libpod

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 6, 2019 License: Apache-2.0 Imports: 99 Imported by: 31

Documentation

Index

Constants

View Source
const (
	// RestartPolicyNone indicates that no restart policy has been requested
	// by a container.
	RestartPolicyNone = ""
	// RestartPolicyNo is identical in function to RestartPolicyNone.
	RestartPolicyNo = "no"
	// RestartPolicyAlways unconditionally restarts the container.
	RestartPolicyAlways = "always"
	// RestartPolicyOnFailure restarts the container on non-0 exit code,
	// with an optional maximum number of retries.
	RestartPolicyOnFailure = "on-failure"
)

Valid restart policy types.

View Source
const (
	AttachPipeStdin  = 1
	AttachPipeStdout = 2
	AttachPipeStderr = 3
)

Sync with stdpipe_t in conmon.c

View Source
const (
	// HealthCheckSuccess means the health worked
	HealthCheckSuccess HealthCheckStatus = iota
	// HealthCheckFailure means the health ran and failed
	HealthCheckFailure HealthCheckStatus = iota
	// HealthCheckContainerStopped means the health check cannot
	// be run because the container is stopped
	HealthCheckContainerStopped HealthCheckStatus = iota
	// HealthCheckContainerNotFound means the container could
	// not be found in local store
	HealthCheckContainerNotFound HealthCheckStatus = iota
	// HealthCheckNotDefined means the container has no health
	// check defined in it
	HealthCheckNotDefined HealthCheckStatus = iota
	// HealthCheckInternalError means somes something failed obtaining or running
	// a given health check
	HealthCheckInternalError HealthCheckStatus = iota
	// HealthCheckDefined means the healthcheck was found on the container
	HealthCheckDefined HealthCheckStatus = iota

	// MaxHealthCheckNumberLogs is the maximum number of attempts we keep
	// in the healthcheck history file
	MaxHealthCheckNumberLogs int = 5
	// MaxHealthCheckLogLength in characters
	MaxHealthCheckLogLength = 500

	// HealthCheckHealthy describes a healthy container
	HealthCheckHealthy string = "healthy"
	// HealthCheckUnhealthy describes an unhealthy container
	HealthCheckUnhealthy string = "unhealthy"
	// HealthCheckStarting describes the time between when the container starts
	// and the start-period (time allowed for the container to start and application
	// to be running) expires.
	HealthCheckStarting string = "starting"
)
View Source
const (
	// MountPrivate represents the private mount option.
	MountPrivate = "private"
	// MountRPrivate represents the rprivate mount option.
	MountRPrivate = "rprivate"
	// MountShared represents the shared mount option.
	MountShared = "shared"
	// MountRShared represents the rshared mount option.
	MountRShared = "rshared"
	// MountSlave represents the slave mount option.
	MountSlave = "slave"
	// MountRSlave represents the rslave mount option.
	MountRSlave = "rslave"
)
View Source
const (
	// CgroupfsCgroupsManager represents cgroupfs native cgroup manager
	CgroupfsCgroupsManager = "cgroupfs"
	// SystemdCgroupsManager represents systemd native cgroup manager
	SystemdCgroupsManager = "systemd"

	// ContainerCreateTimeout represents the value of container creating timeout
	ContainerCreateTimeout = 240 * time.Second

	// DefaultShmSize is the default shm size
	DefaultShmSize = 64 * 1024 * 1024
	// NsRunDir is the default directory in which running network namespaces
	// are stored
	NsRunDir = "/var/run/netns"
)
View Source
const (
	// InvalidStateStore is an invalid state store
	InvalidStateStore RuntimeStateStore = iota
	// InMemoryStateStore is an in-memory state that will not persist data
	// on containers and pods between libpod instances or after system
	// reboot
	InMemoryStateStore RuntimeStateStore = iota
	// SQLiteStateStore is a state backed by a SQLite database
	// It is presently disabled
	SQLiteStateStore RuntimeStateStore = iota
	// BoltDBStateStore is a state backed by a BoltDB database
	BoltDBStateStore RuntimeStateStore = iota

	// SeccompDefaultPath defines the default seccomp path
	SeccompDefaultPath = "/usr/share/containers/seccomp.json"
	// SeccompOverridePath if this exists it overrides the default seccomp path
	SeccompOverridePath = "/etc/crio/seccomp.json"

	// ConfigPath is the path to the libpod configuration file
	// This file is loaded to replace the builtin default config before
	// runtime options (e.g. WithStorageConfig) are applied.
	// If it is not present, the builtin default config is used instead
	// This path can be overridden when the runtime is created by using
	// NewRuntimeFromConfig() instead of NewRuntime()
	ConfigPath = "/usr/share/containers/libpod.conf"
	// OverrideConfigPath is the path to an override for the default libpod
	// configuration file. If OverrideConfigPath exists, it will be used in
	// place of the configuration file pointed to by ConfigPath.
	OverrideConfigPath = "/etc/containers/libpod.conf"

	// DefaultInfraImage to use for infra container
	DefaultInfraImage = "k8s.gcr.io/pause:3.1"
	// DefaultInfraCommand to be run in an infra container
	DefaultInfraCommand = "/pause"

	// DefaultInitPath is the default path to the container-init binary
	DefaultInitPath = "/usr/libexec/podman/catatonit"

	// DefaultSHMLockPath is the default path for SHM locks
	DefaultSHMLockPath = "/libpod_lock"
	// DefaultRootlessSHMLockPath is the default path for rootless SHM locks
	DefaultRootlessSHMLockPath = "/libpod_rootless_lock"
)
View Source
const CgroupfsDefaultCgroupParent = "/libpod_parent"

CgroupfsDefaultCgroupParent is the cgroup parent for CGroupFS in libpod

View Source
const CtrRemoveTimeout = 10

CtrRemoveTimeout is the default number of seconds to wait after stopping a container before sending the kill signal

View Source
const (
	// DefaultTransport is a prefix that we apply to an image name
	// to check docker hub first for the image
	DefaultTransport = "docker://"
)

Runtime API constants

View Source
const DefaultWaitInterval = 250 * time.Millisecond

DefaultWaitInterval is the default interval between container status checks while waiting.

View Source
const (
	// IDTruncLength is the length of the pod's id that will be used to make the
	// infra container name
	IDTruncLength = 12
)
View Source
const SystemdDefaultCgroupParent = "machine.slice"

SystemdDefaultCgroupParent is the cgroup parent for the systemd cgroup manager in libpod

Variables

View Source
var (
	// ErrNoSuchCtr indicates the requested container does not exist
	ErrNoSuchCtr = image.ErrNoSuchCtr

	// ErrNoSuchPod indicates the requested pod does not exist
	ErrNoSuchPod = image.ErrNoSuchPod

	// ErrNoSuchImage indicates the requested image does not exist
	ErrNoSuchImage = image.ErrNoSuchImage

	// ErrNoSuchVolume indicates the requested volume does not exist
	ErrNoSuchVolume = errors.New("no such volume")

	// ErrCtrExists indicates a container with the same name or ID already
	// exists
	ErrCtrExists = errors.New("container already exists")
	// ErrPodExists indicates a pod with the same name or ID already exists
	ErrPodExists = errors.New("pod already exists")
	// ErrImageExists indicates an image with the same ID already exists
	ErrImageExists = errors.New("image already exists")
	// ErrVolumeExists indicates a volume with the same name already exists
	ErrVolumeExists = errors.New("volume already exists")

	// ErrCtrStateInvalid indicates a container is in an improper state for
	// the requested operation
	ErrCtrStateInvalid = errors.New("container state improper")
	// ErrVolumeBeingUsed indicates that a volume is being used by at least one container
	ErrVolumeBeingUsed = errors.New("volume is being used")

	// ErrRuntimeFinalized indicates that the runtime has already been
	// created and cannot be modified
	ErrRuntimeFinalized = errors.New("runtime has been finalized")
	// ErrCtrFinalized indicates that the container has already been created
	// and cannot be modified
	ErrCtrFinalized = errors.New("container has been finalized")
	// ErrPodFinalized indicates that the pod has already been created and
	// cannot be modified
	ErrPodFinalized = errors.New("pod has been finalized")
	// ErrVolumeFinalized indicates that the volume has already been created and
	// cannot be modified
	ErrVolumeFinalized = errors.New("volume has been finalized")

	// ErrInvalidArg indicates that an invalid argument was passed
	ErrInvalidArg = errors.New("invalid argument")
	// ErrEmptyID indicates that an empty ID was passed
	ErrEmptyID = errors.New("name or ID cannot be empty")

	// ErrInternal indicates an internal library error
	ErrInternal = errors.New("internal libpod error")

	// ErrDetach indicates that an attach session was manually detached by
	// the user.
	ErrDetach = utils.ErrDetach

	// ErrRuntimeStopped indicates that the runtime has already been shut
	// down and no further operations can be performed on it
	ErrRuntimeStopped = errors.New("runtime has already been stopped")
	// ErrCtrStopped indicates that the requested container is not running
	// and the requested operation cannot be performed until it is started
	ErrCtrStopped = errors.New("container is stopped")

	// ErrCtrRemoved indicates that the container has already been removed
	// and no further operations can be performed on it
	ErrCtrRemoved = errors.New("container has already been removed")
	// ErrPodRemoved indicates that the pod has already been removed and no
	// further operations can be performed on it
	ErrPodRemoved = errors.New("pod has already been removed")
	// ErrVolumeRemoved indicates that the volume has already been removed and
	// no further operations can be performed on it
	ErrVolumeRemoved = errors.New("volume has already been removed")

	// ErrDBClosed indicates that the connection to the state database has
	// already been closed
	ErrDBClosed = errors.New("database connection already closed")
	// ErrDBBadConfig indicates that the database has a different schema or
	// was created by a libpod with a different config
	ErrDBBadConfig = errors.New("database configuration mismatch")

	// ErrNSMismatch indicates that the requested pod or container is in a
	// different namespace and cannot be accessed or modified.
	ErrNSMismatch = errors.New("target is in a different namespace")

	// ErrNotImplemented indicates that the requested functionality is not
	// yet present
	ErrNotImplemented = errors.New("not yet implemented")

	// ErrOSNotSupported indicates the function is not available on the particular
	// OS.
	ErrOSNotSupported = errors.New("No support for this OS yet")
)
View Source
var ChangeCmds = []string{"CMD", "ENTRYPOINT", "ENV", "EXPOSE", "LABEL", "ONBUILD", "STOPSIGNAL", "USER", "VOLUME", "WORKDIR"}

ChangeCmds is the list of valid Changes commands to passed to the Commit call

Functions

func CopyStringStringMap

func CopyStringStringMap(m map[string]string) map[string]string

CopyStringStringMap deep copies a map[string]string and returns the result

func FuncTimer

func FuncTimer(funcName string)

FuncTimer helps measure the execution time of a function For debug purposes, do not leave in code used like defer FuncTimer("foo")

func GenerateKubeServiceFromV1Pod added in v1.0.0

func GenerateKubeServiceFromV1Pod(pod *v1.Pod, servicePorts []v1.ServicePort) v1.Service

GenerateKubeServiceFromV1Pod creates a v1 service object from a v1 pod object

func GetContainerPidInformationDescriptors added in v0.7.3

func GetContainerPidInformationDescriptors() ([]string, error)

GetContainerPidInformationDescriptors returns a string slice of all supported format descriptors of GetContainerPidInformation.

func GetPolicyContext

func GetPolicyContext(path string) (*signature.PolicyContext, error)

GetPolicyContext creates a signature policy context for the given signature policy path

func GetV1CGroups added in v0.10.1

func GetV1CGroups(excludes []string) cgroups.Hierarchy

GetV1CGroups gets the V1 cgroup subsystems and then "filters" out any subsystems that are provided by the caller. Passing nil for excludes will return the subsystems unfiltered. func GetV1CGroups(excludes []string) ([]cgroups.Subsystem, error) {

func JSONDeepCopy added in v1.2.0

func JSONDeepCopy(from, to interface{}) error

JSONDeepCopy performs a deep copy by performing a JSON encode/decode of the given structures. From and To should be identically typed structs.

func LabelVolumePath added in v1.2.0

func LabelVolumePath(path string, shared bool) error

LabelVolumePath takes a mount path for a volume and gives it an selinux label of either shared or not

func MountExists added in v0.2.2

func MountExists(specMounts []spec.Mount, dest string) bool

MountExists returns true if dest exists in the list of mounts

func OpenExclusiveFile added in v0.11.1

func OpenExclusiveFile(path string) (*os.File, error)

OpenExclusiveFile opens a file for writing and ensure it doesn't already exist

func RemoveScientificNotationFromFloat

func RemoveScientificNotationFromFloat(x float64) (float64, error)

RemoveScientificNotationFromFloat returns a float without any scientific notation if the number has any. golang does not handle conversion of float64s that have scientific notation in them and otherwise stinks. please replace this if you have a better implementation.

func SetXdgRuntimeDir added in v0.10.1

func SetXdgRuntimeDir(val string) error

SetXdgRuntimeDir ensures the XDG_RUNTIME_DIR env variable is set containers/image uses XDG_RUNTIME_DIR to locate the auth file.

func WaitForFile added in v0.3.1

func WaitForFile(path string, chWait chan error, timeout time.Duration) (bool, error)

WaitForFile waits until a file has been created or the given timeout has occurred

Types

type AttachStreams added in v0.4.2

type AttachStreams struct {
	// OutputStream will be attached to container's STDOUT
	OutputStream io.WriteCloser
	// ErrorStream will be attached to container's STDERR
	ErrorStream io.WriteCloser
	// InputStream will be attached to container's STDIN
	InputStream io.Reader
	// AttachOutput is whether to attach to STDOUT
	// If false, stdout will not be attached
	AttachOutput bool
	// AttachError is whether to attach to STDERR
	// If false, stdout will not be attached
	AttachError bool
	// AttachInput is whether to attach to STDIN
	// If false, stdout will not be attached
	AttachInput bool
}

AttachStreams contains streams that will be attached to the container

type BoltState

type BoltState struct {
	// contains filtered or unexported fields
}

BoltState is a state implementation backed by a Bolt DB

func (*BoltState) AddContainer

func (s *BoltState) AddContainer(ctr *Container) error

AddContainer adds a container to the state The container being added cannot belong to a pod

func (*BoltState) AddContainerToPod

func (s *BoltState) AddContainerToPod(pod *Pod, ctr *Container) error

AddContainerToPod adds the given container to an existing pod The container will be added to the state and the pod

func (*BoltState) AddPod

func (s *BoltState) AddPod(pod *Pod) error

AddPod adds the given pod to the state.

func (*BoltState) AddVolume added in v0.12.1

func (s *BoltState) AddVolume(volume *Volume) error

AddVolume adds the given volume to the state. It also adds ctrDepID to the sub bucket holding the container dependencies that this volume has

func (*BoltState) AllContainers

func (s *BoltState) AllContainers() ([]*Container, error)

