2023-10-24 10:11:34 +00:00
|
|
|
//go:build !remote
|
|
|
|
|
|
2017-11-01 15:24:59 +00:00
|
|
|
package libpod
|
|
|
|
|
|
|
|
|
|
import (
|
2020-08-24 15:35:01 +00:00
|
|
|
"net/http"
|
Add an API for Attach over HTTP API
The new APIv2 branch provides an HTTP-based remote API to Podman.
The requirements of this are, unfortunately, incompatible with
the existing Attach API. For non-terminal attach, we need append
a header to what was copied from the container, to multiplex
STDOUT and STDERR; to do this with the old API, we'd need to copy
into an intermediate buffer first, to handle the headers.
To avoid this, provide a new API to handle all aspects of
terminal and non-terminal attach, including closing the hijacked
HTTP connection. This might be a bit too specific, but for now,
it seems to be the simplest approach.
At the same time, add a Resize endpoint. This needs to be a
separate endpoint, so our existing channel approach does not work
here.
I wanted to rework the rest of attach at the same time (some
parts of it, particularly how we start the Attach session and how
we do resizing, are (in my opinion) handled much better here.
That may still be on the table, but I wanted to avoid breaking
existing APIs in this already massive change.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2020-01-10 18:37:10 +00:00
|
|
|
|
2022-07-06 12:26:11 +00:00
|
|
|
"github.com/containers/common/pkg/resize"
|
2024-02-07 20:26:53 +00:00
|
|
|
"github.com/containers/podman/v5/libpod/define"
|
2022-08-09 13:25:03 +00:00
|
|
|
"github.com/opencontainers/runtime-spec/specs-go"
|
2017-11-01 15:24:59 +00:00
|
|
|
)
|
|
|
|
|
|
2019-10-08 17:53:36 +00:00
|
|
|
// OCIRuntime is an implementation of an OCI runtime.
|
|
|
|
|
// The OCI runtime implementation is expected to be a fairly thin wrapper around
|
|
|
|
|
// the actual runtime, and is not expected to include things like state
|
|
|
|
|
// management logic - e.g., we do not expect it to determine on its own that
|
|
|
|
|
// calling 'UnpauseContainer()' on a container that is not paused is an error.
|
|
|
|
|
// The code calling the OCIRuntime will manage this.
|
2022-05-26 18:33:48 +00:00
|
|
|
// TODO: May want to move the conmon cleanup code here - it depends on
|
2019-10-08 17:53:36 +00:00
|
|
|
// Conmon being in use.
|
2022-09-30 12:25:31 +00:00
|
|
|
type OCIRuntime interface { //nolint:interfacebloat
|
2019-10-08 17:53:36 +00:00
|
|
|
// Name returns the name of the runtime.
|
|
|
|
|
Name() string
|
|
|
|
|
// Path returns the path to the runtime executable.
|
|
|
|
|
Path() string
|
|
|
|
|
|
|
|
|
|
// CreateContainer creates the container in the OCI runtime.
|
2021-11-09 21:21:07 +00:00
|
|
|
// The returned int64 contains the microseconds needed to restore
|
|
|
|
|
// the given container if it is a restore and if restoreOptions.PrintStats
|
|
|
|
|
// is true. In all other cases the returned int64 is 0.
|
|
|
|
|
CreateContainer(ctr *Container, restoreOptions *ContainerCheckpointOptions) (int64, error)
|
2019-10-08 17:53:36 +00:00
|
|
|
// StartContainer starts the given container.
|
|
|
|
|
StartContainer(ctr *Container) error
|
|
|
|
|
// KillContainer sends the given signal to the given container.
|
|
|
|
|
// If all is set, all processes in the container will be signalled;
|
|
|
|
|
// otherwise, only init will be signalled.
|
|
|
|
|
KillContainer(ctr *Container, signal uint, all bool) error
|
|
|
|
|
// StopContainer stops the given container.
|
|
|
|
|
// The container's stop signal (or SIGTERM if unspecified) will be sent
|
|
|
|
|
// first.
|
|
|
|
|
// After the given timeout, SIGKILL will be sent.
