allow the user to define a remote host and remote username for their
remote podman sessions. this is then feed to the varlink "bridge" as
the ssh credentials and endpoint.
Signed-off-by: baude <bbaude@redhat.com>
the podman generate systemd command will generate a systemd unit file
based on the attributes of an existing container and user inputs. the
command outputs the unit file to stdout for the user to copy or
redirect. it is enabled for the remote client as well.
users can set a restart policy as well as define a stop timeout
override for the container.
Signed-off-by: baude <bbaude@redhat.com>
As part of this, rework the number of workers used by various
Podman tasks to match original behavior - need an explicit
fallthrough in the switch statement for that block to work as
expected.
Also, trivial change to Podman cleanup to work on initialized
containers - we need to reset to a different state after cleaning
up the OCI runtime.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Ensure when using remote attach --no-stdin a mock device is used to
prevent stdin and not nil. This fixes issue #3009.
When starting a container with the remote client, if the container is
already running and the user asks to attach, we should just attach.
This fixes issue #3011
Signed-off-by: baude <bbaude@redhat.com>
Add a context.Context parameter to Image.GetParent(), Image.IsParent(),
Image.GetChildren(), Image.Remove(), and Runtime.PruneImages().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
add the ability for podman to read and write events to journald instead
of just a logfile. This can be controlled in libpod.conf with the
`events_logger` attribute of `journald` or `file`. The default will be
set to `journald`.
Signed-off-by: baude <bbaude@redhat.com>
Fixes the ability to run (create,start) a container and attach to its
console correctly. We can now also exit from the console without
hanging the remote client.
Signed-off-by: baude <bbaude@redhat.com>
Also, you can now podman-remote run -it. There are some bugs that need
to be ironed out but I would prefer to merge this so we can make both
progress on start and exec as well as the bugs.
* when doing podman-remote run -it foo /bin/bash, you have to press
enter to get the prompt to display. with the localized podman, we had to
teach it connect to the console first and then start the container so we
did not miss anything.
* when executing "exit" in the console, we get a hard lockup likely
because nobody knows what to do.
* custom detach keys are not supported
* podman-remote run -it alpine ls does not currently work. only
dropping to a shell works.
Signed-off-by: baude <bbaude@redhat.com>
add the ability to create and run containers via the podman-remote
client.
we now create an intermediate layer from the the create/run cli flags.
the intermediate layer can be converted into a createconfig or into a
varlink struct. Once transported, the varlink struct can be converted
back to an intermediate layer and then to a createconfig.
remote terminals are not supported yet.
Signed-off-by: baude <bbaude@redhat.com>
when pulling a non-existent image via varlink, we had a panic because
when we detected a pull error we sent the error over a channel but still
tried to deduce the image id on a nil object.
Fixes: #2860
Signed-off-by: baude <bbaude@redhat.com>
the remote client now can run the diff command to report changes,
modifications, and deletions in an image or container.
Signed-off-by: baude <bbaude@redhat.com>
Add `digest` field to Image struct and update API.md
Show image digests when using --digests in podman-remote.
```
$ PODMAN_VARLINK_ADDRESS="tcp:127.0.0.1:1234" sudo bin/podman-remote images --digests
REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE
docker.io/library/alpine latest sha256:d05ecd4520cab5d9e5d877595fb0532aadcd6c90f4bbc837bc11679f704c4c82 5cb3aa00f899 2 weeks ago 5.79 MB
docker.io/library/busybox latest sha256:4415a904b1aca178c2450fd54928ab362825e863c0ad5452fd020e92f7a6a47e d8233ab899d4 5 weeks ago 1.42 MB
```
Signed-off-by: Qi Wang <qiwan@redhat.com>
We have a very high performance JSON library that doesn't need to
perform code generation. Let's use it instead of our questionably
performant, reflection-dependent deep copy library.
Most changes because some functions can now return errors.
Also converts cmd/podman to use jsoniter, instead of pkg/json,
for increased performance.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
on the remote client, if a user wants to know the rootfs size of a
container, a -s should be passed. this corrects a behavior where size
was shown by default.
Fixes#2765
Signed-off-by: baude <bbaude@redhat.com>
We have a new event for container 'Exited' which has been renamed to
'died'.
also removed the stream bool from the varlink endpoint for events
because it can be determined by the varlink more value.
Signed-off-by: baude <bbaude@redhat.com>
add the ability for users to specify more than one container at a time
while using podman logs. If more than one container is being displayed,
podman will also prepend a shortened container id of the container on
the log line.
also, enabled the podman-remote logs command during the refactoring of
the above ability.
fixes issue #2219
Signed-off-by: baude <bbaude@redhat.com>
In lipod, we now log major events that occurr. These events
can be displayed using the `podman events` command. Each
event contains:
* Type (container, image, volume, pod...)
* Status (create, rm, stop, kill, ....)
* Timestamp in RFC3339Nano format
* Name (if applicable)
* Image (if applicable)
The format of the event and the varlink endpoint are to not
be considered stable until cockpit has done its enablement.
Signed-off-by: baude <bbaude@redhat.com>
this is the final enablement for the pod subcommand. it includes the
ability to run podman-remote pod top and stats.
Signed-off-by: baude <bbaude@redhat.com>
* Clean up adapter code
* Add GetContainersByContext to Varlink API
* Add missing comments
* Restore save command
* Restore error type mapping when using varlink
Signed-off-by: Jhon Honce <jhonce@redhat.com>
the remote-client is currently weak for carrying error messages
over the varlink interface and displaying something useful to users
and developers for the purposes of debug. this is a starting point
to improve that user experience.
Signed-off-by: baude <bbaude@redhat.com>
enable the remote client to be able to inspect a pod. also, bonus of
enabling the podman pod exists command which returns a 0 or 1 depending
on whether the given pod exists.
Signed-off-by: baude <bbaude@redhat.com>
Also add some argument checks to the Varlink function to avoid
referencing nil pointers, and complement the API.md descriptions.
The varlink endpoint can be tested via varlink CLI:
$ varlink call -m unix:/run/podman/io.podman/io.podman.SearchImages \
'{"query": "ruby", "limit": 0, "tlsVerify": false, "filter": {}}'
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Refactor the image-search logic from cmd/podman/search.go to
libpod/image/search.go and update podman-search and the Varlink API to
use it.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Prior, a pod would have to be started immediately when created, leading to confusion about what a pod state should be immediately after creation. The problem was podman run --pod ... would error out if the infra container wasn't started (as it is a dependency). Fix this by allowing for recursive start, where each of the container's dependencies are started prior to the new container. This is only applied to the case where a new container is attached to a pod.
Also rework container_api Start, StartAndAttach, and Init functions, as there was some duplicated code, which made addressing the problem easier to fix.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
Cockpit team wants to list the registry name where the image was
found.
Also fix up SearchImages code to check if the user specified a registry
in his call to use that rather then all the registries, This matches
podman search command.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Cockpit wants to be able to search images on systems without
tlsverify turned on.
tlsverify should be an optional parameter, if not set then we default
to the system defaults defined in /etc/containers/registries.conf.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
iFix builtin volumes to work with podman volume
Currently builtin volumes are not recored in podman volumes when
they are created automatically. This patch fixes this.
Remove container volumes when requested
Currently the --volume option on podman remove does nothing.
This will implement the changes needed to remove the volumes
if the user requests it.
When removing a volume make sure that no container uses the volume.
Signed-off-by: Daniel J Walsh dwalsh@redhat.com
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
allow users to remotely prune volumes.
this is the last volume command for remote enablement. as such,
the volume commands are being folded back into main because they
are supported for both local and remote clients.
also, enable all volume tests that do not use containers
as containers are not enabled for the remote client yet.
Signed-off-by: baude <bbaude@redhat.com>
add the ability to build images using files local to the remote-client
but over a varlink interface to a "remote" server.
Signed-off-by: baude <bbaude@redhat.com>
enable podman-remote push so that users can push images from a
remote client.
change in push API to deal with the need to see output over the
varlink connection.
Signed-off-by: baude <bbaude@redhat.com>
Image more clearly describes what the type represents.
Also, only include the image name in the `ImageNotFound` error returned
by `GetImage()`, not the full error message.
Signed-off-by: Lars Karlitski <lars@karlitski.net>
This is more consistent and eaiser to parse than the format that
golang's time.String() returns.
Fixes#2260
Signed-off-by: Lars Karlitski <lars@karlitski.net>
There are other ways for developers to "ensure their varlink setup is
working", for example by calling `GetVersion()` or any call on the
org.varlink.service interface.
Signed-off-by: Lars Karlitski <lars@karlitski.net>
Remove the `NotImplemented` type and comment out the methods that use
it. This way we can keep track of the methods that still need to be
implemented without committing them to stable API.
Signed-off-by: Lars Karlitski <lars@karlitski.net>
We intend to migrate to the cobra cli from urfave/cli because the
project is more well maintained. There are also some technical reasons
as well which extend into our remote client work.
Signed-off-by: baude <bbaude@redhat.com>
Currently handlin memory via varlink is hard coded to 0
Changing to
Memory: create.Resources.Memory,
MemoryReservation: create.Resources.Memory_reservation,
MemorySwap: create.Resources.Memory_swap,
MemorySwappiness: int(create.Resources.Memory_swappiness),
KernelMemory: create.Resources.Kernel_memory,
Allows callers to modify these memory settings.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
addition of import and export for the podman-remote client. This includes
the ability to send and receive files between the remote-client and the
"podman" host using an upgraded varlink connection.
Signed-off-by: baude <bbaude@redhat.com>
The toolbox project would benefit from a few changes to more closely
resembe the original atomic cli project. Changes made are:
* only pull image for container runlabel if the label exists in the image
* if a container image does not have the desired label, exit with non-zero
Signed-off-by: baude <bbaude@redhat.com>
we now, by default, only prune dangling images. if --all is passed, we
prune dangling images AND images that do not have an associated containers.
also went ahead and enabled the podman-remote image prune side of things.
Fixes: #2192
Signed-off-by: baude <bbaude@redhat.com>
We want to return a map of containermounts where the key is container
id and it points to the mountpath.
Issue #2215
Signed-off-by: baude <bbaude@redhat.com>
initial enablement of podman-remote version. includes add a APIVersion const
that will allow us to check compatibility between host/client when connections
are made.
also added client related information to podman info.
Signed-off-by: baude <bbaude@redhat.com>
when defining containers, we missed the conditional logic to allow
the container to be defined with "WithPod" and so forth. I had to
slightly modify the createcontainer process to pass a libpod.Pod
that could override things; use nil as no pod.
Signed-off-by: baude <bbaude@redhat.com>
Avoid generating
quay.io/openshift-release-dev/ocp-release@sha256@sha256:239... and
similar when the image name is already digest-based [1]. It's not
clear exactly how we get into this state, but as shown by the unit
tests, the new code handles this case correctly (while the previous
code does not).
[1]: https://github.com/containers/libpod/issues/2086
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #2106
Approved by: rhatdan
Add the ability to build a remote client in golang that uses all
the same front-end cli code and output code. The initial limitations
here are that it can only be a local client while the bridge and
resolver code is being written for the golang varlink client.
Tests and docs will be added in subsequent PRs.
Signed-off-by: baude <bbaude@redhat.com>
Going through and adding options (like tls-verify, signature option, etc)
to some varlink endpoints (like push/pull) many of which had not been
updated since their original authoring.
Signed-off-by: baude <bbaude@redhat.com>
like podman stop of containers, we should allow the user to specify
a timeout override when stopping pods; otherwise they have to wait
the full timeout time specified during the pod/container creation.
Signed-off-by: baude <bbaude@redhat.com>
DockerRegistryOptions.DockerInsecureSkipTLSVerify as an types.OptionalBool
can now represent that value, so forceSecure is redundant.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
DockerRegistryOptions.DockerInsecureSkipTLSVerify as an types.OptionalBool
can now represent that value, so forceSecure is redundant.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Following SystemContext.DockerInsecureSkipTLSVerify, make the
DockerRegistryOne also an OptionalBool, and update callers.
Explicitly document that --tls-verify=true and --tls-verify unset
have different behavior in those commands where the behavior changed
(or where it hasn't changed but the documentation needed updating).
Also make the --tls-verify man page sections a tiny bit more consistent
throughout.
This is a minimal fix, without changing the existing "--tls-verify=true"
paths nor existing manual insecure registry lookups.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Not just nil.
Addressing:
pkg/varlinkapi/images.go:273:15⚠️ ineffectual assignment to err (ineffassign)
Signed-off-by: Šimon Lukašík <slukasik@redhat.com>
It was setting the wrong variable (CamelCase)
in the wrong module ("main", not "libpod")...
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
To work better with Kata containers, we need to delete() from the
OCI runtime as a part of cleanup, to ensure resources aren't
retained longer than they need to be.
To enable this, we need to add a new state to containers,
ContainerStateExited. Containers transition from
ContainerStateStopped to ContainerStateExited via cleanupRuntime
which is invoked as part of cleanup(). A container in the Exited
state is identical to Stopped, except it has been removed from
the OCI runtime and thus will be handled differently when
initializing the container.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Update varlink document
* Add NoContainersInPod error in go and python
* Add support for varlink pod interface
* New code passes pylint
* Fix bug in test_runner.sh
* Update integration tests for race condition on status check
* Add missing port config file support
Signed-off-by: Jhon Honce <jhonce@redhat.com>
For the sake of debug and problem reporting, we would benefit from knowing
what buildah version was vendored into podman. Also, knowing the distribution
and distribution version would also be handy.
Signed-off-by: baude <bbaude@redhat.com>
We added a timeout for convenience, but most invocations don't
care about it. Refactor it into WaitWithTimeout() and add a
Wait() that doesn't require a timeout and uses the default.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1527
Approved by: mheon
when using the varlink api, we should pass on the registries information
as is present in the cli info command.
Signed-off-by: baude <bbaude@redhat.com>
Waiting uses a lot of CPU, so drop back to checking once/second
and allow user to pass in the interval.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We should be sharing cgroups namespace by default in pods
uts namespace sharing was broken in pods.
Create a new libpod/pkg/namespaces for handling of namespace fields
in containers
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1418
Approved by: mheon
This will help document the defaults in podman build.
podman build --help will now show the defaults and mention
the environment variables that can be set to change them.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1364
Approved by: mheon
In the API docs, we generally state the type of error that should be returned
if a container or image cannot be found. In several cases, the code did not
match the API doc, when the API doc was correct.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1353
Approved by: rhatdan
A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
This results in some functionality changes:
If a ErrCtrStateInvalid is returned to GetPodStats, the container is ommitted from the stats.
As such, if an empty slice of Container stats are returned to GetPodStats in varlink, an error will occur.
GetContainerStats will return the ErrCtrStateInvalid as well.
Finally, if ErrCtrStateInvalid is returned to the podman stats call, the container will be ommitted from the stats.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1319
Approved by: baude
To better reflect it's usage: to share functions between podman and varlink.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1275
Approved by: mheon
Need to get some small changes into libpod to pull back into buildah
to complete buildah transition.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1270
Approved by: mheon
We need to pass the image format OCI or docker in the varlink commit command.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Closes: #1281
Approved by: mheon
when searching multiple registries for images, if we get an error on one
of the searches, we should keep going and complete the search. if there
is only one search registry however, we will return an error.
Resolves: #1255
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1257
Approved by: mheon
Rather than making a runtime each time a client hits a varlink endpoint, we now
make a single runtime when the varlink service starts up. This fixes a problem
where we hit a max inotify limit from CNI.
Resolves: #1211
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1215
Approved by: rhatdan
The goal is to be very explicit about which functions try to heuristically
guess what is the expected format of the string. Not quite "shaming"
the users, but making sure they stand out.
RFC:
- Is this at all acceptable? Desirable?
- varlink ExportImage says "destination must have transport type";
should it be using alltransports.ParseImageReference
+ PushImageToReference, then?
(While touching the call in cmd/podman, also remove a commented-out
older version of the call.)
Should not change behavior (but does not add unit tests).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
When removing an image via varlink, we should always return the
ID of the image even in the case where the image has multiple
repository names and one was only untagged.
Reported by jhonce during integration testing.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1191
Approved by: jwhonce
when using the getattachsockets endpoint, which returns the sockets needed
to create and use a terminal, we should check if the container is just in the
configured state. if so, we need to perform a container init to have conmon
create the required sockets so we can attach to them prior to starting the container.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1067
Approved by: jwhonce
When we run containers in detach mode, nothing cleans up the network stack or
the mount points. This patch will tell conmon to execute the cleanup code when
the container exits.
It can also be called to attempt to cleanup previously running containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #942
Approved by: mheon
If the caller sets up the app to be in logrus.DebugLevel,
then we will add the --syslog flag to conmon to get all of the
messages.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1014
Approved by: TomSweeneyRedHat
If the intermediate image exists in the store, podman history
will show the IDs of the intermediate image of each layer.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #982
Approved by: mheon
Everytime we add a new option for create, we end up having to also
add it to run, this makes it error prone. Moving these to the same
function makes it easier to develop and prevents user mistakes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #975
Approved by: mheon
the varlink build was not working as designed and required some touch-ups:
* return a struct that includes logs and the new image ID
* pass namespaceoption so that networking in buildah works
Signed-off-by: baude <bbaude@redhat.com>
Closes: #903
Approved by: rhatdan
Add the endpoint and methods for build so users can build an image
with varlink. build can also use the more method for streaming
output back more regularily; however, it looks like a bug in buildah
does not output all build output to the writer provided.
Tidy up some create fixes and add endpoint for GetImage requested by
jhonce.
Signed-off-by: baude <bbaude@redhat.com>
when obtaining the inspect information for a container through varlink, we need
to extract more container related information by parsing the data through the
method 'GetCtrInspectInfo' which was previously only in podman's main.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #866
Approved by: rhatdan
The docker-archive tar files can have multiple tags for the same
image stored in it. Load pulls all the tags found in the archive
when loading a tar file. Save can oush multiple tags of the same
image to a tar archive.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #819
Approved by: rhatdan
- Added alias 'container()' to image model for CreateContainer()
- Fixed return in containers_create.go to wrap error in varlink
exception
- Added a wait time to container.kill(), number of seconds to wait
for the container to change state
- Refactored cached_property() to use system libraries
- Refactored tests to speed up performance
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #821
Approved by: rhatdan
Fixes a bug where the force bool was being ignored when deleting images
via the varlink interface.
Also, minor fix to the docs to add a line break between methods and types in
the doc index.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #753
Approved by: rhatdan
The varlinfo info returns the same information as podman info but always includes
the so-called debug information.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #745
Approved by: baude
When using varlink to pull an image, we should expose the actual error to the caller.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #744
Approved by: rhatdan
Like podman pull, when you push an image, podman should check
if the registry is listed as insecure and if so, it should
--tls-verify=false unless the user overrides this.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #738
Approved by: mheon
Using varlink's idl parser, we generate API documentation for the podman
API relying on the .varlink file as the source.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #734
Approved by: baude
baude
OpenShift Merge Robot
Matthew Heon
Qi Wang
Nalin Dahyabhai
Peter Hunt
Jhon Honce
Valentin Rothberg
Daniel J Walsh
Lars Karlitski
W. Trevor King
Miloslav Trmač
Giuseppe Scrivano
Šimon Lukašík
Anders F Björklund
Matthew Heon
Matthew Heon
umohnani8