AllContainers retrieves all the containers in the database

func (*BoltState) AllPods

func (s *BoltState) AllPods() ([]*Pod, error)

AllPods returns all pods present in the state

func (*BoltState) AllVolumes added in v0.12.1

func (s *BoltState) AllVolumes() ([]*Volume, error)

AllVolumes returns all volumes present in the state

func (*BoltState) Close

func (s *BoltState) Close() error

Close closes the state and prevents further use

func (*BoltState) Container

func (s *BoltState) Container(id string) (*Container, error)

Container retrieves a single container from the state by its full ID

func (*BoltState) ContainerInUse

func (s *BoltState) ContainerInUse(ctr *Container) ([]string, error)

ContainerInUse checks if other containers depend on the given container It returns a slice of the IDs of the containers depending on the given container. If the slice is empty, no containers depend on the given container

func (*BoltState) GetDBConfig added in v0.12.1

func (s *BoltState) GetDBConfig() (*DBConfig, error)

GetDBConfig retrieves runtime configuration fields that were created when the database was first initialized

func (*BoltState) HasContainer

func (s *BoltState) HasContainer(id string) (bool, error)

HasContainer checks if a container is present in the state

func (*BoltState) HasPod

func (s *BoltState) HasPod(id string) (bool, error)

HasPod checks if a pod with the given ID exists in the state

func (*BoltState) HasVolume added in v0.12.1

func (s *BoltState) HasVolume(name string) (bool, error)

HasVolume returns true if the given volume exists in the state, otherwise it returns false

func (*BoltState) LookupContainer

func (s *BoltState) LookupContainer(idOrName string) (*Container, error)

LookupContainer retrieves a container from the state by full or unique partial ID or name

func (*BoltState) LookupPod

func (s *BoltState) LookupPod(idOrName string) (*Pod, error)

LookupPod retrieves a pod from full or unique partial ID or name

func (*BoltState) Pod

func (s *BoltState) Pod(id string) (*Pod, error)

Pod retrieves a pod given its full ID

func (*BoltState) PodContainers

func (s *BoltState) PodContainers(pod *Pod) ([]*Container, error)

PodContainers returns all the containers present in the given pod

func (*BoltState) PodContainersByID

func (s *BoltState) PodContainersByID(pod *Pod) ([]string, error)

PodContainersByID returns the IDs of all containers present in the given pod

func (*BoltState) PodHasContainer

func (s *BoltState) PodHasContainer(pod *Pod, id string) (bool, error)

PodHasContainer checks if the given pod has a container with the given ID

func (*BoltState) Refresh

func (s *BoltState) Refresh() error

Refresh clears container and pod states after a reboot

func (*BoltState) RemoveContainer

func (s *BoltState) RemoveContainer(ctr *Container) error

RemoveContainer removes a container from the state Only removes containers not in pods - for containers that are a member of a pod, use RemoveContainerFromPod

func (*BoltState) RemoveContainerFromPod

func (s *BoltState) RemoveContainerFromPod(pod *Pod, ctr *Container) error

RemoveContainerFromPod removes a container from an existing pod The container will also be removed from the state

func (*BoltState) RemovePod

func (s *BoltState) RemovePod(pod *Pod) error

RemovePod removes the given pod from the state Only empty pods can be removed

func (*BoltState) RemovePodContainers

func (s *BoltState) RemovePodContainers(pod *Pod) error

RemovePodContainers removes all containers in a pod

func (*BoltState) RemoveVolume added in v0.12.1

func (s *BoltState) RemoveVolume(volume *Volume) error

RemoveVolume removes the given volume from the state

func (*BoltState) RewriteContainerConfig added in v1.1.0

func (s *BoltState) RewriteContainerConfig(ctr *Container, newCfg *ContainerConfig) error

RewriteContainerConfig rewrites a container's configuration. WARNING: This function is DANGEROUS. Do not use without reading the full comment on this function in state.go.

func (*BoltState) RewritePodConfig added in v1.1.0

func (s *BoltState) RewritePodConfig(pod *Pod, newCfg *PodConfig) error

RewritePodConfig rewrites a pod's configuration. WARNING: This function is DANGEROUS. Do not use without reading the full comment on this function in state.go.

func (*BoltState) SaveContainer

func (s *BoltState) SaveContainer(ctr *Container) error

SaveContainer saves a container's current state in the database

func (*BoltState) SavePod added in v0.5.3

func (s *BoltState) SavePod(pod *Pod) error

SavePod saves a pod's state to the database

func (*BoltState) SetNamespace added in v0.7.4

func (s *BoltState) SetNamespace(ns string) error

SetNamespace sets the namespace that will be used for container and pod retrieval

func (*BoltState) UpdateContainer

func (s *BoltState) UpdateContainer(ctr *Container) error

UpdateContainer updates a container's state from the database

func (*BoltState) UpdatePod added in v0.5.3

func (s *BoltState) UpdatePod(pod *Pod) error

UpdatePod updates a pod's state from the database

func (*BoltState) ValidateDBConfig added in v0.12.1

func (s *BoltState) ValidateDBConfig(runtime *Runtime) error

ValidateDBConfig validates paths in the given runtime against the database

func (*BoltState) Volume added in v0.12.1

func (s *BoltState) Volume(name string) (*Volume, error)

Volume retrieves a volume from full name

func (*BoltState) VolumeInUse added in v0.12.1

func (s *BoltState) VolumeInUse(volume *Volume) ([]string, error)

VolumeInUse checks if any container is using the volume It returns a slice of the IDs of the containers using the given volume. If the slice is empty, no containers use the given volume

type Container

type Container struct {
	// contains filtered or unexported fields
}

Container is a single OCI container. All operations on a Container that access state must begin with a call to syncContainer(). There is no guarantee that state exists in a readable state before syncContainer() is run, and even if it does, its contents will be out of date and must be refreshed from the database. Generally, this requirement applies only to top-level functions; helpers can assume that their callers handled this requirement. Generally speaking, if a function takes the container lock and accesses any part of state, it should syncContainer() immediately after locking. ffjson: skip

func (*Container) AddArtifact

func (c *Container) AddArtifact(name string, data []byte) error

AddArtifact creates and writes to an artifact file for the container

func (*Container) Attach

func (c *Container) Attach(streams *AttachStreams, keys string, resize <-chan remotecommand.TerminalSize) error

Attach attaches to a container

func (*Container) AttachSocketPath added in v0.5.4

func (c *Container) AttachSocketPath() string

AttachSocketPath retrieves the path of the container's attach socket

func (*Container) Batch

func (c *Container) Batch(batchFunc func(*Container) error) error

Batch starts a batch operation on the given container All commands in the passed function will execute under the same lock and without syncronyzing state after each operation This will result in substantial performance benefits when running numerous commands on the same container Note that the container passed into the Batch function cannot be removed during batched operations. runtime.RemoveContainer can only be called outside of Batch Any error returned by the given batch function will be returned unmodified by Batch As Batch normally disables updating the current state of the container, the Sync() function is provided to enable container state to be updated and checked within Batch.

func (*Container) BindMounts added in v0.3.2

func (c *Container) BindMounts() (map[string]string, error)

BindMounts retrieves bind mounts that were created by libpod and will be added to the container All these mounts except /dev/shm are ignored if a mount in the given spec has the same destination These mounts include /etc/resolv.conf, /etc/hosts, and /etc/hostname The return is formatted as a map from destination (mountpoint in the container) to source (path of the file that will be mounted into the container) If the container has not been started yet, an empty map will be returned, as the files in question are only created when the container is started.

func (*Container) CGroupPath

func (c *Container) CGroupPath() (string, error)

CGroupPath returns a cgroups "path" for a given container.

func (*Container) CgroupParent added in v0.2.2

func (c *Container) CgroupParent() string

CgroupParent gets the container's CGroup parent

func (*Container) Checkpoint added in v0.10.1

func (c *Container) Checkpoint(ctx context.Context, options ContainerCheckpointOptions) error

Checkpoint checkpoints a container

func (*Container) CheckpointPath added in v0.10.1

func (c *Container) CheckpointPath() string

CheckpointPath returns the path to the directory containing the checkpoint

func (*Container) Cleanup

func (c *Container) Cleanup(ctx context.Context) error

Cleanup unmounts all mount points in container and cleans up container storage It also cleans up the network stack

func (*Container) Command added in v0.5.1

func (c *Container) Command() []string

Command is the container's command This is not added to the spec, but is instead used during image commit

func (*Container) Commit

func (c *Container) Commit(ctx context.Context, destImage string, options ContainerCommitOptions) (*image.Image, error)

Commit commits the changes between a container and its image, creating a new image

func (*Container) Config

func (c *Container) Config() *ContainerConfig

Config returns the configuration used to create the container

func (*Container) ContainerState added in v1.1.0

func (c *Container) ContainerState() (*ContainerState, error)

ContainerState returns containerstate struct

func (*Container) ControlSocketPath added in v0.5.4

func (c *Container) ControlSocketPath() string

ControlSocketPath returns the path to the containers control socket for things like tty resizing

func (*Container) CreatedTime added in v0.2.2

func (c *Container) CreatedTime() time.Time

CreatedTime gets the time when the container was created

func (*Container) DNSOption added in v0.2.2

func (c *Container) DNSOption() []string

DNSOption returns the DNS options that will be used in the container's resolv.conf If empty, options from the host's resolv.conf will be used instead

func (*Container) DNSSearch added in v0.2.2

func (c *Container) DNSSearch() []string

DNSSearch returns the DNS search domains that will be used in the container's resolv.conf If empty, DNS Search domains from the host's resolv.conf will be used instead

func (*Container) DNSServers added in v0.2.2

func (c *Container) DNSServers() []net.IP

DNSServers returns DNS servers that will be used in the container's resolv.conf If empty, DNS server from the host's resolv.conf will be used instead

func (*Container) Dependencies

func (c *Container) Dependencies() []string

Dependencies gets the containers this container depends upon

func (*Container) Entrypoint added in v0.5.1

func (c *Container) Entrypoint() []string

Entrypoint is the container's entrypoint. This is not added to the spec, but is instead used during image commit.

func (*Container) Exec

func (c *Container) Exec(tty, privileged bool, env, cmd []string, user, workDir string, streams *AttachStreams, preserveFDs int) error

Exec starts a new process inside the container TODO investigate allowing exec without attaching

func (*Container) ExecSession added in v0.3.1

func (c *Container) ExecSession(id string) (*ExecSession, error)

ExecSession retrieves detailed information on a single active exec session in a container

func (*Container) ExecSessions added in v0.3.1

func (c *Container) ExecSessions() ([]string, error)

ExecSessions retrieves active exec sessions running in the container

func (*Container) ExitCode

func (c *Container) ExitCode() (int32, bool, error)

ExitCode returns the exit code of the container as an int32, and whether the container has exited. If the container has not exited, exit code will always be 0. If the container restarts, the exit code is reset to 0.

func (*Container) Export

func (c *Container) Export(path string) error

Export exports a container's root filesystem as a tar archive The archive will be saved as a file at the given path

func (*Container) FinishedTime

func (c *Container) FinishedTime() (time.Time, error)

FinishedTime is the time the container was stopped

func (*Container) GenerateForKube added in v1.0.0

func (c *Container) GenerateForKube() (*v1.Pod, error)

GenerateForKube takes a slice of libpod containers and generates one v1.Pod description that includes just a single container.

func (*Container) GetArtifact

func (c *Container) GetArtifact(name string) ([]byte, error)

GetArtifact reads the specified artifact file from the container

func (*Container) GetContainerPidInformation

func (c *Container) GetContainerPidInformation(descriptors []string) ([]string, error)

GetContainerPidInformation returns process-related data of all processes in the container. The output data can be controlled via the `descriptors` argument which expects format descriptors and supports all AIXformat descriptors of ps (1) plus some additional ones to for instance inspect the set of effective capabilities. Each element in the returned string slice is a tab-separated string.

For more details, please refer to github.com/containers/psgo.

func (*Container) GetContainerStats

func (c *Container) GetContainerStats(previousStats *ContainerStats) (*ContainerStats, error)

GetContainerStats gets the running stats for a given container

func (*Container) GetHealthCheckLog added in v1.2.0

func (c *Container) GetHealthCheckLog() (inspect.HealthCheckResults, error)

GetHealthCheckLog returns HealthCheck results by reading the container's health check log file. If the health check log file does not exist, then an empty healthcheck struct is returned

func (*Container) HasHealthCheck added in v1.2.0

func (c *Container) HasHealthCheck() bool

HasHealthCheck returns bool as to whether there is a health check defined for the container

func (*Container) HealthCheckConfig added in v1.2.0

func (c *Container) HealthCheckConfig() *manifest.Schema2HealthConfig

HealthCheckConfig returns the command and timing attributes of the health check

func (*Container) HealthCheckStatus added in v1.2.0

func (c *Container) HealthCheckStatus() (string, error)

HealthCheckStatus returns the current state of a container with a healthcheck

func (*Container) Hostname added in v0.2.2

func (c *Container) Hostname() string

Hostname gets the container's hostname

func (*Container) HostsAdd added in v0.2.2

func (c *Container) HostsAdd() []string

HostsAdd returns hosts that will be added to the container's hosts file The host system's hosts file is used as a base, and these are appended to it

func (*Container) ID

func (c *Container) ID() string

ID returns the container's ID

func (*Container) IDMappings added in v0.5.2

func (c *Container) IDMappings() (storage.IDMappingOptions, error)

IDMappings returns the UID/GID mapping used for the container

func (*Container) IPs added in v0.3.1

func (c *Container) IPs() ([]net.IPNet, error)

IPs retrieves a container's IP address(es) This will only be populated if the container is configured to created a new network namespace, and that namespace is presently active

func (*Container) Image added in v0.2.2

func (c *Container) Image() (string, string)

Image returns the ID and name of the image used as the container's rootfs

func (*Container) ImageVolumes added in v0.2.2

func (c *Container) ImageVolumes() bool

ImageVolumes returns whether the container is configured to create persistent volumes requested by the image

func (*Container) Init

func (c *Container) Init(ctx context.Context) (err error)

Init creates a container in the OCI runtime

func (*Container) Inspect

func (c *Container) Inspect(size bool) (*inspect.ContainerInspectData, error)

Inspect a container for low-level information

func (*Container) IsInfra added in v0.8.4

func (c *Container) IsInfra() bool

IsInfra returns whether the container is an infra container

func (*Container) IsReadOnly added in v0.9.3

func (c *Container) IsReadOnly() bool

IsReadOnly returns whether the container is running in read only mode

func (*Container) Kill

func (c *Container) Kill(signal uint) error

Kill sends a signal to a container

func (*Container) Labels

func (c *Container) Labels() map[string]string

Labels returns the container's labels

func (*Container) LogPath

func (c *Container) LogPath() string

LogPath returns the path to the container's log file This file will only be present after Init() is called to create the container in the runtime

func (*Container) Mount

func (c *Container) Mount() (string, error)