|
|
|
|
|
// If the given timeout is 0, SIGKILL will be sent immediately, and the
|
|
|
|
|
// stop signal will be omitted.
|
|
|
|
|
// If all is set, we will attempt to use the --all flag will `kill` in
|
|
|
|
|
// the OCI runtime to kill all processes in the container, including
|
|
|
|
|
// exec sessions. This is only supported if the container has cgroups.
|
|
|
|
|
StopContainer(ctr *Container, timeout uint, all bool) error
|
|
|
|
|
// DeleteContainer deletes the given container from the OCI runtime.
|
|
|
|
|
DeleteContainer(ctr *Container) error
|
|
|
|
|
// PauseContainer pauses the given container.
|
|
|
|
|
PauseContainer(ctr *Container) error
|
|
|
|
|
// UnpauseContainer unpauses the given container.
|
|
|
|
|
UnpauseContainer(ctr *Container) error
|
|
|
|
|
|
2022-05-26 18:33:48 +00:00
|
|
|
// Attach to a container.
|
|
|
|
|
Attach(ctr *Container, params *AttachOptions) error
|
Add an API for Attach over HTTP API
The new APIv2 branch provides an HTTP-based remote API to Podman.
The requirements of this are, unfortunately, incompatible with
the existing Attach API. For non-terminal attach, we need append
a header to what was copied from the container, to multiplex
STDOUT and STDERR; to do this with the old API, we'd need to copy
into an intermediate buffer first, to handle the headers.
To avoid this, provide a new API to handle all aspects of
terminal and non-terminal attach, including closing the hijacked
HTTP connection. This might be a bit too specific, but for now,
it seems to be the simplest approach.
At the same time, add a Resize endpoint. This needs to be a
separate endpoint, so our existing channel approach does not work
here.
I wanted to rework the rest of attach at the same time (some
parts of it, particularly how we start the Attach session and how
we do resizing, are (in my opinion) handled much better here.
That may still be on the table, but I wanted to avoid breaking
existing APIs in this already massive change.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2020-01-10 18:37:10 +00:00
|
|
|
// HTTPAttach performs an attach intended to be transported over HTTP.
|
|
|
|
|
// For terminal attach, the container's output will be directly streamed
|
|
|
|
|
// to output; otherwise, STDOUT and STDERR will be multiplexed, with
|
|
|
|
|
// a header prepended as follows: 1-byte STREAM (0, 1, 2 for STDIN,
|
|
|
|
|
// STDOUT, STDERR), 3 null (0x00) bytes, 4-byte big endian length.
|
2020-03-07 15:30:44 +00:00
|
|
|
// If a cancel channel is provided, it can be used to asynchronously
|
2020-12-21 22:48:43 +00:00
|
|
|
// terminate the attach session. Detach keys, if given, will also cause
|
Add an API for Attach over HTTP API
The new APIv2 branch provides an HTTP-based remote API to Podman.
The requirements of this are, unfortunately, incompatible with
the existing Attach API. For non-terminal attach, we need append
a header to what was copied from the container, to multiplex
STDOUT and STDERR; to do this with the old API, we'd need to copy
into an intermediate buffer first, to handle the headers.
To avoid this, provide a new API to handle all aspects of
terminal and non-terminal attach, including closing the hijacked
HTTP connection. This might be a bit too specific, but for now,
it seems to be the simplest approach.
At the same time, add a Resize endpoint. This needs to be a
separate endpoint, so our existing channel approach does not work
here.
I wanted to rework the rest of attach at the same time (some
parts of it, particularly how we start the Attach session and how
we do resizing, are (in my opinion) handled much better here.
That may still be on the table, but I wanted to avoid breaking
existing APIs in this already massive change.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2020-01-10 18:37:10 +00:00
|
|
|
// the attach session to be terminated if provided via the STDIN
|
|
|
|
|
// channel. If they are not provided, the default detach keys will be
|
|
|
|
|
// used instead. Detach keys of "" will disable detaching via keyboard.
|
2020-04-14 14:54:06 +00:00
|
|
|
// The streams parameter will determine which streams to forward to the
|
Add an API for Attach over HTTP API
The new APIv2 branch provides an HTTP-based remote API to Podman.
