The biggest obstacle here was cleanup - we needed a way to remove
detached exec sessions after they exited, but there's no way to
tell if an exec session will be attached or detached when it's
created, and that's when we must add the exit command that would
do the removal. The solution was adding a delay to the exit
command (5 minutes), which gives sufficient time for attached
exec sessions to retrieve the exit code of the session after it
exits, but still guarantees that they will be removed, even for
detached sessions. This requires Conmon 2.0.17, which has the new
`--exit-delay` flag.
As part of the exit command rework, we can drop the hack we were
using to clean up exec sessions (remove them as part of inspect).
This is a lot cleaner, and I'm a lot happier about it.
Otherwise, this is just plumbing - we need a bindings call for
detached exec, and that needed to be added to the tunnel mode
backend for entities.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
environment variables are handled differently on windows vs linux. here we split them to be handled but no actually processing of windows environment variables was done. it can be added for future. hoowever, now we dont get errors on windows about processing them.
Signed-off-by: Brent Baude <bbaude@redhat.com>
This adds bindings for starting exec sessions, and then uses them
to wire up detached exec. Code is heavily based on Attach code
for containers, slightly modified to handle exec sessions.
Bindings are presently attached-only, detached is pending on a
Conmon update landing in CI. I'll probably get to that next.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
the pod ps man page says .Label is valid go template format. i dont think the function was actually ever implemented.
Fixes#6448
Signed-off-by: Brent Baude <bbaude@redhat.com>
In cases of trying to export an image, if the image was not found, we leaked an empty tarball or directory depending on the format.
Fixes: #6409
Signed-off-by: Brent Baude <bbaude@redhat.com>
* Support the `X-Registry-Auth` http-request header.
* The content of the header is a base64 encoded JSON payload which can
either be a single auth config or a map of auth configs (user+pw or
token) with the corresponding registries being the keys. Vanilla
Docker, projectatomic Docker and the bindings are transparantly
supported.
* Add a hidden `--registries-conf` flag. Buildah exposes the same
flag, mostly for testing purposes.
* Do all credential parsing in the client (i.e., `cmd/podman`) pass
the username and password in the backend instead of unparsed
credentials.
* Add a `pkg/auth` which handles most of the heavy lifting.
* Go through the authentication-handling code of most commands, bindings
and endpoints. Migrate them to the new code and fix issues as seen.
A final evaluation and more tests is still required *after* this
change.
* The manifest-push endpoint is missing certain parameters and should
use the ABI function instead. Adding auth-support isn't really
possible without these parts working.
* The container commands and endpoints (i.e., create and run) have not
been changed yet. The APIs don't yet account for the authfile.
* Add authentication tests to `pkg/bindings`.
Fixes: #6384
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
To ensure the Windows and OS X remote clients can properly parse
container stop signal (when given as a name e.g. SIGTERM) and
set it in SpecGen, we need access to a list of Linux signal names
and the numbers they map to that is available on non-Linux OSes.
Fortunately, these are ABI constants that are extremely unlikely
to change, so we can just take the existing constant definitions
from the library and use them.
The signal numbers used here are sourced from AMD64, but should
be the same for every architecture that is not Alpha, SPARC,
MIPS, and PA-RISC. So `podman run --stop-signal SIGTTOU` from a
Windows client to a Podman service on a SPARC host will set an
incorrect stop signal, but I don't think this is a large problem.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Fix `ps --last=N` to also include non-running containers. Also add an
e2e test to prevent us from regressing in the future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The swagger documentation for the libpod push endpoint were not in sync
with the implementation. Correct these docs to reflect the parameters
that are actually supported.
Fixes: #6388
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Fix a race in `podman container stats` by waiting for the client to
consume the data in the channel. This requires a `sync.WaitGroup` (or
semaphore) in the client and to also close the channel the backend.
Fixes: #6405
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
add copy endpoint inputs and outputs. these endpoints are not implemented yet, nor are any bindings. this allows us to update this later without having to change our api version.
Signed-off-by: Brent Baude <bbaude@redhat.com>
--container-prefix <string> - default 'container'
Systemd unit name prefix for containers
--pod-prefix <string> - default 'pod'
Systemd unit name prefix for pods
--separator <string> - default '-'
Systemd unit name seperator between name/id and prefix
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* wire up bindings and handler for obtaining logs remotely
* enable debug logging from podman in e2e test using DEBUG and
DEBUG_SERVICE env variables
* Fix error in streaming log frames
* enable remote logs test
Signed-off-by: Jhon Honce <jhonce@redhat.com>