Mount mounts a container's filesystem on the host The path where the container has been mounted is returned

func (*Container) MountLabel added in v0.2.2

func (c *Container) MountLabel() string

MountLabel returns the SELinux mount label of the container

func (*Container) Mounted

func (c *Container) Mounted() (bool, string, error)

Mounted returns whether the container is mounted and the path it is mounted at (if it is mounted). If the container is not mounted, no error is returned, and the mountpoint will be set to "".

func (*Container) Name

func (c *Container) Name() string

Name returns the container's name

func (*Container) NamedVolumes added in v1.3.0

func (c *Container) NamedVolumes() []*ContainerNamedVolume

NamedVolumes returns the container's named volumes. The name of each is guaranteed to point to a valid libpod Volume present in the state.

func (*Container) Namespace added in v0.7.4

func (c *Container) Namespace() string

Namespace returns the libpod namespace the container is in. Namespaces are used to logically separate containers and pods in the state.

func (*Container) NamespacePath

func (c *Container) NamespacePath(ns LinuxNS) (string, error)

NamespacePath returns the path of one of the container's namespaces If the container is not running, an error will be returned

func (*Container) NetworkDisabled added in v0.12.1

func (c *Container) NetworkDisabled() (bool, error)

NetworkDisabled returns whether the container is running with a disabled network

func (*Container) NewNetNS added in v0.2.2

func (c *Container) NewNetNS() bool

NewNetNS returns whether the container will create a new network namespace

func (*Container) OOMKilled added in v0.2.2

func (c *Container) OOMKilled() (bool, error)

OOMKilled returns whether the container was killed by an OOM condition

func (*Container) PID

func (c *Container) PID() (int, error)

PID returns the PID of the container If the container is not running, a pid of 0 will be returned. No error will occur.

func (*Container) Pause

func (c *Container) Pause() error

Pause pauses a container

func (*Container) PodID

func (c *Container) PodID() string

PodID returns the full ID of the pod the container belongs to, or "" if it does not belong to a pod

func (*Container) PortMappings added in v0.2.2

func (c *Container) PortMappings() ([]ocicni.PortMapping, error)

PortMappings returns the ports that will be mapped into a container if a new network namespace is created If NewNetNS() is false, this value is unused

func (*Container) Privileged added in v0.2.2

func (c *Container) Privileged() bool

Privileged returns whether the container is privileged

func (*Container) ProcessLabel

func (c *Container) ProcessLabel() string

ProcessLabel returns the selinux ProcessLabel of the container

func (*Container) RWSize

func (c *Container) RWSize() (int64, error)

RWSize returns the rw size of the container

func (*Container) ReadLog added in v1.2.0

func (c *Container) ReadLog(options *LogOptions, logChannel chan *LogLine) error

ReadLog reads a containers log based on the input options and returns loglines over a channel

func (*Container) Refresh added in v0.6.4

func (c *Container) Refresh(ctx context.Context) error

Refresh refreshes a container's state in the database, restarting the container if it is running

func (*Container) RemoveArtifact

func (c *Container) RemoveArtifact(name string) error

RemoveArtifact deletes the specified artifacts file

func (*Container) RestartPolicy added in v1.3.0

func (c *Container) RestartPolicy() string

RestartPolicy returns the container's restart policy.

func (*Container) RestartRetries added in v1.3.0

func (c *Container) RestartRetries() uint

RestartRetries returns the number of retries that will be attempted when using the "on-failure" restart policy

func (*Container) RestartWithTimeout added in v0.5.1

func (c *Container) RestartWithTimeout(ctx context.Context, timeout uint) (err error)

RestartWithTimeout restarts a running container and takes a given timeout in uint

func (*Container) Restore added in v0.10.1

func (c *Container) Restore(ctx context.Context, options ContainerCheckpointOptions) (err error)

Restore restores a container

func (*Container) RootFsSize

func (c *Container) RootFsSize() (int64, error)

RootFsSize returns the root FS size of the container

func (*Container) RootGID added in v0.5.2

func (c *Container) RootGID() int

RootGID returns the root user mapping from container

func (*Container) RootUID added in v0.5.2

func (c *Container) RootUID() int

RootUID returns the root user mapping from container

func (*Container) Routes added in v0.3.1

func (c *Container) Routes() ([]types.Route, error)

Routes retrieves a container's routes This will only be populated if the container is configured to created a new network namespace, and that namespace is presently active

func (*Container) RuntimeName

func (c *Container) RuntimeName() string

RuntimeName returns the name of the runtime

func (*Container) ShmDir

func (c *Container) ShmDir() string

ShmDir returns the sources path to be mounted on /dev/shm in container

func (*Container) ShmSize added in v0.2.2

func (c *Container) ShmSize() int64

ShmSize returns the size of SHM device to be mounted into the container

func (*Container) Spec

func (c *Container) Spec() *spec.Spec

Spec returns the container's OCI runtime spec The spec returned is the one used to create the container. The running spec may differ slightly as mounts are added based on the image

func (*Container) Start

func (c *Container) Start(ctx context.Context, recursive bool) (err error)

Start starts a container. Start can start configured, created or stopped containers. For configured containers, the container will be initialized first, then started. Stopped containers will be deleted and re-created in runc, undergoing a fresh Init(). If recursive is set, Start will also start all containers this container depends on.

func (*Container) StartAndAttach added in v0.3.3

func (c *Container) StartAndAttach(ctx context.Context, streams *AttachStreams, keys string, resize <-chan remotecommand.TerminalSize, recursive bool) (attachResChan <-chan error, err error)

StartAndAttach starts a container and attaches to it. StartAndAttach can start configured, created or stopped containers. For configured containers, the container will be initialized first, then started. Stopped containers will be deleted and re-created in runc, undergoing a fresh Init(). If successful, an error channel will be returned containing the result of the attach call. The channel will be closed automatically after the result of attach has been sent. If recursive is set, StartAndAttach will also start all containers this container depends on.

func (*Container) StartedTime

func (c *Container) StartedTime() (time.Time, error)

StartedTime is the time the container was started

func (*Container) State

func (c *Container) State() (ContainerStatus, error)

State returns the current state of the container

func (*Container) StaticDir added in v0.2.2

func (c *Container) StaticDir() string

StaticDir returns the directory used to store persistent container files

func (*Container) Stdin added in v0.2.2

func (c *Container) Stdin() bool

Stdin returns whether STDIN on the container will be kept open

func (*Container) Stop

func (c *Container) Stop() error

Stop uses the container's stop signal (or SIGTERM if no signal was specified) to stop the container, and if it has not stopped after container's stop timeout, SIGKILL is used to attempt to forcibly stop the container Default stop timeout is 10 seconds, but can be overridden when the container is created

func (*Container) StopSignal added in v0.2.2

func (c *Container) StopSignal() uint

StopSignal is the signal that will be used to stop the container If it fails to stop the container, SIGKILL will be used after a timeout If StopSignal is 0, the default signal of SIGTERM will be used

func (*Container) StopTimeout

func (c *Container) StopTimeout() uint

StopTimeout returns the container's stop timeout If the container's default stop signal fails to kill the container, SIGKILL will be used after this timeout

func (*Container) StopWithTimeout

func (c *Container) StopWithTimeout(timeout uint) error

StopWithTimeout is a version of Stop that allows a timeout to be specified manually. If timeout is 0, SIGKILL will be used immediately to kill the container.

func (*Container) StoppedByUser added in v1.3.0

func (c *Container) StoppedByUser() (bool, error)

StoppedByUser returns whether the container was last stopped by an explicit call to the Stop() API, or whether it exited naturally.

func (*Container) Sync

func (c *Container) Sync() error

Sync updates the status of a container by querying the OCI runtime. If the container has not been created inside the OCI runtime, nothing will be done. Most of the time, Podman does not explicitly query the OCI runtime for container status, and instead relies upon exit files created by conmon. This can cause a disconnect between running state and what Podman sees in cases where Conmon was killed unexpected, or runc was upgraded. Running a manual Sync() ensures that container state will be correct in such situations.

func (*Container) Top added in v1.3.0

func (c *Container) Top(descriptors []string) ([]string, error)

Top gathers statistics about the running processes in a container. It returns a []string for output

func (*Container) Unmount

func (c *Container) Unmount(force bool) error

Unmount unmounts a container's filesystem on the host

func (*Container) Unpause

func (c *Container) Unpause() error

Unpause unpauses a container

func (*Container) User added in v0.2.2

func (c *Container) User() string

User returns the user who the container is run as

func (*Container) UserVolumes added in v0.5.1

func (c *Container) UserVolumes() []string

UserVolumes returns user-added volume mounts in the container. These are not added to the spec, but are used during image commit and to trigger some OCI hooks.

func (*Container) Wait

func (c *Container) Wait() (int32, error)

Wait blocks until the container exits and returns its exit code.

func (*Container) WaitWithInterval added in v0.9.3

func (c *Container) WaitWithInterval(waitTimeout time.Duration) (int32, error)

WaitWithInterval blocks until the container to exit and returns its exit code. The argument is the interval at which checks the container's status.

func (*Container) WorkingDir added in v0.11.1

func (c *Container) WorkingDir() string

WorkingDir returns the containers working dir

type ContainerCheckpointOptions added in v0.12.1

type ContainerCheckpointOptions struct {
	// Keep tells the API to not delete checkpoint artifacts
	Keep bool
	// KeepRunning tells the API to keep the container running
	// after writing the checkpoint to disk
	KeepRunning bool
	// TCPEstablished tells the API to checkpoint a container
	// even if it contains established TCP connections
	TCPEstablished bool
}

ContainerCheckpointOptions is a struct used to pass the parameters for checkpointing (and restoring) to the corresponding functions

type ContainerCommitOptions added in v0.4.2

type ContainerCommitOptions struct {
	buildah.CommitOptions
	Pause          bool
	IncludeVolumes bool
	Author         string
	Message        string
	Changes        []string
}

ContainerCommitOptions is a struct used to commit a container to an image It uses buildah's CommitOptions as a base. Long-term we might wish to add these to the buildah struct once buildah is more integrated with libpod

type ContainerConfig

type ContainerConfig struct {
	Spec *spec.Spec `json:"spec"`
	ID   string     `json:"id"`
	Name string     `json:"name"`
	// Full ID of the pood the container belongs to
	Pod string `json:"pod,omitempty"`
	// Namespace the container is in
	Namespace string `json:"namespace,omitempty"`
	// ID of this container's lock
	LockID uint32 `json:"lockID"`

	// UID/GID mappings used by the storage
	IDMappings storage.IDMappingOptions `json:"idMappingsOptions,omitempty"`

	// Information on the image used for the root filesystem/
	RootfsImageID   string `json:"rootfsImageID,omitempty"`
	RootfsImageName string `json:"rootfsImageName,omitempty"`
	// Rootfs to use for the container, this conflicts with RootfsImageID
	Rootfs string `json:"rootfs,omitempty"`
	// Whether to mount volumes specified in the image.
	ImageVolumes bool `json:"imageVolumes"`
	// Src path to be mounted on /dev/shm in container.
	ShmDir string `json:"ShmDir,omitempty"`
	// Size of the container's SHM.
	ShmSize int64 `json:"shmSize"`
	// Static directory for container content that will persist across
	// reboot.
	StaticDir string `json:"staticDir"`
	// Mounts list contains all additional mounts into the container rootfs.
	// These include the SHM mount.
	// These must be unmounted before the container's rootfs is unmounted.
	Mounts []string `json:"mounts,omitempty"`
	// NamedVolumes lists the named volumes to mount into the container.
	NamedVolumes []*ContainerNamedVolume `json:"namedVolumes,omitempty"`

	// Whether the container is privileged
	Privileged bool `json:"privileged"`
	// SELinux process label for container
	ProcessLabel string `json:"ProcessLabel,omitempty"`
	// SELinux mount label for root filesystem
	MountLabel string `json:"MountLabel,omitempty"`
	// LabelOpts are options passed in by the user to setup SELinux labels
	LabelOpts []string `json:"labelopts,omitempty"`
	// User and group to use in the container
	// Can be specified by name or UID/GID
	User string `json:"user,omitempty"`
	// Additional groups to add
	Groups []string `json:"groups,omitempty"`

	// Namespace Config
	// IDs of container to share namespaces with
	// NetNsCtr conflicts with the CreateNetNS bool
	// These containers are considered dependencies of the given container
	// They must be started before the given container is started
	IPCNsCtr    string `json:"ipcNsCtr,omitempty"`
	MountNsCtr  string `json:"mountNsCtr,omitempty"`
	NetNsCtr    string `json:"netNsCtr,omitempty"`
	PIDNsCtr    string `json:"pidNsCtr,omitempty"`
	UserNsCtr   string `json:"userNsCtr,omitempty"`
	UTSNsCtr    string `json:"utsNsCtr,omitempty"`
	CgroupNsCtr string `json:"cgroupNsCtr,omitempty"`

	// IDs of dependency containers.
	// These containers must be started before this container is started.
	Dependencies []string

	// CreateNetNS indicates that libpod should create and configure a new
	// network namespace for the container.
	// This cannot be set if NetNsCtr is also set.
	CreateNetNS bool `json:"createNetNS"`
	// StaticIP is a static IP to request for the container.
	// This cannot be set unless CreateNetNS is set.
	// If not set, the container will be dynamically assigned an IP by CNI.
	StaticIP net.IP `json:"staticIP"`
	// PortMappings are the ports forwarded to the container's network
	// namespace
	// These are not used unless CreateNetNS is true
	PortMappings []ocicni.PortMapping `json:"portMappings,omitempty"`
	// UseImageResolvConf indicates that resolv.conf should not be
	// bind-mounted inside the container.
	// Conflicts with DNSServer, DNSSearch, DNSOption.
	UseImageResolvConf bool
	// DNS servers to use in container resolv.conf
	// Will override servers in host resolv if set
	DNSServer []net.IP `json:"dnsServer,omitempty"`
	// DNS Search domains to use in container resolv.conf
	// Will override search domains in host resolv if set
	DNSSearch []string `json:"dnsSearch,omitempty"`
	// DNS options to be set in container resolv.conf
	// With override options in host resolv if set
	DNSOption []string `json:"dnsOption,omitempty"`
	// UseImageHosts indicates that /etc/hosts should not be
	// bind-mounted inside the container.
	// Conflicts with HostAdd.
	UseImageHosts bool
	// Hosts to add in container
	// Will be appended to host's host file
	HostAdd []string `json:"hostsAdd,omitempty"`
	// Network names (CNI) to add container to. Empty to use default network.
	Networks []string `json:"networks,omitempty"`
	// Network mode specified for the default network.
	NetMode namespaces.NetworkMode `json:"networkMode,omitempty"`

