container/podman
container/podman
1
0
Fork 0
mirror of https://github.com/containers/podman synced 2024-10-19 08:44:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
podman/libpod/pod_api.go

506 lines
14 KiB
Go
Raw Normal View History

Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
package libpod
import (
"context"
move go module to v2 With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to `github.com/containers/libpod/v2`. The renaming of the imports was done via `gomove` [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2020-07-06 13:38:20 +00:00
"github.com/containers/libpod/v2/libpod/define"
"github.com/containers/libpod/v2/libpod/events"
"github.com/containers/libpod/v2/pkg/cgroups"
"github.com/containers/libpod/v2/pkg/rootless"
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
// Start starts all containers within a pod
// It combines the effects of Init() and Start() on a container
// If a container has already been initialized it will be started,
// otherwise it will be initialized then started.
// Containers that are already running or have been paused are ignored
// All containers are started independently, in order dictated by their
// dependencies.
// An error and a map[string]error are returned
// If the error is not nil and the map is nil, an error was encountered before
// any containers were started
// If map is not nil, an error was encountered when starting one or more
// containers. The container ID is mapped to the error encountered. The error is
// set to ErrCtrExists
// If both error and the map are nil, all containers were started successfully
func (p *Pod) Start(ctx context.Context) (map[string]error, error) {
p.lock.Lock()
defer p.lock.Unlock()
if !p.valid {
remove libpod from main the compilation demands of having libpod in main is a burden for the remote client compilations. to combat this, we should move the use of libpod structs, vars, constants, and functions into the adapter code where it will only be compiled by the local client. this should result in cleaner code organization and smaller binaries. it should also help if we ever need to compile the remote client on non-Linux operating systems natively (not cross-compiled). Signed-off-by: baude <bbaude@redhat.com>
2019-06-24 20:48:34 +00:00
return nil, define.ErrPodRemoved
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
}
allCtrs, err := p.runtime.state.PodContainers(p)
if err != nil {
return nil, err
}
// Build a dependency graph of containers in the pod
generate systemd: support pods and geneartig files Support generating systemd unit files for a pod. Podman generates one unit file for the pod including the PID file for the infra container's conmon process and one unit file for each container (excluding the infra container). Note that this change implies refactorings in the `pkg/systemdgen` API. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2019-08-13 11:06:37 +00:00
graph, err := BuildContainerGraph(allCtrs)
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
if err != nil {
return nil, errors.Wrapf(err, "error generating dependency graph for pod %s", p.ID())
}
ctrErrors := make(map[string]error)
ctrsVisited := make(map[string]bool)
// If there are no containers without dependencies, we can't start
// Error out
if len(graph.noDepNodes) == 0 {
remove libpod from main the compilation demands of having libpod in main is a burden for the remote client compilations. to combat this, we should move the use of libpod structs, vars, constants, and functions into the adapter code where it will only be compiled by the local client. this should result in cleaner code organization and smaller binaries. it should also help if we ever need to compile the remote client on non-Linux operating systems natively (not cross-compiled). Signed-off-by: baude <bbaude@redhat.com>
2019-06-24 20:48:34 +00:00
return nil, errors.Wrapf(define.ErrNoSuchCtr, "no containers in pod %s have no dependencies, cannot start pod", p.ID())
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
}
// Traverse the graph beginning at nodes with no dependencies
for _, node := range graph.noDepNodes {
startNode(ctx, node, false, ctrErrors, ctrsVisited, false)
}
Updated pod_api to reflect function spec Specifically, pod.Start() always returned CtrErrors, even if none failed. This cause podman start to not return the successfully started pod id. Also, pod.Kill() didn't return an error along with ctrErrors. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1272 Approved by: rhatdan
2018-08-14 18:37:01 +00:00
if len(ctrErrors) > 0 {
Print errors from individual containers in pods The infra/abi code for pods was written in a flawed way, assuming that the map[string]error containing individual container errors was only set when the global error for the pod function was nil; that is not accurate, and we are actually *guaranteed* to set the global error when any individual container errors. Thus, we'd never actually include individual container errors, because the infra code assumed that err being set meant everything failed and no container operations were attempted. We were originally setting the cause of the error to something nonsensical ("container already exists"), so I made a new error indicating that some containers in the pod failed. We can then ignore that error when building the report on the pod operation and actually return errors from individual containers. Unfortunately, this exposed another weakness of the infra code, which was discarding the container IDs. Errors from individual containers are not guaranteed to identify which container they came from, hence the use of map[string]error in the Pod API functions. Rather than restructuring the structs we return from pkg/infra, I just wrapped the returned errors with a message including the ID of the container. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2020-07-02 16:59:10 +00:00
return ctrErrors, errors.Wrapf(define.ErrPodPartialFail, "error starting some containers")
Updated pod_api to reflect function spec Specifically, pod.Start() always returned CtrErrors, even if none failed. This cause podman start to not return the successfully started pod id. Also, pod.Kill() didn't return an error along with ctrErrors. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1272 Approved by: rhatdan
2018-08-14 18:37:01 +00:00
}
Add event logging to libpod, even display to podman In lipod, we now log major events that occurr. These events can be displayed using the `podman events` command. Each event contains: * Type (container, image, volume, pod...) * Status (create, rm, stop, kill, ....) * Timestamp in RFC3339Nano format * Name (if applicable) * Image (if applicable) The format of the event and the varlink endpoint are to not be considered stable until cockpit has done its enablement. Signed-off-by: baude <bbaude@redhat.com>
2019-02-28 20:15:56 +00:00
defer p.newPodEvent(events.Start)
Updated pod_api to reflect function spec Specifically, pod.Start() always returned CtrErrors, even if none failed. This cause podman start to not return the successfully started pod id. Also, pod.Kill() didn't return an error along with ctrErrors. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1272 Approved by: rhatdan
2018-08-14 18:37:01 +00:00
return nil, nil
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
}
add timeout to pod stop like podman stop of containers, we should allow the user to specify a timeout override when stopping pods; otherwise they have to wait the full timeout time specified during the pod/container creation. Signed-off-by: baude <bbaude@redhat.com>
2018-12-06 21:20:04 +00:00
// Stop stops all containers within a pod without a timeout. It assumes -1 for
// a timeout.
