This removes some boilerplate from the libpod package, so we can focus
on container stuff there. And it gives us a tidy sub-package for
focusing on ctime extraction, so we can focus on unit testing and
portability of the extraction utility there.
For the unsupported implementation, I'm falling back to Go's ModTime
[1]. That's obviously not the creation time, but it's likely to be
closer than the uninitialized Time structure from cc6f0e85 (more
changes to compile darwin, 2018-07-04, #1047). Especially for our use
case in libpod/oci, where we're looking at write-once exit files.
The test is more complicated than I initially expected, because on
Linux filesystem timestamps come from a truncated clock without
interpolation [2] (and network filesystems can be completely decoupled
[3]). So even for local disks, creation times can be up to a jiffie
earlier than 'before'. This test ensures at least monotonicity by
creating two files and ensuring the reported creation time for the
second is greater than or equal to the reported creation time for the
first. It also checks that both creation times are within the window
from one second earlier than 'before' through 'after'. That should be
enough of a window for local disks, even if the kernel for those
systems has an abnormally large jiffie. It might be ok on network
filesystems, although it will not be very resilient to network clock
lagging behind the local system clock.
[1]: https://golang.org/pkg/os/#FileInfo
[2]: https://groups.google.com/d/msg/linux.kernel/mdeXx2TBYZA/_4eJEuJoAQAJ
Subject: Re: Apparent backward time travel in timestamps on file creation
Date: Thu, 30 Mar 2017 20:20:02 +0200
Message-ID: <tqMPU-1Sb-21@gated-at.bofh.it>
[3]: https://groups.google.com/d/msg/linux.kernel/mdeXx2TBYZA/cTKj4OBuAQAJ
Subject: Re: Apparent backward time travel in timestamps on file creation
Date: Thu, 30 Mar 2017 22:10:01 +0200
Message-ID: <tqOyl-36A-1@gated-at.bofh.it>
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1050
Approved by: mheon
if we snip the requirement to use a buildah const in the libpod image library,
we can save something on the order of 85 vendored files in consumers of the
the library.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1054
Approved by: mheon
Use a single function startAttachCtr() to handle both container start
with attach and attach to running containers, as the code handling the
attach is common for the 2 use cases.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Closes: #1025
Approved by: rhatdan
Originally, it seemed like a good idea to place Conmon and the
container it managed under a shared CGroup, so we could manage
the two together. It's become increasingly clear that this is a
potential performance sore point, gains us little practical
benefit in managing Conmon, and adds extra steps to container
cleanup that interfere with Conmon postrun hooks.
Revert back to a shared CGroup for conmon processes under the
CGroup parent. This will retain per-pod conmon CGroups as well if
the pod is set to create a CGroup and act as CGroup parent for
its containers.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1051
Approved by: umohnani8
b96be3af (changes to allow for darwin compilation, 2018-06-20, #1015)
made AddPrivilegedDevices per-platform and cc6f0e85 (more changes to
compile darwin, 2018-07-04, #1047) made CreateBlockIO per-platform.
But both left but left out docs for the unsupported version [1]:
pkg/spec/config_unsupported.go:18:1⚠️ exported method
CreateConfig.AddPrivilegedDevices should have comment or be
unexported (golint)
pkg/spec/config_unsupported.go:22:1⚠️ exported method
CreateConfig.CreateBlockIO should have comment or be unexported
(golint)
To keep the docs DRY, I've restored the public methods and their docs,
and I've added new, internal methods for the per-platform
implementations.
[1]: https://travis-ci.org/projectatomic/libpod/jobs/400555937#L160
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1034
Approved by: baude
b96be3af (changes to allow for darwin compilation, 2018-06-20, #1015)
made RemovePod per-platform, but left out docs for the unsupported
version [1]:
libpod/runtime_pod_unsupported.go:14:1⚠️ exported method
Runtime.RemovePod should have comment or be unexported (golint)
To keep the docs DRY, I've restored RemovePod and its docs to their
previous location, and named a new, internal removePod for the
per-platform implementations.
[1]: https://travis-ci.org/projectatomic/libpod/jobs/400555937#L159
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1034
Approved by: baude
This function was added in cc6f0e85 (more changes to compile darwin,
2018-07-04, #1047), but it has no consumers and no Linux analog.
Remove it, which also fixes the [1]:
libpod/networking_unsupported.go:9:1⚠️ exported function
JoinNetworkNameSpace should have comment or be unexported (golint)
lint issue.
[1]: https://travis-ci.org/projectatomic/libpod/jobs/400555937#L158
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1034
Approved by: baude
The files were split apart by b96be3af (changes to allow for darwin
compilation, 2018-06-20, #1015), but the C import and two functions
left in rootless.go are all Linux-specific as well. This commit moves
all of the pre-b96be3af rootless.go into rootless_linux.go, just
adding the '// +build linux' header (b96be3af also scrambled the + in
that header) and keeping the new GetRootlessUID from a1545fe6
(rootless: add function to retrieve the original UID, 2018-07-05, #1048).
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1034
Approved by: baude
Pattern-rule documentation is in [1]. This commit follows the basic
approach from [2], with the portable build tags from [3].
Using --keep-going allows folks to see errors for multiple target
platforms. For example, if the Darwin target dies, we'll still
attempt to build the Linux target before erroring out.
I've added an ALLOWED_TO_FAIL environment variable to mark script
blocks for the the allow_failures block. Currently we're requiring
builds from Linux for Linux and OS X to succeed, but allowing builds
from OS X to both targets to fail.
[1]: https://www.gnu.org/software/make/manual/html_node/Pattern-Intro.html#Pattern-Intro
[2]: e5031fcf9a
[3]: https://github.com/kubernetes-incubator/cri-o/pull/1653
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1034
Approved by: baude
this should represent the last major changes to get darwin to **compile**. again,
the purpose here is to get darwin to compile so that we can eventually implement a
ci task that would protect against regressions for darwin compilation.
i have left the manual darwin compilation largely static still and in fact now only
interject (manually) two build tags to assist with the build. trevor king has great
ideas on how to make this better and i will defer final implementation of those
to him.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1047
Approved by: rhatdan
Building our own image to test built-in volume and user
instead of using the mariadb one.
Solves timeout issue in travis tests.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1044
Approved by: mheon
when XDG_RUNTIME_DIR is not set, still attempt to use /run/user/$UID
before looking up other directories.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1048
Approved by: mheon
After we re-exec in the userNS os.Getuid() returns the new UID (= 0)
which is not what we want to use.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1048
Approved by: mheon
Vendor an updated version of urfave/cli to fix the parsing of short
options. Until the fix is merged upstream, vendor the code from
github.com/vrothberg/cli containing both, the latest urfave/cli and
the bug fix.
Fixes: #714
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1046
Approved by: rhatdan
man-pages(7) has [1]:
> For commands, this shows the syntax of the command and its arguments
> (including options); boldface is used for as-is text and italics are
> used to indicate replaceable arguments. Brackets ([]) surround
> optional arguments, vertical bars (|) separate choices, and ellipses
> (...) can be repeated.
I've adjusted our SYNOPSIS entries to match that formatting, and
generally tried to make them more consistent with the precedent set by
the man-pages project. Outside of the SYNOPSIS entry, I prefer using
backticks for literals, although in some places I've left the **
bolding to keep things visually similar to a nearby SYNOPSIS entry.
[1]: http://man7.org/linux/man-pages/man7/man-pages.7.html
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1027
Approved by: rhatdan
This makes fixing errors easier. Before this commit, errors looked
like [1]:
$ make gofmt
libpod/container_linux.go:1:⚠️ file is not gofmted with -s (gofmt)
make: *** [gofmt] Error 1
But that's not very helpful when your local gofmt thinks the file is
fine. With this commit, errors will look like:
$ make gofmt
find . -name '*.go' ! -path './vendor/*' -exec gofmt -s -w {} \+
git diff --exit-code
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index df4de3fe..22b39870 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -1,7 +1,7 @@
package libpod
import (
-"bytes"
+ "bytes"
"context"
"encoding/json"
"fmt"
make: *** [Makefile:87: gofmt] Error 1
(or whatever, I just stuffed in a formatting error for demonstration
purposes).
Also remove the helper script in favor of direct Makefile calls,
because with Git handling difference reporting and exit status, this
becomes a simpler check. find's -exec, !, and -path arguments are
specified in POSIX [2].
[1]: https://travis-ci.org/kubernetes-incubator/cri-o/jobs/331949394#L1075
[2]: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/find.html
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1038
Approved by: rhatdan
The destination path of the built-in volume was not being created
but a relabel was being attempted on it, this was causing issues
with all images that have built-in volumes.
This patch fixes that and ensures the destination volume path
is created.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1026
Approved by: mheon
When we run containers in detach mode, nothing cleans up the network stack or
the mount points. This patch will tell conmon to execute the cleanup code when
the container exits.
It can also be called to attempt to cleanup previously running containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #942
Approved by: mheon
I got my database state in a bad way by killing a hanging container.
It did not setup the network namespace correctly
listing/remove bad containers becomes impossible.
podman run alpine/nginx
^c
got me in this state.
I got into a state in the database where
podman ps -a
was returning errors and I could not get out of it, Makeing joining the network
namespace a non fatal error fixes the issue.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #918
Approved by: mheon
If the caller sets up the app to be in logrus.DebugLevel,
then we will add the --syslog flag to conmon to get all of the
messages.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1014
Approved by: TomSweeneyRedHat
Fixes issue with build for last step of docker file when
building with --layers.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1023
Approved by: mheon
Instead of setting the --registry flag to search a single registry,
prefix the registry before the image name in the input, an example is
`podman search registry.fedoraproject.org/fedora` and this will search for
the fedora image in only registry.fedoraproject.org.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1011
Approved by: rhatdan
On Thu, Jun 28, 2018 at 03:48:26AM -0700, Marco Vedovati wrote [1]:
> The root cause is a deadlock between two channel writes made by two
> different goroutines:
>
> 1. `resizeTty() : go func(){} : sendUpdate()` is sending a resize
> message thru `resize` right at the beginning, but the channel is
> never read if some startup error occurs.
>
> 2. Upon program termination, `startAttachCtr() : defer func(){} ` is
> telling the goroutine in "1." to stop via the `resizeTerminate`
> channel. But that guy is still waiting for the write to `resize`
> to complete so the the termination message is never read.
>
> I think the go deadlock detection does not kick in because not all
> goroutines are seen as asleep. E.g. `os/signal Notify()` is enough
> to have the deadlock not detected.
333ab8c2 (Fix podman hangs when detecting startup error in container
attached mode, 2018-06-27, #1010) addressed this with a deferred
drain. This commit adjusts that approach to use a single select to
cover "have we been canceled?", "has there been a resize signal?", and
(when we have one) "can we write the most recent resize event to the
resize channel?".
A side benefit to this approach is that if we have a slow resize
consumer and several resize signals, the resizeTty function will keep
updating its local resizeEvent. Once the resize channel is able to
accept, only the most-recent event will be written. Previously we'd
have written one resize event for every received signal, even if the
resize consumer was falling behind.
[1]: https://github.com/projectatomic/libpod/pull/1010#issuecomment-400994436
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1018
Approved by: rhatdan
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
The initial resize command sent to the terminal window over the resize
channel may never be delivered in case of error.
Hence it is necessary to consume all data from the resize channel to
avoid a deadlock on startup.
Fixes: #1009Closes: #1010
Approved by: giuseppe
