It was setting the wrong variable (CamelCase)
in the wrong module ("main", not "libpod")...
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
when the PS command was reworked for performance and formatting improvements,
i forgot to truncate the command field. Long container commands was throwing
the formatting off. we now truncated to 17 characters plus the elipses.
Signed-off-by: baude <bbaude@redhat.com>
for backwards compatibility and auto-test, we needed a few changes
that slipped in when i reworked ps to be faster to be reverted. the
follow behaviours were reverted:
1. the is_infra column was redacted. that appears to be a mistake on my
part.
2. a newline after ps prints its format was added
3. a newline prior to printing the headers was removed.
Signed-off-by: baude <bbaude@redhat.com>
Ed has asked that we revert to using two spaces for padding between PS fields. I assume
this is for docker autotests.
Signed-off-by: baude <bbaude@redhat.com>
add a global flag for --max-workers so users can limit the number
of parallel operations for a given function. also, when not limited
by max-workers, we implement a heuristic function that returns the
number of preferred parallel workers based on the number of CPUs and
the given operation.
Signed-off-by: baude <bbaude@redhat.com>
As discussed [1], the runlabel command should execute any command
specified in a label. The reasoning behind is that we cannot restrict
which options are passed to Podman which thereby has full access to the
host (runlabels must be used with care).
With the updated semantics, runlabel will substitute the commands with a
basepath equal to "docker" or "podman" with "/proc/self/exe", and
otherwise leave the command unchanged to execute any other command on
the host.
[1] https://github.com/containers/libpod/pull/1607#issuecomment-428321382
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
prevent opening the same file twice, since we re-exec podman in
rootless mode. While at it, also solve a possible race between the
check for the file and writing to it. Another process could have
created the file in the meanwhile and we would just end up overwriting
it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This removes duplicate code paths which has been previously factored out
as getAllOrLatestContainers().
Signed-off-by: Adrian Reber <areber@redhat.com>
Instead of duplicating the same code in multiple commands this uses the
newly added function checkAllAndLatest() instead.
Signed-off-by: Adrian Reber <areber@redhat.com>
Just as the checkAllAndLatest() function the new code in
getAllOrLatestContainers() is used in some commands and duplicated. This
factors out this code to be used in other places without duplicating it.
Signed-off-by: Adrian Reber <areber@redhat.com>
The check about the --all and --latest option is used and repeated and
some commands. Factor it out and put it into common.
Signed-off-by: Adrian Reber <areber@redhat.com>
Fix the parsing of environment variables to catch invalid ones, such as
`-e = ` or `-e =A`, early in the stack to return meaningful error
messages. Also, instead of erroring out, set unspecified env variables
as empty (e.g., `-e FOO`) to remain compatible with Docker.
Fixes: #1663
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
when doing stats -a|--all, if you have non-running containers, we should
not error on not being able to get information like PID, etc on them.
Signed-off-by: baude <bbaude@redhat.com>
When doing rm, we now parallelize the actual conainter deletions so they
can complete faster. This speeds up operations like rm -a.
Signed-off-by: baude <bbaude@redhat.com>
Running 'podman port -l' on a system without any containers created
gives:
$ podman port -l
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0xf3cef1]
goroutine 1 [running]:
github.com/containers/libpod/libpod.(*Container).State(0x0, 0x0, 0x0, 0x0)
/share/go/src/github.com/containers/libpod/libpod/container.go:658 +0x41
main.portCmd(0xc420094580, 0x0, 0x0)
/share/go/src/github.com/containers/libpod/cmd/podman/port.go:118 +0x406
This fixes it by making sure the variable 'containers' is nil and not [<nil>].
Signed-off-by: Adrian Reber <areber@redhat.com>
We were encountering sync issues with the map, so swap to a
thread-safe channel and convert into a map when we output
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
As of now, there is no way to debug podman clean up processes.
They are started by conmon with no stdout/stderr and log nowhere.
This allows us to actually figure out what is going on when a
cleanup process runs.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Add the --ip flag back with bash completions. Manpages still
missing.
Add plumbing to pass appropriate the appropriate option down to
libpod to connect the flag to backend logic added in the previous
commits.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Prior, we were stopping containers serially. So if a container had a default
timeout of 10 seconds and there were five containers being stopped, the operation
would take roughly 50 seconds. If we stop these containers in parallel, the operation
should be roughly 10 seconds and change which is a significant speed up at scale.
Signed-off-by: baude <bbaude@redhat.com>
Execute /proc/self/exe instead of podman. This makes the runlabel
command more portable as it works for binaries outside the path as
well as for local builds.
Also, avoid redundantly executing the runlabel command by setting
the PODMAN_RUNLABEL_NESTED environment variable to "1". Podman
now checks for this variable before executing the runlabel command
and will throw an error in case the variable is set.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
runc uses CRIU to support checkpoint and restore of containers. This
brings an initial checkpoint/restore implementation to podman.
None of the additional runc flags are yet supported and container
migration optimization (pre-copy/post-copy) is also left for the future.
The current status is that it is possible to checkpoint and restore a
container. I am testing on RHEL-7.x and as the combination of RHEL-7 and
CRIU has seccomp troubles I have to create the container without
seccomp.
With the following steps I am able to checkpoint and restore a
container:
# podman run --security-opt="seccomp=unconfined" -d registry.fedoraproject.org/f27/httpd
# curl -I 10.22.0.78:8080
HTTP/1.1 403 Forbidden # <-- this is actually a good answer
# podman container checkpoint <container>
# curl -I 10.22.0.78:8080
curl: (7) Failed connect to 10.22.0.78:8080; No route to host
# podman container restore <container>
# curl -I 10.22.0.78:8080
HTTP/1.1 403 Forbidden
I am using CRIU, runc and conmon from git. All required changes for
checkpoint/restore support in podman have been merged in the
corresponding projects.
To have the same IP address in the restored container as before
checkpointing, CNI is told which IP address to use.
If the saved network configuration cannot be found during restore, the
container is restored with a new IP address.
For CRIU to restore established TCP connections the IP address of the
network namespace used for restore needs to be the same. For TCP
connections in the listening state the IP address can change.
During restore only one network interface with one IP address is handled
correctly. Support to restore containers with more advanced network
configuration will be implemented later.
v2:
* comment typo
* print debug messages during cleanup of restore files
* use createContainer() instead of createOCIContainer()
* introduce helper CheckpointPath()
* do not try to restore a container that is paused
* use existing helper functions for cleanup
* restructure code flow for better readability
* do not try to restore if checkpoint/inventory.img is missing
* git add checkpoint.go restore.go
v3:
* move checkpoint/restore under 'podman container'
v4:
* incorporated changes from latest reviews
Signed-off-by: Adrian Reber <areber@redhat.com>