func (p *Pod) Stop(ctx context.Context, cleanup bool) (map[string]error, error) {
return p.StopWithTimeout(ctx, cleanup, -1)
}
// StopWithTimeout stops all containers within a pod that are not already stopped
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
// Each container will use its own stop timeout
// Only running containers will be stopped. Paused, stopped, or created
// containers will be ignored.
// If cleanup is true, mounts and network namespaces will be cleaned up after
// the container is stopped.
// All containers are stopped independently. An error stopping one container
// will not prevent other containers being stopped.
// An error and a map[string]error are returned
// If the error is not nil and the map is nil, an error was encountered before
// any containers were stopped
// If map is not nil, an error was encountered when stopping one or more
// containers. The container ID is mapped to the error encountered. The error is
// set to ErrCtrExists
// If both error and the map are nil, all containers were stopped without error
add timeout to pod stop like podman stop of containers, we should allow the user to specify a timeout override when stopping pods; otherwise they have to wait the full timeout time specified during the pod/container creation. Signed-off-by: baude <bbaude@redhat.com>
2018-12-06 21:20:04 +00:00
func (p *Pod) StopWithTimeout(ctx context.Context, cleanup bool, timeout int) (map[string]error, error) {
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
p.lock.Lock()
defer p.lock.Unlock()
if !p.valid {
remove libpod from main the compilation demands of having libpod in main is a burden for the remote client compilations. to combat this, we should move the use of libpod structs, vars, constants, and functions into the adapter code where it will only be compiled by the local client. this should result in cleaner code organization and smaller binaries. it should also help if we ever need to compile the remote client on non-Linux operating systems natively (not cross-compiled). Signed-off-by: baude <bbaude@redhat.com>
2019-06-24 20:48:34 +00:00
return nil, define.ErrPodRemoved
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
}
allCtrs, err := p.runtime.state.PodContainers(p)
if err != nil {
return nil, err
}
ctrErrors := make(map[string]error)
// TODO: There may be cases where it makes sense to order stops based on
// dependencies. Should we bother with this?
// Stop to all containers
for _, ctr := range allCtrs {
ctr.lock.Lock()
if err := ctr.syncContainer(); err != nil {
ctr.lock.Unlock()
ctrErrors[ctr.ID()] = err
continue
}
// Ignore containers that are not running
libpod removal from main (phase 2) this is phase 2 for the removal of libpod from main. Signed-off-by: baude <bbaude@redhat.com>
2019-06-25 13:40:19 +00:00
if ctr.state.State != define.ContainerStateRunning {
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
ctr.lock.Unlock()
continue
}
add timeout to pod stop like podman stop of containers, we should allow the user to specify a timeout override when stopping pods; otherwise they have to wait the full timeout time specified during the pod/container creation. Signed-off-by: baude <bbaude@redhat.com>
2018-12-06 21:20:04 +00:00
stopTimeout := ctr.config.StopTimeout
if timeout > -1 {
stopTimeout = uint(timeout)
}
if container is not in a pid namespace, stop all processes When a container is in a PID namespace, it is enought to send the stop signal to the PID 1 of the namespace, only send signals to all processes in the container when the container is not in a pid namespace. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2019-12-18 14:42:01 +00:00
if err := ctr.stop(stopTimeout); err != nil {
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
ctr.lock.Unlock()
ctrErrors[ctr.ID()] = err
continue
}
if cleanup {
Add ContainerStateExited and OCI delete() in cleanup() To work better with Kata containers, we need to delete() from the OCI runtime as a part of cleanup, to ensure resources aren't retained longer than they need to be. To enable this, we need to add a new state to containers, ContainerStateExited. Containers transition from ContainerStateStopped to ContainerStateExited via cleanupRuntime which is invoked as part of cleanup(). A container in the Exited state is identical to Stopped, except it has been removed from the OCI runtime and thus will be handled differently when initializing the container. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
2018-09-23 22:04:29 +00:00
if err := ctr.cleanup(ctx); err != nil {
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
ctrErrors[ctr.ID()] = err
}
}
ctr.lock.Unlock()
}
if len(ctrErrors) > 0 {
Print errors from individual containers in pods The infra/abi code for pods was written in a flawed way, assuming that the map[string]error containing individual container errors was only set when the global error for the pod function was nil; that is not accurate, and we are actually *guaranteed* to set the global error when any individual container errors. Thus, we'd never actually include individual container errors, because the infra code assumed that err being set meant everything failed and no container operations were attempted. We were originally setting the cause of the error to something nonsensical ("container already exists"), so I made a new error indicating that some containers in the pod failed. We can then ignore that error when building the report on the pod operation and actually return errors from individual containers. Unfortunately, this exposed another weakness of the infra code, which was discarding the container IDs. Errors from individual containers are not guaranteed to identify which container they came from, hence the use of map[string]error in the Pod API functions. Rather than restructuring the structs we return from pkg/infra, I just wrapped the returned errors with a message including the ID of the container. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2020-07-02 16:59:10 +00:00
