Better explain the inner workings of both state types in comments
to make reviews and changes easier.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
All BoltDB access and update functions now understand namespaces.
Accessing containers outside of your namespace will produce
errors, except for Lookup and All functions, which will perform
their tasks only on containers within your namespace.
The "" namespace remains a reserved, no-restrictions namespace.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Dependency containers must be in the same namespace, to ensure
there are never problems resolving a dependency.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Add basic awareness of namespaces to the database. As part of
this, add constraints so containers can only be added to pods in
the same namespace.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
this should represent the last major changes to get darwin to **compile**. again,
the purpose here is to get darwin to compile so that we can eventually implement a
ci task that would protect against regressions for darwin compilation.
i have left the manual darwin compilation largely static still and in fact now only
interject (manually) two build tags to assist with the build. trevor king has great
ideas on how to make this better and i will defer final implementation of those
to him.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1047
Approved by: rhatdan
I got my database state in a bad way by killing a hanging container.
It did not setup the network namespace correctly
listing/remove bad containers becomes impossible.
podman run alpine/nginx
^c
got me in this state.
I got into a state in the database where
podman ps -a
was returning errors and I could not get out of it, Makeing joining the network
namespace a non fatal error fixes the issue.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #918
Approved by: mheon
The Refresh() function is used to reset a container's state after
a database format change to state is made that requires migration
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #981
Approved by: baude
Upon updating a container, if its network namespace has been
removed, we attempt to clean up the network namespace locally,
to ensure we don't leave hanging file descriptors. This triggers
cleanup code which assumes the network namespace still exists,
but it almost certainly was removed by whoever removed it from
the database. As such, we end up with unavoidable errors if we
don't want to leak FDs. Make these errors nonfatal and log them
because of this.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #962
Approved by: rhatdan
Pods can now create their own (cgroupfs) cgroups which containers
in them can (optionally) use.
This presently only works with CGroupFS, systemd cgroups are
still WIP
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #784
Approved by: rhatdan
Add a mutable state to pods, and database backend sutable for
modifying and updating said state.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #784
Approved by: rhatdan
This fixes the situation where we fail to create a container when a name already exists.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #517
Approved by: baude
Refactors creation of bind mounts into a separate function that
can be called from elsewhere (e.g. pod start or container
restart). This function stores the mounts in the DB using the
field established last commit.
Spec generation now relies upon this field in the DB instead of
manually enumerating files to be bind mounted in.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #462
Approved by: baude
Replace our old IP and Subnet fields in state with CNI types that
contain a lot more information. Retrieve these structs from the
CNI plugins themselves.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #440
Approved by: baude
This will behave better if we need to add anything to it at a
later date - we can add fields to the struct without breaking
existing BoltDB databases.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #412
Approved by: baude
Now, we don't need to use the global ID registry to iterate - we
can iterate only through containers or only through pods, without
having to iterate through both.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #184
Approved by: baude
This allows us to JSON it and stuff it in the DB - previously,
all pod fields were private, so JSON couldn't encode them. This
allows us to keep all pod fields private by having a substruct
with public fields.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #184
Approved by: baude
