Add support to auto-update containers running in systemd units as
generated with `podman generate systemd --new`.
`podman auto-update` looks up containers with a specified
"io.containers.autoupdate" label (i.e., the auto-update policy).
If the label is present and set to "image", Podman reaches out to the
corresponding registry to check if the image has been updated. We
consider an image to be updated if the digest in the local storage is
different than the one of the remote image. If an image must be
updated, Podman pulls it down and restarts the container. Note that the
restarting sequence relies on systemd.
At container-creation time, Podman looks up the "PODMAN_SYSTEMD_UNIT"
environment variables and stores it verbatim in the container's label.
This variable is now set by all systemd units generated by
`podman-generate-systemd` and is set to `%n` (i.e., the name of systemd
unit starting the container). This data is then being used in the
auto-update sequence to instruct systemd (via DBUS) to restart the unit
and hence to restart the container.
Note that this implementation of auto-updates relies on systemd and
requires a fully-qualified image reference to be used to create the
container. This enforcement is necessary to know which image to
actually check and pull. If we used an image ID, we would not know
which image to check/pull anymore.
Fixes: #3575
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Move the dbus-connection code from libpod's healthcheck to pkg/systemd
to allow for sharing the logic. Needed for the auto-updates work.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
make clearer that the warning could also happen because the logger is
set to use systemd.
Closes: https://github.com/containers/libpod/issues/5443
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
1) 'podman system info' (in logcollector): has been silently
failing in special_testing_rootless, with:
logcollector.sh: line 16: podman: command not found
Use ./bin/podman instead of just podman; this is probably
the right thing to do in the general case anyway
2) logformatter: highlight 'panic:', seen in bindings test:
https://storage.googleapis.com/cirrus-ci-5385732420009984-fcae48/artifacts/containers/libpod/6693715108429824/html/integration_test.log.html
3) logformatter: handle Unicode bullet in front of 'Running',
seen in bindings test.
4) logformatter: turn down contrast on BATS 'ok' results,
for legibility
Signed-off-by: Ed Santiago <santiago@redhat.com>
add endpoints for create, add, remove, inspect, and push. this allows manifests to be managed through the restful interfaces.
also added go-bindings and tests
Signed-off-by: Brent Baude <bbaude@redhat.com>
when building images, we can now add the os and arch of the image using overrides from the commandline. the commandline options set sane defaults so we use those as well.
Fixes: #5503
Signed-off-by: Brent Baude <bbaude@redhat.com>
the podman generated systemd service file has `Type=forking` service,
so the command after `ExecStart=` should not run in front.
if someone created a container and has the detach(`-d`) param missing
like this
```
podman create --name ngxdemo -P nginxdemos/hello
```
and generate the file with `--new` param:
```
podman generate systemd --name --new ngxdemo
```
because `podman run xxx` has no `-d` param,
so the container is not run in background and nerver exit.
and systemd will fail to start the service:
```
sudo systemctl start container-ngxdemo.service
Job for container-ngxdemo.service failed because a timeout was exceeded.
See "systemctl status container-ngxdemo.service" and "journalctl -xe" for details.
```
Signed-off-by: 荒野無燈 <ttys3@outlook.com>
due to a change in golang-1.14 and it's changes to make go funcs with tight loops preemptive, signals are now getting "through" that never were before.
From the golang-1.14 announce:
Goroutines are now asynchronously preemptible. As a result, loops without function calls no longer potentially deadlock the scheduler or significantly delay garbage collection. This is supported on all platforms except windows/arm, darwin/arm, js/wasm, and plan9/*.
A consequence of the implementation of preemption is that on Unix systems, including Linux and macOS systems, programs built with Go 1.14 will receive more signals than programs built with earlier releases. This means that programs that use packages like syscall or golang.org/x/sys/unix will see more slow system calls fail with EINTR errors. Those programs will have to handle those errors in some way, most likely looping to try the system call again. For more information about this see man 7 signal for Linux systems or similar documentation for other systems.
Fixes#5483
Signed-off-by: Brent Baude <bbaude@redhat.com>
reworking binding and endpoint to actually work. added documentation in swagger for and various return code possibilities. add a good start on tests though we need some other container functions not yet implemented for that.
Signed-off-by: Brent Baude <bbaude@redhat.com>
the binding ginkgo tests were using color mode which throws in a bunch of ansi garbage that makes it hard to read the logs
Signed-off-by: Brent Baude <bbaude@redhat.com>
the api for getting images changed to use filters but back level podman versions cannot handle it. so temporarily disabling the filtering for remote clients until the restful approach can be used.
Signed-off-by: Brent Baude <bbaude@redhat.com>
The recently-added 'run --rmi' test was not actually doing
what it thinks it was doing: for one, 'run_podman | grep'
is never going to work; also, the test was leaving behind
stray images.
Rework to do what I believe the intention was; and, combine
into one test (down from two) for readability.
Signed-off-by: Ed Santiago <santiago@redhat.com>
otherwise the rootless parent process might wait indefinitely when the
rootless-child process exits early.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
calculating the image size can be an expensive operation. Avoid doing
it when creating a new container since the size is not needed.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The other direction: fix or clean up elements documented in
man pages but which did/do not exist in actual podman:
* runlabel: add missing "-n" alias for --name
And, remove man page entries for nonexistent options:
* podman commit: --iidfile
* podman container runlabel: --rootfs, --storage
* podman create: --cpu-count
There are two problems I don't know how to deal with. Both
are related to main_local.go:rootCmd.PersistentFlags() :
1) podman-build.1.md documents --cni-config-dir and
--runtime options, but these are not actually options
under podman build; they are global options. The
documentation in this man page differs from that
under podman-build.
2) podman ps implements a binary --namespace option,
but this option does not (cannot?) appear in --help
because there's a global --namespace string option
and Cobra somehow gets confused about this.
Do we really intend for global options to be parsed on
the right-hand side of subcommands? This strikes me as
unintuitive and potentially confusing, although the
fact that it has taken me this long to discover it
suggests that it's not _that_ confusing.
Suggestions welcome. I can file issues for 1/2 above,
or simply teach my script to special-case ignore them.
Signed-off-by: Ed Santiago <santiago@redhat.com>