return ctrErrors, errors.Wrapf(define.ErrPodPartialFail, "error stopping some containers")
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
}
Add event logging to libpod, even display to podman In lipod, we now log major events that occurr. These events can be displayed using the `podman events` command. Each event contains: * Type (container, image, volume, pod...) * Status (create, rm, stop, kill, ....) * Timestamp in RFC3339Nano format * Name (if applicable) * Image (if applicable) The format of the event and the varlink endpoint are to not be considered stable until cockpit has done its enablement. Signed-off-by: baude <bbaude@redhat.com>
2019-02-28 20:15:56 +00:00
defer p.newPodEvent(events.Stop)
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
return nil, nil
}
// Pause pauses all containers within a pod that are running.
// Only running containers will be paused. Paused, stopped, or created
// containers will be ignored.
// All containers are paused independently. An error pausing one container
// will not prevent other containers being paused.
// An error and a map[string]error are returned
// If the error is not nil and the map is nil, an error was encountered before
// any containers were paused
// If map is not nil, an error was encountered when pausing one or more
// containers. The container ID is mapped to the error encountered. The error is
// set to ErrCtrExists
// If both error and the map are nil, all containers were paused without error
func (p *Pod) Pause() (map[string]error, error) {
p.lock.Lock()
defer p.lock.Unlock()
if !p.valid {
remove libpod from main the compilation demands of having libpod in main is a burden for the remote client compilations. to combat this, we should move the use of libpod structs, vars, constants, and functions into the adapter code where it will only be compiled by the local client. this should result in cleaner code organization and smaller binaries. it should also help if we ever need to compile the remote client on non-Linux operating systems natively (not cross-compiled). Signed-off-by: baude <bbaude@redhat.com>
2019-06-24 20:48:34 +00:00
return nil, define.ErrPodRemoved
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
}
Report errors when trying to pause rootless containers If you are running a rootless container on cgroupV1 you can not pause the container. We need to report the proper error if this happens. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2019-09-12 16:37:22 +00:00
if rootless.IsRootless() {
cgroupv2, err := cgroups.IsCgroup2UnifiedMode()
if err != nil {
return nil, errors.Wrap(err, "failed to determine cgroupversion")
}
if !cgroupv2 {
return nil, errors.Wrap(define.ErrNoCgroups, "can not pause pods containing rootless containers with cgroup V1")
}
}
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
allCtrs, err := p.runtime.state.PodContainers(p)
if err != nil {
return nil, err
}
ctrErrors := make(map[string]error)
// Pause to all containers
for _, ctr := range allCtrs {
ctr.lock.Lock()
if err := ctr.syncContainer(); err != nil {
ctr.lock.Unlock()
ctrErrors[ctr.ID()] = err
continue
}
// Ignore containers that are not running
libpod removal from main (phase 2) this is phase 2 for the removal of libpod from main. Signed-off-by: baude <bbaude@redhat.com>
2019-06-25 13:40:19 +00:00
if ctr.state.State != define.ContainerStateRunning {
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
ctr.lock.Unlock()
continue
}
if err := ctr.pause(); err != nil {
ctr.lock.Unlock()
ctrErrors[ctr.ID()] = err
continue
}
ctr.lock.Unlock()
}
if len(ctrErrors) > 0 {
Print errors from individual containers in pods The infra/abi code for pods was written in a flawed way, assuming that the map[string]error containing individual container errors was only set when the global error for the pod function was nil; that is not accurate, and we are actually *guaranteed* to set the global error when any individual container errors. Thus, we'd never actually include individual container errors, because the infra code assumed that err being set meant everything failed and no container operations were attempted. We were originally setting the cause of the error to something nonsensical ("container already exists"), so I made a new error indicating that some containers in the pod failed. We can then ignore that error when building the report on the pod operation and actually return errors from individual containers. Unfortunately, this exposed another weakness of the infra code, which was discarding the container IDs. Errors from individual containers are not guaranteed to identify which container they came from, hence the use of map[string]error in the Pod API functions. Rather than restructuring the structs we return from pkg/infra, I just wrapped the returned errors with a message including the ID of the container. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2020-07-02 16:59:10 +00:00
return ctrErrors, errors.Wrapf(define.ErrPodPartialFail, "error pausing some containers")
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
}
Add event logging to libpod, even display to podman In lipod, we now log major events that occurr. These events can be displayed using the `podman events` command. Each event contains: * Type (container, image, volume, pod...) * Status (create, rm, stop, kill, ....) * Timestamp in RFC3339Nano format * Name (if applicable) * Image (if applicable) The format of the event and the varlink endpoint are to not be considered stable until cockpit has done its enablement. Signed-off-by: baude <bbaude@redhat.com>
2019-02-28 20:15:56 +00:00
defer p.newPodEvent(events.Pause)
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
return nil, nil
}
// Unpause unpauses all containers within a pod that are running.
