fix parsing of the parameter to detect digests and
use the appropriate `@` separator.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Fix misspelled parameter
* add http-proxy support for builds
http_proxy must be set in the podman.service unit file, for example
Environment=http_proxy=<value>
Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Remove stutter naming for package and types
* Stop treating StateIdle the same as StateClosed, rather transitions to
StateIdle will keep API timeout window open
* Remove redundate code
Fixes#7826
Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Refactor auth pkg to support X-Registry-Config
* Refactor build endpoint to support X-Registry-Config. Supports:
* --creds
* --authfile
* Added X-Reference-Id Header to http.Request to support log event
correlation
* Log headers from http.Request
Signed-off-by: Jhon Honce <jhonce@redhat.com>
in the compatibility layer, creating a volume with a name that already does not result in an error. instead a 201 response with the existing volume's information is returned. while it seems like a bug on the part of docker and they agree, no attempt has been made to fix it in five years. See https://github.com/moby/moby/issues/16068Fixes: #7740
Signed-off-by: baude <bbaude@redhat.com>
Currently the --pull missing|always|never is ignored
This PR implements this for local API. For remote we
need to default to pullpolicy specified in the containers.conf
file.
Also fixed an issue when images were matching other images names
based on prefix, causing images to always be pulled.
I had named an image myfedora and when ever I pulled fedora, the system
thought that it there were two images named fedora since it was checking
for the name fedora as well as the prefix fedora. I changed it to check
for fedora and the prefix /fedora, to prefent failures like I had.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
when creating a container using the compat endpoint, the interactive bool was being hard set to false and ignoring the user's input.
Signed-off-by: baude <bbaude@redhat.com>
Enables podman create, pull, run, import to use --signature-policy option. Set it as hidden flag to be consistent with other commands.
Signed-off-by: Qi Wang <qiwan@redhat.com>
* API-Version header now Major.Minor to support tools parsing this
header
* Libpod Version updated to 2.0.0 to reflect changes in API field
values
* API-Version and Libpod-API-Version headers are now included in all
results
Fixes#7327
* Header support tested against goland 2020.2 and
https://www.jetbrains.com/help/idea/docker.html plugin
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Do not wait for events to occur before writing the OK header.
Events can take an unknown amount of time to occur and clients
do not need to wait until then to know if the connection is
good.
Fixes: #7263
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Refactor/Rename channel.WriteCloser() to encapsulate the channel
* Refactor build endpoint to "live" stream buildah output channels
over API rather then buffering output
* Refactor bindings/tunnel build because endpoint changes
* building tar file now in bindings rather then depending on
caller
* Cleanup initiating extra image engine
* Remove setting fields to zero values (less noise in code)
* Update tests to support remote builds
Fixes#7136Fixes#7137
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Invert the branch logic to match the comment. Docker seems to wait for
the container while Podman does not.
Enable the remote-disabled system test as well.
Fixes: #7135
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Support loading and saving tarballs with more than one image.
Add a new `/libpod/images/export` endpoint to the rest API to
allow for exporting/saving multiple images into an archive.
Note that a non-release version of containers/image is vendored.
A release version must be vendored before cutting a new Podman
release. We force the containers/image version via a replace in
the go.mod file; this way go won't try to match the versions.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add the filter option to the libpod endpoint.
Add support for the name filter on the docker endpoint.
Add apiv2 tests for the network list endpoints.
Enable podman network integration tests for remote.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Our previous flow was to perform a hijack before passing a
connection into Libpod, and then Libpod would attach to the
container's attach socket and begin forwarding traffic.
A problem emerges: we write the attach header as soon as the
attach complete. As soon as we write the header, the client
assumes that all is ready, and sends a Start request. This Start
may be processed *before* we successfully finish attaching,
causing us to lose output.
The solution is to handle hijacking inside Libpod. Unfortunately,
this requires a downright extensive refactor of the Attach and
HTTP Exec StartAndAttach code. I think the result is an
improvement in some places (a lot more errors will be handled
with a proper HTTP error code, before the hijack occurs) but
other parts, like the relocation of printing container logs, are
just *bad*. Still, we need this fixed now to get CI back into
good shape...
Fixes#7195
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
even though the official documentation suggests that application/x-tar should be used for tar files, it seems docker-compose uses application/tar. we now accept them and issue a warning.
Fixes: #7185
Signed-off-by: Brent Baude <bbaude@redhat.com>
The versions Docker that the compat endpoints currently support are
using another type for the `filters` parameter than later versions
of Docker, which the libpod/events endpoint is also using.
To prevent existing deplopyments from breaking while still achieving
backward compat, we now support both types for the filters parameter.
Tested manually.