	// UserVolumes contains user-added volume mounts in the container.
	// These will not be added to the container's spec, as it is assumed
	// they are already present in the spec given to Libpod. Instead, it is
	// used when committing containers to generate the VOLUMES field of the
	// image that is created, and for triggering some OCI hooks which do not
	// fire unless user-added volume mounts are present.
	UserVolumes []string `json:"userVolumes,omitempty"`
	// Entrypoint is the container's entrypoint.
	// It is not used in spec generation, but will be used when the
	// container is committed to populate the entrypoint of the new image.
	Entrypoint []string `json:"entrypoint,omitempty"`
	// Command is the container's command.
	// It is not used in spec generation, but will be used when the
	// container is committed to populate the command of the new image.
	Command []string `json:"command,omitempty"`

	// Whether to keep container STDIN open
	Stdin bool `json:"stdin,omitempty"`
	// Labels is a set of key-value pairs providing additional information
	// about a container
	Labels map[string]string `json:"labels,omitempty"`
	// StopSignal is the signal that will be used to stop the container
	StopSignal uint `json:"stopSignal,omitempty"`
	// StopTimeout is the signal that will be used to stop the container
	StopTimeout uint `json:"stopTimeout,omitempty"`
	// Time container was created
	CreatedTime time.Time `json:"createdTime"`
	// Cgroup parent of the container
	CgroupParent string `json:"cgroupParent"`
	// LogPath log location
	LogPath string `json:"logPath"`
	// File containing the conmon PID
	ConmonPidFile string `json:"conmonPidFile,omitempty"`
	// RestartPolicy indicates what action the container will take upon
	// exiting naturally.
	// Allowed options are "no" (take no action), "on-failure" (restart on
	// non-zero exit code, up an a maximum of RestartRetries times),
	// and "always" (always restart the container on any exit code).
	// The empty string is treated as the default ("no")
	RestartPolicy string `json:"restart_policy,omitempty"`
	// RestartRetries indicates the number of attempts that will be made to
	// restart the container. Used only if RestartPolicy is set to
	// "on-failure".
	RestartRetries uint `json:"restart_retries,omitempty"`

	PostConfigureNetNS bool `json:"postConfigureNetNS"`

	// OCIRuntime used to create the container
	OCIRuntime string `json:"runtime,omitempty"`

	// ExitCommand is the container's exit command.
	// This Command will be executed when the container exits
	ExitCommand []string `json:"exitCommand,omitempty"`
	// IsInfra is a bool indicating whether this container is an infra container used for
	// sharing kernel namespaces in a pod
	IsInfra bool `json:"pause"`

	// Systemd tells libpod to setup the container in systemd mode
	Systemd bool `json:"systemd"`

	// HealthCheckConfig has the health check command and related timings
	HealthCheckConfig *manifest.Schema2HealthConfig `json:"healthcheck"`
}

ContainerConfig contains all information that was used to create the container. It may not be changed once created. It is stored, read-only, on disk easyjson:json

type ContainerFilter

type ContainerFilter func(*Container) bool

ContainerFilter is a function to determine whether a container is included in command output. Containers to be outputted are tested using the function. A true return will include the container, a false return will exclude it.

type ContainerInfo

type ContainerInfo struct {
	Dir          string
	RunDir       string
	Config       *v1.Image
	ProcessLabel string
	MountLabel   string
}

ContainerInfo wraps a subset of information about a container: the locations of its nonvolatile and volatile per-container directories, along with a copy of the configuration blob from the image that was used to create the container, if the image had a configuration. It also returns the ProcessLabel and MountLabel selected for the container

type ContainerNamedVolume added in v1.3.0

type ContainerNamedVolume struct {
	// Name is the name of the volume to mount in.
	// Must resolve to a valid volume present in this Podman.
	Name string `json:"volumeName"`
	// Dest is the mount's destination
	Dest string `json:"dest"`
	// Options are fstab style mount options
	Options []string `json:"options,omitempty"`
}

ContainerNamedVolume is a named volume that will be mounted into the container. Each named volume is a libpod Volume present in the state.

type ContainerState added in v1.1.0

type ContainerState struct {
	// The current state of the running container
	State ContainerStatus `json:"state"`
	// The path to the JSON OCI runtime spec for this container
	ConfigPath string `json:"configPath,omitempty"`
	// RunDir is a per-boot directory for container content
	RunDir string `json:"runDir,omitempty"`
	// Mounted indicates whether the container's storage has been mounted
	// for use
	Mounted bool `json:"mounted,omitempty"`
	// Mountpoint contains the path to the container's mounted storage as given
	// by containers/storage.
	Mountpoint string `json:"mountPoint,omitempty"`
	// StartedTime is the time the container was started
	StartedTime time.Time `json:"startedTime,omitempty"`
	// FinishedTime is the time the container finished executing
	FinishedTime time.Time `json:"finishedTime,omitempty"`
	// ExitCode is the exit code returned when the container stopped
	ExitCode int32 `json:"exitCode,omitempty"`
	// Exited is whether the container has exited
	Exited bool `json:"exited,omitempty"`
	// OOMKilled indicates that the container was killed as it ran out of
	// memory
	OOMKilled bool `json:"oomKilled,omitempty"`
	// PID is the PID of a running container
	PID int `json:"pid,omitempty"`
	// ExecSessions contains active exec sessions for container
	// Exec session ID is mapped to PID of exec process
	ExecSessions map[string]*ExecSession `json:"execSessions,omitempty"`
	// NetworkStatus contains the configuration results for all networks
	// the pod is attached to. Only populated if we created a network
	// namespace for the container, and the network namespace is currently
	// active
	NetworkStatus []*cnitypes.Result `json:"networkResults,omitempty"`
	// BindMounts contains files that will be bind-mounted into the
	// container when it is mounted.
	// These include /etc/hosts and /etc/resolv.conf
	// This maps the path the file will be mounted to in the container to
	// the path of the file on disk outside the container
	BindMounts map[string]string `json:"bindMounts,omitempty"`
	// StoppedByUser indicates whether the container was stopped by an
	// explicit call to the Stop() API.
	StoppedByUser bool `json:"stoppedByUser,omitempty"`
	// RestartPolicyMatch indicates whether the conditions for restart
	// policy have been met.
	RestartPolicyMatch bool `json:"restartPolicyMatch,omitempty"`
	// RestartCount is how many times the container was restarted by its
	// restart policy. This is NOT incremented by normal container restarts
	// (only by restart policy).
	RestartCount uint `json:"restartCount,omitempty"`

	// ExtensionStageHooks holds hooks which will be executed by libpod
	// and not delegated to the OCI runtime.
	ExtensionStageHooks map[string][]spec.Hook `json:"extensionStageHooks,omitempty"`
	// contains filtered or unexported fields
}

ContainerState contains the current state of the container It is stored on disk in a tmpfs and recreated on reboot easyjson:json

type ContainerStats

type ContainerStats struct {
	ContainerID string
	Name        string
	CPU         float64
	CPUNano     uint64
	SystemNano  uint64
	MemUsage    uint64
	MemLimit    uint64
	MemPerc     float64
	NetInput    uint64
	NetOutput   uint64
	BlockInput  uint64
	BlockOutput uint64
	PIDs        uint64
}

ContainerStats contains the statistics information for a running container

type ContainerStatus

type ContainerStatus int

ContainerStatus represents the current state of a container

const (
	// ContainerStateUnknown indicates that the container is in an error
	// state where information about it cannot be retrieved
	ContainerStateUnknown ContainerStatus = iota
	// ContainerStateConfigured indicates that the container has had its
	// storage configured but it has not been created in the OCI runtime
	ContainerStateConfigured ContainerStatus = iota
	// ContainerStateCreated indicates the container has been created in
	// the OCI runtime but not started
	ContainerStateCreated ContainerStatus = iota
	// ContainerStateRunning indicates the container is currently executing
	ContainerStateRunning ContainerStatus = iota
	// ContainerStateStopped indicates that the container was running but has
	// exited
	ContainerStateStopped ContainerStatus = iota
	// ContainerStatePaused indicates that the container has been paused
	ContainerStatePaused ContainerStatus = iota
	// ContainerStateExited indicates the the container has stopped and been
	// cleaned up
	ContainerStateExited ContainerStatus = iota
)

func StringToContainerStatus added in v1.3.0

func StringToContainerStatus(status string) (ContainerStatus, error)

StringToContainerStatus converts a string representation of a containers status into an actual container status type

func (ContainerStatus) String

func (t ContainerStatus) String() string

ContainerStatus returns a string representation for users of a container state

type CtrCreateOption

type CtrCreateOption func(*Container) error

A CtrCreateOption is a functional option which alters the Container created by NewContainer

func WithCgroupNSFrom

func WithCgroupNSFrom(nsCtr *Container) CtrCreateOption

WithCgroupNSFrom indicates the the container should join the CGroup namespace of the given container. If the container has joined a pod, it can only join the namespaces of containers in the same pod.

func WithCgroupParent

func WithCgroupParent(parent string) CtrCreateOption

WithCgroupParent sets the Cgroup Parent of the new container.

func WithCommand added in v0.5.1

func WithCommand(command []string) CtrCreateOption

WithCommand sets the command of the container. This is not used to change the container's spec, but will instead be used during commit to populate the command of the new image. If not explicitly set it will default to the image's command. A nil command is allowed, and will clear command on the created image.

func WithConmonPidFile added in v0.3.5

func WithConmonPidFile(path string) CtrCreateOption

WithConmonPidFile specifies the path to the file that receives the pid of conmon.

func WithCtrNamespace added in v0.7.4

func WithCtrNamespace(ns string) CtrCreateOption

WithCtrNamespace sets the namespace the container will be created in. Namespaces are used to create separate views of Podman's state - runtimes can join a specific namespace and see only containers and pods in that namespace. Empty string namespaces are allowed, and correspond to a lack of namespace.

func WithDNS

func WithDNS(dnsServers []string) CtrCreateOption

WithDNS sets additional name servers for the container.

func WithDNSOption

func WithDNSOption(dnsOptions []string) CtrCreateOption

WithDNSOption sets addition dns options for the container.

func WithDNSSearch

func WithDNSSearch(searchDomains []string) CtrCreateOption

WithDNSSearch sets the additional search domains of a container.

func WithDependencyCtrs added in v0.4.1

func WithDependencyCtrs(ctrs []*Container) CtrCreateOption

WithDependencyCtrs sets dependency containers of the given container. Dependency containers must be running before this container is started.

func WithEntrypoint added in v0.5.1

func WithEntrypoint(entrypoint []string) CtrCreateOption

WithEntrypoint sets the entrypoint of the container. This is not used to change the container's spec, but will instead be used during commit to populate the entrypoint of the new image. If not explicitly set it will default to the image's entrypoint. A nil entrypoint is allowed, and will clear entrypoint on the created image.

func WithExitCommand added in v0.6.5

func WithExitCommand(exitCommand []string) CtrCreateOption

WithExitCommand sets the ExitCommand for the container, appending on the ctr.ID() to the end

func WithGroups added in v0.4.2

func WithGroups(groups []string) CtrCreateOption

WithGroups sets additional groups for the container, which are defined by the user.

func WithHealthCheck added in v1.2.0

func WithHealthCheck(healthCheck *manifest.Schema2HealthConfig) CtrCreateOption

WithHealthCheck adds the healthcheck to the container config

func WithHosts

func WithHosts(hosts []string) CtrCreateOption

WithHosts sets additional host:IP for the hosts file.

func WithIDMappings added in v0.5.2

func WithIDMappings(idmappings storage.IDMappingOptions) CtrCreateOption

WithIDMappings sets the idmappsings for the container

func WithIPCNSFrom

func WithIPCNSFrom(nsCtr *Container) CtrCreateOption

WithIPCNSFrom indicates the the container should join the IPC namespace of the given container. If the container has joined a pod, it can only join the namespaces of containers in the same pod.

func WithLabels

func WithLabels(labels map[string]string) CtrCreateOption

WithLabels adds labels to the container.

func WithLogPath

func WithLogPath(path string) CtrCreateOption

WithLogPath sets the path to the log file.

func WithMountNSFrom

func WithMountNSFrom(nsCtr *Container) CtrCreateOption

WithMountNSFrom indicates the the container should join the mount namespace of the given container. If the container has joined a pod, it can only join the namespaces of containers in the same pod.

func WithName

func WithName(name string) CtrCreateOption

WithName sets the container's name.

func WithNamedVolumes added in v1.3.0

func WithNamedVolumes(volumes []*ContainerNamedVolume) CtrCreateOption

WithNamedVolumes adds the given named volumes to the container.

func WithNetNS

func WithNetNS(portMappings []ocicni.PortMapping, postConfigureNetNS bool, netmode string, networks []string) CtrCreateOption

WithNetNS indicates that the container should be given a new network namespace with a minimal configuration. An optional array of port mappings can be provided. Conflicts with WithNetNSFrom().

func WithNetNSFrom

func WithNetNSFrom(nsCtr *Container) CtrCreateOption

WithNetNSFrom indicates the the container should join the network namespace of the given container. If the container has joined a pod, it can only join the namespaces of containers in the same pod.

func WithPIDNSFrom

func WithPIDNSFrom(nsCtr *Container) CtrCreateOption

WithPIDNSFrom indicates the the container should join the PID namespace of the given container. If the container has joined a pod, it can only join the namespaces of containers in the same pod.

func WithPrivileged

func WithPrivileged(privileged bool) CtrCreateOption

WithPrivileged sets the privileged flag in the container runtime.

func WithRestartPolicy added in v1.3.0

func WithRestartPolicy(policy string) CtrCreateOption

WithRestartPolicy sets the container's restart policy. Valid values are "no", "on-failure", and "always". The empty string is allowed, and will be equivalent to "no".

func WithRestartRetries added in v1.3.0

func WithRestartRetries(tries uint) CtrCreateOption

WithRestartRetries sets the number of retries to use when restarting a container with the "on-failure" restart policy. 0 is an allowed value, and indicates infinite retries.

func WithRootFS added in v0.6.3

func WithRootFS(rootfs string) CtrCreateOption

WithRootFS sets the rootfs for the container. This creates a container from a directory on disk and not an image.

func WithRootFSFromImage

func WithRootFSFromImage(imageID string, imageName string, useImageVolumes bool) CtrCreateOption

WithRootFSFromImage sets up a fresh root filesystem using the given image. If useImageConfig is specified, image volumes, environment variables, and other configuration from the image will be added to the config. TODO: Replace image name and ID with a libpod.Image struct when that is finished.

func WithSecLabels added in v0.9.3

func WithSecLabels(labelOpts []string) CtrCreateOption

WithSecLabels sets the labels for SELinux.

func WithShmDir

func WithShmDir(dir string) CtrCreateOption

WithShmDir sets the directory that should be mounted on /dev/shm.

func WithShmSize

func WithShmSize(size int64) CtrCreateOption

WithShmSize sets the size of /dev/shm tmpfs mount.