// Only paused containers will be unpaused. Running, stopped, or created
// containers will be ignored.
// All containers are unpaused independently. An error unpausing one container
// will not prevent other containers being unpaused.
// An error and a map[string]error are returned
// If the error is not nil and the map is nil, an error was encountered before
// any containers were unpaused
// If map is not nil, an error was encountered when unpausing one or more
// containers. The container ID is mapped to the error encountered. The error is
// set to ErrCtrExists
// If both error and the map are nil, all containers were unpaused without error
func (p *Pod) Unpause() (map[string]error, error) {
p.lock.Lock()
defer p.lock.Unlock()
if !p.valid {
remove libpod from main the compilation demands of having libpod in main is a burden for the remote client compilations. to combat this, we should move the use of libpod structs, vars, constants, and functions into the adapter code where it will only be compiled by the local client. this should result in cleaner code organization and smaller binaries. it should also help if we ever need to compile the remote client on non-Linux operating systems natively (not cross-compiled). Signed-off-by: baude <bbaude@redhat.com>
2019-06-24 20:48:34 +00:00
return nil, define.ErrPodRemoved
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
}
allCtrs, err := p.runtime.state.PodContainers(p)
if err != nil {
return nil, err
}
ctrErrors := make(map[string]error)
// Pause to all containers
for _, ctr := range allCtrs {
ctr.lock.Lock()
if err := ctr.syncContainer(); err != nil {
ctr.lock.Unlock()
ctrErrors[ctr.ID()] = err
continue
}
// Ignore containers that are not paused
libpod removal from main (phase 2) this is phase 2 for the removal of libpod from main. Signed-off-by: baude <bbaude@redhat.com>
2019-06-25 13:40:19 +00:00
if ctr.state.State != define.ContainerStatePaused {
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
ctr.lock.Unlock()
continue
}
if err := ctr.unpause(); err != nil {
ctr.lock.Unlock()
ctrErrors[ctr.ID()] = err
continue
}
ctr.lock.Unlock()
}
if len(ctrErrors) > 0 {
Print errors from individual containers in pods The infra/abi code for pods was written in a flawed way, assuming that the map[string]error containing individual container errors was only set when the global error for the pod function was nil; that is not accurate, and we are actually *guaranteed* to set the global error when any individual container errors. Thus, we'd never actually include individual container errors, because the infra code assumed that err being set meant everything failed and no container operations were attempted. We were originally setting the cause of the error to something nonsensical ("container already exists"), so I made a new error indicating that some containers in the pod failed. We can then ignore that error when building the report on the pod operation and actually return errors from individual containers. Unfortunately, this exposed another weakness of the infra code, which was discarding the container IDs. Errors from individual containers are not guaranteed to identify which container they came from, hence the use of map[string]error in the Pod API functions. Rather than restructuring the structs we return from pkg/infra, I just wrapped the returned errors with a message including the ID of the container. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2020-07-02 16:59:10 +00:00
return ctrErrors, errors.Wrapf(define.ErrPodPartialFail, "error unpausing some containers")
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
}
Add event logging to libpod, even display to podman In lipod, we now log major events that occurr. These events can be displayed using the `podman events` command. Each event contains: * Type (container, image, volume, pod...) * Status (create, rm, stop, kill, ....) * Timestamp in RFC3339Nano format * Name (if applicable) * Image (if applicable) The format of the event and the varlink endpoint are to not be considered stable until cockpit has done its enablement. Signed-off-by: baude <bbaude@redhat.com>
2019-02-28 20:15:56 +00:00
defer p.newPodEvent(events.Unpause)
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
return nil, nil
}
// Restart restarts all containers within a pod that are not paused or in an error state.
// It combines the effects of Stop() and Start() on a container
// Each container will use its own stop timeout.
// All containers are started independently, in order dictated by their
// dependencies. An error restarting one container
// will not prevent other containers being restarted.