Fixes: #6899
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Fix a potential panic in the events endpoint when parsing the filters
parameter. Values of the filters map might be empty, so we need to
account for that instead of uncondtitionally accessing the first item.
Also apply a similar for race conditions as done in commit f4a2d25c0fca:
Fix a race that could cause read errors to be masked. Masking
such errors is likely to report red herrings since users don't
see that reading failed for some reasons but that a given event
could not be found.
Another race was the handler closing event channel, which could lead to
two kinds of panics: double close, send to close channel. The backend
takes care of that. However, make sure that the backend stops working
in case the context has been cancelled.
Fixes: #6899
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This matches Docker behavior, and will make the Docker frontend
work with `podman system service` (Docker tries to create, then
if that fails with 404 sends a request to pull the image).
Fixes#6960
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This patch fixes connection counters for v2 endpoints
Idletracker was moved to a new package to prevent package cycle.
Hijacking code still remains in wrong place and should be moved
later to isolated package
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
After this patch v2 hijacking endpoints, exec/start and
containers/attach follow rfc 7230 specification.
Connection will only be upgraded, if client specifies upgrade
headers:
For tcp connections:
Connection: Upgrade
Upgrade: tcp
For unix socket connections:
Connection: Upgrade
Upgrade: sock
There are currently no checks if upgrade type actually matches with
available protocols. Implementation just protocol that client
requested
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
Add a `context.Context` to the log APIs to allow for cancelling
streaming (e.g., via `podman logs -f`). This fixes issues for
the remote API where some go routines of the server will continue
writing and produce nothing but heat and waste CPU cycles.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This change ensures that we pull volume bind specification strings from
the correct spot in the POSTed data when creating containers. We should
probably canity check that the mapping keys in `Volumes` are a superset
of the binds listed in `HostConfig.Binds` but this cheap change removes
an annoying behaviour where named volumes or host mount would be
silently replaced with newly created anonymous volumes.
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
With the advent of Podman 2.0.0 we crossed the magical barrier of go
modules. While we were able to continue importing all packages inside
of the project, the project could not be vendored anymore from the
outside.
Move the go module to new major version and change all imports to
`github.com/containers/libpod/v2`. The renaming of the imports
was done via `gomove` [1].
[1] https://github.com/KSubedi/gomove
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
We weren't actually halting the goroutine that sent events, so it
would continue sending even when the channel closed (the most
notable cause being early hangup - e.g. Control-c on a curl
session). Use a context to cancel the events goroutine and stop
sending events.
Fixes#6805
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
In response to input regarding the semantic difference for the `force`
parameter for volume removal between Docker and us, this change ensures
that we emulate the Dockr behaviour correctly when this parameter is
specified.
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
This change implements docker compatibile endpoint for interacting with
volumes. The code is mostly lifted from the `libpod` API handlers but
decodes and constructs data using types defined in the docker API
package.
Some notable support caveats with the current implementation:
* we don't return the nullable `Status` or `UsageData` keys when
returning volume information for inspect and create endpoints
* we don't support filters when pruning
* we return a fixed `0` for the `SpaceReclaimed` key when pruning
since we have no insight into how much space was freed from runtime
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
We have a flag, --syslog, for telling logrus to log to syslog as
well as to the terminal. Previously, this flag also set the exit
command for containers to use `--syslog` (otherwise all output
from exit commands is lost). I attempted to replicate this with
Podman v2.0, but quickly ran into circular import hell (the flag
is defined in cmd/podman, I needed it in cmd/podman/containers,
cmd/podman imports cmd/podman/containers already, etc). Instead,
let's just set the syslog flag automatically on
`--log-level=debug` so we log exit commands automatically when
debug-level logs are requested. This is consistent with Conmon
and seems to make sense.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
As part of APIv2 Attach, we need to be able to attach to freshly
created containers (in ContainerStateConfigured). This isn't
something Libpod is interested in supporting, so we use Init() to
get the container into ContainerStateCreated, in which attach is
possible. Problem: Init() will fail if dependencies are not
started, so a fresh container in a fresh pod will fail. The
simplest solution is to extend the existing recursive start code
from Start() to Init(), allowing dependency containers to be
started when we initialize the container (optionally, controlled
via bool).
Also, update some comments in container_api.go to make it more
clear how some of our major API calls work.
Fixes#6646
Signed-off-by: Matthew Heon <mheon@redhat.com>
This simply moves the function for the log handler for
APIv2 to a separate file to be consistent with other parts
of the code base.
Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
address problem when multiple -t were sent. and rework remote build's tarball if a context dir is given other than ".".
Fixes: #6578Fixes: #6577
Signed-off-by: Brent Baude <bbaude@redhat.com>
Fix a lint error of an used parameter. The error must have sneaked in
with a PR that was merged after the recent linter enablement.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The biggest obstacle here was cleanup - we needed a way to remove
detached exec sessions after they exited, but there's no way to
tell if an exec session will be attached or detached when it's
created, and that's when we must add the exit command that would
do the removal. The solution was adding a delay to the exit
command (5 minutes), which gives sufficient time for attached
exec sessions to retrieve the exit code of the session after it
exits, but still guarantees that they will be removed, even for
detached sessions. This requires Conmon 2.0.17, which has the new
`--exit-delay` flag.
As part of the exit command rework, we can drop the hack we were
using to clean up exec sessions (remove them as part of inspect).
This is a lot cleaner, and I'm a lot happier about it.
Otherwise, this is just plumbing - we need a bindings call for
detached exec, and that needed to be added to the tunnel mode
backend for entities.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This adds bindings for starting exec sessions, and then uses them
to wire up detached exec. Code is heavily based on Attach code
for containers, slightly modified to handle exec sessions.
Bindings are presently attached-only, detached is pending on a
Conmon update landing in CI. I'll probably get to that next.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Support the `X-Registry-Auth` http-request header.
* The content of the header is a base64 encoded JSON payload which can
either be a single auth config or a map of auth configs (user+pw or
token) with the corresponding registries being the keys. Vanilla
Docker, projectatomic Docker and the bindings are transparantly
supported.
* Add a hidden `--registries-conf` flag. Buildah exposes the same
flag, mostly for testing purposes.
* Do all credential parsing in the client (i.e., `cmd/podman`) pass
the username and password in the backend instead of unparsed
credentials.
* Add a `pkg/auth` which handles most of the heavy lifting.
* Go through the authentication-handling code of most commands, bindings
and endpoints. Migrate them to the new code and fix issues as seen.
A final evaluation and more tests is still required *after* this
change.
* The manifest-push endpoint is missing certain parameters and should
use the ABI function instead. Adding auth-support isn't really
possible without these parts working.
* The container commands and endpoints (i.e., create and run) have not
been changed yet. The APIs don't yet account for the authfile.
* Add authentication tests to `pkg/bindings`.
Fixes: #6384
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
add copy endpoint inputs and outputs. these endpoints are not implemented yet, nor are any bindings. this allows us to update this later without having to change our api version.
Signed-off-by: Brent Baude <bbaude@redhat.com>
* wire up bindings and handler for obtaining logs remotely
* enable debug logging from podman in e2e test using DEBUG and
DEBUG_SERVICE env variables
* Fix error in streaming log frames
* enable remote logs test
Signed-off-by: Jhon Honce <jhonce@redhat.com>
this is a very basic implementation of build. some of the more advanced options need to be included still as well. i think the endpoints for compat and libpod will have to split given buildahs more advanced set of options. that should probably be done by someone more experienced with build internals.
Signed-off-by: Brent Baude <bbaude@redhat.com>
* Update blang/semver to allow ParseTolerant() support
* Provide helper functions for API handlers to obtain client's 'version'
path variable focused on API endpoint tree: libpod vs. compat
* Introduce new errors:
* version not given in path, endpoints may determine if this is a hard
error (ErrVersionNotGiven)
* given version not supported (ErrVersionNotSupported), only a soft
error if the handler is going to hijack the connection
* Added unit tests for version parsing
* bindings check version on connect:
* client <= Server API version connection is continued
* client >= Server API version connection fails
Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Add support for /exec/{id}/resize
* Add support for ErrSessionNotFound
* Resize container TTY as stdin changes size
* Refactor all resize functions into one handler
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Jhon is working on an alternative version that will combine
container and exec session resize, so we'll wait for that.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
for the remote client, add the ability to attach to a container, start a container, and run a container.
Signed-off-by: Brent Baude <bbaude@redhat.com>
The usual flow for exec is going to be:
- Create exec session
- Start and attach to exec session
- Exec session exits, attach session terminates
- Client does an exec inspect to pick up exit code
The safest point to remove the exec session, without doing any
database changes to track stale sessions, is to remove during the
last part of this - the single inspect after the exec session
exits.
This is definitely different from Docker (which would retain the
exec session for up to 10 minutes after it exits, where we will
immediately discard) but should be close enough to be not
noticeable in regular usage.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Daniel J Walsh
OpenShift Merge Robot
baude
Matthew Heon
Matthew Heon
Jhon Honce
Paul Holzinger
Baron Lenardson
Josh Soref
Valentin Rothberg
Milivoje Legenovic
Matej Vasek
zhangguanzhang
Qi Wang
Riyad Preukschas
Petr Sakař
Alexander Zigelski
3sky
Kir Kolyshkin
Ashley Cui
Ed Santiago
Akihiro Suda
Korhonen Sami (Samlink)
maybe-sybr
Maximilian Müller
jgallucci32