func WithStaticIP added in v0.10.1

func WithStaticIP(ip net.IP) CtrCreateOption

WithStaticIP indicates that the container should request a static IP from the CNI plugins. It cannot be set unless WithNetNS has already been passed. Further, it cannot be set if additional CNI networks to join have been specified.

func WithStdin

func WithStdin() CtrCreateOption

WithStdin keeps stdin on the container open to allow interaction.

func WithStopSignal

func WithStopSignal(signal syscall.Signal) CtrCreateOption

WithStopSignal sets the signal that will be sent to stop the container.

func WithStopTimeout

func WithStopTimeout(timeout uint) CtrCreateOption

WithStopTimeout sets the time to after initial stop signal is sent to the container, before sending the kill signal.

func WithSystemd added in v0.11.1

func WithSystemd() CtrCreateOption

WithSystemd turns on systemd mode in the container

func WithUTSNSFrom

func WithUTSNSFrom(nsCtr *Container) CtrCreateOption

WithUTSNSFrom indicates the the container should join the UTS namespace of the given container. If the container has joined a pod, it can only join the namespaces of containers in the same pod.

func WithUTSNSFromPod added in v0.8.4

func WithUTSNSFromPod(p *Pod) CtrCreateOption

WithUTSNSFromPod indicates the the container should join the UTS namespace of its pod

func WithUseImageHosts added in v1.2.0

func WithUseImageHosts() CtrCreateOption

WithUseImageHosts tells the container not to bind-mount /etc/hosts in. This conflicts with WithHosts().

func WithUseImageResolvConf added in v1.2.0

func WithUseImageResolvConf() CtrCreateOption

WithUseImageResolvConf tells the container not to bind-mount resolv.conf in. This conflicts with other DNS-related options.

func WithUser

func WithUser(user string) CtrCreateOption

WithUser sets the user identity field in configutation. Valid uses [user | user:group | uid | uid:gid | user:gid | uid:group ].

func WithUserNSFrom

func WithUserNSFrom(nsCtr *Container) CtrCreateOption

WithUserNSFrom indicates the the container should join the user namespace of the given container. If the container has joined a pod, it can only join the namespaces of containers in the same pod.

func WithUserVolumes added in v0.5.1

func WithUserVolumes(volumes []string) CtrCreateOption

WithUserVolumes sets the user-added volumes of the container. These are not added to the container's spec, but will instead be used during commit to populate the volumes of the new image, and to trigger some OCI hooks that are only added if volume mounts are present. Unless explicitly set, committed images will have no volumes. The given volumes slice must not be nil.

type DBConfig added in v0.12.1

type DBConfig struct {
	LibpodRoot  string
	LibpodTmp   string
	StorageRoot string
	StorageTmp  string
	GraphDriver string
	VolumePath  string
}

DBConfig is a set of Libpod runtime configuration settings that are saved in a State when it is first created, and can subsequently be retrieved.

type ExecSession added in v0.3.1

type ExecSession struct {
	ID      string   `json:"id"`
	Command []string `json:"command"`
	PID     int      `json:"pid"`
}

ExecSession contains information on an active exec session easyjson:json

type HealthCheckStatus added in v1.2.0

type HealthCheckStatus int

HealthCheckStatus represents the current state of a container

type InMemoryState

type InMemoryState struct {
	// contains filtered or unexported fields
}

An InMemoryState is a purely in-memory state store

func (*InMemoryState) AddContainer

func (s *InMemoryState) AddContainer(ctr *Container) error

AddContainer adds a container to the state Containers in a pod cannot be added to the state

func (*InMemoryState) AddContainerToPod

func (s *InMemoryState) AddContainerToPod(pod *Pod, ctr *Container) error

AddContainerToPod adds a container to the given pod, also adding it to the state

func (*InMemoryState) AddPod

func (s *InMemoryState) AddPod(pod *Pod) error

AddPod adds a given pod to the state

func (*InMemoryState) AddVolume added in v0.12.1

func (s *InMemoryState) AddVolume(volume *Volume) error

AddVolume adds a volume to the state

func (*InMemoryState) AllContainers

func (s *InMemoryState) AllContainers() ([]*Container, error)

AllContainers retrieves all containers from the state

func (*InMemoryState) AllPods

func (s *InMemoryState) AllPods() ([]*Pod, error)

AllPods retrieves all pods currently in the state

func (*InMemoryState) AllVolumes added in v0.12.1

func (s *InMemoryState) AllVolumes() ([]*Volume, error)

AllVolumes returns all volumes that exist in the state

func (*InMemoryState) Close

func (s *InMemoryState) Close() error

Close the state before shutdown This is a no-op as we have no backing disk

func (*InMemoryState) Container

func (s *InMemoryState) Container(id string) (*Container, error)

Container retrieves a container from its full ID

func (*InMemoryState) ContainerInUse

func (s *InMemoryState) ContainerInUse(ctr *Container) ([]string, error)

ContainerInUse checks if the given container is being used by other containers

func (*InMemoryState) GetDBConfig added in v0.12.1

func (s *InMemoryState) GetDBConfig() (*DBConfig, error)

GetDBConfig is not implemented for in-memory state. As we do not store a config, return an empty one.

func (*InMemoryState) HasContainer

func (s *InMemoryState) HasContainer(id string) (bool, error)

HasContainer checks if a container with the given ID is present in the state

func (*InMemoryState) HasPod

func (s *InMemoryState) HasPod(id string) (bool, error)

HasPod checks if a pod with the given ID is present in the state

func (*InMemoryState) HasVolume added in v0.12.1

func (s *InMemoryState) HasVolume(name string) (bool, error)

HasVolume checks if a volume with the given name is present in the state

func (*InMemoryState) LookupContainer

func (s *InMemoryState) LookupContainer(idOrName string) (*Container, error)

LookupContainer retrieves a container by full ID, unique partial ID, or name

func (*InMemoryState) LookupPod

func (s *InMemoryState) LookupPod(idOrName string) (*Pod, error)

LookupPod retrieves a pod from the state from a full or unique partial ID or a full name

func (*InMemoryState) Pod

func (s *InMemoryState) Pod(id string) (*Pod, error)

Pod retrieves a pod from the state from its full ID

func (*InMemoryState) PodContainers

func (s *InMemoryState) PodContainers(pod *Pod) ([]*Container, error)

PodContainers retrieves the containers from a pod

func (*InMemoryState) PodContainersByID

func (s *InMemoryState) PodContainersByID(pod *Pod) ([]string, error)

PodContainersByID returns the IDs of all containers in the given pod

func (*InMemoryState) PodHasContainer

func (s *InMemoryState) PodHasContainer(pod *Pod, ctrID string) (bool, error)

PodHasContainer checks if the given pod has a container with the given ID

func (*InMemoryState) Refresh

func (s *InMemoryState) Refresh() error

Refresh clears container and pod stats after a reboot In-memory state won't survive a reboot so this is a no-op

func (*InMemoryState) RemoveContainer

func (s *InMemoryState) RemoveContainer(ctr *Container) error

RemoveContainer removes a container from the state The container will only be removed from the state, not from the pod the container belongs to

func (*InMemoryState) RemoveContainerFromPod

func (s *InMemoryState) RemoveContainerFromPod(pod *Pod, ctr *Container) error

RemoveContainerFromPod removes the given container from the given pod The container is also removed from the state

func (*InMemoryState) RemovePod

func (s *InMemoryState) RemovePod(pod *Pod) error

RemovePod removes a given pod from the state Only empty pods can be removed

func (*InMemoryState) RemovePodContainers

func (s *InMemoryState) RemovePodContainers(pod *Pod) error

RemovePodContainers removes all containers from a pod This is used to simultaneously remove a number of containers with many interdependencies Will only remove containers if no dependencies outside of the pod are present

func (*InMemoryState) RemoveVolume added in v0.12.1

func (s *InMemoryState) RemoveVolume(volume *Volume) error

RemoveVolume removes a volume from the state

func (*InMemoryState) RewriteContainerConfig added in v1.1.0

func (s *InMemoryState) RewriteContainerConfig(ctr *Container, newCfg *ContainerConfig) error

RewriteContainerConfig rewrites a container's configuration. This function is DANGEROUS, even with an in-memory state. Please read the full comment on it in state.go before using it.

func (*InMemoryState) RewritePodConfig added in v1.1.0

func (s *InMemoryState) RewritePodConfig(pod *Pod, newCfg *PodConfig) error

RewritePodConfig rewrites a pod's configuration. This function is DANGEROUS, even with in-memory state. Please read the full comment on it in state.go before using it.

func (*InMemoryState) SaveContainer

func (s *InMemoryState) SaveContainer(ctr *Container) error

SaveContainer saves a container's state As all state is in-memory, any changes are always reflected as soon as they are made As such this is a no-op

func (*InMemoryState) SavePod added in v0.5.3

func (s *InMemoryState) SavePod(pod *Pod) error

SavePod updates a pod in the state This is a no-op at there is no backing store

func (*InMemoryState) SetNamespace added in v0.7.4

func (s *InMemoryState) SetNamespace(ns string) error

SetNamespace sets the namespace for container and pod retrieval.

func (*InMemoryState) UpdateContainer

func (s *InMemoryState) UpdateContainer(ctr *Container) error

UpdateContainer updates a container's state As all state is in-memory, no update will be required As such this is a no-op

func (*InMemoryState) UpdatePod added in v0.5.3

func (s *InMemoryState) UpdatePod(pod *Pod) error

UpdatePod updates a pod in the state This is a no-op as there is no backing store

func (*InMemoryState) ValidateDBConfig added in v0.12.1

func (s *InMemoryState) ValidateDBConfig(runtime *Runtime) error

ValidateDBConfig is not implemented for the in-memory state. Since we do nothing just return no error.

func (*InMemoryState) Volume added in v0.12.1

func (s *InMemoryState) Volume(name string) (*Volume, error)

Volume retrieves a volume from its full name

func (*InMemoryState) VolumeInUse added in v0.12.1

func (s *InMemoryState) VolumeInUse(volume *Volume) ([]string, error)

VolumeInUse checks if the given volume is being used by at least one container

type InfoData

type InfoData struct {
	Type string
	Data map[string]interface{}
}

InfoData holds the info type, i.e store, host etc and the data for each type

type InfraContainerConfig added in v0.8.4

type InfraContainerConfig struct {
	HasInfraContainer bool                 `json:"makeInfraContainer"`
	PortBindings      []ocicni.PortMapping `json:"infraPortBindings"`
}

InfraContainerConfig is the configuration for the pod's infra container

type LinuxNS

type LinuxNS int

LinuxNS represents a Linux namespace

const (
	// InvalidNS is an invalid namespace
	InvalidNS LinuxNS = iota
	// IPCNS is the IPC namespace
	IPCNS LinuxNS = iota
	// MountNS is the mount namespace
	MountNS LinuxNS = iota
	// NetNS is the network namespace
	NetNS LinuxNS = iota
	// PIDNS is the PID namespace
	PIDNS LinuxNS = iota
	// UserNS is the user namespace
	UserNS LinuxNS = iota
	// UTSNS is the UTS namespace
	UTSNS LinuxNS = iota
	// CgroupNS is the CGroup namespace
	CgroupNS LinuxNS = iota
)

func (LinuxNS) String

func (ns LinuxNS) String() string

String returns a string representation of a Linux namespace It is guaranteed to be the name of the namespace in /proc for valid ns types

type LogLine added in v1.2.0

type LogLine struct {
	Device       string
	ParseLogType string
	Time         time.Time
	Msg          string
	CID          string
}

LogLine describes the information for each line of a log

func (*LogLine) Partial added in v1.2.0

func (l *LogLine) Partial() bool

Partial returns a bool if the log line is a partial log type

func (*LogLine) Since added in v1.2.0

func (l *LogLine) Since(since time.Time) bool

Since returns a bool as to whether a log line occurred after a given time

func (*LogLine) String added in v1.2.0

func (l *LogLine) String(options *LogOptions) string

String converts a logline to a string for output given whether a detail bool is specified.

type LogOptions added in v1.2.0

type LogOptions struct {
	Details    bool
	Follow     bool
	Since      time.Time
	Tail       uint64
	Timestamps bool
	Multi      bool
	WaitGroup  *sync.WaitGroup
}

LogOptions is the options you can use for logs

type OCIRuntime

type OCIRuntime struct {
	// contains filtered or unexported fields
}

OCIRuntime represents an OCI-compatible runtime that libpod can call into to perform container operations

type OCIRuntimePath added in v1.1.0

type OCIRuntimePath struct {
	// Name of the runtime to refer to by the --runtime flag
	Name string `toml:"name"`
	// Paths to check for this executable
	Paths []string `toml:"paths"`
}

OCIRuntimePath contains information about an OCI runtime.

type Pod

type Pod struct {
	// contains filtered or unexported fields
}

Pod represents a group of containers that are managed together. Any operations on a Pod that access state must begin with a call to updatePod(). There is no guarantee that state exists in a readable state before this call, and even if it does its contents will be out of date and must be refreshed from the database. Generally, this requirement applies only to top-level functions; helpers can assume their callers handled this requirement. Generally speaking, if a function takes the pod lock and accesses any part of state, it should updatePod() immediately after locking. ffjson: skip Pod represents a group of containers that may share namespaces

func (*Pod) AllContainers

func (p *Pod) AllContainers() ([]*Container, error)

AllContainers retrieves the containers in the pod

func (*Pod) AllContainersByID

func (p *Pod) AllContainersByID() ([]string, error)

AllContainersByID returns the container IDs of all the containers in the pod

func (*Pod) CgroupParent added in v0.5.3

func (p *Pod) CgroupParent() string

CgroupParent returns the pod's CGroup parent

func (*Pod) CgroupPath added in v0.5.3

func (p *Pod) CgroupPath() (string, error)

CgroupPath returns the path to the pod's CGroup

func (*Pod) CreatedTime added in v0.7.2

func (p *Pod) CreatedTime() time.Time

CreatedTime gets the time when the pod was created

func (*Pod) GenerateForKube added in v1.0.0

func (p *Pod) GenerateForKube() (*v1.Pod, []v1.ServicePort, error)

GenerateForKube takes a slice of libpod containers and generates one v1.Pod description

func (*Pod) GetPodPidInformation added in v0.8.4

func (p *Pod) GetPodPidInformation(descriptors []string) ([]string, error)

GetPodPidInformation returns process-related data of all processes in the pod. The output data can be controlled via the `descriptors` argument which expects format descriptors and supports all AIXformat descriptors of ps (1) plus some additional ones to for instance inspect the set of effective capabilities. Eeach element in the returned string slice is a tab-separated string.