// An error and a map[string]error are returned
// If the error is not nil and the map is nil, an error was encountered before
// any containers were restarted
// If map is not nil, an error was encountered when restarting one or more
// containers. The container ID is mapped to the error encountered. The error is
// set to ErrCtrExists
// If both error and the map are nil, all containers were restarted without error
func (p *Pod) Restart(ctx context.Context) (map[string]error, error) {
p.lock.Lock()
defer p.lock.Unlock()
if !p.valid {
remove libpod from main the compilation demands of having libpod in main is a burden for the remote client compilations. to combat this, we should move the use of libpod structs, vars, constants, and functions into the adapter code where it will only be compiled by the local client. this should result in cleaner code organization and smaller binaries. it should also help if we ever need to compile the remote client on non-Linux operating systems natively (not cross-compiled). Signed-off-by: baude <bbaude@redhat.com>
2019-06-24 20:48:34 +00:00
return nil, define.ErrPodRemoved
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
}
allCtrs, err := p.runtime.state.PodContainers(p)
if err != nil {
return nil, err
}
// Build a dependency graph of containers in the pod
generate systemd: support pods and geneartig files Support generating systemd unit files for a pod. Podman generates one unit file for the pod including the PID file for the infra container's conmon process and one unit file for each container (excluding the infra container). Note that this change implies refactorings in the `pkg/systemdgen` API. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2019-08-13 11:06:37 +00:00
graph, err := BuildContainerGraph(allCtrs)
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
if err != nil {
return nil, errors.Wrapf(err, "error generating dependency graph for pod %s", p.ID())
}
ctrErrors := make(map[string]error)
ctrsVisited := make(map[string]bool)
// If there are no containers without dependencies, we can't start
// Error out
if len(graph.noDepNodes) == 0 {
remove libpod from main the compilation demands of having libpod in main is a burden for the remote client compilations. to combat this, we should move the use of libpod structs, vars, constants, and functions into the adapter code where it will only be compiled by the local client. this should result in cleaner code organization and smaller binaries. it should also help if we ever need to compile the remote client on non-Linux operating systems natively (not cross-compiled). Signed-off-by: baude <bbaude@redhat.com>
2019-06-24 20:48:34 +00:00
return nil, errors.Wrapf(define.ErrNoSuchCtr, "no containers in pod %s have no dependencies, cannot start pod", p.ID())
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
}
// Traverse the graph beginning at nodes with no dependencies
for _, node := range graph.noDepNodes {
startNode(ctx, node, false, ctrErrors, ctrsVisited, true)
}
if len(ctrErrors) > 0 {
Print errors from individual containers in pods The infra/abi code for pods was written in a flawed way, assuming that the map[string]error containing individual container errors was only set when the global error for the pod function was nil; that is not accurate, and we are actually *guaranteed* to set the global error when any individual container errors. Thus, we'd never actually include individual container errors, because the infra code assumed that err being set meant everything failed and no container operations were attempted. We were originally setting the cause of the error to something nonsensical ("container already exists"), so I made a new error indicating that some containers in the pod failed. We can then ignore that error when building the report on the pod operation and actually return errors from individual containers. Unfortunately, this exposed another weakness of the infra code, which was discarding the container IDs. Errors from individual containers are not guaranteed to identify which container they came from, hence the use of map[string]error in the Pod API functions. Rather than restructuring the structs we return from pkg/infra, I just wrapped the returned errors with a message including the ID of the container. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2020-07-02 16:59:10 +00:00
return ctrErrors, errors.Wrapf(define.ErrPodPartialFail, "error stopping some containers")
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
}
Add event logging to libpod, even display to podman In lipod, we now log major events that occurr. These events can be displayed using the `podman events` command. Each event contains: * Type (container, image, volume, pod...) * Status (create, rm, stop, kill, ....) * Timestamp in RFC3339Nano format * Name (if applicable) * Image (if applicable) The format of the event and the varlink endpoint are to not be considered stable until cockpit has done its enablement. Signed-off-by: baude <bbaude@redhat.com>
2019-02-28 20:15:56 +00:00
p.newPodEvent(events.Stop)
p.newPodEvent(events.Start)
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
return nil, nil
}
// Kill sends a signal to all running containers within a pod
// Signals will only be sent to running containers. Containers that are not
// running will be ignored. All signals are sent independently, and sending will
// continue even if some containers encounter errors.
// An error and a map[string]error are returned
// If the error is not nil and the map is nil, an error was encountered before
// any containers were signalled
// If map is not nil, an error was encountered when signalling one or more
// containers. The container ID is mapped to the error encountered. The error is
// set to ErrCtrExists
// If both error and the map are nil, all containers were signalled successfully
func (p *Pod) Kill(signal uint) (map[string]error, error) {
p.lock.Lock()
defer p.lock.Unlock()
if !p.valid {
remove libpod from main the compilation demands of having libpod in main is a burden for the remote client compilations. to combat this, we should move the use of libpod structs, vars, constants, and functions into the adapter code where it will only be compiled by the local client. this should result in cleaner code organization and smaller binaries. it should also help if we ever need to compile the remote client on non-Linux operating systems natively (not cross-compiled). Signed-off-by: baude <bbaude@redhat.com>
2019-06-24 20:48:34 +00:00
return nil, define.ErrPodRemoved
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
}
allCtrs, err := p.runtime.state.PodContainers(p)
if err != nil {
return nil, err
}
ctrErrors := make(map[string]error)
// Send a signal to all containers
for _, ctr := range allCtrs {
ctr.lock.Lock()
if err := ctr.syncContainer(); err != nil {
ctr.lock.Unlock()
ctrErrors[ctr.ID()] = err
continue
}
// Ignore containers that are not running
libpod removal from main (phase 2) this is phase 2 for the removal of libpod from main. Signed-off-by: baude <bbaude@redhat.com>
2019-06-25 13:40:19 +00:00
if ctr.state.State != define.ContainerStateRunning {
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
ctr.lock.Unlock()
continue
}
Move OCI runtime implementation behind an interface For future work, we need multiple implementations of the OCI runtime, not just a Conmon-wrapped runtime matching the runc CLI. As part of this, do some refactoring on the interface for exec (move to a struct, not a massive list of arguments). Also, add 'all' support to Kill and Stop (supported by runc and used a bit internally for removing containers). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2019-10-08 17:53:36 +00:00
if err := ctr.ociRuntime.KillContainer(ctr, signal, false); err != nil {
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
ctr.lock.Unlock()
ctrErrors[ctr.ID()] = err
continue
}
logrus.Debugf("Killed container %s with signal %d", ctr.ID(), signal)
Sending signals to containers prevents restart policy Noticed this when testing some behavior with Docker. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2019-04-01 22:17:16 +00:00
ctr.state.StoppedByUser = true
if err := ctr.save(); err != nil {
ctrErrors[ctr.ID()] = err
}
ctr.lock.Unlock()
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
}
if len(ctrErrors) > 0 {
Print errors from individual containers in pods The infra/abi code for pods was written in a flawed way, assuming that the map[string]error containing individual container errors was only set when the global error for the pod function was nil; that is not accurate, and we are actually *guaranteed* to set the global error when any individual container errors. Thus, we'd never actually include individual container errors, because the infra code assumed that err being set meant everything failed and no container operations were attempted. We were originally setting the cause of the error to something nonsensical ("container already exists"), so I made a new error indicating that some containers in the pod failed. We can then ignore that error when building the report on the pod operation and actually return errors from individual containers. Unfortunately, this exposed another weakness of the infra code, which was discarding the container IDs. Errors from individual containers are not guaranteed to identify which container they came from, hence the use of map[string]error in the Pod API functions. Rather than restructuring the structs we return from pkg/infra, I just wrapped the returned errors with a message including the ID of the container. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2020-07-02 16:59:10 +00:00
return ctrErrors, errors.Wrapf(define.ErrPodPartialFail, "error killing some containers")
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
}
Add event logging to libpod, even display to podman In lipod, we now log major events that occurr. These events can be displayed using the `podman events` command. Each event contains: * Type (container, image, volume, pod...) * Status (create, rm, stop, kill, ....) * Timestamp in RFC3339Nano format * Name (if applicable) * Image (if applicable) The format of the event and the varlink endpoint are to not be considered stable until cockpit has done its enablement. Signed-off-by: baude <bbaude@redhat.com>
2019-02-28 20:15:56 +00:00
defer p.newPodEvent(events.Kill)
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
return nil, nil
}
Change batchcontainer to shared To better reflect it's usage: to share functions between podman and varlink. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1275 Approved by: mheon
2018-08-14 21:16:22 +00:00
// Status gets the status of all containers in the pod
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
// Returns a map of Container ID to Container Status
libpod removal from main (phase 2) this is phase 2 for the removal of libpod from main. Signed-off-by: baude <bbaude@redhat.com>
2019-06-25 13:40:19 +00:00
func (p *Pod) Status() (map[string]define.ContainerStatus, error) {
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
p.lock.Lock()
defer p.lock.Unlock()
if !p.valid {
