If there are no running containers - for example, if the pod was
just created - the cgroup in question may not exist (under
certain circumstances that we're not 100% sure about). However,
regardless, we don't need to set a PID limit, as nothing will be
making cleanup processes (no running conmon processes), so not
changing the cgroup is safe regardless.
Fixes#5072
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
warning: the naming of this might change as well as the location.
this is a build on a PR from mheon from last year that proposes a shift from our current approach of creating containers based on the arbitrarily made createconfig. the new approach would be to have a specification that is detached from the podman cli. the spec could then be generated and used to make a container. this theoretically is the beginning of a long-needed refactor involving how we get from the cli -> libpod | apiv2 -> libpod with code re-use and less duplication.
the intent is to build the apiv2 container creation based on this approach only. wiring to the podman cli will happen after the fact.
Signed-off-by: Brent Baude <bbaude@redhat.com>
the linting task identifies gofmt issues; therefore it makes more sense to run our make gofmt first, which actually fixes the gofmt issues.
Signed-off-by: Brent Baude <bbaude@redhat.com>
When we filter, it should be out of all containers, not just
running ones, by default - this is necessary to ensure Docker
compatability.
Fixes#5050
Signed-off-by: Matthew Heon <mheon@redhat.com>
The current Libpod pkg/spec has become a victim of the better
part of three years of development that tied it extremely closely
to the current Podman CLI. Defaults are spread across multiple
places, there is no easy way to produce a CreateConfig that will
actually produce a valid container, and the logic for generating
configs has sprawled across at least three packages.
This is an initial pass at a package that generates OCI specs
that will supersede large parts of the current pkg/spec. The
CreateConfig will still exist, but will effectively turn into a
parsed CLI. This will be compiled down into the new SpecGenerator
struct, which will generate the OCI spec and Libpod create
options.
The preferred integration point for plugging into Podman's Go API
to create containers will be the new CreateConfig, as it's less
tied to Podman's command line. CRI-O, for example, will likely
tie in here.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Podman does select the wrong Containerfile if the current working
directory contains a Containerfile but we specify one from a different
location.
Reproducer:
```
> mkdir 1
> echo FROM scratch > Containerfile
> echo FROM golang > 1/Containerfile
> podman build -f 1/Containerfile -t test
STEP 1: FROM scratch
```
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Note: this commit is merely adding swagger documentation and the golang
stubs and types for the proposed endpoints. The implementation will
follow in separate individual changes in the future.
The ultimate goal is to prevent the libpod API from exposing the rather
complex /images/create endpoint from Docker and split it into easier to
implement, use and comprehend endpoints with a more narrow focus.
# Import
Add the v2 swagger documentation for the libpod/images/import endpoint.
Note that we have intend to have separate backend and not mix it up with
load since import allows for specifying a URL instead of a local
tarball.
# Load
Complete the v2 swagger documentation for the libpod/images/load
endpoint. Note that we are accounting for future plans to be able to
load multiple images from one oci/docker archive by returning an array
of image-load responses.
Also move the (incomplete) implementation of the generic endpoint to the
corresponding package and create a stub for the libpod handler, which
will be implemented once there's an agreement on the proposed API.
# Pull
Add the v2 swagger documentation for the libpod/images/pull endpoint.
Similar to the load endpoint, we return an array since more than one
image can be pulled when the `all-tags` parameter is set.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
this pr splits off some of the network container create options into a different flag set. the options in question are:
--add-host
--dns
--dns-opt
--dns-search
--ip
--mac-address
--network
--no-hosts
--publish
in the future, these options are going to be added to the pod create flags. this makes that transition easier and provides for less code duplication.
Signed-off-by: Brent Baude <bbaude@redhat.com>
A recent Makefile change (4ec893a748) removed a side-effect necessary
for 'make validation' to pass under automation. Making things worse,
change 12bd7e927c was found upon investigation to always point at
the latest upstream HEAD. However, this is rarely a fork-point for
pull-requests. Further investigation showed the built-in Cirrus-CI,
golang-based git does not obtain sufficient data for the Makefile
command `git merge-base HEAD $${DEST_BRANCH:-master}` to function
properly (in the context of the gate container).
Fix this by customizing the clone operation and slightly adjust the
Makefile command to function as intended in the gate container. Also
add checks to the validate and lint targets which validate the
variable EPOCH_TEST_COMMIT value is never an empty string or whitespace.
Signed-off-by: Chris Evich <cevich@redhat.com>
Include testcase to validate tag api responses and check if
all the image instaces are shown list command.
Also, Update the binding process and the response
Signed-off-by: Sujil02 <sushah@redhat.com>
* Add swagger support and documentation
* Promote handler as there can only ever be one
* Update swagger tags
Between verbs and paths there are four endpoints for /_ping. I've
attempted to document them well without four copies of the details.
Time will tell.
Clients will use the headers `Libpod-API-Version` and
`Libpod-Buildha-Version` to determine if they are connecting to a Podman
service or some other compatible engine.
Client calls GET(/_ping):
* VARLINK engines will fail with error message
* Compatible engines will return 200 without Libpod headers
* Podman engines will return 200 and Libpod headers
Signed-off-by: Jhon Honce <jhonce@redhat.com>
add the openapi/swagger documentation for exec. The subcommands added are create, inspect, resize, and start.
at the time of this writing, no structure is declared for the inspect response. once the libpod work for this is complete, we can inherit and swaggerize it.
Signed-off-by: Brent Baude <bbaude@redhat.com>
This makes restart a bit slower for root containers, but it does
make it more consistent with `podman stop` and `podman start` on
a container. Importantly, `podman restart` will now recreate
firewall rules if they were somehow purged.
Fixes#5051
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
When stopping signal handling (e.g., to properly handle ^C) we are also
closing the signal channel. We should really return from the go-routine
instead of continuing and risking double-closing the channel which leads
to a panic.
Fixes: #5034
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Matthew Heon
OpenShift Merge Robot
Valentin Rothberg
Sascha Grunert
Brent Baude
Daniel J Walsh
Matthew Heon
Chris Evich
Sujil02
Jhon Honce
dependabot-preview[bot]