For more details, please refer to github.com/containers/psgo.

func (*Pod) GetPodStats added in v0.8.3

func (p *Pod) GetPodStats(previousContainerStats map[string]*ContainerStats) (map[string]*ContainerStats, error)

GetPodStats returns the stats for each of its containers

func (*Pod) HasContainer

func (p *Pod) HasContainer(id string) (bool, error)

HasContainer checks if a container is present in the pod

func (*Pod) HasInfraContainer added in v0.8.4

func (p *Pod) HasInfraContainer() bool

HasInfraContainer returns whether the pod will create an infra container

func (*Pod) ID

func (p *Pod) ID() string

ID retrieves the pod's ID

func (*Pod) InfraContainerID added in v0.8.4

func (p *Pod) InfraContainerID() (string, error)

InfraContainerID returns the infra container ID for a pod. If the container returned is "", the pod has no infra container.

func (*Pod) Inspect added in v0.8.2

func (p *Pod) Inspect() (*PodInspect, error)

Inspect returns a PodInspect struct to describe the pod

func (*Pod) Kill

func (p *Pod) Kill(signal uint) (map[string]error, error)

Kill sends a signal to all running containers within a pod Signals will only be sent to running containers. Containers that are not running will be ignored. All signals are sent independently, and sending will continue even if some containers encounter errors. An error and a map[string]error are returned If the error is not nil and the map is nil, an error was encountered before any containers were signalled If map is not nil, an error was encountered when signalling one or more containers. The container ID is mapped to the error encountered. The error is set to ErrCtrExists If both error and the map are nil, all containers were signalled successfully

func (*Pod) Labels

func (p *Pod) Labels() map[string]string

Labels returns the pod's labels

func (*Pod) Name

func (p *Pod) Name() string

Name retrieves the pod's name

func (*Pod) Namespace added in v0.7.4

func (p *Pod) Namespace() string

Namespace returns the pod's libpod namespace. Namespaces are used to logically separate containers and pods in the state.

func (*Pod) Pause added in v0.7.4

func (p *Pod) Pause() (map[string]error, error)

Pause pauses all containers within a pod that are running. Only running containers will be paused. Paused, stopped, or created containers will be ignored. All containers are paused independently. An error pausing one container will not prevent other containers being paused. An error and a map[string]error are returned If the error is not nil and the map is nil, an error was encountered before any containers were paused If map is not nil, an error was encountered when pausing one or more containers. The container ID is mapped to the error encountered. The error is set to ErrCtrExists If both error and the map are nil, all containers were paused without error

func (*Pod) Restart added in v0.7.4

func (p *Pod) Restart(ctx context.Context) (map[string]error, error)

Restart restarts all containers within a pod that are not paused or in an error state. It combines the effects of Stop() and Start() on a container Each container will use its own stop timeout. All containers are started independently, in order dictated by their dependencies. An error restarting one container will not prevent other containers being restarted. An error and a map[string]error are returned If the error is not nil and the map is nil, an error was encountered before any containers were restarted If map is not nil, an error was encountered when restarting one or more containers. The container ID is mapped to the error encountered. The error is set to ErrCtrExists If both error and the map are nil, all containers were restarted without error

func (*Pod) SharesCgroup added in v0.8.4

func (p *Pod) SharesCgroup() bool

SharesCgroup returns whether containers in the pod will default to this pod's cgroup instead of the default libpod parent

func (*Pod) SharesIPC added in v0.8.4

func (p *Pod) SharesIPC() bool

SharesIPC returns whether containers in pod default to use IPC namespace of first container in pod

func (*Pod) SharesMount added in v0.8.4

func (p *Pod) SharesMount() bool

SharesMount returns whether containers in pod default to use PID namespace of first container in pod

func (*Pod) SharesNamespaces added in v0.8.4

func (p *Pod) SharesNamespaces() bool

SharesNamespaces checks if the pod has any kernel namespaces set as shared. An infra container will not be created if no kernel namespaces are shared.

func (*Pod) SharesNet added in v0.8.4

func (p *Pod) SharesNet() bool

SharesNet returns whether containers in pod default to use network namespace of first container in pod

func (*Pod) SharesPID added in v0.8.4

func (p *Pod) SharesPID() bool

SharesPID returns whether containers in pod default to use PID namespace of first container in pod

func (*Pod) SharesUTS added in v0.8.4

func (p *Pod) SharesUTS() bool

SharesUTS returns whether containers in pod default to use UTS namespace of first container in pod

func (*Pod) SharesUser added in v0.8.4

func (p *Pod) SharesUser() bool

SharesUser returns whether containers in pod default to use user namespace of first container in pod

func (*Pod) Start

func (p *Pod) Start(ctx context.Context) (map[string]error, error)

Start starts all containers within a pod It combines the effects of Init() and Start() on a container If a container has already been initialized it will be started, otherwise it will be initialized then started. Containers that are already running or have been paused are ignored All containers are started independently, in order dictated by their dependencies. An error and a map[string]error are returned If the error is not nil and the map is nil, an error was encountered before any containers were started If map is not nil, an error was encountered when starting one or more containers. The container ID is mapped to the error encountered. The error is set to ErrCtrExists If both error and the map are nil, all containers were started successfully

func (*Pod) Status

func (p *Pod) Status() (map[string]ContainerStatus, error)

Status gets the status of all containers in the pod Returns a map of Container ID to Container Status

func (*Pod) Stop

func (p *Pod) Stop(ctx context.Context, cleanup bool) (map[string]error, error)

Stop stops all containers within a pod without a timeout. It assumes -1 for a timeout.

func (*Pod) StopWithTimeout added in v1.0.0

func (p *Pod) StopWithTimeout(ctx context.Context, cleanup bool, timeout int) (map[string]error, error)

StopWithTimeout stops all containers within a pod that are not already stopped Each container will use its own stop timeout Only running containers will be stopped. Paused, stopped, or created containers will be ignored. If cleanup is true, mounts and network namespaces will be cleaned up after the container is stopped. All containers are stopped independently. An error stopping one container will not prevent other containers being stopped. An error and a map[string]error are returned If the error is not nil and the map is nil, an error was encountered before any containers were stopped If map is not nil, an error was encountered when stopping one or more containers. The container ID is mapped to the error encountered. The error is set to ErrCtrExists If both error and the map are nil, all containers were stopped without error

func (*Pod) Unpause added in v0.7.4

func (p *Pod) Unpause() (map[string]error, error)

Unpause unpauses all containers within a pod that are running. Only paused containers will be unpaused. Running, stopped, or created containers will be ignored. All containers are unpaused independently. An error unpausing one container will not prevent other containers being unpaused. An error and a map[string]error are returned If the error is not nil and the map is nil, an error was encountered before any containers were unpaused If map is not nil, an error was encountered when unpausing one or more containers. The container ID is mapped to the error encountered. The error is set to ErrCtrExists If both error and the map are nil, all containers were unpaused without error

type PodConfig

type PodConfig struct {
	ID   string `json:"id"`
	Name string `json:"name"`
	// Namespace the pod is in
	Namespace string `json:"namespace,omitempty"`

	// Labels contains labels applied to the pod
	Labels map[string]string `json:"labels"`
	// CgroupParent contains the pod's CGroup parent
	CgroupParent string `json:"cgroupParent"`
	// UsePodCgroup indicates whether the pod will create its own CGroup and
	// join containers to it.
	// If true, all containers joined to the pod will use the pod cgroup as
	// their cgroup parent, and cannot set a different cgroup parent
	UsePodCgroup bool `json:"sharesCgroup,omitempty"`

	// The following UsePod{kernelNamespace} indicate whether the containers
	// in the pod will inherit the namespace from the first container in the pod.
	UsePodPID   bool `json:"sharesPid,omitempty"`
	UsePodIPC   bool `json:"sharesIpc,omitempty"`
	UsePodNet   bool `json:"sharesNet,omitempty"`
	UsePodMount bool `json:"sharesMnt,omitempty"`
	UsePodUser  bool `json:"sharesUser,omitempty"`
	UsePodUTS   bool `json:"sharesUts,omitempty"`

	InfraContainer *InfraContainerConfig `json:"infraConfig"`

	// Time pod was created
	CreatedTime time.Time `json:"created"`

	// ID of the pod's lock
	LockID uint32 `json:"lockID"`
}

PodConfig represents a pod's static configuration easyjson:json

type PodContainerInfo added in v0.8.2

type PodContainerInfo struct {
	ID    string `json:"id"`
	State string `json:"state"`
}

PodContainerInfo keeps information on a container in a pod easyjson:json

type PodContainerStats added in v0.8.3

type PodContainerStats struct {
	Pod            *Pod
	ContainerStats map[string]*ContainerStats
}

PodContainerStats is an organization struct for pods and their containers

type PodCreateOption

type PodCreateOption func(*Pod) error

A PodCreateOption is a functional option which alters the Pod created by NewPod

func WithInfraContainer added in v0.8.4

func WithInfraContainer() PodCreateOption

WithInfraContainer tells the pod to create a pause container

func WithInfraContainerPorts added in v0.12.1

func WithInfraContainerPorts(bindings []ocicni.PortMapping) PodCreateOption

WithInfraContainerPorts tells the pod to add port bindings to the pause container

func WithPodCgroupParent added in v0.5.3

func WithPodCgroupParent(path string) PodCreateOption

WithPodCgroupParent sets the Cgroup Parent of the pod.

func WithPodCgroups added in v0.5.3

func WithPodCgroups() PodCreateOption

WithPodCgroups tells containers in this pod to use the cgroup created for this pod. This can still be overridden at the container level by explicitly specifying a CGroup parent.

func WithPodIPC added in v0.8.4

func WithPodIPC() PodCreateOption

WithPodIPC tells containers in this pod to use the ipc namespace created for this pod. Containers in a pod will inherit the kernel namespaces from the first container added.

func WithPodLabels

func WithPodLabels(labels map[string]string) PodCreateOption

WithPodLabels sets the labels of a pod.

func WithPodMount added in v0.8.4

func WithPodMount() PodCreateOption

WithPodMount tells containers in this pod to use the mount namespace created for this pod. Containers in a pod will inherit the kernel namespaces from the first container added. TODO implement WithMountNSFrom, so WithMountNsFromPod functions properly Then this option can be added on the pod level

func WithPodName

func WithPodName(name string) PodCreateOption

WithPodName sets the name of the pod.

func WithPodNamespace added in v0.7.4

func WithPodNamespace(ns string) PodCreateOption

WithPodNamespace sets the namespace for the created pod. Namespaces are used to create separate views of Podman's state - runtimes can join a specific namespace and see only containers and pods in that namespace. Empty string namespaces are allowed, and correspond to a lack of namespace. Containers must belong to the same namespace as the pod they join.

func WithPodNet added in v0.8.4

func WithPodNet() PodCreateOption

WithPodNet tells containers in this pod to use the network namespace created for this pod. Containers in a pod will inherit the kernel namespaces from the first container added.

func WithPodPID added in v0.8.4

func WithPodPID() PodCreateOption

WithPodPID tells containers in this pod to use the pid namespace created for this pod. Containers in a pod will inherit the kernel namespaces from the first container added.

func WithPodUTS added in v0.8.4

func WithPodUTS() PodCreateOption

WithPodUTS tells containers in this pod to use the uts namespace created for this pod. Containers in a pod will inherit the kernel namespaces from the first container added.

func WithPodUser added in v0.8.4

func WithPodUser() PodCreateOption

WithPodUser tells containers in this pod to use the user namespace created for this pod. Containers in a pod will inherit the kernel namespaces from the first container added. TODO implement WithUserNSFrom, so WithUserNsFromPod functions properly Then this option can be added on the pod level

type PodFilter

type PodFilter func(*Pod) bool

PodFilter is a function to determine whether a pod is included in command output. Pods to be outputted are tested using the function. A true return will include the pod, a false return will exclude it.

type PodInspect added in v0.8.2

type PodInspect struct {
	Config     *PodConfig
	State      *PodInspectState
	Containers []PodContainerInfo
}

PodInspect represents the data we want to display for podman pod inspect easyjson:json

type PodInspectState added in v0.8.3

type PodInspectState struct {
	CgroupPath       string `json:"cgroupPath"`
	InfraContainerID string `json:"infraContainerID"`
}

PodInspectState contains inspect data on the pod's state easyjson:json

type Runtime

type Runtime struct {
	// contains filtered or unexported fields
}

Runtime is the core libpod runtime

func NewRuntime

func NewRuntime(ctx context.Context, options ...RuntimeOption) (runtime *Runtime, err error)

NewRuntime creates a new container runtime Options can be passed to override the default configuration for the runtime

func NewRuntimeFromConfig added in v0.3.2

func NewRuntimeFromConfig(ctx context.Context, userConfigPath string, options ...RuntimeOption) (runtime *Runtime, err error)

NewRuntimeFromConfig creates a new container runtime using the given configuration file for its default configuration. Passed RuntimeOption functions can be used to mutate this configuration further. An error will be returned if the configuration file at the given path does not exist or cannot be loaded

func (*Runtime) Build added in v0.4.4

func (r *Runtime) Build(ctx context.Context, options imagebuildah.BuildOptions, dockerfiles ...string) error

Build adds the runtime to the imagebuildah call

func (*Runtime) Events added in v1.2.0

func (r *Runtime) Events(options events.ReadOptions) error

Events is a wrapper function for everyone to begin tailing the events log with options

func (*Runtime) GetAllContainers

func (r *Runtime) GetAllContainers() ([]*Container, error)

GetAllContainers is a helper function for GetContainers

func (*Runtime) GetAllPods added in v0.7.2

func (r *Runtime) GetAllPods() ([]*Pod, error)

GetAllPods retrieves all pods

func (*Runtime) GetAllVolumes added in v0.12.1

func (r *Runtime) GetAllVolumes() ([]*Volume, error)

GetAllVolumes retrieves all the volumes

func (*Runtime) GetConfig

func (r *Runtime) GetConfig() (*RuntimeConfig, error)

GetConfig returns a copy of the configuration used by the runtime

func (*Runtime) GetConmonVersion added in v0.8.2

func (r *Runtime) GetConmonVersion() (string, error)

GetConmonVersion returns a string representation of the conmon version

func (*Runtime) GetContainer

func (r *Runtime) GetContainer(id string) (*Container, error)

GetContainer retrieves a container by its ID

func (*Runtime) GetContainers

func (r *Runtime) GetContainers(filters ...ContainerFilter) ([]*Container, error)

GetContainers retrieves all containers from the state Filters can be provided which will determine what containers are included in the output. Multiple filters are handled by ANDing their output, so only containers matching all filters are returned

func (*Runtime) GetContainersByList

func (r *Runtime) GetContainersByList(containers []string) ([]*Container, error)

GetContainersByList is a helper function for GetContainers which takes a []string of container IDs or names

func (*Runtime) GetDiff

func (r *Runtime) GetDiff(from, to string) ([]archive.Change, error)

GetDiff returns the differences between the two images, layers, or containers

func (*Runtime) GetHostDistributionInfo added in v0.10.1

func (r *Runtime) GetHostDistributionInfo() map[string]string

GetHostDistributionInfo returns a map containing the host's distribution and version

func (*Runtime) GetLatestContainer

func (r *Runtime) GetLatestContainer() (*Container, error)

GetLatestContainer returns a container object of the latest created container.