remove libpod from main the compilation demands of having libpod in main is a burden for the remote client compilations. to combat this, we should move the use of libpod structs, vars, constants, and functions into the adapter code where it will only be compiled by the local client. this should result in cleaner code organization and smaller binaries. it should also help if we ever need to compile the remote client on non-Linux operating systems natively (not cross-compiled). Signed-off-by: baude <bbaude@redhat.com>
2019-06-24 20:48:34 +00:00
return nil, define.ErrPodRemoved
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
}
allCtrs, err := p.runtime.state.PodContainers(p)
if err != nil {
return nil, err
}
Update pod bindings and Add test to validate prune pod apiv2 binding. Modify the pod inspect bindings to hold current pod status. Includes test to validate on pod status and added test to check no or few pods are pruned,if the pods are in exited state. Signed-off-by: Sujil02 <sushah@redhat.com>
2020-02-24 22:07:11 +00:00
return containerStatusFromContainers(allCtrs)
}
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
Update pod bindings and Add test to validate prune pod apiv2 binding. Modify the pod inspect bindings to hold current pod status. Includes test to validate on pod status and added test to check no or few pods are pruned,if the pods are in exited state. Signed-off-by: Sujil02 <sushah@redhat.com>
2020-02-24 22:07:11 +00:00
func containerStatusFromContainers(allCtrs []*Container) (map[string]define.ContainerStatus, error) {
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
// We need to lock all the containers
for _, ctr := range allCtrs {
ctr.lock.Lock()
defer ctr.lock.Unlock()
}
// Now that all containers are locked, get their status
libpod removal from main (phase 2) this is phase 2 for the removal of libpod from main. Signed-off-by: baude <bbaude@redhat.com>
2019-06-25 13:40:19 +00:00
status := make(map[string]define.ContainerStatus, len(allCtrs))
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
for _, ctr := range allCtrs {
if err := ctr.syncContainer(); err != nil {
return nil, err
}
status[ctr.ID()] = ctr.state.State
}
return status, nil
}
// Inspect returns a PodInspect struct to describe the pod
podman v2 remove bloat v2 rid ourseleves of libpod references in v2 client Signed-off-by: Brent Baude <bbaude@redhat.com>
2020-04-16 13:39:34 +00:00
func (p *Pod) Inspect() (*define.InspectPodData, error) {
Ensure pod inspect is locked and validity-checked Also, don't return the internal podState struct - instead return a public inspect struct. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1258 Approved by: rhatdan
2018-08-11 15:19:08 +00:00
p.lock.Lock()
defer p.lock.Unlock()
if err := p.updatePod(); err != nil {
return nil, err
}
containers, err := p.runtime.state.PodContainers(p)
Update pod bindings and Add test to validate prune pod apiv2 binding. Modify the pod inspect bindings to hold current pod status. Includes test to validate on pod status and added test to check no or few pods are pruned,if the pods are in exited state. Signed-off-by: Sujil02 <sushah@redhat.com>
2020-02-24 22:07:11 +00:00
if err != nil {
return nil, err
}
Turn on More linters - misspell - prealloc - unparam - nakedret Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-06-11 18:40:38 +00:00
ctrs := make([]define.InspectPodContainerInfo, 0, len(containers))
Update pod inspect report to hold current pod status. Added status field in pod inspect report. Fixed pod tests to use it. Signed-off-by: Sujil02 <sushah@redhat.com>
2020-04-20 10:42:51 +00:00
ctrStatuses := make(map[string]define.ContainerStatus, len(containers))
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
for _, c := range containers {
containerStatus := "unknown"
codespell: spelling corrections Signed-off-by: Dmitry Smirnov <onlyjob@member.fsf.org>
2019-11-12 04:39:36 +00:00
// Ignoring possible errors here because we don't want this to be
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
// catastrophic in nature
containerState, err := c.State()
if err == nil {
containerStatus = containerState.String()
}
podman v2 remove bloat v2 rid ourseleves of libpod references in v2 client Signed-off-by: Brent Baude <bbaude@redhat.com>
2020-04-16 13:39:34 +00:00
ctrs = append(ctrs, define.InspectPodContainerInfo{
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
ID: c.ID(),
podman v2 remove bloat v2 rid ourseleves of libpod references in v2 client Signed-off-by: Brent Baude <bbaude@redhat.com>
2020-04-16 13:39:34 +00:00
Name: c.Name(),
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
State: containerStatus,
podman v2 remove bloat v2 rid ourseleves of libpod references in v2 client Signed-off-by: Brent Baude <bbaude@redhat.com>
2020-04-16 13:39:34 +00:00
})
Update pod inspect report to hold current pod status. Added status field in pod inspect report. Fixed pod tests to use it. Signed-off-by: Sujil02 <sushah@redhat.com>
2020-04-20 10:42:51 +00:00
ctrStatuses[c.ID()] = c.state.State
}
podState, err := CreatePodStatusResults(ctrStatuses)
if err != nil {
return nil, err
podman v2 remove bloat v2 rid ourseleves of libpod references in v2 client Signed-off-by: Brent Baude <bbaude@redhat.com>
2020-04-16 13:39:34 +00:00
}