The requirements of this are, unfortunately, incompatible with
the existing Attach API. For non-terminal attach, we need append
a header to what was copied from the container, to multiplex
STDOUT and STDERR; to do this with the old API, we'd need to copy
into an intermediate buffer first, to handle the headers.
To avoid this, provide a new API to handle all aspects of
terminal and non-terminal attach, including closing the hijacked
HTTP connection. This might be a bit too specific, but for now,
it seems to be the simplest approach.
At the same time, add a Resize endpoint. This needs to be a
separate endpoint, so our existing channel approach does not work
here.
I wanted to rework the rest of attach at the same time (some
parts of it, particularly how we start the Attach session and how
we do resizing, are (in my opinion) handled much better here.
That may still be on the table, but I wanted to avoid breaking
existing APIs in this already massive change.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2020-01-10 18:37:10 +00:00
|
|
|
// client.
|
2020-08-24 15:35:01 +00:00
|
|
|
HTTPAttach(ctr *Container, r *http.Request, w http.ResponseWriter, streams *HTTPAttachStreams, detachKeys *string, cancel <-chan bool, hijackDone chan<- bool, streamAttach, streamLogs bool) error
|
Add an API for Attach over HTTP API
The new APIv2 branch provides an HTTP-based remote API to Podman.
The requirements of this are, unfortunately, incompatible with
the existing Attach API. For non-terminal attach, we need append
a header to what was copied from the container, to multiplex
STDOUT and STDERR; to do this with the old API, we'd need to copy
into an intermediate buffer first, to handle the headers.
To avoid this, provide a new API to handle all aspects of
terminal and non-terminal attach, including closing the hijacked
HTTP connection. This might be a bit too specific, but for now,
it seems to be the simplest approach.
At the same time, add a Resize endpoint. This needs to be a
separate endpoint, so our existing channel approach does not work
here.
I wanted to rework the rest of attach at the same time (some
parts of it, particularly how we start the Attach session and how
we do resizing, are (in my opinion) handled much better here.
That may still be on the table, but I wanted to avoid breaking
existing APIs in this already massive change.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2020-01-10 18:37:10 +00:00
|
|
|
// AttachResize resizes the terminal in use by the given container.
|
2022-07-06 12:26:11 +00:00
|
|
|
AttachResize(ctr *Container, newSize resize.TerminalSize) error
|
Add an API for Attach over HTTP API
The new APIv2 branch provides an HTTP-based remote API to Podman.
The requirements of this are, unfortunately, incompatible with
the existing Attach API. For non-terminal attach, we need append
a header to what was copied from the container, to multiplex
STDOUT and STDERR; to do this with the old API, we'd need to copy
into an intermediate buffer first, to handle the headers.
To avoid this, provide a new API to handle all aspects of
terminal and non-terminal attach, including closing the hijacked
HTTP connection. This might be a bit too specific, but for now,
it seems to be the simplest approach.
At the same time, add a Resize endpoint. This needs to be a
separate endpoint, so our existing channel approach does not work
here.
I wanted to rework the rest of attach at the same time (some
parts of it, particularly how we start the Attach session and how
we do resizing, are (in my opinion) handled much better here.
That may still be on the table, but I wanted to avoid breaking
existing APIs in this already massive change.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2020-01-10 18:37:10 +00:00
|
|
|
|
2019-10-08 17:53:36 +00:00
|
|
|
// ExecContainer executes a command in a running container.
|
2020-05-18 20:22:56 +00:00
|
|
|
// Returns an int (PID of exec session), error channel (errors from
|
|
|
|
|
// attach), and error (errors that occurred attempting to start the exec
|
|
|
|
|
// session). This returns once the exec session is running - not once it
|
|
|
|
|
// has completed, as one might expect. The attach session will remain
|
2020-04-14 14:54:06 +00:00
|
|
|
// running, in a goroutine that will return via the chan error in the
|
|
|
|
|
// return signature.
|
2021-06-15 09:05:00 +00:00
|
|
|
// newSize resizes the tty to this size before the process is started, must be nil if the exec session has no tty
|
2022-07-06 12:26:11 +00:00
|
|
|
ExecContainer(ctr *Container, sessionID string, options *ExecOptions, streams *define.AttachStreams, newSize *resize.TerminalSize) (int, chan error, error)
|
2020-04-14 14:54:06 +00:00
|
|
|
// ExecContainerHTTP executes a command in a running container and
|
|
|
|
|
// attaches its standard streams to a provided hijacked HTTP session.
|
|
|
|
|
// Maintains the same invariants as ExecContainer (returns on session
|
|
|
|
|
// start, with a goroutine running in the background to handle attach).
|
|
|
|
|
// The HTTP attach itself maintains the same invariants as HTTPAttach.
|
2021-06-15 09:05:00 +00:00
|
|
|
// newSize resizes the tty to this size before the process is started, must be nil if the exec session has no tty
|
|
|
|
|
ExecContainerHTTP(ctr *Container, sessionID string, options *ExecOptions, r *http.Request, w http.ResponseWriter,
|
2022-07-06 12:26:11 +00:00
|
|
|
streams *HTTPAttachStreams, cancel <-chan bool, hijackDone chan<- bool, holdConnOpen <-chan bool, newSize *resize.TerminalSize) (int, chan error, error)
|
2020-05-18 20:22:56 +00:00
|
|
|
// ExecContainerDetached executes a command in a running container, but
|
|
|
|
|
// does not attach to it. Returns the PID of the exec session and an
|
|
|
|
|
// error (if starting the exec session failed)
|
|
|
|
|
ExecContainerDetached(ctr *Container, sessionID string, options *ExecOptions, stdin bool) (int, error)
|
2020-02-04 21:56:07 +00:00
|
|
|
// ExecAttachResize resizes the terminal of a running exec session. Only
|
|
|
|
|
// allowed with sessions that were created with a TTY.
|
2022-07-06 12:26:11 +00:00
|
|
|
ExecAttachResize(ctr *Container, sessionID string, newSize resize.TerminalSize) error
|
2019-10-08 17:53:36 +00:00
|
|
|
// ExecStopContainer stops a given exec session in a running container.
|
|
|
|
|
// SIGTERM with be sent initially, then SIGKILL after the given timeout.
|
|
|
|
|
// If timeout is 0, SIGKILL will be sent immediately, and SIGTERM will
|
|
|
|
|
// be omitted.
|
|
|
|
|
ExecStopContainer(ctr *Container, sessionID string, timeout uint) error
|
2019-12-12 21:19:36 +00:00
|
|
|
// ExecUpdateStatus checks the status of a given exec session.
|
|
|
|
|
// Returns true if the session is still running, or false if it exited.
|
|
|
|
|
ExecUpdateStatus(ctr *Container, sessionID string) (bool, error)
|
2019-10-08 17:53:36 +00:00
|
|
|
|
|
|
|
|
// CheckpointContainer checkpoints the given container.
|
|
|
|
|
// Some OCI runtimes may not support this - if SupportsCheckpoint()
|
|
|
|
|
// returns false, this is not implemented, and will always return an
|
Added optional container checkpointing statistics
This adds the parameter '--print-stats' to 'podman container checkpoint'.
With '--print-stats' Podman will measure how long Podman itself, the OCI
runtime and CRIU requires to create a checkpoint and print out these
information. CRIU already creates checkpointing statistics which are
just read in addition to the added measurements. In contrast to just
printing out the ID of the checkpointed container, Podman will now print
out JSON:
# podman container checkpoint --latest --print-stats
{
"podman_checkpoint_duration": 360749,
"container_statistics": [
{
"Id": "25244244bf2efbef30fb6857ddea8cb2e5489f07eb6659e20dda117f0c466808",
"runtime_checkpoint_duration": 177222,
"criu_statistics": {
"freezing_time": 100657,
"frozen_time": 60700,
"memdump_time": 8162,
"memwrite_time": 4224,
"pages_scanned": 20561,
"pages_written": 2129
}
}
]
}
The output contains 'podman_checkpoint_duration' which contains the
number of microseconds Podman required to create the checkpoint. The
output also includes 'runtime_checkpoint_duration' which is the time
the runtime needed to checkpoint that specific container. Each container
also includes 'criu_statistics' which displays the timing information
collected by CRIU.
Signed-off-by: Adrian Reber <areber@redhat.com>
2021-11-09 09:15:50 +00:00
|
|
|
// error. If CheckpointOptions.PrintStats is true the first return parameter
|
|
|
|
|
// contains the number of microseconds the runtime needed to checkpoint
|
|
|
|
|
// the given container.
|
|
|
|
|
CheckpointContainer(ctr *Container, options ContainerCheckpointOptions) (int64, error)
|
2019-10-08 17:53:36 +00:00
|
|
|
|
Ensure Conmon is alive before waiting for exit file
This came out of a conversation with Valentin about
systemd-managed Podman. He discovered that unit files did not
properly handle cases where Conmon was dead - the ExecStopPost
`podman rm --force` line was not actually removing the container,
but interestingly, adding a `podman cleanup --rm` line would
remove it. Both of these commands do the same thing (minus the
`podman cleanup --rm` command not force-removing running
containers).
Without a running Conmon instance, the container process is still
running (assuming you killed Conmon with SIGKILL and it had no
chance to kill the container it managed), but you can still kill
the container itself with `podman stop` - Conmon is not involved,
only the OCI Runtime. (`podman rm --force` and `podman stop` use
the same code to kill the container). The problem comes when we
want to get the container's exit code - we expect Conmon to make
us an exit file, which it's obviously not going to do, being
dead. The first `podman rm` would fail because of this, but
importantly, it would (after failing to retrieve the exit code
correctly) set container status to Exited, so that the second
`podman cleanup` process would succeed.
To make sure the first `podman rm --force` succeeds, we need to
catch the case where Conmon is already dead, and instead of
waiting for an exit file that will never come, immediately set
the Stopped state and remove an error that can be caught and
handled.
Signed-off-by: Matthew Heon <mheon@redhat.com>
2020-06-08 17:34:12 +00:00
|
|
|
// CheckConmonRunning verifies that the given container's Conmon
|
|
|
|
|
// instance is still running. Runtimes without Conmon, or systems where
|
|
|
|
|
// the PID of conmon is not available, should mock this as True.
|
|
|
|
|
// True indicates that Conmon for the instance is running, False
|
|
|
|
|
// indicates it is not.
|
|
|
|
|
CheckConmonRunning(ctr *Container) (bool, error)
|
|
|
|
|
|
2019-10-08 17:53:36 +00:00
|
|
|
// SupportsCheckpoint returns whether this OCI runtime
|
|
|
|
|
// implementation supports the CheckpointContainer() operation.
|
|
|
|
|
SupportsCheckpoint() bool
|
|
|
|
|
// SupportsJSONErrors is whether the runtime can return JSON-formatted
|
|
|
|
|
// error messages.
|
|
|
|
|
SupportsJSONErrors() bool
|
|
|
|
|
// SupportsNoCgroups is whether the runtime supports running containers
|
|
|
|
|
// without cgroups.
|
|
|
|
|
SupportsNoCgroups() bool
|
2020-04-15 18:48:53 +00:00
|
|
|
// SupportsKVM os whether the OCI runtime supports running containers
|
|
|
|
|
// without KVM separation
|
|
|
|
|
SupportsKVM() bool
|
2019-10-08 17:53:36 +00:00
|
|
|
|
|
|
|
|
// AttachSocketPath is the path to the socket to attach to a given
|
|
|
|
|
// container.
|
|
|
|
|
// TODO: If we move Attach code in here, this should be made internal.
|
|
|
|
|
// We don't want to force all runtimes to share the same attach
|
|
|
|
|
// implementation.
|
|
|
|
|
AttachSocketPath(ctr *Container) (string, error)
|
|
|
|
|
// ExecAttachSocketPath is the path to the socket to attach to a given
|
|
|
|
|
// exec session in the given container.
|
|
|
|
|
// TODO: Probably should be made internal.
|
|
|
|
|
ExecAttachSocketPath(ctr *Container, sessionID string) (string, error)
|
|
|
|
|
// ExitFilePath is the path to a container's exit file.
|
|
|
|
|
// All runtime implementations must create an exit file when containers
|
|
|
|
|
// exit, containing the exit code of the container (as a string).
|
|
|
|
|
// This is the path to that file for a given container.
|
|
|
|
|
ExitFilePath(ctr *Container) (string, error)
|
|
|
|
|
|
2023-03-13 14:51:01 +00:00
|
|
|
// OOMFilePath is the path to a container's oom file if it was oom killed.
|
|
|
|
|
// An oom file is only created when the container is oom killed. The existence
|
|
|
|
|
// of this file means that the container was oom killed.
|
|
|
|
|
// This is the path to that file for a given container.
|
|
|
|
|
OOMFilePath(ctr *Container) (string, error)
|
|
|
|
|
|
2019-10-08 17:53:36 +00:00
|
|
|
// RuntimeInfo returns verbose information about the runtime.
|
2020-03-15 16:53:59 +00:00
|
|
|
RuntimeInfo() (*define.ConmonInfo, *define.OCIRuntimeInfo, error)
|
2022-08-09 13:25:03 +00:00
|
|
|
|
|
|
|
|
// UpdateContainer updates the given container's cgroup configuration.
|
|
|
|
|
UpdateContainer(ctr *Container, res *specs.LinuxResources) error
|
2018-09-18 09:56:19 +00:00
|
|
|
}
|
2019-02-28 17:24:08 +00:00
|
|
|
|
2022-05-26 18:33:48 +00:00
|
|
|
// AttachOptions are options used when attached to a container or an exec
|
|
|
|
|
// session.
|
|
|
|
|
type AttachOptions struct {
|
|
|
|
|
// Streams are the streams to attach to.
|
|
|
|
|
Streams *define.AttachStreams
|
|
|
|
|
// DetachKeys containers the key combination that will detach from the
|
|
|
|
|
// attach session. Empty string is assumed as no detach keys - user
|
|
|
|
|
// detach is impossible. If unset, defaults from containers.conf will be
|
|
|
|
|
// used.
|
|
|
|
|
DetachKeys *string
|
|
|
|
|
// InitialSize is the initial size of the terminal. Set before the
|
|
|
|
|
// attach begins.
|
2022-07-06 12:26:11 +00:00
|
|
|
InitialSize *resize.TerminalSize
|
2022-05-26 18:33:48 +00:00
|
|
|
// AttachReady signals when the attach has successfully completed and
|
|
|
|
|
// streaming has begun.
|
|
|
|
|
AttachReady chan<- bool
|
|
|
|
|
// Start indicates that the container should be started if it is not
|
|
|
|
|
// already running.
|
|
|
|
|
Start bool
|
|
|
|
|
// Started signals when the container has been successfully started.
|
|
|
|
|
// Required if Start is true, unused otherwise.
|
|
|
|
|
Started chan<- bool
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-08 17:53:36 +00:00
|
|
|
// ExecOptions are options passed into ExecContainer. They control the command
|
|
|
|
|
// that will be executed and how the exec will proceed.
|
|
|
|
|
type ExecOptions struct {
|
|
|
|
|
// Cmd is the command to execute.
|
|
|
|
|
Cmd []string
|
|
|
|
|
// Env is a set of environment variables to add to the container.
|
|
|
|
|
Env map[string]string
|
|
|
|
|
// Terminal is whether to create a new TTY for the exec session.
|
|
|
|
|
Terminal bool
|
|
|
|
|
// Cwd is the working directory for the executed command. If unset, the
|
|
|
|
|
// working directory of the container will be used.
|
|
|
|
|
Cwd string
|
|
|
|
|
// User is the user the command will be executed as. If unset, the user
|
|
|
|
|
// the container was run as will be used.
|
|
|
|
|
User string
|
|
|
|
|
// Streams are the streams that will be attached to the container.
|
2020-04-03 19:56:10 +00:00
|
|
|
Streams *define.AttachStreams
|
2019-10-08 17:53:36 +00:00
|
|
|
// PreserveFDs is a number of additional file descriptors (in addition
|
|
|
|
|
// to 0, 1, 2) that will be passed to the executed process. The total FDs
|
|
|
|
|
// passed will be 3 + PreserveFDs.
|
|
|
|
|
PreserveFDs uint
|
2023-12-01 10:49:29 +00:00
|
|
|
// PreserveFD is a list of additional file descriptors (in addition
|
|
|
|
|
// to 0, 1, 2) that will be passed to the executed process.
|
|
|
|
|
PreserveFD []uint
|
2019-10-08 17:53:36 +00:00
|
|
|
// DetachKeys is a set of keys that, when pressed in sequence, will
|
|
|
|
|
// detach from the container.
|
2020-02-04 21:56:07 +00:00
|
|
|
// If not provided, the default keys will be used.
|
|
|
|
|
// If provided but set to "", detaching from the container will be
|
|
|
|
|
// disabled.
|
|
|
|
|
DetachKeys *string
|
2020-05-18 18:37:09 +00:00
|
|
|
// ExitCommand is a command that will be run after the exec session
|
|
|
|
|
// exits.
|
|
|
|
|
ExitCommand []string
|
Enable detached exec for remote
The biggest obstacle here was cleanup - we needed a way to remove
detached exec sessions after they exited, but there's no way to
tell if an exec session will be attached or detached when it's
created, and that's when we must add the exit command that would
do the removal. The solution was adding a delay to the exit
command (5 minutes), which gives sufficient time for attached
exec sessions to retrieve the exit code of the session after it
exits, but still guarantees that they will be removed, even for
detached sessions. This requires Conmon 2.0.17, which has the new
`--exit-delay` flag.
As part of the exit command rework, we can drop the hack we were
using to clean up exec sessions (remove them as part of inspect).
This is a lot cleaner, and I'm a lot happier about it.
Otherwise, this is just plumbing - we need a bindings call for
detached exec, and that needed to be added to the tunnel mode
backend for entities.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2020-06-02 18:02:54 +00:00
|
|
|
// ExitCommandDelay is a delay (in seconds) between the exec session
|
|
|
|
|
// exiting, and the exit command being invoked.
|
|
|
|
|
ExitCommandDelay uint
|
2021-01-04 22:17:26 +00:00
|
|
|
// Privileged indicates the execed process will be launched in Privileged mode
|
|
|
|
|
Privileged bool
|
2019-02-28 17:24:08 +00:00
|
|
|
}
|
Add an API for Attach over HTTP API
The new APIv2 branch provides an HTTP-based remote API to Podman.
The requirements of this are, unfortunately, incompatible with
the existing Attach API. For non-terminal attach, we need append
a header to what was copied from the container, to multiplex
STDOUT and STDERR; to do this with the old API, we'd need to copy
into an intermediate buffer first, to handle the headers.
To avoid this, provide a new API to handle all aspects of
terminal and non-terminal attach, including closing the hijacked
HTTP connection. This might be a bit too specific, but for now,
it seems to be the simplest approach.
At the same time, add a Resize endpoint. This needs to be a
separate endpoint, so our existing channel approach does not work
here.
I wanted to rework the rest of attach at the same time (some
parts of it, particularly how we start the Attach session and how
we do resizing, are (in my opinion) handled much better here.
That may still be on the table, but I wanted to avoid breaking
existing APIs in this already massive change.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2020-01-10 18:37:10 +00:00
|
|
|
|
|
|
|
|
// HTTPAttachStreams informs the HTTPAttach endpoint which of the container's
|
|
|
|
|
// standard streams should be streamed to the client. If this is passed, at
|
|
|
|
|
// least one of the streams must be set to true.
|
|
|
|
|
type HTTPAttachStreams struct {
|
|
|
|
|
Stdin bool
|
|
|
|
|
Stdout bool
|
|
|
|
|
Stderr bool
|
|
|
|
|
}
|