func (*Runtime) GetLatestPod added in v0.7.2

func (r *Runtime) GetLatestPod() (*Pod, error)

GetLatestPod returns a pod object of the latest created pod.

func (*Runtime) GetOCIRuntimePath added in v1.0.0

func (r *Runtime) GetOCIRuntimePath() string

GetOCIRuntimePath returns the path to the OCI Runtime Path the runtime is using

func (*Runtime) GetOCIRuntimeVersion added in v0.8.2

func (r *Runtime) GetOCIRuntimeVersion() (string, error)

GetOCIRuntimeVersion returns a string representation of the oci runtimes version

func (*Runtime) GetPod

func (r *Runtime) GetPod(id string) (*Pod, error)

GetPod retrieves a pod by its ID

func (*Runtime) GetRunningContainers

func (r *Runtime) GetRunningContainers() ([]*Container, error)

GetRunningContainers is a helper function for GetContainers

func (*Runtime) GetRunningPods added in v0.8.3

func (r *Runtime) GetRunningPods() ([]*Pod, error)

GetRunningPods returns an array of running pods

func (*Runtime) GetVolume added in v0.12.1

func (r *Runtime) GetVolume(name string) (*Volume, error)

GetVolume retrieves a volume by its name

func (*Runtime) HasContainer

func (r *Runtime) HasContainer(id string) (bool, error)

HasContainer checks if a container with the given ID is present

func (*Runtime) HasPod

func (r *Runtime) HasPod(id string) (bool, error)

HasPod checks to see if a pod with the given ID exists

func (*Runtime) HasVolume added in v0.12.1

func (r *Runtime) HasVolume(name string) (bool, error)

HasVolume checks to see if a volume with the given name exists

func (*Runtime) HealthCheck added in v1.2.0

func (r *Runtime) HealthCheck(name string) (HealthCheckStatus, error)

HealthCheck verifies the state and validity of the healthcheck configuration on the container and then executes the healthcheck

func (*Runtime) ImageRuntime added in v0.3.4

func (r *Runtime) ImageRuntime() *image.Runtime

ImageRuntime returns the imageruntime for image resolution

func (*Runtime) Import added in v1.1.0

func (r *Runtime) Import(ctx context.Context, source string, reference string, changes []string, history string, quiet bool) (string, error)

Import is called as an intermediary to the image library Import

func (*Runtime) Info

func (r *Runtime) Info() ([]InfoData, error)

Info returns the store and host information

func (*Runtime) LoadImage added in v1.1.0

func (r *Runtime) LoadImage(ctx context.Context, name, inputFile string, writer io.Writer, signaturePolicy string) (string, error)

LoadImage loads a container image into local storage

func (*Runtime) Log added in v1.2.0

func (r *Runtime) Log(containers []*Container, options *LogOptions, logChannel chan *LogLine) error

Log is a runtime function that can read one or more container logs.

func (*Runtime) LookupContainer

func (r *Runtime) LookupContainer(idOrName string) (*Container, error)

LookupContainer looks up a container by its name or a partial ID If a partial ID is not unique, an error will be returned

func (*Runtime) LookupPod

func (r *Runtime) LookupPod(idOrName string) (*Pod, error)

LookupPod retrieves a pod by its name or a partial ID If a partial ID is not unique, an error will be returned

func (*Runtime) NewContainer

func (r *Runtime) NewContainer(ctx context.Context, rSpec *spec.Spec, options ...CtrCreateOption) (c *Container, err error)

NewContainer creates a new container from a given OCI config

func (*Runtime) NewPod

func (r *Runtime) NewPod(ctx context.Context, options ...PodCreateOption) (*Pod, error)

NewPod makes a new, empty pod

func (*Runtime) NewVolume added in v0.12.1

func (r *Runtime) NewVolume(ctx context.Context, options ...VolumeCreateOption) (*Volume, error)

NewVolume creates a new empty volume

func (*Runtime) Pods

func (r *Runtime) Pods(filters ...PodFilter) ([]*Pod, error)

Pods retrieves all pods Filters can be provided which will determine which pods are included in the output. Multiple filters are handled by ANDing their output, so only pods matching all filters are returned

func (*Runtime) PruneVolumes added in v1.1.0

func (r *Runtime) PruneVolumes(ctx context.Context) ([]string, []error)

PruneVolumes removes unused volumes from the system

func (*Runtime) RemoveContainer

func (r *Runtime) RemoveContainer(ctx context.Context, c *Container, force bool, removeVolume bool) error

RemoveContainer removes the given container If force is specified, the container will be stopped first If removeVolume is specified, named volumes used by the container will be removed also if and only if the container is the sole user Otherwise, RemoveContainer will return an error if the container is running

func (*Runtime) RemoveContainersFromStorage added in v1.1.0

func (r *Runtime) RemoveContainersFromStorage(ctrs []string)

RemoveContainersFromStorage attempt to remove containers from storage that do not exist in libpod database

func (*Runtime) RemoveImage

func (r *Runtime) RemoveImage(ctx context.Context, img *image.Image, force bool) (string, error)

RemoveImage deletes an image from local storage Images being used by running containers can only be removed if force=true

func (*Runtime) RemovePod

func (r *Runtime) RemovePod(ctx context.Context, p *Pod, removeCtrs, force bool) error

RemovePod removes a pod If removeCtrs is specified, containers will be removed Otherwise, a pod that is not empty will return an error and not be removed If force is specified with removeCtrs, all containers will be stopped before being removed Otherwise, the pod will not be removed if any containers are running

func (*Runtime) RemoveVolume added in v0.12.1

func (r *Runtime) RemoveVolume(ctx context.Context, v *Volume, force bool) error

RemoveVolume removes a volumes

func (*Runtime) RemoveVolumes added in v1.1.0

func (r *Runtime) RemoveVolumes(ctx context.Context, volumes []string, all, force bool) ([]string, error)

RemoveVolumes removes a slice of volumes or all with a force bool

func (*Runtime) Shutdown

func (r *Runtime) Shutdown(force bool) error

Shutdown shuts down the runtime and associated containers and storage If force is true, containers and mounted storage will be shut down before cleaning up; if force is false, an error will be returned if there are still containers running or mounted

func (*Runtime) SystemContext added in v1.0.0

func (r *Runtime) SystemContext() *types.SystemContext

SystemContext returns the imagecontext

func (*Runtime) Volumes added in v0.12.1

func (r *Runtime) Volumes(filters ...VolumeFilter) ([]*Volume, error)

Volumes retrieves all volumes Filters can be provided which will determine which volumes are included in the output. Multiple filters are handled by ANDing their output, so only volumes matching all filters are returned

func (*Runtime) WithPod

func (r *Runtime) WithPod(pod *Pod) CtrCreateOption

WithPod adds the container to a pod. Containers which join a pod can only join the Linux namespaces of other containers in the same pod. Containers can only join pods in the same libpod namespace.

type RuntimeConfig

type RuntimeConfig struct {
	// StorageConfig is the configuration used by containers/storage
	// Not included in on-disk config, use the dedicated containers/storage
	// configuration file instead
	StorageConfig storage.StoreOptions `toml:"-"`
	// VolumePath is the default location that named volumes will be created
	// under. This convention is followed by the default volume driver, but
	// may not be by other drivers.
	VolumePath string `toml:"volume_path"`
	// ImageDefaultTransport is the default transport method used to fetch
	// images
	ImageDefaultTransport string `toml:"image_default_transport"`
	// SignaturePolicyPath is the path to a signature policy to use for
	// validating images
	// If left empty, the containers/image default signature policy will
	// be used
	SignaturePolicyPath string `toml:"signature_policy_path,omitempty"`
	// StateType is the type of the backing state store.
	// Avoid using multiple values for this with the same containers/storage
	// configuration on the same system. Different state types do not
	// interact, and each will see a separate set of containers, which may
	// cause conflicts in containers/storage
	// As such this is not exposed via the config file
	StateType RuntimeStateStore `toml:"-"`
	// OCIRuntime is the OCI runtime to use.
	OCIRuntime string `toml:"runtime"`
	// OCIRuntimes are the set of configured OCI runtimes (default is runc)
	OCIRuntimes map[string][]string `toml:"runtimes"`
	// RuntimePath is the path to OCI runtime binary for launching
	// containers.
	// The first path pointing to a valid file will be used
	// This is used only when there are no OCIRuntime/OCIRuntimes defined.  It
	// is used only to be backward compatible with older versions of Podman.
	RuntimePath []string `toml:"runtime_path"`
	// ConmonPath is the path to the Conmon binary used for managing
	// containers
	// The first path pointing to a valid file will be used
	ConmonPath []string `toml:"conmon_path"`
	// ConmonEnvVars are environment variables to pass to the Conmon binary
	// when it is launched
	ConmonEnvVars []string `toml:"conmon_env_vars"`
	// CGroupManager is the CGroup Manager to use
	// Valid values are "cgroupfs" and "systemd"
	CgroupManager string `toml:"cgroup_manager"`
	// InitPath is the path to the container-init binary.
	InitPath string `toml:"init_path"`
	// StaticDir is the path to a persistent directory to store container
	// files
	StaticDir string `toml:"static_dir"`
	// TmpDir is the path to a temporary directory to store per-boot
	// container files
	// Must be stored in a tmpfs
	TmpDir string `toml:"tmp_dir"`
	// MaxLogSize is the maximum size of container logfiles
	MaxLogSize int64 `toml:"max_log_size,omitempty"`
	// NoPivotRoot sets whether to set no-pivot-root in the OCI runtime
	NoPivotRoot bool `toml:"no_pivot_root"`
	// CNIConfigDir sets the directory where CNI configuration files are
	// stored
	CNIConfigDir string `toml:"cni_config_dir"`
	// CNIPluginDir sets a number of directories where the CNI network
	// plugins can be located
	CNIPluginDir []string `toml:"cni_plugin_dir"`
	// CNIDefaultNetwork is the network name of the default CNI network
	// to attach pods to
	CNIDefaultNetwork string `toml:"cni_default_network,omitempty"`
	// HooksDir holds paths to the directories containing hooks
	// configuration files. When the same filename is present in in
	// multiple directories, the file in the directory listed last in
	// this slice takes precedence.
	HooksDir []string `toml:"hooks_dir"`
	// DefaultMountsFile is the path to the default mounts file for testing
	// purposes only
	DefaultMountsFile string `toml:"-"`
	// Namespace is the libpod namespace to use.
	// Namespaces are used to create scopes to separate containers and pods
	// in the state.
	// When namespace is set, libpod will only view containers and pods in
	// the same namespace. All containers and pods created will default to
	// the namespace set here.
	// A namespace of "", the empty string, is equivalent to no namespace,
	// and all containers and pods will be visible.
	// The default namespace is "".
	Namespace string `toml:"namespace,omitempty"`

	// InfraImage is the image a pod infra container will use to manage namespaces
	InfraImage string `toml:"infra_image"`
	// InfraCommand is the command run to start up a pod infra container
	InfraCommand string `toml:"infra_command"`
	// EnablePortReservation determines whether libpod will reserve ports on
	// the host when they are forwarded to containers.
	// When enabled, when ports are forwarded to containers, they are
	// held open by conmon as long as the container is running, ensuring
	// that they cannot be reused by other programs on the host.
	// However, this can cause significant memory usage if a container has
	// many ports forwarded to it. Disabling this can save memory.
	EnablePortReservation bool `toml:"enable_port_reservation"`
	// EnableLabeling indicates wether libpod will support container labeling
	EnableLabeling bool `toml:"label"`
	// NetworkCmdPath is the path to the slirp4netns binary
	NetworkCmdPath string `toml:"network_cmd_path"`

	// NumLocks is the number of locks to make available for containers and
	// pods.
	NumLocks uint32 `toml:"num_locks,omitempty"`

	// EventsLogger determines where events should be logged
	EventsLogger string `toml:"events_logger"`
	// EventsLogFilePath is where the events log is stored.
	EventsLogFilePath string `toml:-"events_logfile_path"`
}

RuntimeConfig contains configuration options used to set up the runtime

type RuntimeContainerMetadata

type RuntimeContainerMetadata struct {
	// The provided name and the ID of the image that was used to
	// instantiate the container.
	ImageName string `json:"image-name"` // Applicable to both PodSandboxes and Containers
	ImageID   string `json:"image-id"`   // Applicable to both PodSandboxes and Containers
	// The container's name, which for an infrastructure container is usually PodName + "-infra".
	ContainerName string `json:"name"`                 // Applicable to both PodSandboxes and Containers, mandatory
	CreatedAt     int64  `json:"created-at"`           // Applicable to both PodSandboxes and Containers
	MountLabel    string `json:"mountlabel,omitempty"` // Applicable to both PodSandboxes and Containers
}

RuntimeContainerMetadata is the structure that we encode as JSON and store in the metadata field of storage.Container objects. It is used for specifying attributes containers when they are being created, and allows a container's MountLabel, and possibly other values, to be modified in one read/write cycle via calls to storageService.ContainerMetadata, RuntimeContainerMetadata.SetMountLabel, and storageService.SetContainerMetadata.

func (*RuntimeContainerMetadata) SetMountLabel

func (metadata *RuntimeContainerMetadata) SetMountLabel(mountLabel string)

SetMountLabel updates the mount label held by a RuntimeContainerMetadata object.

type RuntimeOption

type RuntimeOption func(*Runtime) error

A RuntimeOption is a functional option which alters the Runtime created by NewRuntime

func WithCNIConfigDir

func WithCNIConfigDir(dir string) RuntimeOption

WithCNIConfigDir sets the CNI configuration directory.

func WithCNIPluginDir

func WithCNIPluginDir(dir string) RuntimeOption

WithCNIPluginDir sets the CNI plugins directory.

func WithCgroupManager

func WithCgroupManager(manager string) RuntimeOption

WithCgroupManager specifies the manager implementation name which is used to handle cgroups for containers. Current valid values are "cgroupfs" and "systemd".

func WithConmonEnv

func WithConmonEnv(environment []string) RuntimeOption

WithConmonEnv specifies the environment variable list for the conmon process.

func WithConmonPath

func WithConmonPath(path string) RuntimeOption

WithConmonPath specifies the path to the conmon binary which manages the runtime.

func WithDefaultInfraCommand added in v0.8.4

func WithDefaultInfraCommand(cmd string) RuntimeOption

WithDefaultInfraCommand sets the command to run on pause container start up.

func WithDefaultInfraImage added in v0.8.4

func WithDefaultInfraImage(img string) RuntimeOption

WithDefaultInfraImage sets the infra image for libpod. An infra image is used for inter-container kernel namespace sharing within a pod. Typically, an infra container is lightweight and is there to reap zombie processes within its pid namespace.

func WithDefaultMountsFile added in v0.4.4

func WithDefaultMountsFile(mountsFile string) RuntimeOption

WithDefaultMountsFile sets the file to look at for default mounts (mainly secrets). Note we are not saving this in the database as it is for testing purposes only.