Fix bug where pods would unintentionally share cgroupns This one was a massive pain to track down. The original symptom was an error message from rootless Podman trying to make a container in a pod. I unfortunately did not look at the error message closely enough to realize that the namespace in question was the cgroup namespace (the reproducer pod was explicitly set to only share the network namespace), else this would have been quite a bit shorter. I spent considerable effort trying to track down differences between the inspect output of the two containers, and when that failed I was forced to resort to diffing the OCI specs. That finally proved fruitful, and I was able to determine what should have been obvious all along: the container was joining the cgroup namespace of the infra container when it really ought not to have. From there, I discovered a variable collision in pod config. The UsePodCgroup variable means "create a parent cgroup for the pod and join containers in the pod to it". Unfortunately, it is very similar to UsePodUTS, UsePodNet, etc, which mean "the pod shares this namespace", so an accessor was accidentally added for it that indicated the pod shared the cgroup namespace when it really did not. Once I realized that, it was a quick fix - add a bool to the pod's configuration to indicate whether the cgroup ns was shared (distinct from UsePodCgroup) and use that for the accessor. Also included are fixes for `podman inspect` and `podman pod inspect` that fix them to actually display the state of the cgroup namespace (for container inspect) and what namespaces are shared (for pod inspect). Either of those would have made tracking this down considerably quicker. Fixes #6149 Signed-off-by: Matthew Heon <mheon@redhat.com>
2020-05-08 21:41:50 +00:00
namespaces := map[string]bool{
"pid": p.config.UsePodPID,
"ipc": p.config.UsePodIPC,
"net": p.config.UsePodNet,
"mount": p.config.UsePodMount,
"user": p.config.UsePodUser,
"uts": p.config.UsePodUTS,
"cgroup": p.config.UsePodCgroupNS,
}
sharesNS := []string{}
for nsStr, include := range namespaces {
if include {
sharesNS = append(sharesNS, nsStr)
}
}
podman v2 remove bloat v2 rid ourseleves of libpod references in v2 client Signed-off-by: Brent Baude <bbaude@redhat.com>
2020-04-16 13:39:34 +00:00
inspectData := define.InspectPodData{
ID: p.ID(),
Name: p.Name(),
Namespace: p.Namespace(),
Created: p.CreatedTime(),
pod config: add a `CreateCommand` field Add a `CreateCommand` field to the pod config which includes the entire `os.Args` at pod-creation. Similar to the already existing field in a container config, we need this information to properly generate generic systemd unit files for pods. It's a prerequisite to support the `--new` flag for pods. Also add the `CreateCommand` to the pod-inspect data, which can come in handy for debugging, general inspection and certainly for the tests that are added along with the other changes. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2020-05-28 08:54:17 +00:00
CreateCommand: p.config.CreateCommand,
Update pod inspect report to hold current pod status. Added status field in pod inspect report. Fixed pod tests to use it. Signed-off-by: Sujil02 <sushah@redhat.com>
2020-04-20 10:42:51 +00:00
State: podState,
Ensure that containers in pods properly set hostname When we moved to the new Namespace types in Specgen, we made a distinction between taking a namespace from a pod, and taking it from another container. Due to this new distinction, some code that previously worked for both `--pod=$ID` and `--uts=container:$ID` has accidentally become conditional on only the latter case. This happened for Hostname - we weren't properly setting it in cases where the container joined a pod. Fortunately, this is an easy fix once we know to check the condition. Also, ensure that `podman pod inspect` actually prints hostname. Fixes #6494 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2020-06-04 20:32:10 +00:00
Hostname: p.config.Hostname,
podman v2 remove bloat v2 rid ourseleves of libpod references in v2 client Signed-off-by: Brent Baude <bbaude@redhat.com>
2020-04-16 13:39:34 +00:00
Labels: p.Labels(),
CreateCgroup: false,
CgroupParent: p.CgroupParent(),
CgroupPath: p.state.CgroupPath,
CreateInfra: false,
InfraContainerID: p.state.InfraContainerID,
InfraConfig: nil,
Fix bug where pods would unintentionally share cgroupns This one was a massive pain to track down. The original symptom was an error message from rootless Podman trying to make a container in a pod. I unfortunately did not look at the error message closely enough to realize that the namespace in question was the cgroup namespace (the reproducer pod was explicitly set to only share the network namespace), else this would have been quite a bit shorter. I spent considerable effort trying to track down differences between the inspect output of the two containers, and when that failed I was forced to resort to diffing the OCI specs. That finally proved fruitful, and I was able to determine what should have been obvious all along: the container was joining the cgroup namespace of the infra container when it really ought not to have. From there, I discovered a variable collision in pod config. The UsePodCgroup variable means "create a parent cgroup for the pod and join containers in the pod to it". Unfortunately, it is very similar to UsePodUTS, UsePodNet, etc, which mean "the pod shares this namespace", so an accessor was accidentally added for it that indicated the pod shared the cgroup namespace when it really did not. Once I realized that, it was a quick fix - add a bool to the pod's configuration to indicate whether the cgroup ns was shared (distinct from UsePodCgroup) and use that for the accessor. Also included are fixes for `podman inspect` and `podman pod inspect` that fix them to actually display the state of the cgroup namespace (for container inspect) and what namespaces are shared (for pod inspect). Either of those would have made tracking this down considerably quicker. Fixes #6149 Signed-off-by: Matthew Heon <mheon@redhat.com>
2020-05-08 21:41:50 +00:00
SharedNamespaces: sharesNS,
podman v2 remove bloat v2 rid ourseleves of libpod references in v2 client Signed-off-by: Brent Baude <bbaude@redhat.com>
2020-04-16 13:39:34 +00:00
NumContainers: uint(len(containers)),
Containers: ctrs,
Split pod.go into 3 files This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
2018-08-09 17:44:52 +00:00
}
return &inspectData, nil
}
Reference in a new issue Copy permalink