func WithDefaultTransport added in v0.2.2

func WithDefaultTransport(defaultTransport string) RuntimeOption

WithDefaultTransport sets the default transport for retrieving images.

func WithHooksDir added in v0.4.1

func WithHooksDir(hooksDirs ...string) RuntimeOption

WithHooksDir sets the directories to look for OCI runtime hook configuration.

func WithMaxLogSize

func WithMaxLogSize(limit int64) RuntimeOption

WithMaxLogSize sets the maximum size of container logs. Positive sizes are limits in bytes, -1 is unlimited.

func WithMigrate added in v1.3.0

func WithMigrate() RuntimeOption

WithMigrate instructs libpod to migrate container configurations to account for changes between Libpod versions. All running containers will be stopped during a migration, then restarted after the migration is complete.

func WithNamespace added in v0.7.4

func WithNamespace(ns string) RuntimeOption

WithNamespace sets the namespace for libpod. Namespaces are used to create scopes to separate containers and pods in the state. When namespace is set, libpod will only view containers and pods in the same namespace. All containers and pods created will default to the namespace set here. A namespace of "", the empty string, is equivalent to no namespace, and all containers and pods will be visible.

func WithNetworkCmdPath added in v1.2.0

func WithNetworkCmdPath(path string) RuntimeOption

WithNetworkCmdPath specifies the path to the slirp4netns binary which manages the runtime.

func WithNoPivotRoot

func WithNoPivotRoot(noPivot bool) RuntimeOption

WithNoPivotRoot sets the runtime to use MS_MOVE instead of PIVOT_ROOT when starting containers.

func WithOCIRuntime

func WithOCIRuntime(runtime string) RuntimeOption

WithOCIRuntime specifies an OCI runtime to use for running containers.

func WithRenumber added in v1.1.0

func WithRenumber() RuntimeOption

WithRenumber instructs libpod to perform a lock renumbering while initializing. This will handle migrations from early versions of libpod with file locks to newer versions with SHM locking, as well as changes in the number of configured locks.

func WithSignaturePolicy

func WithSignaturePolicy(path string) RuntimeOption

WithSignaturePolicy specifies the path of a file which decides how trust is managed for images we've pulled. If this is not specified, the system default configuration will be used instead.

func WithStateType

func WithStateType(storeType RuntimeStateStore) RuntimeOption

WithStateType sets the backing state implementation for libpod. Please note that information is not portable between backing states. As such, if this differs between two libpods running on the same system, they will not share containers, and unspecified behavior may occur.

func WithStaticDir

func WithStaticDir(dir string) RuntimeOption

WithStaticDir sets the directory that static runtime files which persist across reboots will be stored.

func WithStorageConfig

func WithStorageConfig(config storage.StoreOptions) RuntimeOption

WithStorageConfig uses the given configuration to set up container storage. If this is not specified, the system default configuration will be used instead.

func WithTmpDir

func WithTmpDir(dir string) RuntimeOption

WithTmpDir sets the directory that temporary runtime files which are not expected to survive across reboots will be stored. This should be located on a tmpfs mount (/tmp or /var/run for example).

func WithVolumePath added in v0.12.1

func WithVolumePath(volPath string) RuntimeOption

WithVolumePath sets the path under which all named volumes should be created. The path changes based on whethe rthe user is running as root or not.

type RuntimeStateStore

type RuntimeStateStore int

RuntimeStateStore is a constant indicating which state store implementation should be used by libpod

type State

type State interface {
	// Close performs any pre-exit cleanup (e.g. closing database
	// connections) that may be required
	Close() error

	// Refresh clears container and pod states after a reboot
	Refresh() error

	// GetDBConfig retrieves several paths configured within the database
	// when it was created - namely, Libpod root and tmp dirs, c/storage
	// root and tmp dirs, and c/storage graph driver.
	// This is not implemented by the in-memory state, as it has no need to
	// validate runtime configuration.
	GetDBConfig() (*DBConfig, error)

	// ValidateDBConfig validates the config in the given Runtime struct
	// against paths stored in the configured database.
	// Libpod root and tmp dirs and c/storage root and tmp dirs and graph
	// driver are validated.
	// This is not implemented by the in-memory state, as it has no need to
	// validate runtime configuration that may change over multiple runs of
	// the program.
	ValidateDBConfig(runtime *Runtime) error

	// SetNamespace() sets the namespace for the store, and will determine
	// what containers are retrieved with container and pod retrieval calls.
	// A namespace of "", the empty string, acts as no namespace, and
	// containers and pods in all namespaces will be returned.
	SetNamespace(ns string) error

	// Return a container from the database from its full ID.
	// If the container is not in the set namespace, an error will be
	// returned.
	Container(id string) (*Container, error)
	// Return a container from the database by full or partial ID or full
	// name.
	// Containers not in the set namespace will be ignored.
	LookupContainer(idOrName string) (*Container, error)
	// Check if a container with the given full ID exists in the database.
	// If the container exists but is not in the set namespace, false will
	// be returned.
	HasContainer(id string) (bool, error)
	// Adds container to state.
	// The container cannot be part of a pod.
	// The container must have globally unique name and ID - pod names and
	// IDs also conflict with container names and IDs.
	// The container must be in the set namespace if a namespace has been
	// set.
	// All containers this container depends on must be part of the same
	// namespace and must not be joined to a pod.
	AddContainer(ctr *Container) error
	// Removes container from state.
	// Containers that are part of pods must use RemoveContainerFromPod.
	// The container must be part of the set namespace.
	RemoveContainer(ctr *Container) error
	// UpdateContainer updates a container's state from the backing store.
	// The container must be part of the set namespace.
	UpdateContainer(ctr *Container) error
	// SaveContainer saves a container's current state to the backing store.
	// The container must be part of the set namespace.
	SaveContainer(ctr *Container) error
	// ContainerInUse checks if other containers depend upon a given
	// container.
	// It returns a slice of the IDs of containers which depend on the given
	// container. If the slice is empty, no container depend on the given
	// container.
	// A container cannot be removed if other containers depend on it.
	// The container being checked must be part of the set namespace.
	ContainerInUse(ctr *Container) ([]string, error)
	// Retrieves all containers presently in state.
	// If a namespace is set, only containers within the namespace will be
	// returned.
	AllContainers() ([]*Container, error)

	// PLEASE READ FULL DESCRIPTION BEFORE USING.
	// Rewrite a container's configuration.
	// This function breaks libpod's normal prohibition on a read-only
	// configuration, and as such should be used EXTREMELY SPARINGLY and
	// only in very specific circumstances.
	// Specifically, it is ONLY safe to use thing function to make changes
	// that result in a functionally identical configuration (migrating to
	// newer, but identical, configuration fields), or during libpod init
	// WHILE HOLDING THE ALIVE LOCK (to prevent other libpod instances from
	// being initialized).
	// Most things in config can be changed by this, but container ID and
	// name ABSOLUTELY CANNOT BE ALTERED. If you do so, there is a high
	// potential for database corruption.
	// There are a lot of capital letters and conditions here, but the short
	// answer is this: use this only very sparingly, and only if you really
	// know what you're doing.
	RewriteContainerConfig(ctr *Container, newCfg *ContainerConfig) error
	// PLEASE READ THE ABOVE DESCRIPTION BEFORE USING.
	// This function is identical to RewriteContainerConfig, save for the
	// fact that it is used with pods instead.
	// It is subject to the same conditions as RewriteContainerConfig.
	// Please do not use this unless you know what you're doing.
	RewritePodConfig(pod *Pod, newCfg *PodConfig) error

	// Accepts full ID of pod.
	// If the pod given is not in the set namespace, an error will be
	// returned.
	Pod(id string) (*Pod, error)
	// Accepts full or partial IDs (as long as they are unique) and names.
	// Pods not in the set namespace are ignored.
	LookupPod(idOrName string) (*Pod, error)
	// Checks if a pod with the given ID is present in the state.
	// If the given pod is not in the set namespace, false is returned.
	HasPod(id string) (bool, error)
	// Check if a pod has a container with the given ID.
	// The pod must be part of the set namespace.
	PodHasContainer(pod *Pod, ctrID string) (bool, error)
	// Get the IDs of all containers in a pod.
	// The pod must be part of the set namespace.
	PodContainersByID(pod *Pod) ([]string, error)
	// Get all the containers in a pod.
	// The pod must be part of the set namespace.
	PodContainers(pod *Pod) ([]*Container, error)
	// Adds pod to state.
	// The pod must be part of the set namespace.
	// The pod's name and ID must be globally unique.
	AddPod(pod *Pod) error
	// Removes pod from state.
	// Only empty pods can be removed from the state.
	// The pod must be part of the set namespace.
	RemovePod(pod *Pod) error
	// Remove all containers from a pod.
	// Used to simultaneously remove containers that might otherwise have
	// dependency issues.
	// Will fail if a dependency outside the pod is encountered.
	// The pod must be part of the set namespace.
	RemovePodContainers(pod *Pod) error
	// AddContainerToPod adds a container to an existing pod.
	// The container given will be added to the state and the pod.
	// The container and its dependencies must be part of the given pod,
	// and the given pod's namespace.
	// The pod must be part of the set namespace.
	// The pod must already exist in the state.
	// The container's name and ID must be globally unique.
	AddContainerToPod(pod *Pod, ctr *Container) error
	// RemoveContainerFromPod removes a container from an existing pod.
	// The container will also be removed from the state.
	// The container must be in the given pod, and the pod must be in the
	// set namespace.
	RemoveContainerFromPod(pod *Pod, ctr *Container) error
	// UpdatePod updates a pod's state from the database.
	// The pod must be in the set namespace.
	UpdatePod(pod *Pod) error
	// SavePod saves a pod's state to the database.
	// The pod must be in the set namespace.
	SavePod(pod *Pod) error
	// Retrieves all pods presently in state.
	// If a namespace has been set, only pods in that namespace will be
	// returned.
	AllPods() ([]*Pod, error)

	// Volume accepts full name of volume
	// If the volume doesn't exist, an error will be returned
	Volume(volName string) (*Volume, error)
	// HasVolume returns true if volName exists in the state,
	// otherwise it returns false
	HasVolume(volName string) (bool, error)
	// VolumeInUse goes through the container dependencies of a volume
	// and checks if the volume is being used by any container. If it is
	// a slice of container IDs using the volume is returned
	VolumeInUse(volume *Volume) ([]string, error)
	// AddVolume adds the specified volume to state. The volume's name
	// must be unique within the list of existing volumes
	AddVolume(volume *Volume) error
	// RemoveVolume removes the specified volume.
	// Only volumes that have no container dependencies can be removed
	RemoveVolume(volume *Volume) error
	// AllVolumes returns all the volumes available in the state
	AllVolumes() ([]*Volume, error)
}

State is a storage backend for libpod's current state. A State is only initialized once per instance of libpod. As such, initialization methods for State implementations may safely assume they will be run as a singleton. For all container and pod retrieval methods, a State must retrieve the Configuration struct of the container or pod and include it in the returned struct. The State of the container or pod may optionally be included as well, but this is not a requirement. As such, all containers and pods must be synced with the database via the UpdateContainer and UpdatePod calls before any state-specific information is retrieved after they are pulled from the database. Generally speaking, the syncContainer() call should be run at the beginning of all API operations, which will silently handle this.

func NewBoltState

func NewBoltState(path string, runtime *Runtime) (State, error)

NewBoltState creates a new bolt-backed state database

func NewInMemoryState

func NewInMemoryState() (State, error)

NewInMemoryState initializes a new, empty in-memory state

type Version added in v0.4.4

type Version struct {
	RemoteAPIVersion int64
	Version          string
	GoVersion        string
	GitCommit        string
	Built            int64
	OsArch           string
}

Version is an output struct for varlink

func GetVersion added in v0.4.4

func GetVersion() (Version, error)

GetVersion returns a VersionOutput struct for varlink and podman

type Volume added in v0.12.1

type Volume struct {
	// contains filtered or unexported fields
}

Volume is the type used to create named volumes TODO: all volumes should be created using this and the Volume API

func (*Volume) Driver added in v0.12.1

func (v *Volume) Driver() string

Driver returns the volume's driver

func (*Volume) IsCtrSpecific added in v1.1.0

func (v *Volume) IsCtrSpecific() bool

IsCtrSpecific returns whether this volume was created specifically for a given container. Images with this set to true will be removed when the container is removed with the Volumes parameter set to true.

func (*Volume) Labels added in v0.12.1

func (v *Volume) Labels() map[string]string

Labels returns the volume's labels

func (*Volume) MountPoint added in v0.12.1

func (v *Volume) MountPoint() string

MountPoint returns the volume's mountpoint on the host

func (*Volume) Name added in v0.12.1

func (v *Volume) Name() string

Name retrieves the volume's name

func (*Volume) Options added in v0.12.1

func (v *Volume) Options() map[string]string

Options return the volume's options

func (*Volume) Scope added in v0.12.1

func (v *Volume) Scope() string

Scope returns the scope of the volume

type VolumeConfig added in v0.12.1

type VolumeConfig struct {
	// Name of the volume
	Name string `json:"name"`

	Labels        map[string]string `json:"labels"`
	MountPoint    string            `json:"mountPoint"`
	Driver        string            `json:"driver"`
	Options       map[string]string `json:"options"`
	Scope         string            `json:"scope"`
	IsCtrSpecific bool              `json:"ctrSpecific"`
	UID           int               `json:"uid"`
	GID           int               `json:"gid"`
}

VolumeConfig holds the volume's config information

type VolumeCreateOption added in v0.12.1

type VolumeCreateOption func(*Volume) error

A VolumeCreateOption is a functional option which alters the Volume created by NewVolume

func WithVolumeDriver added in v0.12.1

func WithVolumeDriver(driver string) VolumeCreateOption

WithVolumeDriver sets the driver of the volume.

func WithVolumeGID added in v1.2.0

func WithVolumeGID(gid int) VolumeCreateOption

WithVolumeGID sets the GID that the volume will be created as.

func WithVolumeLabels added in v0.12.1

func WithVolumeLabels(labels map[string]string) VolumeCreateOption

WithVolumeLabels sets the labels of the volume.

func WithVolumeName added in v0.12.1

func WithVolumeName(name string) VolumeCreateOption

WithVolumeName sets the name of the volume.

func WithVolumeOptions added in v0.12.1

func WithVolumeOptions(options map[string]string) VolumeCreateOption

WithVolumeOptions sets the options of the volume.

func WithVolumeUID added in v1.2.0

func WithVolumeUID(uid int) VolumeCreateOption

WithVolumeUID sets the UID that the volume will be created as.

type VolumeFilter added in v0.12.1

type VolumeFilter func(*Volume) bool

VolumeFilter is a function to determine whether a volume is included in command output. Volumes to be outputted are tested using the function. a true return will include the volume, a false return will exclude it.

Directories

Path Synopsis
shm

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL