Documentation ¶
Overview ¶
The libpod library is not stable and we do not support use cases outside of this repository. The API can change at any time even with patch releases.
If you need a stable interface Podman provides a HTTP API which follows semver, please see https://docs.podman.io/en/latest/markdown/podman-system-service.1.html to start the api service and https://docs.podman.io/en/latest/_static/api.html for the API reference.
We also provide stable go bindings to talk to the api service from another go program, see the pkg/bindings directory.
Index ¶
- Constants
- Variables
- func DefaultSeccompPath() (string, error)
- func DownloadFromFile(reader *os.File) (string, error)
- func FuncTimer(funcName string)
- func GenerateForKube(ctx context.Context, ctrs []*Container) (*v1.Pod, error)
- func GetLimits(resource *spec.LinuxResources) (runcconfig.Resources, error)
- func GetSlirp4netnsDNS(subnet *net.IPNet) (*net.IP, error)
- func GetSlirp4netnsGateway(subnet *net.IPNet) (*net.IP, error)
- func GetSlirp4netnsIP(subnet *net.IPNet) (*net.IP, error)
- func JSONDeepCopy(from, to interface{}) error
- func LabelVolumePath(path string) error
- func MountExists(specMounts []spec.Mount, dest string) bool
- func SetXdgDirs() error
- func TruncateKubeAnnotation(str string) string
- func Unmount(mount string)
- func WaitForFile(path string, chWait chan error, timeout time.Duration) (bool, error)
- type AttachOptions
- type BoltState
- func (s *BoltState) AddContainer(ctr *Container) error
- func (s *BoltState) AddContainerExitCode(id string, exitCode int32) error
- func (s *BoltState) AddContainerToPod(pod *Pod, ctr *Container) error
- func (s *BoltState) AddExecSession(ctr *Container, session *ExecSession) error
- func (s *BoltState) AddPod(pod *Pod) error
- func (s *BoltState) AddVolume(volume *Volume) error
- func (s *BoltState) AllContainers() ([]*Container, error)
- func (s *BoltState) AllPods() ([]*Pod, error)
- func (s *BoltState) AllVolumes() ([]*Volume, error)
- func (s *BoltState) Close() error
- func (s *BoltState) Container(id string) (*Container, error)
- func (s *BoltState) ContainerInUse(ctr *Container) ([]string, error)
- func (s *BoltState) GetContainerConfig(id string) (*ContainerConfig, error)
- func (s *BoltState) GetContainerExecSessions(ctr *Container) ([]string, error)
- func (s *BoltState) GetContainerExitCode(id string) (int32, error)
- func (s *BoltState) GetContainerExitCodeTimeStamp(id string) (*time.Time, error)
- func (s *BoltState) GetDBConfig() (*DBConfig, error)
- func (s *BoltState) GetExecSession(id string) (string, error)
- func (s *BoltState) GetName(id string) (string, error)
- func (s *BoltState) GetNetworks(ctr *Container) (map[string]types.PerNetworkOptions, error)
- func (s *BoltState) HasContainer(id string) (bool, error)
- func (s *BoltState) HasPod(id string) (bool, error)
- func (s *BoltState) HasVolume(name string) (bool, error)
- func (s *BoltState) LookupContainer(idOrName string) (*Container, error)
- func (s *BoltState) LookupContainerID(idOrName string) (string, error)
- func (s *BoltState) LookupPod(idOrName string) (*Pod, error)
- func (s *BoltState) LookupVolume(name string) (*Volume, error)
- func (s *BoltState) NetworkConnect(ctr *Container, network string, opts types.PerNetworkOptions) error
- func (s *BoltState) NetworkDisconnect(ctr *Container, network string) error
- func (s *BoltState) Pod(id string) (*Pod, error)
- func (s *BoltState) PodContainers(pod *Pod) ([]*Container, error)
- func (s *BoltState) PodContainersByID(pod *Pod) ([]string, error)
- func (s *BoltState) PodHasContainer(pod *Pod, id string) (bool, error)
- func (s *BoltState) PruneContainerExitCodes() error
- func (s *BoltState) Refresh() error
- func (s *BoltState) RemoveContainer(ctr *Container) error
- func (s *BoltState) RemoveContainerExecSessions(ctr *Container) error
- func (s *BoltState) RemoveContainerFromPod(pod *Pod, ctr *Container) error
- func (s *BoltState) RemoveExecSession(session *ExecSession) error
- func (s *BoltState) RemovePod(pod *Pod) error
- func (s *BoltState) RemovePodContainers(pod *Pod) error
- func (s *BoltState) RemoveVolume(volume *Volume) error
- func (s *BoltState) RewriteContainerConfig(ctr *Container, newCfg *ContainerConfig) error
- func (s *BoltState) RewritePodConfig(pod *Pod, newCfg *PodConfig) error
- func (s *BoltState) RewriteVolumeConfig(volume *Volume, newCfg *VolumeConfig) error
- func (s *BoltState) SafeRewriteContainerConfig(ctr *Container, oldName, newName string, newCfg *ContainerConfig) error
- func (s *BoltState) SaveContainer(ctr *Container) error
- func (s *BoltState) SavePod(pod *Pod) error
- func (s *BoltState) SaveVolume(volume *Volume) error
- func (s *BoltState) SetNamespace(ns string) error
- func (s *BoltState) UpdateContainer(ctr *Container) error
- func (s *BoltState) UpdatePod(pod *Pod) error
- func (s *BoltState) UpdateVolume(volume *Volume) error
- func (s *BoltState) ValidateDBConfig(runtime *Runtime) error
- func (s *BoltState) Volume(name string) (*Volume, error)
- func (s *BoltState) VolumeInUse(volume *Volume) ([]string, error)
- type ConmonOCIRuntime
- func (r *ConmonOCIRuntime) Attach(c *Container, params *AttachOptions) error
- func (r *ConmonOCIRuntime) AttachResize(ctr *Container, newSize resize.TerminalSize) error
- func (r *ConmonOCIRuntime) AttachSocketPath(ctr *Container) (string, error)
- func (r *ConmonOCIRuntime) CheckConmonRunning(ctr *Container) (bool, error)
- func (r *ConmonOCIRuntime) CheckpointContainer(ctr *Container, options ContainerCheckpointOptions) (int64, error)
- func (r *ConmonOCIRuntime) CreateContainer(ctr *Container, restoreOptions *ContainerCheckpointOptions) (int64, error)
- func (r *ConmonOCIRuntime) DeleteContainer(ctr *Container) error
- func (r *ConmonOCIRuntime) ExecAttachResize(ctr *Container, sessionID string, newSize resize.TerminalSize) error
- func (r *ConmonOCIRuntime) ExecAttachSocketPath(ctr *Container, sessionID string) (string, error)
- func (r *ConmonOCIRuntime) ExecContainer(c *Container, sessionID string, options *ExecOptions, ...) (int, chan error, error)
- func (r *ConmonOCIRuntime) ExecContainerDetached(ctr *Container, sessionID string, options *ExecOptions, stdin bool) (int, error)
- func (r *ConmonOCIRuntime) ExecContainerHTTP(ctr *Container, sessionID string, options *ExecOptions, req *http.Request, ...) (int, chan error, error)
- func (r *ConmonOCIRuntime) ExecStopContainer(ctr *Container, sessionID string, timeout uint) error
- func (r *ConmonOCIRuntime) ExecUpdateStatus(ctr *Container, sessionID string) (bool, error)
- func (r *ConmonOCIRuntime) ExitFilePath(ctr *Container) (string, error)
- func (r *ConmonOCIRuntime) HTTPAttach(ctr *Container, req *http.Request, w http.ResponseWriter, ...) (deferredErr error)
- func (r *ConmonOCIRuntime) KillContainer(ctr *Container, signal uint, all bool) error
- func (r *ConmonOCIRuntime) Name() string
- func (r *ConmonOCIRuntime) Path() string
- func (r *ConmonOCIRuntime) PauseContainer(ctr *Container) error
- func (r *ConmonOCIRuntime) RuntimeInfo() (*define.ConmonInfo, *define.OCIRuntimeInfo, error)
- func (r *ConmonOCIRuntime) StartContainer(ctr *Container) error
- func (r *ConmonOCIRuntime) StopContainer(ctr *Container, timeout uint, all bool) error
- func (r *ConmonOCIRuntime) SupportsCheckpoint() bool
- func (r *ConmonOCIRuntime) SupportsJSONErrors() bool
- func (r *ConmonOCIRuntime) SupportsKVM() bool
- func (r *ConmonOCIRuntime) SupportsNoCgroups() bool
- func (r *ConmonOCIRuntime) UnpauseContainer(ctr *Container) error
- func (r *ConmonOCIRuntime) UpdateContainerStatus(ctr *Container) error
- type Container
- func (c *Container) AddArtifact(name string, data []byte) error
- func (c *Container) Attach(streams *define.AttachStreams, keys string, resize <-chan resize.TerminalSize) error
- func (c *Container) AttachResize(newSize resize.TerminalSize) error
- func (c *Container) AttachSocketPath() (string, error)
- func (c *Container) AutoRemove() bool
- func (c *Container) Batch(batchFunc func(*Container) error) error
- func (c *Container) BindMounts() (map[string]string, error)
- func (c *Container) CgroupManager() string
- func (c *Container) CgroupParent() string
- func (c *Container) CgroupPath() (string, error)
- func (c *Container) ChangeHostPathOwnership(src string, recurse bool, uid, gid int) error
- func (c *Container) Checkpoint(ctx context.Context, options ContainerCheckpointOptions) (*define.CRIUCheckpointRestoreStatistics, int64, error)
- func (c *Container) CheckpointPath() string
- func (c *Container) CheckpointVolumesPath() string
- func (c *Container) Cleanup(ctx context.Context) error
- func (c *Container) Command() []string
- func (c *Container) Commit(ctx context.Context, destImage string, options ContainerCommitOptions) (*libimage.Image, error)
- func (c *Container) Config() *ContainerConfig
- func (c *Container) ConfigNoCopy() *ContainerConfig
- func (c *Container) ConfigWithNetworks() *ContainerConfig
- func (c *Container) ConmonPID() (int, error)
- func (c *Container) ContainerState() (*ContainerState, error)
- func (c *Container) ControlSocketPath() string
- func (c *Container) CopyFromArchive(_ context.Context, containerPath string, chown, noOverwriteDirNonDir bool, ...) (func() error, error)
- func (c *Container) CopyToArchive(ctx context.Context, containerPath string, tarStream io.Writer) (func() error, error)
- func (c *Container) CreatedTime() time.Time
- func (c *Container) DNSOption() []string
- func (c *Container) DNSSearch() []string
- func (c *Container) DNSServers() []net.IP
- func (c *Container) Dependencies() []string
- func (c *Container) DeviceHostSrc() []spec.LinuxDevice
- func (c *Container) Entrypoint() []string
- func (c *Container) Exec(config *ExecConfig, streams *define.AttachStreams, ...) (int, error)
- func (c *Container) ExecCleanup(sessionID string) error
- func (c *Container) ExecCreate(config *ExecConfig) (string, error)
- func (c *Container) ExecHTTPStartAndAttach(sessionID string, r *http.Request, w http.ResponseWriter, ...) error
- func (c *Container) ExecRemove(sessionID string, force bool) error
- func (c *Container) ExecResize(sessionID string, newSize resize.TerminalSize) error
- func (c *Container) ExecSession(id string) (*ExecSession, error)
- func (c *Container) ExecSessions() ([]string, error)
- func (c *Container) ExecStart(sessionID string) error
- func (c *Container) ExecStartAndAttach(sessionID string, streams *define.AttachStreams, newSize *resize.TerminalSize) error
- func (c *Container) ExecStop(sessionID string, timeout *uint) error
- func (c *Container) ExitCode() (int32, bool, error)
- func (c *Container) Export(path string) error
- func (c *Container) FinishedTime() (time.Time, error)
- func (c *Container) GetArtifact(name string) ([]byte, error)
- func (c *Container) GetContainerPidInformation(descriptors []string) ([]string, error)
- func (c *Container) GetContainerStats(previousStats *define.ContainerStats) (*define.ContainerStats, error)
- func (c *Container) GetDevices(priv bool, ctrSpec spec.Spec, deviceNodes map[string]string) ([]define.InspectDevice, error)
- func (c *Container) GetMounts(namedVolumes []*ContainerNamedVolume, imageVolumes []*ContainerImageVolume, ...) ([]define.InspectMount, error)
- func (c *Container) GetSecurityOptions() []string
- func (c *Container) HTTPAttach(r *http.Request, w http.ResponseWriter, streams *HTTPAttachStreams, ...) error
- func (c *Container) HasHealthCheck() bool
- func (c *Container) HealthCheckConfig() *manifest.Schema2HealthConfig
- func (c *Container) HealthCheckStatus() (string, error)
- func (c *Container) HostNetwork() bool
- func (c *Container) Hostname() string
- func (c *Container) HostsAdd() []string
- func (c *Container) ID() string
- func (c *Container) IDMappings() storage.IDMappingOptions
- func (c *Container) Image() (string, string)
- func (c *Container) Init(ctx context.Context, recursive bool) error
- func (c *Container) Inspect(size bool) (*define.InspectContainerData, error)
- func (c *Container) IsInfra() bool
- func (c *Container) IsInitCtr() bool
- func (c *Container) IsReadOnly() bool
- func (c *Container) IsService() bool
- func (c *Container) Kill(signal uint) error
- func (c *Container) Labels() map[string]string
- func (c *Container) LogDriver() string
- func (c *Container) LogPath() string
- func (c *Container) LogTag() string
- func (c *Container) Mount() (string, error)
- func (c *Container) MountLabel() string
- func (c *Container) Mounted() (bool, string, error)
- func (c *Container) Name() string
- func (c *Container) NamedVolumes() []*ContainerNamedVolume
- func (c *Container) Namespace() string
- func (c *Container) NamespaceMode(ns spec.LinuxNamespaceType, ctrSpec *spec.Spec) string
- func (c *Container) NamespacePath(linuxNS LinuxNS) (string, error)
- func (c *Container) NetworkConnect(nameOrID, netName string, netOpts types.PerNetworkOptions) error
- func (c *Container) NetworkDisabled() (bool, error)
- func (c *Container) NetworkDisconnect(nameOrID, netName string, force bool) error
- func (c *Container) NetworkMode() string
- func (c *Container) Networks() ([]string, error)
- func (c *Container) NewNetNS() bool
- func (c *Container) OOMKilled() (bool, error)
- func (c *Container) PID() (int, error)
- func (c *Container) Pause() error
- func (c *Container) PodID() string
- func (c *Container) PortMappings() ([]types.PortMapping, error)
- func (c *Container) PreCheckPointPath() string
- func (c *Container) Privileged() bool
- func (c *Container) ProcessLabel() string
- func (c *Container) RWSize() (int64, error)
- func (c *Container) RawImageName() string
- func (c *Container) ReadLog(ctx context.Context, options *logs.LogOptions, logChannel chan *logs.LogLine, ...) error
- func (c *Container) Refresh(ctx context.Context) error
- func (c *Container) ReloadNetwork() error
- func (c *Container) RemoveArtifact(name string) error
- func (c *Container) RestartPolicy() string
- func (c *Container) RestartRetries() uint
- func (c *Container) RestartWithTimeout(ctx context.Context, timeout uint) error
- func (c *Container) Restore(ctx context.Context, options ContainerCheckpointOptions) (*define.CRIUCheckpointRestoreStatistics, int64, error)
- func (c *Container) RootFsSize() (int64, error)
- func (c *Container) RootGID() int
- func (c *Container) RootUID() int
- func (c *Container) Runtime() *Runtime
- func (c *Container) RuntimeName() string
- func (c *Container) Secrets() []*ContainerSecret
- func (c *Container) ShmDir() string
- func (c *Container) ShmSize() int64
- func (c *Container) ShouldRestart(ctx context.Context) bool
- func (c *Container) SortUserVolumes(ctrSpec *spec.Spec) ([]*ContainerNamedVolume, []spec.Mount)
- func (c *Container) Spec() *spec.Spec
- func (c *Container) Start(ctx context.Context, recursive bool) error
- func (c *Container) StartAndAttach(ctx context.Context, streams *define.AttachStreams, keys string, ...) (<-chan error, error)
- func (c *Container) StartedTime() (time.Time, error)
- func (c *Container) Stat(ctx context.Context, containerPath string) (*define.FileInfo, error)
- func (c *Container) State() (define.ContainerStatus, error)
- func (c *Container) StaticDir() string
- func (c *Container) Stdin() bool
- func (c *Container) Stop() error
- func (c *Container) StopSignal() uint
- func (c *Container) StopTimeout() uint
- func (c *Container) StopWithTimeout(timeout uint) error
- func (c *Container) StoppedByUser() (bool, error)
- func (c *Container) Sync() error
- func (c *Container) Systemd() bool
- func (c *Container) Timezone() string
- func (c *Container) Top(descriptors []string) ([]string, error)
- func (c *Container) Umask() string
- func (c *Container) Unmount(force bool) error
- func (c *Container) Unpause() error
- func (c *Container) User() string
- func (c *Container) UserVolumes() []string
- func (c *Container) Wait(ctx context.Context) (int32, error)
- func (c *Container) WaitForConditionWithInterval(ctx context.Context, waitTimeout time.Duration, ...) (int32, error)
- func (c *Container) WaitForExit(ctx context.Context, pollInterval time.Duration) (int32, error)
- func (c *Container) WorkingDir() string
- type ContainerCheckpointOptions
- type ContainerCommitOptions
- type ContainerConfig
- type ContainerFilter
- type ContainerGraph
- type ContainerImageConfig
- type ContainerImageVolume
- type ContainerInfo
- type ContainerMiscConfig
- type ContainerNameSpaceConfig
- type ContainerNamedVolume
- type ContainerNetworkConfig
- type ContainerNetworkDescriptions
- type ContainerOverlayVolume
- type ContainerRootFSConfig
- type ContainerSecret
- type ContainerSecurityConfig
- type ContainerState
- type CtrCreateOption
- func WithAddCurrentUserPasswdEntry() CtrCreateOption
- func WithCDI(devices []string) CtrCreateOption
- func WithCgroupNSFrom(nsCtr *Container) CtrCreateOption
- func WithCgroupParent(parent string) CtrCreateOption
- func WithCgroupsMode(mode string) CtrCreateOption
- func WithChrootDirs(dirs []string) CtrCreateOption
- func WithCommand(command []string) CtrCreateOption
- func WithConmonPidFile(path string) CtrCreateOption
- func WithCreateCommand(cmd []string) CtrCreateOption
- func WithCreateWorkingDir() CtrCreateOption
- func WithCtrNamespace(ns string) CtrCreateOption
- func WithDNS(dnsServers []string) CtrCreateOption
- func WithDNSOption(dnsOptions []string) CtrCreateOption
- func WithDNSSearch(searchDomains []string) CtrCreateOption
- func WithDependencyCtrs(ctrs []*Container) CtrCreateOption
- func WithEntrypoint(entrypoint []string) CtrCreateOption
- func WithEnvSecrets(envSecrets map[string]string) CtrCreateOption
- func WithGroups(groups []string) CtrCreateOption
- func WithHealthCheck(healthCheck *manifest.Schema2HealthConfig) CtrCreateOption
- func WithHostDevice(dev []specs.LinuxDevice) CtrCreateOption
- func WithHostUsers(hostUsers []string) CtrCreateOption
- func WithHosts(hosts []string) CtrCreateOption
- func WithIDMappings(idmappings storage.IDMappingOptions) CtrCreateOption
- func WithIPCNSFrom(nsCtr *Container) CtrCreateOption
- func WithImageVolumes(volumes []*ContainerImageVolume) CtrCreateOption
- func WithInfraConfig(compatibleOptions InfraInherit) CtrCreateOption
- func WithInitCtrType(containerType string) CtrCreateOption
- func WithIsService() CtrCreateOption
- func WithLabels(labels map[string]string) CtrCreateOption
- func WithLogDriver(driver string) CtrCreateOption
- func WithLogPath(path string) CtrCreateOption
- func WithLogTag(tag string) CtrCreateOption
- func WithMaxLogSize(limit int64) CtrCreateOption
- func WithMountAllDevices() CtrCreateOption
- func WithMountNSFrom(nsCtr *Container) CtrCreateOption
- func WithName(name string) CtrCreateOption
- func WithNamedVolumes(volumes []*ContainerNamedVolume) CtrCreateOption
- func WithNetNS(portMappings []nettypes.PortMapping, exposedPorts map[uint16][]string, ...) CtrCreateOption
- func WithNetNSFrom(nsCtr *Container) CtrCreateOption
- func WithNetworkOptions(options map[string][]string) CtrCreateOption
- func WithNoShm(mount bool) CtrCreateOption
- func WithNoShmShare(share bool) CtrCreateOption
- func WithOverlayVolumes(volumes []*ContainerOverlayVolume) CtrCreateOption
- func WithPIDNSFrom(nsCtr *Container) CtrCreateOption
- func WithPasswdEntry(passwdEntry string) CtrCreateOption
- func WithPidFile(pidFile string) CtrCreateOption
- func WithPreserveFDs(fd uint) CtrCreateOption
- func WithPrivileged(privileged bool) CtrCreateOption
- func WithRestartPolicy(policy string) CtrCreateOption
- func WithRestartRetries(tries uint) CtrCreateOption
- func WithRootFS(rootfs string, overlay bool) CtrCreateOption
- func WithRootFSFromImage(imageID, imageName, rawImageName string) CtrCreateOption
- func WithSdNotifyMode(mode string) CtrCreateOption
- func WithSecLabels(labelOpts []string) CtrCreateOption
- func WithSecrets(containerSecrets []*ContainerSecret) CtrCreateOption
- func WithSelectedPasswordManagement(passwd *bool) CtrCreateOption
- func WithShmDir(dir string) CtrCreateOption
- func WithShmSize(size int64) CtrCreateOption
- func WithStdin() CtrCreateOption
- func WithStopSignal(signal syscall.Signal) CtrCreateOption
- func WithStopTimeout(timeout uint) CtrCreateOption
- func WithStorageOpts(storageOpts map[string]string) CtrCreateOption
- func WithSystemd() CtrCreateOption
- func WithTimeout(timeout uint) CtrCreateOption
- func WithTimezone(path string) CtrCreateOption
- func WithUTSNSFrom(nsCtr *Container) CtrCreateOption
- func WithUTSNSFromPod(p *Pod) CtrCreateOption
- func WithUmask(umask string) CtrCreateOption
- func WithUseImageHosts() CtrCreateOption
- func WithUseImageResolvConf() CtrCreateOption
- func WithUser(user string) CtrCreateOption
- func WithUserNSFrom(nsCtr *Container) CtrCreateOption
- func WithUserVolumes(volumes []string) CtrCreateOption
- func WithVolatile() CtrCreateOption
- type DBConfig
- type ExecConfig
- type ExecOptions
- type ExecSession
- type HTTPAttachStreams
- type InfraInherit
- type LinuxNS
- type MissingRuntime
- func (r *MissingRuntime) Attach(ctr *Container, params *AttachOptions) error
- func (r *MissingRuntime) AttachResize(ctr *Container, newSize resize.TerminalSize) error
- func (r *MissingRuntime) AttachSocketPath(ctr *Container) (string, error)
- func (r *MissingRuntime) CheckConmonRunning(ctr *Container) (bool, error)
- func (r *MissingRuntime) CheckpointContainer(ctr *Container, options ContainerCheckpointOptions) (int64, error)
- func (r *MissingRuntime) CreateContainer(ctr *Container, restoreOptions *ContainerCheckpointOptions) (int64, error)
- func (r *MissingRuntime) DeleteContainer(ctr *Container) error
- func (r *MissingRuntime) ExecAttachResize(ctr *Container, sessionID string, newSize resize.TerminalSize) error
- func (r *MissingRuntime) ExecAttachSocketPath(ctr *Container, sessionID string) (string, error)
- func (r *MissingRuntime) ExecContainer(ctr *Container, sessionID string, options *ExecOptions, ...) (int, chan error, error)
- func (r *MissingRuntime) ExecContainerDetached(ctr *Container, sessionID string, options *ExecOptions, stdin bool) (int, error)
- func (r *MissingRuntime) ExecContainerHTTP(ctr *Container, sessionID string, options *ExecOptions, req *http.Request, ...) (int, chan error, error)
- func (r *MissingRuntime) ExecStopContainer(ctr *Container, sessionID string, timeout uint) error
- func (r *MissingRuntime) ExecUpdateStatus(ctr *Container, sessionID string) (bool, error)
- func (r *MissingRuntime) ExitFilePath(ctr *Container) (string, error)
- func (r *MissingRuntime) HTTPAttach(ctr *Container, req *http.Request, w http.ResponseWriter, ...) error
- func (r *MissingRuntime) KillContainer(ctr *Container, signal uint, all bool) error
- func (r *MissingRuntime) Name() string
- func (r *MissingRuntime) Path() string
- func (r *MissingRuntime) PauseContainer(ctr *Container) error
- func (r *MissingRuntime) RuntimeInfo() (*define.ConmonInfo, *define.OCIRuntimeInfo, error)
- func (r *MissingRuntime) StartContainer(ctr *Container) error
- func (r *MissingRuntime) StopContainer(ctr *Container, timeout uint, all bool) error
- func (r *MissingRuntime) SupportsCheckpoint() bool
- func (r *MissingRuntime) SupportsJSONErrors() bool
- func (r *MissingRuntime) SupportsKVM() bool
- func (r *MissingRuntime) SupportsNoCgroups() bool
- func (r *MissingRuntime) UnpauseContainer(ctr *Container) error
- func (r *MissingRuntime) UpdateContainerStatus(ctr *Container) error
- type OCIRuntime
- type Pod
- func (p *Pod) AllContainers() ([]*Container, error)
- func (p *Pod) AllContainersByID() ([]string, error)
- func (p *Pod) CPUPeriod() uint64
- func (p *Pod) CPUQuota() int64
- func (p *Pod) CgroupParent() string
- func (p *Pod) CgroupPath() (string, error)
- func (p *Pod) Cleanup(ctx context.Context) (map[string]error, error)
- func (p *Pod) Config() (*PodConfig, error)
- func (p *Pod) CreateCommand() []string
- func (p *Pod) CreatedTime() time.Time
- func (p *Pod) GenerateForKube(ctx context.Context) (*v1.Pod, []v1.ServicePort, error)
- func (p *Pod) GetPodPidInformation(descriptors []string) ([]string, error)
- func (p *Pod) GetPodStats(previousContainerStats map[string]*define.ContainerStats) (map[string]*define.ContainerStats, error)
- func (p *Pod) GetPodStatus() (string, error)
- func (p *Pod) HasContainer(id string) (bool, error)
- func (p *Pod) HasInfraContainer() bool
- func (p *Pod) Hostname() string
- func (p *Pod) ID() string
- func (p *Pod) InfraContainer() (*Container, error)
- func (p *Pod) InfraContainerID() (string, error)
- func (p *Pod) Inspect() (*define.InspectPodData, error)
- func (p *Pod) Kill(ctx context.Context, signal uint) (map[string]error, error)
- func (p *Pod) Labels() map[string]string
- func (p *Pod) MemoryLimit() uint64
- func (p *Pod) Name() string
- func (p *Pod) Namespace() string
- func (p *Pod) NamespaceMode(kind specs.LinuxNamespaceType) string
- func (p *Pod) NetworkMode() string
- func (p *Pod) Pause(ctx context.Context) (map[string]error, error)
- func (p *Pod) ProcessLabel() (string, error)
- func (p *Pod) ResourceLim() *specs.LinuxResources
- func (p *Pod) Restart(ctx context.Context) (map[string]error, error)
- func (p *Pod) ServiceContainer() (*Container, error)
- func (p *Pod) SharesCgroup() bool
- func (p *Pod) SharesIPC() bool
- func (p *Pod) SharesMount() bool
- func (p *Pod) SharesNamespaces() bool
- func (p *Pod) SharesNet() bool
- func (p *Pod) SharesPID() bool
- func (p *Pod) SharesUTS() bool
- func (p *Pod) SharesUser() bool
- func (p *Pod) Start(ctx context.Context) (map[string]error, error)
- func (p *Pod) Status() (map[string]define.ContainerStatus, error)
- func (p *Pod) Stop(ctx context.Context, cleanup bool) (map[string]error, error)
- func (p *Pod) StopWithTimeout(ctx context.Context, cleanup bool, timeout int) (map[string]error, error)
- func (p *Pod) Unpause(ctx context.Context) (map[string]error, error)
- func (p *Pod) VolumesFrom() []string
- type PodConfig
- type PodContainerStats
- type PodCreateOption
- func WithInfraConmonPidFile(path string, infraSpec *specgen.SpecGenerator) PodCreateOption
- func WithInfraContainer() PodCreateOption
- func WithPodCgroup() PodCreateOption
- func WithPodCgroupParent(path string) PodCreateOption
- func WithPodCreateCommand(createCmd []string) PodCreateOption
- func WithPodExitPolicy(policy string) PodCreateOption
- func WithPodHostname(hostname string) PodCreateOption
- func WithPodIPC() PodCreateOption
- func WithPodLabels(labels map[string]string) PodCreateOption
- func WithPodMount() PodCreateOption
- func WithPodName(name string) PodCreateOption
- func WithPodNamespace(ns string) PodCreateOption
- func WithPodNet() PodCreateOption
- func WithPodPID() PodCreateOption
- func WithPodParent() PodCreateOption
- func WithPodUTS() PodCreateOption
- func WithPodUser() PodCreateOption
- func WithServiceContainer(id string) PodCreateOption
- type PodFilter
- type RootlessNetNS
- type Runtime
- func (r *Runtime) AddInfra(ctx context.Context, pod *Pod, infraCtr *Container) (*Pod, error)
- func (r *Runtime) Build(ctx context.Context, options buildahDefine.BuildOptions, dockerfiles ...string) (string, reference.Canonical, error)
- func (r *Runtime) ConnectContainerToNetwork(nameOrID, netName string, netOpts types.PerNetworkOptions) error
- func (r *Runtime) DefaultOCIRuntime() OCIRuntime
- func (r *Runtime) DeferredShutdown(force bool)
- func (r *Runtime) DisconnectContainerFromNetwork(nameOrID, netName string, force bool) error
- func (r *Runtime) EnableLabeling() bool
- func (r *Runtime) Events(ctx context.Context, options events.ReadOptions) error
- func (r *Runtime) EvictContainer(ctx context.Context, idOrName string, removeVolume bool) (string, error)
- func (r *Runtime) GetAllContainers() ([]*Container, error)
- func (r *Runtime) GetAllPods() ([]*Pod, error)
- func (r *Runtime) GetAllVolumes() ([]*Volume, error)
- func (r *Runtime) GetConfig() (*config.Config, error)
- func (r *Runtime) GetConfigNoCopy() (*config.Config, error)
- func (r *Runtime) GetContainer(id string) (*Container, error)
- func (r *Runtime) GetContainers(filters ...ContainerFilter) ([]*Container, error)
- func (r *Runtime) GetContainersByList(containers []string) ([]*Container, error)
- func (r *Runtime) GetDefaultNetworkName() string
- func (r *Runtime) GetDiff(from, to string, diffType define.DiffType) ([]archive.Change, error)
- func (r *Runtime) GetEvents(ctx context.Context, filters []string) ([]*events.Event, error)
- func (r *Runtime) GetExecDiedEvent(ctx context.Context, nameOrID, execSessionID string) (*events.Event, error)
- func (r *Runtime) GetExecSessionContainer(id string) (*Container, error)
- func (r *Runtime) GetHostDistributionInfo() define.DistributionInfo
- func (r *Runtime) GetLastContainerEvent(ctx context.Context, nameOrID string, containerEvent events.Status) (*events.Event, error)
- func (r *Runtime) GetLatestContainer() (*Container, error)
- func (r *Runtime) GetLatestPod() (*Pod, error)
- func (r *Runtime) GetName(id string) (string, error)
- func (r *Runtime) GetOCIRuntimePath() string
- func (r *Runtime) GetPod(id string) (*Pod, error)
- func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error)
- func (r *Runtime) GetRunningContainers() ([]*Container, error)
- func (r *Runtime) GetRunningPods() ([]*Pod, error)
- func (r *Runtime) GetSecretsStorageDir() string
- func (r *Runtime) GetVolume(name string) (*Volume, error)
- func (r *Runtime) HasContainer(id string) (bool, error)
- func (r *Runtime) HasPod(id string) (bool, error)
- func (r *Runtime) HasVolume(name string) (bool, error)
- func (r *Runtime) HealthCheck(name string) (define.HealthCheckStatus, error)
- func (r *Runtime) Info() (*define.Info, error)
- func (r *Runtime) IsBuildahContainer(id string) (bool, error)
- func (r *Runtime) IsExternalContainerCallback(_ context.Context) libimage.IsExternalContainerFunc
- func (r *Runtime) IsStorageContainerMounted(id string) (bool, string, error)
- func (r *Runtime) LibimageRuntime() *libimage.Runtime
- func (r *Runtime) ListStorageContainers() ([]*StorageContainer, error)
- func (r *Runtime) Log(ctx context.Context, containers []*Container, options *logs.LogOptions, ...) error
- func (r *Runtime) LookupContainer(idOrName string) (*Container, error)
- func (r *Runtime) LookupContainerID(idOrName string) (string, error)
- func (r *Runtime) LookupPod(idOrName string) (*Pod, error)
- func (r *Runtime) LookupVolume(name string) (*Volume, error)
- func (r *Runtime) MountStorageContainer(id string) (string, error)
- func (r *Runtime) Network() nettypes.ContainerNetwork
- func (r *Runtime) NewContainer(ctx context.Context, rSpec *spec.Spec, spec *specgen.SpecGenerator, infra bool, ...) (*Container, error)
- func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, options ...PodCreateOption) (_ *Pod, deferredErr error)
- func (r *Runtime) NewSystemEvent(status events.Status)
- func (r *Runtime) NewVolume(ctx context.Context, options ...VolumeCreateOption) (*Volume, error)
- func (r *Runtime) Pods(filters ...PodFilter) ([]*Pod, error)
- func (r *Runtime) PrepareVolumeOnCreateContainer(ctx context.Context, ctr *Container) error
- func (r *Runtime) PruneContainers(filterFuncs []ContainerFilter) ([]*reports.PruneReport, error)
- func (r *Runtime) PrunePods(ctx context.Context) (map[string]error, error)
- func (r *Runtime) PruneVolumes(ctx context.Context, filterFuncs []VolumeFilter) ([]*reports.PruneReport, error)
- func (r *Runtime) Reload() error
- func (r *Runtime) RemoteURI() string
- func (r *Runtime) RemoveContainer(ctx context.Context, c *Container, force bool, removeVolume bool, ...) error
- func (r *Runtime) RemoveContainersForImageCallback(ctx context.Context) libimage.RemoveContainerFunc
- func (r *Runtime) RemoveDepend(ctx context.Context, rmCtr *Container, force bool, removeVolume bool, ...) ([]*reports.RmReport, error)
- func (r *Runtime) RemovePod(ctx context.Context, p *Pod, removeCtrs, force bool, timeout *uint) error
- func (r *Runtime) RemoveStorageContainer(idOrName string, force bool) error
- func (r *Runtime) RemoveVolume(ctx context.Context, v *Volume, force bool, timeout *uint) error
- func (r *Runtime) RenameContainer(ctx context.Context, ctr *Container, newName string) (*Container, error)
- func (r *Runtime) RestoreContainer(ctx context.Context, rSpec *spec.Spec, config *ContainerConfig) (*Container, error)
- func (r *Runtime) RunRoot() string
- func (r *Runtime) SavePod(pod *Pod) error
- func (r *Runtime) SecretsManager() (*secrets.SecretsManager, error)
- func (r *Runtime) SetRemoteURI(uri string)
- func (r *Runtime) Shutdown(force bool) error
- func (r *Runtime) StorageConfig() storage.StoreOptions
- func (r *Runtime) StorageContainer(idOrName string) (*storage.Container, error)
- func (r *Runtime) StorageContainers() ([]storage.Container, error)
- func (r *Runtime) SystemContext() *types.SystemContext
- func (r *Runtime) TmpDir() (string, error)
- func (r *Runtime) UnmountStorageContainer(id string, force bool) (bool, error)
- func (r *Runtime) UpdateVolumePlugins(ctx context.Context) *define.VolumeReload
- func (r *Runtime) Volumes(filters ...VolumeFilter) ([]*Volume, error)
- func (r *Runtime) WithPod(pod *Pod) CtrCreateOption
- type RuntimeContainerMetadata
- type RuntimeOption
- func WithCNIConfigDir(dir string) RuntimeOption
- func WithCNIPluginDir(dir string) RuntimeOption
- func WithCgroupManager(manager string) RuntimeOption
- func WithConmonEnv(environment []string) RuntimeOption
- func WithConmonPath(path string) RuntimeOption
- func WithDefaultInfraCommand(cmd string) RuntimeOption
- func WithDefaultMountsFile(mountsFile string) RuntimeOption
- func WithEnableSDNotify() RuntimeOption
- func WithEventsLogger(logger string) RuntimeOption
- func WithHooksDir(hooksDirs ...string) RuntimeOption
- func WithMigrate() RuntimeOption
- func WithMigrateRuntime(requestedRuntime string) RuntimeOption
- func WithNamespace(ns string) RuntimeOption
- func WithNetworkBackend(name string) RuntimeOption
- func WithNetworkCmdPath(path string) RuntimeOption
- func WithNoPivotRoot() RuntimeOption
- func WithNoStore() RuntimeOption
- func WithOCIRuntime(runtime string) RuntimeOption
- func WithRegistriesConf(path string) RuntimeOption
- func WithRenumber() RuntimeOption
- func WithReset() RuntimeOption
- func WithRuntimeFlags(runtimeFlags []string) RuntimeOption
- func WithSignaturePolicy(path string) RuntimeOption
- func WithStaticDir(dir string) RuntimeOption
- func WithStorageConfig(config storage.StoreOptions) RuntimeOption
- func WithSyslog() RuntimeOption
- func WithTmpDir(dir string) RuntimeOption
- func WithVolumePath(volPath string) RuntimeOption
- type Service
- type State
- type StorageContainer
- type Volume
- func (v *Volume) Anonymous() bool
- func (v *Volume) Config() (*VolumeConfig, error)
- func (v *Volume) CreatedTime() time.Time
- func (v *Volume) Driver() string
- func (v *Volume) GID() (int, error)
- func (v *Volume) GenerateForKube() *v1.PersistentVolumeClaim
- func (v *Volume) Inspect() (*define.InspectVolumeData, error)
- func (v *Volume) IsDangling() (bool, error)
- func (v *Volume) Labels() map[string]string
- func (v *Volume) Mount() (string, error)
- func (v *Volume) MountCount() (uint, error)
- func (v *Volume) MountPoint() (string, error)
- func (v *Volume) Name() string
- func (v *Volume) Options() map[string]string
- func (v *Volume) Scope() string
- func (v *Volume) Size() (uint64, error)
- func (v *Volume) UID() (int, error)
- func (v *Volume) Unmount() error
- func (v *Volume) UsesVolumeDriver() bool
- func (v *Volume) VolumeInUse() ([]string, error)
- type VolumeConfig
- type VolumeCreateOption
- func WithVolumeDisableQuota() VolumeCreateOption
- func WithVolumeDriver(driver string) VolumeCreateOption
- func WithVolumeDriverTimeout(timeout int) VolumeCreateOption
- func WithVolumeGID(gid int) VolumeCreateOption
- func WithVolumeInodes(inodes uint64) VolumeCreateOption
- func WithVolumeLabels(labels map[string]string) VolumeCreateOption
- func WithVolumeName(name string) VolumeCreateOption
- func WithVolumeNoChown() VolumeCreateOption
- func WithVolumeOptions(options map[string]string) VolumeCreateOption
- func WithVolumeSize(size uint64) VolumeCreateOption
- func WithVolumeUID(uid int) VolumeCreateOption
- type VolumeFilter
- type VolumeState
- type YAMLContainer
- type YAMLPod
- type YAMLPodSpec
- type YAMLService
Constants ¶
const ( // MaxHealthCheckNumberLogs is the maximum number of attempts we keep // in the healthcheck history file MaxHealthCheckNumberLogs int = 5 // MaxHealthCheckLogLength in characters MaxHealthCheckLogLength = 500 )
const ( // MountPrivate represents the private mount option. MountPrivate = "private" // MountRPrivate represents the rprivate mount option. MountRPrivate = "rprivate" MountShared = "shared" MountRShared = "rshared" // MountSlave represents the slave mount option. MountSlave = "slave" // MountRSlave represents the rslave mount option. MountRSlave = "rslave" )
const ( AttachPipeStdin = 1 AttachPipeStdout = 2 AttachPipeStderr = 3 )
Sync with stdpipe_t in conmon.c
const CgroupfsDefaultCgroupParent = "/libpod_parent"
CgroupfsDefaultCgroupParent is the cgroup parent for CgroupFS in libpod
const DefaultWaitInterval = 250 * time.Millisecond
DefaultWaitInterval is the default interval between container status checks while waiting.
const SystemdDefaultCgroupParent = "machine.slice"
SystemdDefaultCgroupParent is the cgroup parent for the systemd cgroup manager in libpod
const SystemdDefaultRootlessCgroupParent = "user.slice"
SystemdDefaultRootlessCgroupParent is the cgroup parent for the systemd cgroup manager in libpod when running as rootless
Variables ¶
var ( // SdNotifyModeValues describes the only values that SdNotifyMode can be SdNotifyModeValues = []string{define.SdNotifyModeContainer, define.SdNotifyModeConmon, define.SdNotifyModeIgnore} )
Runtime Creation Options
Functions ¶
func DefaultSeccompPath ¶
DefaultSeccompPath returns the path to the default seccomp.json file if it exists, first it checks OverrideSeccomp and then default. If neither exist function returns ""
func DownloadFromFile ¶
DownloadFromFile reads all of the content from the reader and temporarily saves in it $TMPDIR/importxyz, which is deleted after the image is imported
func FuncTimer ¶
func FuncTimer(funcName string)
FuncTimer helps measure the execution time of a function For debug purposes, do not leave in code used like defer FuncTimer("foo")
func GenerateForKube ¶
GenerateForKube takes a slice of libpod containers and generates one v1.Pod description that includes just a single container.
func GetLimits ¶ added in v4.2.0
func GetLimits(resource *spec.LinuxResources) (runcconfig.Resources, error)
GetLimits converts spec resource limits to cgroup consumable limits
func GetSlirp4netnsDNS ¶
Get expected slirp DNS ipv4 address based on subnet Reference: https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md#description
func GetSlirp4netnsGateway ¶
Get expected slirp Gateway ipv4 address based on subnet Reference: https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md#description
func GetSlirp4netnsIP ¶
Get expected slirp ipv4 address based on subnet. If subnet is null use default subnet Reference: https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md#description
func JSONDeepCopy ¶
func JSONDeepCopy(from, to interface{}) error
JSONDeepCopy performs a deep copy by performing a JSON encode/decode of the given structures. From and To should be identically typed structs.
func LabelVolumePath ¶
LabelVolumePath takes a mount path for a volume and gives it an selinux label of either shared or not
func MountExists ¶
MountExists returns true if dest exists in the list of mounts
func SetXdgDirs ¶
func SetXdgDirs() error
SetXdgDirs ensures the XDG_RUNTIME_DIR env and XDG_CONFIG_HOME variables are set. containers/image uses XDG_RUNTIME_DIR to locate the auth file, XDG_CONFIG_HOME is use for the containers.conf configuration file.
func TruncateKubeAnnotation ¶ added in v4.1.0
Types ¶
type AttachOptions ¶ added in v4.1.1
type AttachOptions struct { // Streams are the streams to attach to. Streams *define.AttachStreams // DetachKeys containers the key combination that will detach from the // attach session. Empty string is assumed as no detach keys - user // detach is impossible. If unset, defaults from containers.conf will be // used. DetachKeys *string // InitialSize is the initial size of the terminal. Set before the // attach begins. InitialSize *resize.TerminalSize // AttachReady signals when the attach has successfully completed and // streaming has begun. AttachReady chan<- bool // Start indicates that the container should be started if it is not // already running. Start bool // Started signals when the container has been successfully started. // Required if Start is true, unused otherwise. Started chan<- bool }
AttachOptions are options used when attached to a container or an exec session.
type BoltState ¶
type BoltState struct {
// contains filtered or unexported fields
}
BoltState is a state implementation backed by a Bolt DB
func (*BoltState) AddContainer ¶
AddContainer adds a container to the state The container being added cannot belong to a pod
func (*BoltState) AddContainerExitCode ¶ added in v4.2.0
AddContainerExitCode adds the exit code for the specified container to the database.
func (*BoltState) AddContainerToPod ¶
AddContainerToPod adds the given container to an existing pod The container will be added to the state and the pod
func (*BoltState) AddExecSession ¶
func (s *BoltState) AddExecSession(ctr *Container, session *ExecSession) error
AddExecSession adds an exec session to the state.
func (*BoltState) AddVolume ¶
AddVolume adds the given volume to the state. It also adds ctrDepID to the sub bucket holding the container dependencies that this volume has
func (*BoltState) AllContainers ¶
AllContainers retrieves all the containers in the database
func (*BoltState) AllVolumes ¶
AllVolumes returns all volumes present in the state
func (*BoltState) ContainerInUse ¶
ContainerInUse checks if other containers depend on the given container It returns a slice of the IDs of the containers depending on the given container. If the slice is empty, no containers depend on the given container
func (*BoltState) GetContainerConfig ¶
func (s *BoltState) GetContainerConfig(id string) (*ContainerConfig, error)
GetContainerConfig returns a container config from the database by full ID
func (*BoltState) GetContainerExecSessions ¶
GetContainerExecSessions retrieves the IDs of all exec sessions running in a container that the database is aware of (IE, were added via AddExecSession).
func (*BoltState) GetContainerExitCode ¶ added in v4.2.0
GetContainerExitCode returns the exit code for the specified container.
func (*BoltState) GetContainerExitCodeTimeStamp ¶ added in v4.2.0
GetContainerExitCodeTimeStamp returns the time stamp when the exit code of the specified container was added to the database.
func (*BoltState) GetDBConfig ¶
GetDBConfig retrieves runtime configuration fields that were created when the database was first initialized
func (*BoltState) GetExecSession ¶
GetExecSession returns the ID of the container an exec session is associated with.
func (*BoltState) GetName ¶
GetName returns the name associated with a given ID. Since IDs are globally unique, it works for both containers and pods. Returns ErrNoSuchCtr if the ID does not exist.
func (*BoltState) GetNetworks ¶
GetNetworks returns the CNI networks this container is a part of.
func (*BoltState) HasContainer ¶
HasContainer checks if a container is present in the state
func (*BoltState) HasVolume ¶
HasVolume returns true if the given volume exists in the state, otherwise it returns false
func (*BoltState) LookupContainer ¶
LookupContainer retrieves a container from the state by full or unique partial ID or name
func (*BoltState) LookupContainerID ¶
LookupContainerID retrieves a container ID from the state by full or unique partial ID or name
func (*BoltState) LookupVolume ¶
LookupVolume locates a volume from a partial name.
func (*BoltState) NetworkConnect ¶
func (s *BoltState) NetworkConnect(ctr *Container, network string, opts types.PerNetworkOptions) error
NetworkConnect adds the given container to the given network. If aliases are specified, those will be added to the given network.
func (*BoltState) NetworkDisconnect ¶
NetworkDisconnect disconnects the container from the given network, also removing any aliases in the network.
func (*BoltState) PodContainers ¶
PodContainers returns all the containers present in the given pod
func (*BoltState) PodContainersByID ¶
PodContainersByID returns the IDs of all containers present in the given pod
func (*BoltState) PodHasContainer ¶
PodHasContainer checks if the given pod has a container with the given ID
func (*BoltState) PruneContainerExitCodes ¶ added in v4.2.0
PruneExitCodes removes exit codes older than 5 minutes.
func (*BoltState) RemoveContainer ¶
RemoveContainer removes a container from the state Only removes containers not in pods - for containers that are a member of a pod, use RemoveContainerFromPod
func (*BoltState) RemoveContainerExecSessions ¶
RemoveContainerExecSessions removes all exec sessions attached to a given container.
func (*BoltState) RemoveContainerFromPod ¶
RemoveContainerFromPod removes a container from an existing pod The container will also be removed from the state
func (*BoltState) RemoveExecSession ¶
func (s *BoltState) RemoveExecSession(session *ExecSession) error
RemoveExecSession removes references to the given exec session in the database.
func (*BoltState) RemovePod ¶
RemovePod removes the given pod from the state Only empty pods can be removed
func (*BoltState) RemovePodContainers ¶
RemovePodContainers removes all containers in a pod
func (*BoltState) RemoveVolume ¶
RemoveVolume removes the given volume from the state
func (*BoltState) RewriteContainerConfig ¶
func (s *BoltState) RewriteContainerConfig(ctr *Container, newCfg *ContainerConfig) error
RewriteContainerConfig rewrites a container's configuration. WARNING: This function is DANGEROUS. Do not use without reading the full comment on this function in state.go.
func (*BoltState) RewritePodConfig ¶
RewritePodConfig rewrites a pod's configuration. WARNING: This function is DANGEROUS. Do not use without reading the full comment on this function in state.go.
func (*BoltState) RewriteVolumeConfig ¶
func (s *BoltState) RewriteVolumeConfig(volume *Volume, newCfg *VolumeConfig) error
RewriteVolumeConfig rewrites a volume's configuration. WARNING: This function is DANGEROUS. Do not use without reading the full comment on this function in state.go.
func (*BoltState) SafeRewriteContainerConfig ¶
func (s *BoltState) SafeRewriteContainerConfig(ctr *Container, oldName, newName string, newCfg *ContainerConfig) error
SafeRewriteContainerConfig rewrites a container's configuration in a more limited fashion than RewriteContainerConfig. It is marked as safe to use under most circumstances, unlike RewriteContainerConfig. DO NOT USE TO: Change container dependencies, change pod membership, change locks, change container ID.
func (*BoltState) SaveContainer ¶
SaveContainer saves a container's current state in the database
func (*BoltState) SaveVolume ¶
SaveVolume saves the volume's state to the database.
func (*BoltState) SetNamespace ¶
SetNamespace sets the namespace that will be used for container and pod retrieval
func (*BoltState) UpdateContainer ¶
UpdateContainer updates a container's state from the database
func (*BoltState) UpdateVolume ¶
UpdateVolume updates the volume's state from the database.
func (*BoltState) ValidateDBConfig ¶
ValidateDBConfig validates paths in the given runtime against the database
type ConmonOCIRuntime ¶
type ConmonOCIRuntime struct {
// contains filtered or unexported fields
}
ConmonOCIRuntime is an OCI runtime managed by Conmon. TODO: Make all calls to OCI runtime have a timeout.
func (*ConmonOCIRuntime) Attach ¶ added in v4.1.1
func (r *ConmonOCIRuntime) Attach(c *Container, params *AttachOptions) error
Attach to the given container. Does not check if state is appropriate. started is only required if startContainer is true.
func (*ConmonOCIRuntime) AttachResize ¶
func (r *ConmonOCIRuntime) AttachResize(ctr *Container, newSize resize.TerminalSize) error
AttachResize resizes the terminal used by the given container.
func (*ConmonOCIRuntime) AttachSocketPath ¶
func (r *ConmonOCIRuntime) AttachSocketPath(ctr *Container) (string, error)
AttachSocketPath is the path to a single container's attach socket.
func (*ConmonOCIRuntime) CheckConmonRunning ¶
func (r *ConmonOCIRuntime) CheckConmonRunning(ctr *Container) (bool, error)
func (*ConmonOCIRuntime) CheckpointContainer ¶
func (r *ConmonOCIRuntime) CheckpointContainer(ctr *Container, options ContainerCheckpointOptions) (int64, error)
CheckpointContainer checkpoints the given container.
func (*ConmonOCIRuntime) CreateContainer ¶
func (r *ConmonOCIRuntime) CreateContainer(ctr *Container, restoreOptions *ContainerCheckpointOptions) (int64, error)
CreateContainer creates a container.
func (*ConmonOCIRuntime) DeleteContainer ¶
func (r *ConmonOCIRuntime) DeleteContainer(ctr *Container) error
DeleteContainer deletes a container from the OCI runtime.
func (*ConmonOCIRuntime) ExecAttachResize ¶
func (r *ConmonOCIRuntime) ExecAttachResize(ctr *Container, sessionID string, newSize resize.TerminalSize) error
ExecAttachResize resizes the TTY of the given exec session.
func (*ConmonOCIRuntime) ExecAttachSocketPath ¶
func (r *ConmonOCIRuntime) ExecAttachSocketPath(ctr *Container, sessionID string) (string, error)
ExecAttachSocketPath is the path to a container's exec session attach socket.
func (*ConmonOCIRuntime) ExecContainer ¶
func (r *ConmonOCIRuntime) ExecContainer(c *Container, sessionID string, options *ExecOptions, streams *define.AttachStreams, newSize *resize.TerminalSize) (int, chan error, error)
ExecContainer executes a command in a running container
func (*ConmonOCIRuntime) ExecContainerDetached ¶
func (r *ConmonOCIRuntime) ExecContainerDetached(ctr *Container, sessionID string, options *ExecOptions, stdin bool) (int, error)
ExecContainerDetached executes a command in a running container, but does not attach to it.
func (*ConmonOCIRuntime) ExecContainerHTTP ¶
func (r *ConmonOCIRuntime) ExecContainerHTTP(ctr *Container, sessionID string, options *ExecOptions, req *http.Request, w http.ResponseWriter, streams *HTTPAttachStreams, cancel <-chan bool, hijackDone chan<- bool, holdConnOpen <-chan bool, newSize *resize.TerminalSize) (int, chan error, error)
ExecContainerHTTP executes a new command in an existing container and forwards its standard streams over an attach
func (*ConmonOCIRuntime) ExecStopContainer ¶
func (r *ConmonOCIRuntime) ExecStopContainer(ctr *Container, sessionID string, timeout uint) error
ExecStopContainer stops a given exec session in a running container.
func (*ConmonOCIRuntime) ExecUpdateStatus ¶
func (r *ConmonOCIRuntime) ExecUpdateStatus(ctr *Container, sessionID string) (bool, error)
ExecUpdateStatus checks if the given exec session is still running.
func (*ConmonOCIRuntime) ExitFilePath ¶
func (r *ConmonOCIRuntime) ExitFilePath(ctr *Container) (string, error)
ExitFilePath is the path to a container's exit file.
func (*ConmonOCIRuntime) HTTPAttach ¶
func (r *ConmonOCIRuntime) HTTPAttach(ctr *Container, req *http.Request, w http.ResponseWriter, streams *HTTPAttachStreams, detachKeys *string, cancel <-chan bool, hijackDone chan<- bool, streamAttach, streamLogs bool) (deferredErr error)
HTTPAttach performs an attach for the HTTP API. The caller must handle closing the HTTP connection after this returns. The cancel channel is not closed; it is up to the caller to do so after this function returns. If this is a container with a terminal, we will stream raw. If it is not, we will stream with an 8-byte header to multiplex STDOUT and STDERR. Returns any errors that occurred, and whether the connection was successfully hijacked before that error occurred.
func (*ConmonOCIRuntime) KillContainer ¶
func (r *ConmonOCIRuntime) KillContainer(ctr *Container, signal uint, all bool) error
KillContainer sends the given signal to the given container. If all is set, send to all PIDs in the container. All is only supported if the container created cgroups.
func (*ConmonOCIRuntime) Name ¶
func (r *ConmonOCIRuntime) Name() string
Name returns the name of the runtime being wrapped by Conmon.
func (*ConmonOCIRuntime) Path ¶
func (r *ConmonOCIRuntime) Path() string
Path returns the path of the OCI runtime being wrapped by Conmon.
func (*ConmonOCIRuntime) PauseContainer ¶
func (r *ConmonOCIRuntime) PauseContainer(ctr *Container) error
PauseContainer pauses the given container.
func (*ConmonOCIRuntime) RuntimeInfo ¶
func (r *ConmonOCIRuntime) RuntimeInfo() (*define.ConmonInfo, *define.OCIRuntimeInfo, error)
RuntimeInfo provides information on the runtime.
func (*ConmonOCIRuntime) StartContainer ¶
func (r *ConmonOCIRuntime) StartContainer(ctr *Container) error
StartContainer starts the given container. Sets time the container was started, but does not save it.
func (*ConmonOCIRuntime) StopContainer ¶
func (r *ConmonOCIRuntime) StopContainer(ctr *Container, timeout uint, all bool) error
StopContainer stops a container, first using its given stop signal (or SIGTERM if no signal was specified), then using SIGKILL. Timeout is given in seconds. If timeout is 0, the container will be immediately kill with SIGKILL. Does not set finished time for container, assumes you will run updateStatus after to pull the exit code.
func (*ConmonOCIRuntime) SupportsCheckpoint ¶
func (r *ConmonOCIRuntime) SupportsCheckpoint() bool
SupportsCheckpoint checks if the OCI runtime supports checkpointing containers.
func (*ConmonOCIRuntime) SupportsJSONErrors ¶
func (r *ConmonOCIRuntime) SupportsJSONErrors() bool
SupportsJSONErrors checks if the OCI runtime supports JSON-formatted error messages.
func (*ConmonOCIRuntime) SupportsKVM ¶
func (r *ConmonOCIRuntime) SupportsKVM() bool
SupportsKVM checks if the OCI runtime supports running containers without KVM separation
func (*ConmonOCIRuntime) SupportsNoCgroups ¶
func (r *ConmonOCIRuntime) SupportsNoCgroups() bool
SupportsNoCgroups checks if the OCI runtime supports running containers without cgroups (the --cgroup-manager=disabled flag).
func (*ConmonOCIRuntime) UnpauseContainer ¶
func (r *ConmonOCIRuntime) UnpauseContainer(ctr *Container) error
UnpauseContainer unpauses the given container.
func (*ConmonOCIRuntime) UpdateContainerStatus ¶
func (r *ConmonOCIRuntime) UpdateContainerStatus(ctr *Container) error
UpdateContainerStatus retrieves the current status of the container from the runtime. It updates the container's state but does not save it. If useRuntime is false, we will not directly hit runc to see the container's status, but will instead only check for the existence of the conmon exit file and update state to stopped if it exists.
type Container ¶
type Container struct {
// contains filtered or unexported fields
}
Container is a single OCI container. All operations on a Container that access state must begin with a call to syncContainer(). There is no guarantee that state exists in a readable state before syncContainer() is run, and even if it does, its contents will be out of date and must be refreshed from the database. Generally, this requirement applies only to top-level functions; helpers can assume that their callers handled this requirement. Generally speaking, if a function takes the container lock and accesses any part of state, it should syncContainer() immediately after locking.
func (*Container) AddArtifact ¶
AddArtifact creates and writes to an artifact file for the container
func (*Container) Attach ¶
func (c *Container) Attach(streams *define.AttachStreams, keys string, resize <-chan resize.TerminalSize) error
Attach attaches to a container. This function returns when the attach finishes. It does not hold the lock for the duration of its runtime, only using it at the beginning to verify state.
func (*Container) AttachResize ¶
func (c *Container) AttachResize(newSize resize.TerminalSize) error
AttachResize resizes the container's terminal, which is displayed by Attach and HTTPAttach.
func (*Container) AttachSocketPath ¶
AttachSocketPath retrieves the path of the container's attach socket
func (*Container) AutoRemove ¶
AutoRemove indicates whether the container will be removed after it is executed
func (*Container) Batch ¶
Batch starts a batch operation on the given container All commands in the passed function will execute under the same lock and without synchronizing state after each operation This will result in substantial performance benefits when running numerous commands on the same container Note that the container passed into the Batch function cannot be removed during batched operations. runtime.RemoveContainer can only be called outside of Batch Any error returned by the given batch function will be returned unmodified by Batch As Batch normally disables updating the current state of the container, the Sync() function is provided to enable container state to be updated and checked within Batch.
func (*Container) BindMounts ¶
BindMounts retrieves bind mounts that were created by libpod and will be added to the container All these mounts except /dev/shm are ignored if a mount in the given spec has the same destination These mounts include /etc/resolv.conf, /etc/hosts, and /etc/hostname The return is formatted as a map from destination (mountpoint in the container) to source (path of the file that will be mounted into the container) If the container has not been started yet, an empty map will be returned, as the files in question are only created when the container is started.
func (*Container) CgroupManager ¶
CgroupManager returns the cgroup manager used by the given container.
func (*Container) CgroupParent ¶
CgroupParent gets the container's Cgroup parent
func (*Container) CgroupPath ¶
CgroupPath returns a cgroups "path" for the given container. Note that the container must be running. Otherwise, an error is returned.
func (*Container) ChangeHostPathOwnership ¶
func (*Container) Checkpoint ¶
func (c *Container) Checkpoint(ctx context.Context, options ContainerCheckpointOptions) (*define.CRIUCheckpointRestoreStatistics, int64, error)
Checkpoint checkpoints a container The return values *define.CRIUCheckpointRestoreStatistics and int64 (time the runtime needs to checkpoint the container) are only set if options.PrintStats is set to true. Not setting options.PrintStats to true will return nil and 0.
func (*Container) CheckpointPath ¶
CheckpointPath returns the path to the directory containing the checkpoint
func (*Container) CheckpointVolumesPath ¶ added in v4.1.0
CheckpointVolumesPath returns the path to the directory containing the checkpointed volumes
func (*Container) Cleanup ¶
Cleanup unmounts all mount points in container and cleans up container storage It also cleans up the network stack
func (*Container) Command ¶
Command is the container's command This is not added to the spec, but is instead used during image commit
func (*Container) Commit ¶
func (c *Container) Commit(ctx context.Context, destImage string, options ContainerCommitOptions) (*libimage.Image, error)
Commit commits the changes between a container and its image, creating a new image
func (*Container) Config ¶
func (c *Container) Config() *ContainerConfig
Config returns the configuration used to create the container. Note that the returned config does not include the actual networks. Use ConfigWithNetworks() if you need them.
func (*Container) ConfigNoCopy ¶ added in v4.1.0
func (c *Container) ConfigNoCopy() *ContainerConfig
ConfigNoCopy returns the configuration used by the container. Note that the returned value is not a copy and must hence only be used in a reading fashion.
func (*Container) ConfigWithNetworks ¶ added in v4.2.0
func (c *Container) ConfigWithNetworks() *ContainerConfig
Config returns the configuration used to create the container.
func (*Container) ConmonPID ¶
ConmonPID Returns the PID of the container's conmon process. If the container is not running, a PID of 0 will be returned. No error will occur.
func (*Container) ContainerState ¶
func (c *Container) ContainerState() (*ContainerState, error)
ContainerState returns containerstate struct
func (*Container) ControlSocketPath ¶
ControlSocketPath returns the path to the containers control socket for things like tty resizing
func (*Container) CopyFromArchive ¶
func (c *Container) CopyFromArchive(_ context.Context, containerPath string, chown, noOverwriteDirNonDir bool, rename map[string]string, tarStream io.Reader) (func() error, error)
CopyFromArchive copies the contents from the specified tarStream to path *inside* the container.
func (*Container) CopyToArchive ¶
func (c *Container) CopyToArchive(ctx context.Context, containerPath string, tarStream io.Writer) (func() error, error)
CopyToArchive copies the contents from the specified path *inside* the container to the tarStream.
func (*Container) CreatedTime ¶
CreatedTime gets the time when the container was created
func (*Container) DNSOption ¶
DNSOption returns the DNS options that will be used in the container's resolv.conf If empty, options from the host's resolv.conf will be used instead
func (*Container) DNSSearch ¶
DNSSearch returns the DNS search domains that will be used in the container's resolv.conf If empty, DNS Search domains from the host's resolv.conf will be used instead
func (*Container) DNSServers ¶
DNSServers returns DNS servers that will be used in the container's resolv.conf If empty, DNS server from the host's resolv.conf will be used instead
func (*Container) Dependencies ¶
Dependencies gets the containers this container depends upon
func (*Container) DeviceHostSrc ¶
func (c *Container) DeviceHostSrc() []spec.LinuxDevice
DeviceHostSrc returns the user supplied device to be passed down in the pod
func (*Container) Entrypoint ¶
Entrypoint is the container's entrypoint. This is not added to the spec, but is instead used during image commit.
func (*Container) Exec ¶
func (c *Container) Exec(config *ExecConfig, streams *define.AttachStreams, resize <-chan resize.TerminalSize) (int, error)
func (*Container) ExecCleanup ¶
ExecCleanup cleans up an exec session in the container, removing temporary files associated with it.
func (*Container) ExecCreate ¶
func (c *Container) ExecCreate(config *ExecConfig) (string, error)
ExecCreate creates a new exec session for the container. The session is not started. The ID of the new exec session will be returned.
func (*Container) ExecHTTPStartAndAttach ¶
func (c *Container) ExecHTTPStartAndAttach(sessionID string, r *http.Request, w http.ResponseWriter, streams *HTTPAttachStreams, detachKeys *string, cancel <-chan bool, hijackDone chan<- bool, newSize *resize.TerminalSize) error
ExecHTTPStartAndAttach starts and performs an HTTP attach to an exec session. newSize resizes the tty to this size before the process is started, must be nil if the exec session has no tty
func (*Container) ExecRemove ¶
ExecRemove removes an exec session in the container. If force is given, the session will be stopped first if it is running.
func (*Container) ExecResize ¶
func (c *Container) ExecResize(sessionID string, newSize resize.TerminalSize) error
ExecResize resizes the TTY of the given exec session. Only available if the exec session created a TTY.
func (*Container) ExecSession ¶
func (c *Container) ExecSession(id string) (*ExecSession, error)
ExecSession retrieves detailed information on a single active exec session in a container
func (*Container) ExecSessions ¶
ExecSessions retrieves active exec sessions running in the container
func (*Container) ExecStart ¶
ExecStart starts an exec session in the container, but does not attach to it. Returns immediately upon starting the exec session, unlike other ExecStart functions, which will only return when the exec session exits.
func (*Container) ExecStartAndAttach ¶
func (c *Container) ExecStartAndAttach(sessionID string, streams *define.AttachStreams, newSize *resize.TerminalSize) error
func (*Container) ExecStop ¶
ExecStop stops an exec session in the container. If a timeout is provided, it will be used; otherwise, the timeout will default to the stop timeout of the container. Cleanup will be invoked automatically once the session is stopped.
func (*Container) ExitCode ¶
ExitCode returns the exit code of the container as an int32, and whether the container has exited. If the container has not exited, exit code will always be 0. If the container restarts, the exit code is reset to 0.
func (*Container) Export ¶
Export exports a container's root filesystem as a tar archive The archive will be saved as a file at the given path
func (*Container) FinishedTime ¶
FinishedTime is the time the container was stopped
func (*Container) GetArtifact ¶
GetArtifact reads the specified artifact file from the container
func (*Container) GetContainerPidInformation ¶
GetContainerPidInformation returns process-related data of all processes in the container. The output data can be controlled via the `descriptors` argument which expects format descriptors and supports all AIXformat descriptors of ps (1) plus some additional ones to for instance inspect the set of effective capabilities. Each element in the returned string slice is a tab-separated string.
For more details, please refer to github.com/containers/psgo.
func (*Container) GetContainerStats ¶
func (c *Container) GetContainerStats(previousStats *define.ContainerStats) (*define.ContainerStats, error)
GetContainerStats gets the running stats for a given container. The previousStats is used to correctly calculate cpu percentages. You should pass nil if there is no previous stat for this container.
func (*Container) GetDevices ¶
func (*Container) GetMounts ¶ added in v4.1.0
func (c *Container) GetMounts(namedVolumes []*ContainerNamedVolume, imageVolumes []*ContainerImageVolume, mounts []spec.Mount) ([]define.InspectMount, error)
Get inspect-formatted mounts list. Only includes user-specified mounts. Only includes bind mounts and named volumes, not tmpfs volumes.
func (*Container) GetSecurityOptions ¶
GetSecurityOptions retrieves and returns the security related annotations and process information upon inspection
func (*Container) HTTPAttach ¶
func (c *Container) HTTPAttach(r *http.Request, w http.ResponseWriter, streams *HTTPAttachStreams, detachKeys *string, cancel <-chan bool, streamAttach, streamLogs bool, hijackDone chan<- bool) error
HTTPAttach forwards an attach session over a hijacked HTTP session. HTTPAttach will consume and close the included httpCon, which is expected to be sourced from a hijacked HTTP connection. The cancel channel is optional, and can be used to asynchronously cancel the attach session. The streams variable is only supported if the container was not a terminal, and allows specifying which of the container's standard streams will be forwarded to the client. This function returns when the attach finishes. It does not hold the lock for the duration of its runtime, only using it at the beginning to verify state. The streamLogs parameter indicates that all the container's logs until present will be streamed at the beginning of the attach. The streamAttach parameter indicates that the attach itself will be streamed over the socket; if this is not set, but streamLogs is, only the logs will be sent. At least one of streamAttach and streamLogs must be set.
func (*Container) HasHealthCheck ¶
HasHealthCheck returns bool as to whether there is a health check defined for the container
func (*Container) HealthCheckConfig ¶
func (c *Container) HealthCheckConfig() *manifest.Schema2HealthConfig
HealthCheckConfig returns the command and timing attributes of the health check
func (*Container) HealthCheckStatus ¶
HealthCheckStatus returns the current state of a container with a healthcheck
func (*Container) HostNetwork ¶
func (*Container) HostsAdd ¶
HostsAdd returns hosts that will be added to the container's hosts file The host system's hosts file is used as a base, and these are appended to it
func (*Container) IDMappings ¶
func (c *Container) IDMappings() storage.IDMappingOptions
IDMappings returns the UID/GID mapping used for the container
func (*Container) Image ¶
Image returns the ID and name of the image used as the container's rootfs.
func (*Container) Init ¶
Init creates a container in the OCI runtime, moving a container from ContainerStateConfigured, ContainerStateStopped, or ContainerStateExited to ContainerStateCreated. Once in Created state, Conmon will be running, which allows the container to be attached to. The container can subsequently transition to ContainerStateRunning via Start(), or be transitioned back to ContainerStateConfigured by Cleanup() (which will stop conmon and unmount the container). Init requires that all dependency containers be started (e.g. pod infra containers). The `recursive` parameter will, if set to true, start these dependency containers before initializing this container.
func (*Container) Inspect ¶
func (c *Container) Inspect(size bool) (*define.InspectContainerData, error)
Inspect a container for low-level information
func (*Container) IsReadOnly ¶
IsReadOnly returns whether the container is running in read-only mode
func (*Container) IsService ¶ added in v4.2.0
IsService returns true when the container is a "service container".
func (*Container) LogPath ¶
LogPath returns the path to the container's log file This file will only be present after Init() is called to create the container in the runtime
func (*Container) Mount ¶
Mount mounts a container's filesystem on the host The path where the container has been mounted is returned
func (*Container) MountLabel ¶
MountLabel returns the SELinux mount label of the container
func (*Container) Mounted ¶
Mounted returns whether the container is mounted and the path it is mounted at (if it is mounted). If the container is not mounted, no error is returned, and the mountpoint will be set to "".
func (*Container) NamedVolumes ¶
func (c *Container) NamedVolumes() []*ContainerNamedVolume
NamedVolumes returns the container's named volumes. The name of each is guaranteed to point to a valid libpod Volume present in the state.
func (*Container) Namespace ¶
Namespace returns the libpod namespace the container is in. Namespaces are used to logically separate containers and pods in the state.
func (*Container) NamespaceMode ¶ added in v4.2.0
func (*Container) NamespacePath ¶
NamespacePath returns the path of one of the container's namespaces If the container is not running, an error will be returned
func (*Container) NetworkConnect ¶
func (c *Container) NetworkConnect(nameOrID, netName string, netOpts types.PerNetworkOptions) error
ConnectNetwork connects a container to a given network
func (*Container) NetworkDisabled ¶
NetworkDisabled returns whether the container is running with a disabled network
func (*Container) NetworkDisconnect ¶
NetworkDisconnect removes a container from the network
func (*Container) NetworkMode ¶
NetworkMode gets the configured network mode for the container. Get actual value from the database
func (*Container) Networks ¶
Networks gets all the networks this container is connected to. Please do NOT use ctr.config.Networks, as this can be changed from those values at runtime via network connect and disconnect. If the container is configured to use CNI and this function returns an empty array, the container will still be connected to the default network. The second return parameter, a bool, indicates that the container container is joining the default CNI network - the network name will be included in the returned array of network names, but the container did not explicitly join this network.
func (*Container) NewNetNS ¶
NewNetNS returns whether the container will create a new network namespace
func (*Container) OOMKilled ¶
OOMKilled returns whether the container was killed by an OOM condition
func (*Container) PID ¶
PID returns the PID of the container. If the container is not running, a pid of 0 will be returned. No error will occur.
func (*Container) PodID ¶
PodID returns the full ID of the pod the container belongs to, or "" if it does not belong to a pod
func (*Container) PortMappings ¶
func (c *Container) PortMappings() ([]types.PortMapping, error)
PortMappings returns the ports that will be mapped into a container if a new network namespace is created If NewNetNS() is false, this value is unused
func (*Container) PreCheckPointPath ¶
PreCheckpointPath returns the path to the directory containing the pre-checkpoint-images
func (*Container) Privileged ¶
Privileged returns whether the container is privileged
func (*Container) ProcessLabel ¶
ProcessLabel returns the selinux ProcessLabel of the container
func (*Container) RawImageName ¶
RawImageName returns the unprocessed and not-normalized user-specified image name.
func (*Container) ReadLog ¶
func (c *Container) ReadLog(ctx context.Context, options *logs.LogOptions, logChannel chan *logs.LogLine, colorID int64) error
ReadLog reads a containers log based on the input options and returns log lines over a channel.
func (*Container) ReloadNetwork ¶
ReloadNetwork reconfigures the container's network. Technically speaking, it will tear down and then reconfigure the container's network namespace, which will result in all firewall rules being recreated. It is mostly intended to be used in cases where the system firewall has been reloaded, and existing rules have been wiped out. It is expected that some downtime will result, as the rules are destroyed as part of this process. At present, this only works on root containers; it may be expanded to restart slirp4netns in the future to work with rootless containers as well. Requires that the container must be running or created.
func (*Container) RemoveArtifact ¶
RemoveArtifact deletes the specified artifacts file
func (*Container) RestartPolicy ¶
RestartPolicy returns the container's restart policy.
func (*Container) RestartRetries ¶
RestartRetries returns the number of retries that will be attempted when using the "on-failure" restart policy
func (*Container) RestartWithTimeout ¶
RestartWithTimeout restarts a running container and takes a given timeout in uint
func (*Container) Restore ¶
func (c *Container) Restore(ctx context.Context, options ContainerCheckpointOptions) (*define.CRIUCheckpointRestoreStatistics, int64, error)
Restore restores a container The return values *define.CRIUCheckpointRestoreStatistics and int64 (time the runtime needs to restore the container) are only set if options.PrintStats is set to true. Not setting options.PrintStats to true will return nil and 0.
func (*Container) RootFsSize ¶
RootFsSize returns the root FS size of the container
func (*Container) RuntimeName ¶
RuntimeName returns the name of the runtime
func (*Container) Secrets ¶
func (c *Container) Secrets() []*ContainerSecret
Secrets return the secrets in the container
func (*Container) ShouldRestart ¶
Indicate whether or not the container should restart
func (*Container) SortUserVolumes ¶ added in v4.1.0
SortUserVolumes sorts the volumes specified for a container between named and normal volumes
func (*Container) Spec ¶
Spec returns the container's OCI runtime spec The spec returned is the one used to create the container. The running spec may differ slightly as mounts are added based on the image
func (*Container) Start ¶
Start starts the given container. Start will accept container in ContainerStateConfigured, ContainerStateCreated, ContainerStateStopped, and ContainerStateExited, and transition them to ContainerStateRunning (all containers not in ContainerStateCreated will make an intermediate stop there via the Init API). Once in ContainerStateRunning, the container can be transitioned to ContainerStatePaused via Pause(), or to ContainerStateStopped by the process stopping (either due to exit, or being forced to stop by the Kill or Stop API calls). Start requites that all dependency containers (e.g. pod infra containers) be running before being run. The recursive parameter, if set, will start all dependencies before starting this container.
func (*Container) StartAndAttach ¶
func (c *Container) StartAndAttach(ctx context.Context, streams *define.AttachStreams, keys string, resize <-chan resize.TerminalSize, recursive bool) (<-chan error, error)
StartAndAttach starts a container and attaches to it. This acts as a combination of the Start and Attach APIs, ensuring proper ordering of the two such that no output from the container is lost (e.g. the Attach call occurs before Start). In overall functionality, it is identical to the Start call, with the added side effect that an attach session will also be started.
func (*Container) StartedTime ¶
StartedTime is the time the container was started
func (*Container) State ¶
func (c *Container) State() (define.ContainerStatus, error)
State returns the current state of the container
func (*Container) StaticDir ¶
StaticDir returns the directory used to store persistent container files
func (*Container) Stop ¶
Stop uses the container's stop signal (or SIGTERM if no signal was specified) to stop the container, and if it has not stopped after container's stop timeout, SIGKILL is used to attempt to forcibly stop the container Default stop timeout is 10 seconds, but can be overridden when the container is created
func (*Container) StopSignal ¶
StopSignal is the signal that will be used to stop the container If it fails to stop the container, SIGKILL will be used after a timeout If StopSignal is 0, the default signal of SIGTERM will be used
func (*Container) StopTimeout ¶
StopTimeout returns the container's stop timeout If the container's default stop signal fails to kill the container, SIGKILL will be used after this timeout
func (*Container) StopWithTimeout ¶
StopWithTimeout is a version of Stop that allows a timeout to be specified manually. If timeout is 0, SIGKILL will be used immediately to kill the container.
func (*Container) StoppedByUser ¶
StoppedByUser returns whether the container was last stopped by an explicit call to the Stop() API, or whether it exited naturally.
func (*Container) Sync ¶
Sync updates the status of a container by querying the OCI runtime. If the container has not been created inside the OCI runtime, nothing will be done. Most of the time, Podman does not explicitly query the OCI runtime for container status, and instead relies upon exit files created by conmon. This can cause a disconnect between running state and what Podman sees in cases where Conmon was killed unexpected, or runc was upgraded. Running a manual Sync() ensures that container state will be correct in such situations.
func (*Container) Timezone ¶
Timezone returns the timezone configured inside the container. Local means it has the same timezone as the host machine
func (*Container) Top ¶
Top gathers statistics about the running processes in a container. It returns a []string for output
func (*Container) UserVolumes ¶
UserVolumes returns user-added volume mounts in the container. These are not added to the spec, but are used during image commit and to trigger some OCI hooks.
func (*Container) WaitForConditionWithInterval ¶
func (*Container) WaitForExit ¶ added in v4.2.0
WaitForExit blocks until the container exits and returns its exit code. The argument is the interval at which checks the container's status.
func (*Container) WorkingDir ¶
WorkingDir returns the containers working dir
type ContainerCheckpointOptions ¶
type ContainerCheckpointOptions struct { // Keep tells the API to not delete checkpoint artifacts Keep bool // KeepRunning tells the API to keep the container running // after writing the checkpoint to disk KeepRunning bool // TCPEstablished tells the API to checkpoint a container // even if it contains established TCP connections TCPEstablished bool // TargetFile tells the API to read (or write) the checkpoint image // from (or to) the filename set in TargetFile TargetFile string // CheckpointImageID tells the API to restore the container from // checkpoint image with ID set in CheckpointImageID CheckpointImageID string // Name tells the API that during restore from an exported // checkpoint archive a new name should be used for the // restored container Name string // IgnoreRootfs tells the API to not export changes to // the container's root file-system (or to not import) IgnoreRootfs bool // IgnoreStaticIP tells the API to ignore the IP set // during 'podman run' with '--ip'. This is especially // important to be able to restore a container multiple // times with '--import --name'. IgnoreStaticIP bool // IgnoreStaticMAC tells the API to ignore the MAC set // during 'podman run' with '--mac-address'. This is especially // important to be able to restore a container multiple // times with '--import --name'. IgnoreStaticMAC bool // IgnoreVolumes tells the API to not export or not to import // the content of volumes associated with the container IgnoreVolumes bool // Pre Checkpoint container and leave container running PreCheckPoint bool // Dump container with Pre Checkpoint images WithPrevious bool // ImportPrevious tells the API to restore container with two // images. One is TargetFile, the other is ImportPrevious. ImportPrevious string // CreateImage tells Podman to create an OCI image from container // checkpoint in the local image store. CreateImage string // Compression tells the API which compression to use for // the exported checkpoint archive. Compression archive.Compression // If Pod is set the container should be restored into the // given Pod. If Pod is empty it is a restore without a Pod. // Restoring a non Pod container into a Pod or a Pod container // without a Pod is theoretically possible, but will // probably not work if a PID namespace is shared. // A shared PID namespace means that a Pod container has PID 1 // in the infrastructure container, but without the infrastructure // container no PID 1 will be in the namespace and that is not // possible. Pod string // PrintStats tells the API to fill out the statistics about // how much time each component in the stack requires to // checkpoint a container. PrintStats bool // FileLocks tells the API to checkpoint/restore a container // with file-locks FileLocks bool }
ContainerCheckpointOptions is a struct used to pass the parameters for checkpointing (and restoring) to the corresponding functions
type ContainerCommitOptions ¶
type ContainerCommitOptions struct { buildah.CommitOptions Pause bool IncludeVolumes bool Author string Message string Changes []string Squash bool }
ContainerCommitOptions is a struct used to commit a container to an image It uses buildah's CommitOptions as a base. Long-term we might wish to add these to the buildah struct once buildah is more integrated with libpod
type ContainerConfig ¶
type ContainerConfig struct { // Spec is OCI runtime spec used to create the container. This is passed // in when the container is created, but it is not the final spec used // to run the container - it will be modified by Libpod to add things we // manage (e.g. bind mounts for /etc/resolv.conf, named volumes, a // network namespace prepared by CNI or slirp4netns) in the // generateSpec() function. Spec *spec.Spec `json:"spec"` // ID is a hex-encoded 256-bit pseudorandom integer used as a unique // identifier for the container. IDs are globally unique in Libpod - // once an ID is in use, no other container or pod will be created with // the same one until the holder of the ID has been removed. // ID is generated by Libpod, and cannot be chosen or influenced by the // user (except when restoring a checkpointed container). // ID is guaranteed to be 64 characters long. ID string `json:"id"` // Name is a human-readable name for the container. All containers must // have a non-empty name. Name may be provided when the container is // created; if no name is chosen, a name will be auto-generated. Name string `json:"name"` // Pod is the full ID of the pod the container belongs to. If the // container does not belong to a pod, this will be empty. // If this is not empty, a pod with this ID is guaranteed to exist in // the state for the duration of this container's existence. Pod string `json:"pod,omitempty"` // Namespace is the libpod Namespace the container is in. // Namespaces are used to divide containers in the state. Namespace string `json:"namespace,omitempty"` // LockID is the ID of this container's lock. Each container, pod, and // volume is assigned a unique Lock (from one of several backends) by // the libpod Runtime. This lock will belong only to this container for // the duration of the container's lifetime. LockID uint32 `json:"lockID"` // CreateCommand is the full command plus arguments that were used to // create the container. It is shown in the output of Inspect, and may // be used to recreate an identical container for automatic updates or // portable systemd unit files. CreateCommand []string `json:"CreateCommand,omitempty"` // RawImageName is the raw and unprocessed name of the image when creating // the container (as specified by the user). May or may not be set. One // use case to store this data are auto-updates where we need the _exact_ // name and not some normalized instance of it. RawImageName string `json:"RawImageName,omitempty"` // IDMappings are UID/GID mappings used by the container's user // namespace. They are used by the OCI runtime when creating the // container, and by c/storage to ensure that the container's files have // the appropriate owner. IDMappings storage.IDMappingOptions `json:"idMappingsOptions,omitempty"` // Dependencies are the IDs of dependency containers. // These containers must be started before this container is started. Dependencies []string // embedded sub-configs ContainerRootFSConfig ContainerSecurityConfig ContainerNameSpaceConfig ContainerNetworkConfig ContainerImageConfig ContainerMiscConfig // contains filtered or unexported fields }
ContainerConfig contains all information that was used to create the container. It may not be changed once created. It is stored, read-only, on disk in Libpod's State. Any changes will not be written back to the database, and will cause inconsistencies with other Libpod instances.
type ContainerFilter ¶
ContainerFilter is a function to determine whether a container is included in command output. Containers to be outputted are tested using the function. A true return will include the container, a false return will exclude it.
type ContainerGraph ¶
type ContainerGraph struct {
// contains filtered or unexported fields
}
ContainerGraph is a dependency graph based on a set of containers.
func BuildContainerGraph ¶
func BuildContainerGraph(ctrs []*Container) (*ContainerGraph, error)
BuildContainerGraph builds a dependency graph based on the container slice.
func (*ContainerGraph) DependencyMap ¶
func (cg *ContainerGraph) DependencyMap() (dependencies map[*Container][]*Container)
DependencyMap returns the dependency graph as map with the key being a container and the value being the containers the key depends on.
type ContainerImageConfig ¶
type ContainerImageConfig struct { // UserVolumes contains user-added volume mounts in the container. // These will not be added to the container's spec, as it is assumed // they are already present in the spec given to Libpod. Instead, it is // used when committing containers to generate the VOLUMES field of the // image that is created, and for triggering some OCI hooks which do not // fire unless user-added volume mounts are present. UserVolumes []string `json:"userVolumes,omitempty"` // Entrypoint is the container's entrypoint. // It is not used in spec generation, but will be used when the // container is committed to populate the entrypoint of the new image. Entrypoint []string `json:"entrypoint,omitempty"` // Command is the container's command. // It is not used in spec generation, but will be used when the // container is committed to populate the command of the new image. Command []string `json:"command,omitempty"` }
ContainerImageConfig is an embedded sub-config providing image configuration to the container.
type ContainerImageVolume ¶
type ContainerImageVolume struct { // Source is the source of the image volume. The image can be referred // to by name and by ID. Source string `json:"source"` // Dest is the absolute path of the mount in the container. Dest string `json:"dest"` // ReadWrite sets the volume writable. ReadWrite bool `json:"rw"` }
ContainerImageVolume is a volume based on a container image. The container image is first mounted on the host and is then bind-mounted into the container.
type ContainerInfo ¶
type ContainerInfo struct { Dir string RunDir string Config *v1.Image ProcessLabel string MountLabel string UIDMap []idtools.IDMap GIDMap []idtools.IDMap }
ContainerInfo wraps a subset of information about a container: the locations of its nonvolatile and volatile per-container directories, along with a copy of the configuration blob from the image that was used to create the container, if the image had a configuration. It also returns the ProcessLabel and MountLabel selected for the container
type ContainerMiscConfig ¶
type ContainerMiscConfig struct { // Whether to keep container STDIN open Stdin bool `json:"stdin,omitempty"` // Labels is a set of key-value pairs providing additional information // about a container Labels map[string]string `json:"labels,omitempty"` // StopSignal is the signal that will be used to stop the container StopSignal uint `json:"stopSignal,omitempty"` // StopTimeout is the signal that will be used to stop the container StopTimeout uint `json:"stopTimeout,omitempty"` // Timeout is maximum time a container will run before getting the kill signal Timeout uint `json:"timeout,omitempty"` // Time container was created CreatedTime time.Time `json:"createdTime"` // CgroupManager is the cgroup manager used to create this container. // If empty, the runtime default will be used. CgroupManager string `json:"cgroupManager,omitempty"` // NoCgroups indicates that the container will not create Cgroups. It is // incompatible with CgroupParent. Deprecated in favor of CgroupsMode. NoCgroups bool `json:"noCgroups,omitempty"` // CgroupsMode indicates how the container will create cgroups // (disabled, no-conmon, enabled). It supersedes NoCgroups. CgroupsMode string `json:"cgroupsMode,omitempty"` // Cgroup parent of the container. CgroupParent string `json:"cgroupParent"` // LogPath log location LogPath string `json:"logPath"` // LogTag is the tag used for logging LogTag string `json:"logTag"` // LogSize is the tag used for logging LogSize int64 `json:"logSize"` // LogDriver driver for logs LogDriver string `json:"logDriver"` // File containing the conmon PID ConmonPidFile string `json:"conmonPidFile,omitempty"` // RestartPolicy indicates what action the container will take upon // exiting naturally. // Allowed options are "no" (take no action), "on-failure" (restart on // non-zero exit code, up an a maximum of RestartRetries times), // and "always" (always restart the container on any exit code). // The empty string is treated as the default ("no") RestartPolicy string `json:"restart_policy,omitempty"` // RestartRetries indicates the number of attempts that will be made to // restart the container. Used only if RestartPolicy is set to // "on-failure". RestartRetries uint `json:"restart_retries,omitempty"` // PostConfigureNetNS needed when a user namespace is created by an OCI runtime // if the network namespace is created before the user namespace it will be // owned by the wrong user namespace. PostConfigureNetNS bool `json:"postConfigureNetNS"` // OCIRuntime used to create the container OCIRuntime string `json:"runtime,omitempty"` // IsInfra is a bool indicating whether this container is an infra container used for // sharing kernel namespaces in a pod IsInfra bool `json:"pause"` // IsService is a bool indicating whether this container is a service container used for // tracking the life cycle of K8s service. IsService bool `json:"isService"` // SdNotifyMode tells libpod what to do with a NOTIFY_SOCKET if passed SdNotifyMode string `json:"sdnotifyMode,omitempty"` // Systemd tells libpod to set up the container in systemd mode, a value of nil denotes false Systemd *bool `json:"systemd,omitempty"` // HealthCheckConfig has the health check command and related timings HealthCheckConfig *manifest.Schema2HealthConfig `json:"healthcheck"` // PreserveFDs is a number of additional file descriptors (in addition // to 0, 1, 2) that will be passed to the executed process. The total FDs // passed will be 3 + PreserveFDs. PreserveFDs uint `json:"preserveFds,omitempty"` // Timezone is the timezone inside the container. // Local means it has the same timezone as the host machine Timezone string `json:"timezone,omitempty"` // Umask is the umask inside the container. Umask string `json:"umask,omitempty"` // PidFile is the file that saves the pid of the container process PidFile string `json:"pid_file,omitempty"` // CDIDevices contains devices that use the CDI CDIDevices []string `json:"cdiDevices,omitempty"` // DeviceHostSrc contains the original source on the host DeviceHostSrc []spec.LinuxDevice `json:"device_host_src,omitempty"` // EnvSecrets are secrets that are set as environment variables EnvSecrets map[string]*secrets.Secret `json:"secret_env,omitempty"` // InitContainerType specifies if the container is an initcontainer // and if so, what type: always or once are possible non-nil entries InitContainerType string `json:"init_container_type,omitempty"` // PasswdEntry specifies arbitrary data to append to a file. PasswdEntry string `json:"passwd_entry,omitempty"` // MountAllDevices is an option to indicate whether a privileged container // will mount all the host's devices MountAllDevices bool `json:"mountAllDevices"` }
ContainerMiscConfig is an embedded sub-config providing misc configuration to the container.
type ContainerNameSpaceConfig ¶
type ContainerNameSpaceConfig struct { // IDs of container to share namespaces with // NetNsCtr conflicts with the CreateNetNS bool // These containers are considered dependencies of the given container // They must be started before the given container is started IPCNsCtr string `json:"ipcNsCtr,omitempty"` MountNsCtr string `json:"mountNsCtr,omitempty"` NetNsCtr string `json:"netNsCtr,omitempty"` PIDNsCtr string `json:"pidNsCtr,omitempty"` UserNsCtr string `json:"userNsCtr,omitempty"` UTSNsCtr string `json:"utsNsCtr,omitempty"` CgroupNsCtr string `json:"cgroupNsCtr,omitempty"` }
ContainerNameSpaceConfig is an embedded sub-config providing namespace configuration to the container.
type ContainerNamedVolume ¶
type ContainerNamedVolume struct { // Name is the name of the volume to mount in. // Must resolve to a valid volume present in this Podman. Name string `json:"volumeName"` // Dest is the mount's destination Dest string `json:"dest"` // Options are fstab style mount options Options []string `json:"options,omitempty"` }
ContainerNamedVolume is a named volume that will be mounted into the container. Each named volume is a libpod Volume present in the state.
type ContainerNetworkConfig ¶
type ContainerNetworkConfig struct { // CreateNetNS indicates that libpod should create and configure a new // network namespace for the container. // This cannot be set if NetNsCtr is also set. CreateNetNS bool `json:"createNetNS"` // StaticIP is a static IP to request for the container. // This cannot be set unless CreateNetNS is set. // If not set, the container will be dynamically assigned an IP by CNI. // Deprecated: Do no use this anymore, this is only for DB backwards compat. StaticIP net.IP `json:"staticIP,omitempty"` // StaticMAC is a static MAC to request for the container. // This cannot be set unless CreateNetNS is set. // If not set, the container will be dynamically assigned a MAC by CNI. // Deprecated: Do no use this anymore, this is only for DB backwards compat. StaticMAC types.HardwareAddr `json:"staticMAC,omitempty"` // PortMappings are the ports forwarded to the container's network // namespace // These are not used unless CreateNetNS is true PortMappings []types.PortMapping `json:"newPortMappings,omitempty"` // OldPortMappings are the ports forwarded to the container's network // namespace. As of podman 4.0 this field is deprecated, use PortMappings // instead. The db will convert the old ports to the new structure for you. // These are not used unless CreateNetNS is true OldPortMappings []types.OCICNIPortMapping `json:"portMappings,omitempty"` // ExposedPorts are the ports which are exposed but not forwarded // into the container. // The map key is the port and the string slice contains the protocols, // e.g. tcp and udp // These are only set when exposed ports are given but not published. ExposedPorts map[uint16][]string `json:"exposedPorts,omitempty"` // UseImageResolvConf indicates that resolv.conf should not be // bind-mounted inside the container. // Conflicts with DNSServer, DNSSearch, DNSOption. UseImageResolvConf bool // DNS servers to use in container resolv.conf // Will override servers in host resolv if set DNSServer []net.IP `json:"dnsServer,omitempty"` // DNS Search domains to use in container resolv.conf // Will override search domains in host resolv if set DNSSearch []string `json:"dnsSearch,omitempty"` // DNS options to be set in container resolv.conf // With override options in host resolv if set DNSOption []string `json:"dnsOption,omitempty"` // UseImageHosts indicates that /etc/hosts should not be // bind-mounted inside the container. // Conflicts with HostAdd. UseImageHosts bool // Hosts to add in container // Will be appended to host's host file HostAdd []string `json:"hostsAdd,omitempty"` // Network names with the network specific options. // Please note that these can be altered at runtime. The actual list is // stored in the DB and should be retrieved from there via c.networks() // this value is only used for container create. // Added in podman 4.0, previously NetworksDeprecated was used. Make // sure to not change the json tags. Networks map[string]types.PerNetworkOptions `json:"newNetworks,omitempty"` // Network names to add container to. Empty to use default network. // Please note that these can be altered at runtime. The actual list is // stored in the DB and should be retrieved from there; this is only the // set of networks the container was *created* with. // Deprecated: Do no use this anymore, this is only for DB backwards compat. // Also note that we need to keep the old json tag to decode from DB correctly NetworksDeprecated []string `json:"networks,omitempty"` // Network mode specified for the default network. NetMode namespaces.NetworkMode `json:"networkMode,omitempty"` // NetworkOptions are additional options for each network NetworkOptions map[string][]string `json:"network_options,omitempty"` }
ContainerNetworkConfig is an embedded sub-config providing network configuration to the container.
type ContainerNetworkDescriptions ¶
ContainerNetworkDescriptions describes the relationship between the CNI network and the ethN where N is an integer
type ContainerOverlayVolume ¶
type ContainerOverlayVolume struct { // Destination is the absolute path where the mount will be placed in the container. Dest string `json:"dest"` // Source specifies the source path of the mount. Source string `json:"source,omitempty"` // Options holds overlay volume options. Options []string `json:"options,omitempty"` }
ContainerOverlayVolume is a overlay volume that will be mounted into the container. Each volume is a libpod Volume present in the state.
type ContainerRootFSConfig ¶
type ContainerRootFSConfig struct { // RootfsImageID is the ID of the image used to create the container. // If the container was created from a Rootfs, this will be empty. // If non-empty, Podman will create a root filesystem for the container // based on an image with this ID. // This conflicts with Rootfs. RootfsImageID string `json:"rootfsImageID,omitempty"` // RootfsImageName is the (normalized) name of the image used to create // the container. If the container was created from a Rootfs, this will // be empty. RootfsImageName string `json:"rootfsImageName,omitempty"` // Rootfs is a directory to use as the container's root filesystem. // If RootfsImageID is set, this will be empty. // If this is set, Podman will not create a root filesystem for the // container based on an image, and will instead use the given directory // as the container's root. // Conflicts with RootfsImageID. Rootfs string `json:"rootfs,omitempty"` // RootfsOverlay tells if rootfs has to be mounted as an overlay RootfsOverlay bool `json:"rootfs_overlay,omitempty"` // ShmDir is the path to be mounted on /dev/shm in container. // If not set manually at creation time, Libpod will create a tmpfs // with the size specified in ShmSize and populate this with the path of // said tmpfs. ShmDir string `json:"ShmDir,omitempty"` NoShmShare bool `json:"NOShmShare,omitempty"` // NoShm indicates whether a tmpfs should be created and mounted on /dev/shm NoShm bool `json:"NoShm,omitempty"` // ShmSize is the size of the container's SHM. Only used if ShmDir was // not set manually at time of creation. ShmSize int64 `json:"shmSize"` // Static directory for container content that will persist across // reboot. // StaticDir is a persistent directory for Libpod files that will // survive system reboot. It is not part of the container's rootfs and // is not mounted into the container. It will be removed when the // container is removed. // Usually used to store container log files, files that will be bind // mounted into the container (e.g. the resolv.conf we made for the // container), and other per-container content. StaticDir string `json:"staticDir"` // Mounts contains all additional mounts into the container rootfs. // It is presently only used for the container's SHM directory. // These must be unmounted before the container's rootfs is unmounted. Mounts []string `json:"mounts,omitempty"` // NamedVolumes lists the Libpod named volumes to mount into the // container. Each named volume is guaranteed to exist so long as this // container exists. NamedVolumes []*ContainerNamedVolume `json:"namedVolumes,omitempty"` // OverlayVolumes lists the overlay volumes to mount into the container. OverlayVolumes []*ContainerOverlayVolume `json:"overlayVolumes,omitempty"` // ImageVolumes lists the image volumes to mount into the container. // Please note that this is named ctrImageVolumes in JSON to // distinguish between these and the old `imageVolumes` field in Podman // pre-1.8, which was used in very old Podman versions to determine how // image volumes were handled in Libpod (support for these eventually // moved out of Libpod into pkg/specgen). // Please DO NOT re-use the `imageVolumes` name in container JSON again. ImageVolumes []*ContainerImageVolume `json:"ctrImageVolumes,omitempty"` // CreateWorkingDir indicates that Libpod should create the container's // working directory if it does not exist. Some OCI runtimes do this by // default, but others do not. CreateWorkingDir bool `json:"createWorkingDir,omitempty"` // Secrets lists secrets to mount into the container Secrets []*ContainerSecret `json:"secrets,omitempty"` // SecretPath is the secrets location in storage SecretsPath string `json:"secretsPath"` // StorageOpts to be used when creating rootfs StorageOpts map[string]string `json:"storageOpts"` // Volatile specifies whether the container storage can be optimized // at the cost of not syncing all the dirty files in memory. Volatile bool `json:"volatile,omitempty"` // Passwd allows to user to override podman's passwd/group file setup Passwd *bool `json:"passwd,omitempty"` // ChrootDirs is an additional set of directories that need to be // treated as root directories. Standard bind mounts will be mounted // into paths relative to these directories. ChrootDirs []string `json:"chroot_directories,omitempty"` }
ContainerRootFSConfig is an embedded sub-config providing config info about the container's root fs.
type ContainerSecret ¶
type ContainerSecret struct { // Secret is the secret *secrets.Secret // UID is the UID of the secret file UID uint32 // GID is the GID of the secret file GID uint32 // Mode is the mode of the secret file Mode uint32 // Secret target inside container Target string }
ContainerSecret is a secret that is mounted in a container
type ContainerSecurityConfig ¶
type ContainerSecurityConfig struct { // Privileged is whether the container is privileged. Privileged // containers have lessened security and increased access to the system. // Note that this does NOT directly correspond to Podman's --privileged // flag - most of the work of that flag is done in creating the OCI spec // given to Libpod. This only enables a small subset of the overall // operation, mostly around mounting the container image with reduced // security. Privileged bool `json:"privileged"` // ProcessLabel is the SELinux process label for the container. ProcessLabel string `json:"ProcessLabel,omitempty"` // MountLabel is the SELinux mount label for the container's root // filesystem. Only used if the container was created from an image. // If not explicitly set, an unused random MLS label will be assigned by // containers/storage (but only if SELinux is enabled). MountLabel string `json:"MountLabel,omitempty"` // LabelOpts are options passed in by the user to set up SELinux labels. // These are used by the containers/storage library. LabelOpts []string `json:"labelopts,omitempty"` // User and group to use in the container. Can be specified as only user // (in which case we will attempt to look up the user in the container // to determine the appropriate group) or user and group separated by a // colon. // Can be specified by name or UID/GID. // If unset, this will default to UID and GID 0 (root). User string `json:"user,omitempty"` // Groups are additional groups to add the container's user to. These // are resolved within the container using the container's /etc/passwd. Groups []string `json:"groups,omitempty"` // HostUsers are a list of host user accounts to add to /etc/passwd HostUsers []string `json:"HostUsers,omitempty"` // AddCurrentUserPasswdEntry indicates that Libpod should ensure that // the container's /etc/passwd contains an entry for the user running // Libpod - mostly used in rootless containers where the user running // Libpod wants to retain their UID inside the container. AddCurrentUserPasswdEntry bool `json:"addCurrentUserPasswdEntry,omitempty"` }
ContainerSecurityConfig is an embedded sub-config providing security configuration to the container.
type ContainerState ¶
type ContainerState struct { // The current state of the running container State define.ContainerStatus `json:"state"` // The path to the JSON OCI runtime spec for this container ConfigPath string `json:"configPath,omitempty"` // RunDir is a per-boot directory for container content RunDir string `json:"runDir,omitempty"` // Mounted indicates whether the container's storage has been mounted // for use Mounted bool `json:"mounted,omitempty"` // Mountpoint contains the path to the container's mounted storage as given // by containers/storage. Mountpoint string `json:"mountPoint,omitempty"` // StartedTime is the time the container was started StartedTime time.Time `json:"startedTime,omitempty"` // FinishedTime is the time the container finished executing FinishedTime time.Time `json:"finishedTime,omitempty"` // ExitCode is the exit code returned when the container stopped ExitCode int32 `json:"exitCode,omitempty"` // Exited is whether the container has exited Exited bool `json:"exited,omitempty"` // OOMKilled indicates that the container was killed as it ran out of // memory OOMKilled bool `json:"oomKilled,omitempty"` // Checkpointed indicates that the container was stopped by a checkpoint // operation. Checkpointed bool `json:"checkpointed,omitempty"` // PID is the PID of a running container PID int `json:"pid,omitempty"` // ConmonPID is the PID of the container's conmon ConmonPID int `json:"conmonPid,omitempty"` // ExecSessions contains all exec sessions that are associated with this // container. ExecSessions map[string]*ExecSession `json:"newExecSessions,omitempty"` // LegacyExecSessions are legacy exec sessions from older versions of // Podman. // These are DEPRECATED and will be removed in a future release. LegacyExecSessions map[string]*legacyExecSession `json:"execSessions,omitempty"` // NetworkStatusOld contains the configuration results for all networks // the pod is attached to. Only populated if we created a network // namespace for the container, and the network namespace is currently // active. // These are DEPRECATED and will be removed in a future release. // This field is only used for backwarts compatibility. NetworkStatusOld []*types040.Result `json:"networkResults,omitempty"` // NetworkStatus contains the network Status for all networks // the container is attached to. Only populated if we created a network // namespace for the container, and the network namespace is currently // active. // To read this field use container.getNetworkStatus() instead, this will // take care of migrating the old DEPRECATED network status to the new format. NetworkStatus map[string]types.StatusBlock `json:"networkStatus,omitempty"` // BindMounts contains files that will be bind-mounted into the // container when it is mounted. // These include /etc/hosts and /etc/resolv.conf // This maps the path the file will be mounted to in the container to // the path of the file on disk outside the container BindMounts map[string]string `json:"bindMounts,omitempty"` // StoppedByUser indicates whether the container was stopped by an // explicit call to the Stop() API. StoppedByUser bool `json:"stoppedByUser,omitempty"` // RestartPolicyMatch indicates whether the conditions for restart // policy have been met. RestartPolicyMatch bool `json:"restartPolicyMatch,omitempty"` // RestartCount is how many times the container was restarted by its // restart policy. This is NOT incremented by normal container restarts // (only by restart policy). RestartCount uint `json:"restartCount,omitempty"` // ExtensionStageHooks holds hooks which will be executed by libpod // and not delegated to the OCI runtime. ExtensionStageHooks map[string][]spec.Hook `json:"extensionStageHooks,omitempty"` // NetInterfaceDescriptions describe the relationship between a CNI // network and an interface names NetInterfaceDescriptions ContainerNetworkDescriptions `json:"networkDescriptions,omitempty"` // Service indicates that container is the service container of a // service. A service consists of one or more pods. The service // container is started before all pods and is stopped when the last // pod stops. The service container allows for tracking and managing // the entire life cycle of service which may be started via // `podman-play-kube`. Service Service // Following checkpoint/restore related information is displayed // if the container has been checkpointed or restored. CheckpointedTime time.Time `json:"checkpointedTime,omitempty"` RestoredTime time.Time `json:"restoredTime,omitempty"` CheckpointLog string `json:"checkpointLog,omitempty"` CheckpointPath string `json:"checkpointPath,omitempty"` RestoreLog string `json:"restoreLog,omitempty"` Restored bool `json:"restored,omitempty"` // contains filtered or unexported fields }
ContainerState contains the current state of the container It is stored on disk in a tmpfs and recreated on reboot
type CtrCreateOption ¶
A CtrCreateOption is a functional option which alters the Container created by NewContainer
func WithAddCurrentUserPasswdEntry ¶
func WithAddCurrentUserPasswdEntry() CtrCreateOption
WithAddCurrentUserPasswdEntry indicates that container should add current user entry to /etc/passwd, since the UID will be mapped into the container, via user namespace
func WithCDI ¶
func WithCDI(devices []string) CtrCreateOption
WithCDI sets the devices to check for for CDI configuration.
func WithCgroupNSFrom ¶
func WithCgroupNSFrom(nsCtr *Container) CtrCreateOption
WithCgroupNSFrom indicates the the container should join the Cgroup namespace of the given container. If the container has joined a pod, it can only join the namespaces of containers in the same pod.
func WithCgroupParent ¶
func WithCgroupParent(parent string) CtrCreateOption
WithCgroupParent sets the Cgroup Parent of the new container.
func WithCgroupsMode ¶
func WithCgroupsMode(mode string) CtrCreateOption
WithCgroupsMode disables the creation of Cgroups for the conmon process.
func WithChrootDirs ¶ added in v4.1.0
func WithChrootDirs(dirs []string) CtrCreateOption
WithChrootDirs is an additional set of directories that need to be treated as root directories. Standard bind mounts will be mounted into paths relative to these directories.
func WithCommand ¶
func WithCommand(command []string) CtrCreateOption
WithCommand sets the command of the container. This is not used to change the container's spec, but will instead be used during commit to populate the command of the new image. If not explicitly set it will default to the image's command. A nil command is allowed, and will clear command on the created image.
func WithConmonPidFile ¶
func WithConmonPidFile(path string) CtrCreateOption
WithConmonPidFile specifies the path to the file that receives the pid of conmon.
func WithCreateCommand ¶
func WithCreateCommand(cmd []string) CtrCreateOption
WithCreateCommand adds the full command plus arguments of the current process to the container config.
func WithCreateWorkingDir ¶
func WithCreateWorkingDir() CtrCreateOption
WithCreateWorkingDir tells Podman to create the container's working directory if it does not exist.
func WithCtrNamespace ¶
func WithCtrNamespace(ns string) CtrCreateOption
WithCtrNamespace sets the namespace the container will be created in. Namespaces are used to create separate views of Podman's state - runtimes can join a specific namespace and see only containers and pods in that namespace. Empty string namespaces are allowed, and correspond to a lack of namespace.
func WithDNS ¶
func WithDNS(dnsServers []string) CtrCreateOption
WithDNS sets additional name servers for the container.
func WithDNSOption ¶
func WithDNSOption(dnsOptions []string) CtrCreateOption
WithDNSOption sets addition dns options for the container.
func WithDNSSearch ¶
func WithDNSSearch(searchDomains []string) CtrCreateOption
WithDNSSearch sets the additional search domains of a container.
func WithDependencyCtrs ¶
func WithDependencyCtrs(ctrs []*Container) CtrCreateOption
WithDependencyCtrs sets dependency containers of the given container. Dependency containers must be running before this container is started.
func WithEntrypoint ¶
func WithEntrypoint(entrypoint []string) CtrCreateOption
WithEntrypoint sets the entrypoint of the container. This is not used to change the container's spec, but will instead be used during commit to populate the entrypoint of the new image. If not explicitly set it will default to the image's entrypoint. A nil entrypoint is allowed, and will clear entrypoint on the created image.
func WithEnvSecrets ¶
func WithEnvSecrets(envSecrets map[string]string) CtrCreateOption
WithSecrets adds environment variable secrets to the container
func WithGroups ¶
func WithGroups(groups []string) CtrCreateOption
WithGroups sets additional groups for the container, which are defined by the user.
func WithHealthCheck ¶
func WithHealthCheck(healthCheck *manifest.Schema2HealthConfig) CtrCreateOption
WithHealthCheck adds the healthcheck to the container config
func WithHostDevice ¶
func WithHostDevice(dev []specs.LinuxDevice) CtrCreateOption
WithHostDevice adds the original host src to the config
func WithHostUsers ¶
func WithHostUsers(hostUsers []string) CtrCreateOption
WithHostUsers indicates host users to add to /etc/passwd
func WithHosts ¶
func WithHosts(hosts []string) CtrCreateOption
WithHosts sets additional host:IP for the hosts file.
func WithIDMappings ¶
func WithIDMappings(idmappings storage.IDMappingOptions) CtrCreateOption
WithIDMappings sets the idmappings for the container
func WithIPCNSFrom ¶
func WithIPCNSFrom(nsCtr *Container) CtrCreateOption
WithIPCNSFrom indicates the the container should join the IPC namespace of the given container. If the container has joined a pod, it can only join the namespaces of containers in the same pod.
func WithImageVolumes ¶
func WithImageVolumes(volumes []*ContainerImageVolume) CtrCreateOption
WithImageVolumes adds the given image volumes to the container.
func WithInfraConfig ¶
func WithInfraConfig(compatibleOptions InfraInherit) CtrCreateOption
WithInfraConfig allows for inheritance of compatible config entities from the infra container
func WithInitCtrType ¶
func WithInitCtrType(containerType string) CtrCreateOption
WithInitCtrType indicates the container is a initcontainer
func WithIsService ¶ added in v4.2.0
func WithIsService() CtrCreateOption
WithIsService allows us to dfferentiate between service containers and other container within the container config
func WithLabels ¶
func WithLabels(labels map[string]string) CtrCreateOption
WithLabels adds labels to the container.
func WithLogDriver ¶
func WithLogDriver(driver string) CtrCreateOption
WithLogDriver sets the log driver for the container
func WithLogPath ¶
func WithLogPath(path string) CtrCreateOption
WithLogPath sets the path to the log file.
func WithLogTag ¶
func WithLogTag(tag string) CtrCreateOption
WithLogTag sets the tag to the log file.
func WithMaxLogSize ¶
func WithMaxLogSize(limit int64) CtrCreateOption
WithMaxLogSize sets the maximum size of container logs. Positive sizes are limits in bytes, -1 is unlimited.
func WithMountAllDevices ¶ added in v4.2.0
func WithMountAllDevices() CtrCreateOption
WithMountAllDevices sets the option to mount all of a privileged container's host devices
func WithMountNSFrom ¶
func WithMountNSFrom(nsCtr *Container) CtrCreateOption
WithMountNSFrom indicates the the container should join the mount namespace of the given container. If the container has joined a pod, it can only join the namespaces of containers in the same pod.
func WithNamedVolumes ¶
func WithNamedVolumes(volumes []*ContainerNamedVolume) CtrCreateOption
WithNamedVolumes adds the given named volumes to the container.
func WithNetNS ¶
func WithNetNS(portMappings []nettypes.PortMapping, exposedPorts map[uint16][]string, postConfigureNetNS bool, netmode string, networks map[string]nettypes.PerNetworkOptions) CtrCreateOption
WithNetNS indicates that the container should be given a new network namespace with a minimal configuration. An optional array of port mappings can be provided. Conflicts with WithNetNSFrom().
func WithNetNSFrom ¶
func WithNetNSFrom(nsCtr *Container) CtrCreateOption
WithNetNSFrom indicates the the container should join the network namespace of the given container. If the container has joined a pod, it can only join the namespaces of containers in the same pod.
func WithNetworkOptions ¶
func WithNetworkOptions(options map[string][]string) CtrCreateOption
WithNetworkOptions sets additional options for the networks.
func WithNoShm ¶ added in v4.1.0
func WithNoShm(mount bool) CtrCreateOption
WithNOShmMount tells libpod whether to mount /dev/shm
func WithNoShmShare ¶ added in v4.1.0
func WithNoShmShare(share bool) CtrCreateOption
WithNoShmShare tells libpod whether to share containers /dev/shm with other containers
func WithOverlayVolumes ¶
func WithOverlayVolumes(volumes []*ContainerOverlayVolume) CtrCreateOption
WithOverlayVolumes adds the given overlay volumes to the container.
func WithPIDNSFrom ¶
func WithPIDNSFrom(nsCtr *Container) CtrCreateOption
WithPIDNSFrom indicates the the container should join the PID namespace of the given container. If the container has joined a pod, it can only join the namespaces of containers in the same pod.
func WithPasswdEntry ¶ added in v4.1.0
func WithPasswdEntry(passwdEntry string) CtrCreateOption
WithPasswdEntry sets the entry to write to the /etc/passwd file.
func WithPidFile ¶
func WithPidFile(pidFile string) CtrCreateOption
WithPidFile adds pidFile to the container
func WithPreserveFDs ¶
func WithPreserveFDs(fd uint) CtrCreateOption
WithPreserveFDs forwards from the process running Libpod into the container the given number of extra FDs (starting after the standard streams) to the created container
func WithPrivileged ¶
func WithPrivileged(privileged bool) CtrCreateOption
WithPrivileged sets the privileged flag in the container runtime.
func WithRestartPolicy ¶
func WithRestartPolicy(policy string) CtrCreateOption
WithRestartPolicy sets the container's restart policy. Valid values are "no", "on-failure", and "always". The empty string is allowed, and will be equivalent to "no".
func WithRestartRetries ¶
func WithRestartRetries(tries uint) CtrCreateOption
WithRestartRetries sets the number of retries to use when restarting a container with the "on-failure" restart policy. 0 is an allowed value, and indicates infinite retries.
func WithRootFS ¶
func WithRootFS(rootfs string, overlay bool) CtrCreateOption
WithRootFS sets the rootfs for the container. This creates a container from a directory on disk and not an image.
func WithRootFSFromImage ¶
func WithRootFSFromImage(imageID, imageName, rawImageName string) CtrCreateOption
WithRootFSFromImage sets up a fresh root filesystem using the given image. If useImageConfig is specified, image volumes, environment variables, and other configuration from the image will be added to the config. TODO: Replace image name and ID with a libpod.Image struct when that is finished.
func WithSdNotifyMode ¶
func WithSdNotifyMode(mode string) CtrCreateOption
WithSdNotifyMode sets the sd-notify method
func WithSecLabels ¶
func WithSecLabels(labelOpts []string) CtrCreateOption
WithSecLabels sets the labels for SELinux.
func WithSecrets ¶
func WithSecrets(containerSecrets []*ContainerSecret) CtrCreateOption
WithSecrets adds secrets to the container
func WithSelectedPasswordManagement ¶
func WithSelectedPasswordManagement(passwd *bool) CtrCreateOption
WithSelectedPasswordManagement makes it so that the container either does or does not set up /etc/passwd or /etc/group
func WithShmDir ¶
func WithShmDir(dir string) CtrCreateOption
WithShmDir sets the directory that should be mounted on /dev/shm.
func WithShmSize ¶
func WithShmSize(size int64) CtrCreateOption
WithShmSize sets the size of /dev/shm tmpfs mount.
func WithStdin ¶
func WithStdin() CtrCreateOption
WithStdin keeps stdin on the container open to allow interaction.
func WithStopSignal ¶
func WithStopSignal(signal syscall.Signal) CtrCreateOption
WithStopSignal sets the signal that will be sent to stop the container.
func WithStopTimeout ¶
func WithStopTimeout(timeout uint) CtrCreateOption
WithStopTimeout sets the time to after initial stop signal is sent to the container, before sending the kill signal.
func WithStorageOpts ¶
func WithStorageOpts(storageOpts map[string]string) CtrCreateOption
WithStorageOpts sets the devices to check for for CDI configuration.
func WithSystemd ¶
func WithSystemd() CtrCreateOption
WithSystemd turns on systemd mode in the container
func WithTimeout ¶
func WithTimeout(timeout uint) CtrCreateOption
WithTimeout sets the maximum time a container is allowed to run"
func WithTimezone ¶
func WithTimezone(path string) CtrCreateOption
WithTimezone sets the timezone in the container
func WithUTSNSFrom ¶
func WithUTSNSFrom(nsCtr *Container) CtrCreateOption
WithUTSNSFrom indicates the the container should join the UTS namespace of the given container. If the container has joined a pod, it can only join the namespaces of containers in the same pod.
func WithUTSNSFromPod ¶
func WithUTSNSFromPod(p *Pod) CtrCreateOption
WithUTSNSFromPod indicates the the container should join the UTS namespace of its pod
func WithUmask ¶
func WithUmask(umask string) CtrCreateOption
WithUmask sets the umask in the container
func WithUseImageHosts ¶
func WithUseImageHosts() CtrCreateOption
WithUseImageHosts tells the container not to bind-mount /etc/hosts in. This conflicts with WithHosts().
func WithUseImageResolvConf ¶
func WithUseImageResolvConf() CtrCreateOption
WithUseImageResolvConf tells the container not to bind-mount resolv.conf in. This conflicts with other DNS-related options.
func WithUser ¶
func WithUser(user string) CtrCreateOption
WithUser sets the user identity field in configuration. Valid uses [user | user:group | uid | uid:gid | user:gid | uid:group ].
func WithUserNSFrom ¶
func WithUserNSFrom(nsCtr *Container) CtrCreateOption
WithUserNSFrom indicates the the container should join the user namespace of the given container. If the container has joined a pod, it can only join the namespaces of containers in the same pod.
func WithUserVolumes ¶
func WithUserVolumes(volumes []string) CtrCreateOption
WithUserVolumes sets the user-added volumes of the container. These are not added to the container's spec, but will instead be used during commit to populate the volumes of the new image, and to trigger some OCI hooks that are only added if volume mounts are present. Furthermore, they are used in the output of inspect, to filter volumes - only volumes included in this list will be included in the output. Unless explicitly set, committed images will have no volumes. The given volumes slice must not be nil.
func WithVolatile ¶
func WithVolatile() CtrCreateOption
WithVolatile sets the volatile flag for the container storage. The option can potentially cause data loss when used on a container that must survive a machine reboot.
type DBConfig ¶
type DBConfig struct { LibpodRoot string LibpodTmp string StorageRoot string StorageTmp string GraphDriver string VolumePath string }
DBConfig is a set of Libpod runtime configuration settings that are saved in a State when it is first created, and can subsequently be retrieved.
type ExecConfig ¶
type ExecConfig struct { // Command the the command that will be invoked in the exec session. // Must not be empty. Command []string `json:"command"` // Terminal is whether the exec session will allocate a pseudoterminal. Terminal bool `json:"terminal,omitempty"` // AttachStdin is whether the STDIN stream will be forwarded to the exec // session's first process when attaching. Only available if Terminal is // false. AttachStdin bool `json:"attachStdin,omitempty"` // AttachStdout is whether the STDOUT stream will be forwarded to the // exec session's first process when attaching. Only available if // Terminal is false. AttachStdout bool `json:"attachStdout,omitempty"` // AttachStderr is whether the STDERR stream will be forwarded to the // exec session's first process when attaching. Only available if // Terminal is false. AttachStderr bool `json:"attachStderr,omitempty"` // DetachKeys are keys that will be used to detach from the exec // session. Here, nil will use the default detach keys, where a pointer // to the empty string ("") will disable detaching via detach keys. DetachKeys *string `json:"detachKeys,omitempty"` // Environment is a set of environment variables that will be set for // the first process started by the exec session. Environment map[string]string `json:"environment,omitempty"` // Privileged is whether the exec session will be privileged - that is, // will be granted additional capabilities. Privileged bool `json:"privileged,omitempty"` // User is the user the exec session will be run as. // If set to "" the exec session will be started as the same user the // container was started as. User string `json:"user,omitempty"` // WorkDir is the working directory for the first process that will be // launched by the exec session. // If set to "" the exec session will be started in / within the // container. WorkDir string `json:"workDir,omitempty"` // PreserveFDs indicates that a number of extra FDs from the process // running libpod will be passed into the container. These are assumed // to begin at 3 (immediately after the standard streams). The number // given is the number that will be passed into the exec session, // starting at 3. PreserveFDs uint `json:"preserveFds,omitempty"` // ExitCommand is the exec session's exit command. // This command will be executed when the exec session exits. // If unset, no command will be executed. // Two arguments will be appended to the exit command by Libpod: // The ID of the exec session, and the ID of the container the exec // session is a part of (in that order). ExitCommand []string `json:"exitCommand,omitempty"` // ExitCommandDelay is a delay (in seconds) between the container // exiting, and the exit command being executed. If set to 0, there is // no delay. If set, ExitCommand must also be set. ExitCommandDelay uint `json:"exitCommandDelay,omitempty"` }
ExecConfig contains the configuration of an exec session
type ExecOptions ¶
type ExecOptions struct { // Cmd is the command to execute. Cmd []string // Env is a set of environment variables to add to the container. Env map[string]string // Terminal is whether to create a new TTY for the exec session. Terminal bool // Cwd is the working directory for the executed command. If unset, the // working directory of the container will be used. Cwd string // User is the user the command will be executed as. If unset, the user // the container was run as will be used. User string // Streams are the streams that will be attached to the container. Streams *define.AttachStreams // PreserveFDs is a number of additional file descriptors (in addition // to 0, 1, 2) that will be passed to the executed process. The total FDs // passed will be 3 + PreserveFDs. PreserveFDs uint // DetachKeys is a set of keys that, when pressed in sequence, will // detach from the container. // If not provided, the default keys will be used. // If provided but set to "", detaching from the container will be // disabled. DetachKeys *string // ExitCommand is a command that will be run after the exec session // exits. ExitCommand []string // ExitCommandDelay is a delay (in seconds) between the exec session // exiting, and the exit command being invoked. ExitCommandDelay uint // Privileged indicates the execed process will be launched in Privileged mode Privileged bool }
ExecOptions are options passed into ExecContainer. They control the command that will be executed and how the exec will proceed.
type ExecSession ¶
type ExecSession struct { // Id is the ID of the exec session. // Named somewhat strangely to not conflict with ID(). //nolint:stylecheck,revive Id string `json:"id"` // ContainerId is the ID of the container this exec session belongs to. // Named somewhat strangely to not conflict with ContainerID(). //nolint:stylecheck,revive ContainerId string `json:"containerId"` // State is the state of the exec session. State define.ContainerExecStatus `json:"state"` // PID is the PID of the process created by the exec session. PID int `json:"pid,omitempty"` // ExitCode is the exit code of the exec session, if it has exited. ExitCode int `json:"exitCode,omitempty"` // Config is the configuration of this exec session. // Cannot be empty. Config *ExecConfig `json:"config"` }
ExecSession contains information on a single exec session attached to a given container.
func (*ExecSession) ContainerID ¶
func (e *ExecSession) ContainerID() string
ContainerID returns the ID of the container this exec session was started in.
func (*ExecSession) Inspect ¶
func (e *ExecSession) Inspect() (*define.InspectExecSession, error)
Inspect inspects the given exec session and produces detailed output on its configuration and current state.
type HTTPAttachStreams ¶
HTTPAttachStreams informs the HTTPAttach endpoint which of the container's standard streams should be streamed to the client. If this is passed, at least one of the streams must be set to true.
type InfraInherit ¶
type InfraInherit struct { ApparmorProfile string `json:"apparmor_profile,omitempty"` CapAdd []string `json:"cap_add,omitempty"` CapDrop []string `json:"cap_drop,omitempty"` HostDeviceList []spec.LinuxDevice `json:"host_device_list,omitempty"` ImageVolumes []*specgen.ImageVolume `json:"image_volumes,omitempty"` Mounts []spec.Mount `json:"mounts,omitempty"` NoNewPrivileges bool `json:"no_new_privileges,omitempty"` OverlayVolumes []*specgen.OverlayVolume `json:"overlay_volumes,omitempty"` SeccompPolicy string `json:"seccomp_policy,omitempty"` SeccompProfilePath string `json:"seccomp_profile_path,omitempty"` SelinuxOpts []string `json:"selinux_opts,omitempty"` Volumes []*specgen.NamedVolume `json:"volumes,omitempty"` ShmSize *int64 `json:"shm_size"` }
InfraInherit contains the compatible options inheritable from the infra container
func (*InfraInherit) IsDefaultShmSize ¶ added in v4.2.0
func (inherit *InfraInherit) IsDefaultShmSize() bool
IsDefaultShmSize determines if the user actually set the shm in the parent ctr or if it has been set to the default size
type LinuxNS ¶
type LinuxNS int
LinuxNS represents a Linux namespace
const ( // InvalidNS is an invalid namespace InvalidNS LinuxNS = iota // IPCNS is the IPC namespace IPCNS LinuxNS = iota // MountNS is the mount namespace MountNS LinuxNS = iota // NetNS is the network namespace NetNS LinuxNS = iota // PIDNS is the PID namespace PIDNS LinuxNS = iota // UserNS is the user namespace UserNS LinuxNS = iota // UTSNS is the UTS namespace UTSNS LinuxNS = iota // CgroupNS is the Cgroup namespace CgroupNS LinuxNS = iota )
type MissingRuntime ¶
type MissingRuntime struct {
// contains filtered or unexported fields
}
MissingRuntime is used when the OCI runtime requested by the container is missing (not installed or not in the configuration file).
func (*MissingRuntime) Attach ¶ added in v4.1.1
func (r *MissingRuntime) Attach(ctr *Container, params *AttachOptions) error
Attach is not available as the runtime is missing
func (*MissingRuntime) AttachResize ¶
func (r *MissingRuntime) AttachResize(ctr *Container, newSize resize.TerminalSize) error
AttachResize is not available as the runtime is missing
func (*MissingRuntime) AttachSocketPath ¶
func (r *MissingRuntime) AttachSocketPath(ctr *Container) (string, error)
AttachSocketPath does not work as there is no runtime to attach to. (Theoretically we could follow ExitFilePath but there is no guarantee the container is running and thus has an attach socket...)
func (*MissingRuntime) CheckConmonRunning ¶
func (r *MissingRuntime) CheckConmonRunning(ctr *Container) (bool, error)
CheckConmonRunning is not available as the runtime is missing
func (*MissingRuntime) CheckpointContainer ¶
func (r *MissingRuntime) CheckpointContainer(ctr *Container, options ContainerCheckpointOptions) (int64, error)
CheckpointContainer is not available as the runtime is missing
func (*MissingRuntime) CreateContainer ¶
func (r *MissingRuntime) CreateContainer(ctr *Container, restoreOptions *ContainerCheckpointOptions) (int64, error)
CreateContainer is not available as the runtime is missing
func (*MissingRuntime) DeleteContainer ¶
func (r *MissingRuntime) DeleteContainer(ctr *Container) error
DeleteContainer is not available as the runtime is missing
func (*MissingRuntime) ExecAttachResize ¶
func (r *MissingRuntime) ExecAttachResize(ctr *Container, sessionID string, newSize resize.TerminalSize) error
ExecAttachResize is not available as the runtime is missing.
func (*MissingRuntime) ExecAttachSocketPath ¶
func (r *MissingRuntime) ExecAttachSocketPath(ctr *Container, sessionID string) (string, error)
ExecAttachSocketPath does not work as there is no runtime to attach to. (Again, we could follow ExitFilePath, but no guarantee there is an existing and running exec session)
func (*MissingRuntime) ExecContainer ¶
func (r *MissingRuntime) ExecContainer(ctr *Container, sessionID string, options *ExecOptions, streams *define.AttachStreams, newSize *resize.TerminalSize) (int, chan error, error)
ExecContainer is not available as the runtime is missing
func (*MissingRuntime) ExecContainerDetached ¶
func (r *MissingRuntime) ExecContainerDetached(ctr *Container, sessionID string, options *ExecOptions, stdin bool) (int, error)
ExecContainerDetached is not available as the runtime is missing
func (*MissingRuntime) ExecContainerHTTP ¶
func (r *MissingRuntime) ExecContainerHTTP(ctr *Container, sessionID string, options *ExecOptions, req *http.Request, w http.ResponseWriter, streams *HTTPAttachStreams, cancel <-chan bool, hijackDone chan<- bool, holdConnOpen <-chan bool, newSize *resize.TerminalSize) (int, chan error, error)
ExecContainerHTTP is not available as the runtime is missing
func (*MissingRuntime) ExecStopContainer ¶
func (r *MissingRuntime) ExecStopContainer(ctr *Container, sessionID string, timeout uint) error
ExecStopContainer is not available as the runtime is missing. TODO: We can also investigate using unix.Kill() on the PID of the exec session here if we want to make stopping containers possible. Won't be perfect, though.
func (*MissingRuntime) ExecUpdateStatus ¶
func (r *MissingRuntime) ExecUpdateStatus(ctr *Container, sessionID string) (bool, error)
ExecUpdateStatus is not available as the runtime is missing.
func (*MissingRuntime) ExitFilePath ¶
func (r *MissingRuntime) ExitFilePath(ctr *Container) (string, error)
ExitFilePath returns the exit file path for containers. Here, we mimic what ConmonOCIRuntime does, because there is a chance that the container in question is still running happily (config file modified to remove a runtime, for example). We can't find the runtime to do anything to the container, but Conmon should still place an exit file for it.
func (*MissingRuntime) HTTPAttach ¶
func (r *MissingRuntime) HTTPAttach(ctr *Container, req *http.Request, w http.ResponseWriter, streams *HTTPAttachStreams, detachKeys *string, cancel <-chan bool, hijackDone chan<- bool, streamAttach, streamLogs bool) error
HTTPAttach is not available as the runtime is missing
func (*MissingRuntime) KillContainer ¶
func (r *MissingRuntime) KillContainer(ctr *Container, signal uint, all bool) error
KillContainer is not available as the runtime is missing TODO: We could attempt to unix.Kill() the PID as recorded in the state if we really want to smooth things out? Won't be perfect, but if the container has a PID namespace it could be enough?
func (*MissingRuntime) Name ¶
func (r *MissingRuntime) Name() string
Name is the name of the missing runtime
func (*MissingRuntime) Path ¶
func (r *MissingRuntime) Path() string
Path is not available as the runtime is missing
func (*MissingRuntime) PauseContainer ¶
func (r *MissingRuntime) PauseContainer(ctr *Container) error
PauseContainer is not available as the runtime is missing
func (*MissingRuntime) RuntimeInfo ¶
func (r *MissingRuntime) RuntimeInfo() (*define.ConmonInfo, *define.OCIRuntimeInfo, error)
RuntimeInfo returns information on the missing runtime
func (*MissingRuntime) StartContainer ¶
func (r *MissingRuntime) StartContainer(ctr *Container) error
StartContainer is not available as the runtime is missing
func (*MissingRuntime) StopContainer ¶
func (r *MissingRuntime) StopContainer(ctr *Container, timeout uint, all bool) error
StopContainer is not available as the runtime is missing
func (*MissingRuntime) SupportsCheckpoint ¶
func (r *MissingRuntime) SupportsCheckpoint() bool
SupportsCheckpoint returns false as checkpointing requires a working runtime
func (*MissingRuntime) SupportsJSONErrors ¶
func (r *MissingRuntime) SupportsJSONErrors() bool
SupportsJSONErrors returns false as there is no runtime to give errors
func (*MissingRuntime) SupportsKVM ¶
func (r *MissingRuntime) SupportsKVM() bool
SupportsKVM checks if the OCI runtime supports running containers without KVM separation
func (*MissingRuntime) SupportsNoCgroups ¶
func (r *MissingRuntime) SupportsNoCgroups() bool
SupportsNoCgroups returns false as there is no runtime to create containers
func (*MissingRuntime) UnpauseContainer ¶
func (r *MissingRuntime) UnpauseContainer(ctr *Container) error
UnpauseContainer is not available as the runtime is missing
func (*MissingRuntime) UpdateContainerStatus ¶
func (r *MissingRuntime) UpdateContainerStatus(ctr *Container) error
UpdateContainerStatus is not available as the runtime is missing
type OCIRuntime ¶
type OCIRuntime interface { // Name returns the name of the runtime. Name() string // Path returns the path to the runtime executable. Path() string // CreateContainer creates the container in the OCI runtime. // The returned int64 contains the microseconds needed to restore // the given container if it is a restore and if restoreOptions.PrintStats // is true. In all other cases the returned int64 is 0. CreateContainer(ctr *Container, restoreOptions *ContainerCheckpointOptions) (int64, error) // UpdateContainerStatus updates the status of the given container. UpdateContainerStatus(ctr *Container) error // StartContainer starts the given container. StartContainer(ctr *Container) error // KillContainer sends the given signal to the given container. // If all is set, all processes in the container will be signalled; // otherwise, only init will be signalled. KillContainer(ctr *Container, signal uint, all bool) error // StopContainer stops the given container. // The container's stop signal (or SIGTERM if unspecified) will be sent // first. // After the given timeout, SIGKILL will be sent. // If the given timeout is 0, SIGKILL will be sent immediately, and the // stop signal will be omitted. // If all is set, we will attempt to use the --all flag will `kill` in // the OCI runtime to kill all processes in the container, including // exec sessions. This is only supported if the container has cgroups. StopContainer(ctr *Container, timeout uint, all bool) error // DeleteContainer deletes the given container from the OCI runtime. DeleteContainer(ctr *Container) error // PauseContainer pauses the given container. PauseContainer(ctr *Container) error // UnpauseContainer unpauses the given container. UnpauseContainer(ctr *Container) error // Attach to a container. Attach(ctr *Container, params *AttachOptions) error // HTTPAttach performs an attach intended to be transported over HTTP. // For terminal attach, the container's output will be directly streamed // to output; otherwise, STDOUT and STDERR will be multiplexed, with // a header prepended as follows: 1-byte STREAM (0, 1, 2 for STDIN, // STDOUT, STDERR), 3 null (0x00) bytes, 4-byte big endian length. // If a cancel channel is provided, it can be used to asynchronously // terminate the attach session. Detach keys, if given, will also cause // the attach session to be terminated if provided via the STDIN // channel. If they are not provided, the default detach keys will be // used instead. Detach keys of "" will disable detaching via keyboard. // The streams parameter will determine which streams to forward to the // client. HTTPAttach(ctr *Container, r *http.Request, w http.ResponseWriter, streams *HTTPAttachStreams, detachKeys *string, cancel <-chan bool, hijackDone chan<- bool, streamAttach, streamLogs bool) error // AttachResize resizes the terminal in use by the given container. AttachResize(ctr *Container, newSize resize.TerminalSize) error // ExecContainer executes a command in a running container. // Returns an int (PID of exec session), error channel (errors from // attach), and error (errors that occurred attempting to start the exec // session). This returns once the exec session is running - not once it // has completed, as one might expect. The attach session will remain // running, in a goroutine that will return via the chan error in the // return signature. // newSize resizes the tty to this size before the process is started, must be nil if the exec session has no tty ExecContainer(ctr *Container, sessionID string, options *ExecOptions, streams *define.AttachStreams, newSize *resize.TerminalSize) (int, chan error, error) // ExecContainerHTTP executes a command in a running container and // attaches its standard streams to a provided hijacked HTTP session. // Maintains the same invariants as ExecContainer (returns on session // start, with a goroutine running in the background to handle attach). // The HTTP attach itself maintains the same invariants as HTTPAttach. // newSize resizes the tty to this size before the process is started, must be nil if the exec session has no tty ExecContainerHTTP(ctr *Container, sessionID string, options *ExecOptions, r *http.Request, w http.ResponseWriter, streams *HTTPAttachStreams, cancel <-chan bool, hijackDone chan<- bool, holdConnOpen <-chan bool, newSize *resize.TerminalSize) (int, chan error, error) // ExecContainerDetached executes a command in a running container, but // does not attach to it. Returns the PID of the exec session and an // error (if starting the exec session failed) ExecContainerDetached(ctr *Container, sessionID string, options *ExecOptions, stdin bool) (int, error) // ExecAttachResize resizes the terminal of a running exec session. Only // allowed with sessions that were created with a TTY. ExecAttachResize(ctr *Container, sessionID string, newSize resize.TerminalSize) error // ExecStopContainer stops a given exec session in a running container. // SIGTERM with be sent initially, then SIGKILL after the given timeout. // If timeout is 0, SIGKILL will be sent immediately, and SIGTERM will // be omitted. ExecStopContainer(ctr *Container, sessionID string, timeout uint) error // ExecUpdateStatus checks the status of a given exec session. // Returns true if the session is still running, or false if it exited. ExecUpdateStatus(ctr *Container, sessionID string) (bool, error) // CheckpointContainer checkpoints the given container. // Some OCI runtimes may not support this - if SupportsCheckpoint() // returns false, this is not implemented, and will always return an // error. If CheckpointOptions.PrintStats is true the first return parameter // contains the number of microseconds the runtime needed to checkpoint // the given container. CheckpointContainer(ctr *Container, options ContainerCheckpointOptions) (int64, error) // CheckConmonRunning verifies that the given container's Conmon // instance is still running. Runtimes without Conmon, or systems where // the PID of conmon is not available, should mock this as True. // True indicates that Conmon for the instance is running, False // indicates it is not. CheckConmonRunning(ctr *Container) (bool, error) // SupportsCheckpoint returns whether this OCI runtime // implementation supports the CheckpointContainer() operation. SupportsCheckpoint() bool // SupportsJSONErrors is whether the runtime can return JSON-formatted // error messages. SupportsJSONErrors() bool // SupportsNoCgroups is whether the runtime supports running containers // without cgroups. SupportsNoCgroups() bool // SupportsKVM os whether the OCI runtime supports running containers // without KVM separation SupportsKVM() bool // AttachSocketPath is the path to the socket to attach to a given // container. // TODO: If we move Attach code in here, this should be made internal. // We don't want to force all runtimes to share the same attach // implementation. AttachSocketPath(ctr *Container) (string, error) // ExecAttachSocketPath is the path to the socket to attach to a given // exec session in the given container. // TODO: Probably should be made internal. ExecAttachSocketPath(ctr *Container, sessionID string) (string, error) // ExitFilePath is the path to a container's exit file. // All runtime implementations must create an exit file when containers // exit, containing the exit code of the container (as a string). // This is the path to that file for a given container. ExitFilePath(ctr *Container) (string, error) // RuntimeInfo returns verbose information about the runtime. RuntimeInfo() (*define.ConmonInfo, *define.OCIRuntimeInfo, error) }
OCIRuntime is an implementation of an OCI runtime. The OCI runtime implementation is expected to be a fairly thin wrapper around the actual runtime, and is not expected to include things like state management logic - e.g., we do not expect it to determine on its own that calling 'UnpauseContainer()' on a container that is not paused is an error. The code calling the OCIRuntime will manage this. TODO: May want to move the conmon cleanup code here - it depends on Conmon being in use.
type Pod ¶
type Pod struct {
// contains filtered or unexported fields
}
Pod represents a group of containers that are managed together. Any operations on a Pod that access state must begin with a call to updatePod(). There is no guarantee that state exists in a readable state before this call, and even if it does its contents will be out of date and must be refreshed from the database. Generally, this requirement applies only to top-level functions; helpers can assume their callers handled this requirement. Generally speaking, if a function takes the pod lock and accesses any part of state, it should updatePod() immediately after locking. Pod represents a group of containers that may share namespaces
func (*Pod) AllContainers ¶
AllContainers retrieves the containers in the pod
func (*Pod) AllContainersByID ¶
AllContainersByID returns the container IDs of all the containers in the pod
func (*Pod) CgroupParent ¶
CgroupParent returns the pod's Cgroup parent
func (*Pod) CgroupPath ¶
CgroupPath returns the path to the pod's Cgroup
func (*Pod) Cleanup ¶
Cleanup cleans up all containers within a pod that have stopped. All containers are cleaned up independently. An error with one container will not prevent other containers being cleaned up. An error and a map[string]error are returned. If the error is not nil and the map is nil, an error was encountered before any containers were cleaned up. If map is not nil, an error was encountered when working on one or more containers. The container ID is mapped to the error encountered. The error is set to ErrPodPartialFail. If both error and the map are nil, all containers were paused without error
func (*Pod) CreateCommand ¶
CreateCommand returns the os.Args of the process with which the pod has been created.
func (*Pod) CreatedTime ¶
CreatedTime gets the time when the pod was created
func (*Pod) GenerateForKube ¶
GenerateForKube takes a slice of libpod containers and generates one v1.Pod description
func (*Pod) GetPodPidInformation ¶
GetPodPidInformation returns process-related data of all processes in the pod. The output data can be controlled via the `descriptors` argument which expects format descriptors and supports all AIXformat descriptors of ps (1) plus some additional ones to for instance inspect the set of effective capabilities. Each element in the returned string slice is a tab-separated string.
For more details, please refer to github.com/containers/psgo.
func (*Pod) GetPodStats ¶
func (p *Pod) GetPodStats(previousContainerStats map[string]*define.ContainerStats) (map[string]*define.ContainerStats, error)
GetPodStats returns the stats for each of its containers
func (*Pod) GetPodStatus ¶
GetPodStatus determines the status of the pod based on the statuses of the containers in the pod. Returns a string representation of the pod status
func (*Pod) HasContainer ¶
HasContainer checks if a container is present in the pod
func (*Pod) HasInfraContainer ¶
HasInfraContainer returns whether the pod will create an infra container
func (*Pod) InfraContainer ¶
InfraContainer returns the infra container.
func (*Pod) InfraContainerID ¶
InfraContainerID returns the infra container ID for a pod. If the container returned is "", the pod has no infra container.
func (*Pod) Inspect ¶
func (p *Pod) Inspect() (*define.InspectPodData, error)
Inspect returns a PodInspect struct to describe the pod.
func (*Pod) Kill ¶
Kill sends a signal to all running containers within a pod. Signals will only be sent to running containers. Containers that are not running will be ignored. All signals are sent independently, and sending will continue even if some containers encounter errors. An error and a map[string]error are returned. If the error is not nil and the map is nil, an error was encountered before any containers were signalled. If map is not nil, an error was encountered when signalling one or more containers. The container ID is mapped to the error encountered. The error is set to ErrPodPartialFail. If both error and the map are nil, all containers were signalled successfully.
func (*Pod) MemoryLimit ¶ added in v4.2.0
MemoryLimit returns the pod Memory Limit
func (*Pod) Namespace ¶
Namespace returns the pod's libpod namespace. Namespaces are used to logically separate containers and pods in the state.
func (*Pod) NamespaceMode ¶ added in v4.1.1
Namespace Mode returns the given NS mode provided by the user ex: host, private...
func (*Pod) NetworkMode ¶ added in v4.1.0
NetworkMode returns the Network mode given by the user ex: pod, private...
func (*Pod) Pause ¶
Pause pauses all containers within a pod that are running. Only running containers will be paused. Paused, stopped, or created containers will be ignored. All containers are paused independently. An error pausing one container will not prevent other containers being paused. An error and a map[string]error are returned. If the error is not nil and the map is nil, an error was encountered before any containers were paused. If map is not nil, an error was encountered when pausing one or more containers. The container ID is mapped to the error encountered. The error is set to ErrPodPartialFail. If both error and the map are nil, all containers were paused without error
func (*Pod) ProcessLabel ¶
ProcessLabel returns the SELinux label associated with the pod
func (*Pod) ResourceLim ¶
func (p *Pod) ResourceLim() *specs.LinuxResources
ResourceLim returns the cpuset resource limits for the pod
func (*Pod) Restart ¶
Restart restarts all containers within a pod that are not paused or in an error state. It combines the effects of Stop() and Start() on a container Each container will use its own stop timeout. All containers are started independently, in order dictated by their dependencies. An error restarting one container will not prevent other containers being restarted. An error and a map[string]error are returned. If the error is not nil and the map is nil, an error was encountered before any containers were restarted. If map is not nil, an error was encountered when restarting one or more containers. The container ID is mapped to the error encountered. The error is set to ErrPodPartialFail. If both error and the map are nil, all containers were restarted without error.
func (*Pod) ServiceContainer ¶ added in v4.2.0
ServiceContainer returns the service container.
func (*Pod) SharesCgroup ¶
SharesCgroup returns whether containers in the pod will default to this pod's cgroup instead of the default libpod parent
func (*Pod) SharesIPC ¶
SharesIPC returns whether containers in pod default to use IPC namespace of first container in pod
func (*Pod) SharesMount ¶
SharesMount returns whether containers in pod default to use PID namespace of first container in pod
func (*Pod) SharesNamespaces ¶
SharesNamespaces checks if the pod has any kernel namespaces set as shared. An infra container will not be created if no kernel namespaces are shared.
func (*Pod) SharesNet ¶
SharesNet returns whether containers in pod default to use network namespace of first container in pod
func (*Pod) SharesPID ¶
SharesPID returns whether containers in pod default to use PID namespace of first container in pod
func (*Pod) SharesUTS ¶
SharesUTS returns whether containers in pod default to use UTS namespace of first container in pod
func (*Pod) SharesUser ¶
SharesUser returns whether containers in pod default to use user namespace of first container in pod
func (*Pod) Start ¶
Start starts all containers within a pod. It combines the effects of Init() and Start() on a container. If a container has already been initialized it will be started, otherwise it will be initialized then started. Containers that are already running or have been paused are ignored All containers are started independently, in order dictated by their dependencies. An error and a map[string]error are returned. If the error is not nil and the map is nil, an error was encountered before any containers were started. If map is not nil, an error was encountered when starting one or more containers. The container ID is mapped to the error encountered. The error is set to ErrPodPartialFail. If both error and the map are nil, all containers were started successfully.
func (*Pod) Status ¶
func (p *Pod) Status() (map[string]define.ContainerStatus, error)
Status gets the status of all containers in the pod. Returns a map of Container ID to Container Status.
func (*Pod) Stop ¶
Stop stops all containers within a pod without a timeout. It assumes -1 for a timeout.
func (*Pod) StopWithTimeout ¶
func (p *Pod) StopWithTimeout(ctx context.Context, cleanup bool, timeout int) (map[string]error, error)
StopWithTimeout stops all containers within a pod that are not already stopped Each container will use its own stop timeout. Only running containers will be stopped. Paused, stopped, or created containers will be ignored. If cleanup is true, mounts and network namespaces will be cleaned up after the container is stopped. All containers are stopped independently. An error stopping one container will not prevent other containers being stopped. An error and a map[string]error are returned. If the error is not nil and the map is nil, an error was encountered before any containers were stopped. If map is not nil, an error was encountered when stopping one or more containers. The container ID is mapped to the error encountered. The error is set to ErrPodPartialFail. If both error and the map are nil, all containers were stopped without error.
func (*Pod) Unpause ¶
Unpause unpauses all containers within a pod that are running. Only paused containers will be unpaused. Running, stopped, or created containers will be ignored. All containers are unpaused independently. An error unpausing one container will not prevent other containers being unpaused. An error and a map[string]error are returned. If the error is not nil and the map is nil, an error was encountered before any containers were unpaused. If map is not nil, an error was encountered when unpausing one or more containers. The container ID is mapped to the error encountered. The error is set to ErrPodPartialFail. If both error and the map are nil, all containers were unpaused without error.
type PodConfig ¶
type PodConfig struct { ID string `json:"id"` Name string `json:"name"` // Namespace the pod is in Namespace string `json:"namespace,omitempty"` Hostname string `json:"hostname,omitempty"` // Labels contains labels applied to the pod Labels map[string]string `json:"labels"` // CgroupParent contains the pod's Cgroup parent CgroupParent string `json:"cgroupParent"` // UsePodCgroup indicates whether the pod will create its own Cgroup and // join containers to it. // If true, all containers joined to the pod will use the pod cgroup as // their cgroup parent, and cannot set a different cgroup parent UsePodCgroup bool `json:"sharesCgroup,omitempty"` // The following UsePod{kernelNamespace} indicate whether the containers // in the pod will inherit the namespace from the first container in the pod. UsePodPID bool `json:"sharesPid,omitempty"` UsePodIPC bool `json:"sharesIpc,omitempty"` UsePodNet bool `json:"sharesNet,omitempty"` UsePodMount bool `json:"sharesMnt,omitempty"` UsePodUser bool `json:"sharesUser,omitempty"` UsePodUTS bool `json:"sharesUts,omitempty"` UsePodCgroupNS bool `json:"sharesCgroupNS,omitempty"` HasInfra bool `json:"hasInfra,omitempty"` // ServiceContainerID is the main container of a service. A service // consists of one or more pods. The service container is started // before all pods and is stopped when the last pod stops. // The service container allows for tracking and managing the entire // life cycle of service which may be started via `podman-play-kube`. ServiceContainerID string `json:"serviceContainerID,omitempty"` // Time pod was created CreatedTime time.Time `json:"created"` // CreateCommand is the full command plus arguments of the process the // container has been created with. CreateCommand []string `json:"CreateCommand,omitempty"` // The pod's exit policy. ExitPolicy config.PodExitPolicy `json:"ExitPolicy,omitempty"` // ID of the pod's lock LockID uint32 `json:"lockID"` }
PodConfig represents a pod's static configuration
type PodContainerStats ¶
type PodContainerStats struct { Pod *Pod ContainerStats map[string]*define.ContainerStats }
PodContainerStats is an organization struct for pods and their containers
type PodCreateOption ¶
A PodCreateOption is a functional option which alters the Pod created by NewPod
func WithInfraConmonPidFile ¶
func WithInfraConmonPidFile(path string, infraSpec *specgen.SpecGenerator) PodCreateOption
WithInfraConmonPidFile sets the path to a custom conmon PID file for the infra container.
func WithInfraContainer ¶
func WithInfraContainer() PodCreateOption
WithInfraContainer tells the pod to create a pause container
func WithPodCgroup ¶
func WithPodCgroup() PodCreateOption
WithPodCgroup tells containers in this pod to use the cgroup namespace created for this pod. Containers in a pod will inherit the kernel namespaces from the first container added.
func WithPodCgroupParent ¶
func WithPodCgroupParent(path string) PodCreateOption
WithPodCgroupParent sets the Cgroup Parent of the pod.
func WithPodCreateCommand ¶
func WithPodCreateCommand(createCmd []string) PodCreateOption
WithPodCreateCommand adds the full command plus arguments of the current process to the pod config.
func WithPodExitPolicy ¶ added in v4.2.0
func WithPodExitPolicy(policy string) PodCreateOption
WithPodExitPolicy sets the exit policy of the pod.
func WithPodHostname ¶
func WithPodHostname(hostname string) PodCreateOption
WithPodHostname sets the hostname of the pod.
func WithPodIPC ¶
func WithPodIPC() PodCreateOption
WithPodIPC tells containers in this pod to use the ipc namespace created for this pod. Containers in a pod will inherit the kernel namespaces from the first container added.
func WithPodLabels ¶
func WithPodLabels(labels map[string]string) PodCreateOption
WithPodLabels sets the labels of a pod.
func WithPodMount ¶
func WithPodMount() PodCreateOption
WithPodMount tells containers in this pod to use the mount namespace created for this pod. Containers in a pod will inherit the kernel namespaces from the first container added. TODO implement WithMountNSFrom, so WithMountNsFromPod functions properly Then this option can be added on the pod level
func WithPodName ¶
func WithPodName(name string) PodCreateOption
WithPodName sets the name of the pod.
func WithPodNamespace ¶
func WithPodNamespace(ns string) PodCreateOption
WithPodNamespace sets the namespace for the created pod. Namespaces are used to create separate views of Podman's state - runtimes can join a specific namespace and see only containers and pods in that namespace. Empty string namespaces are allowed, and correspond to a lack of namespace. Containers must belong to the same namespace as the pod they join.
func WithPodNet ¶
func WithPodNet() PodCreateOption
WithPodNet tells containers in this pod to use the network namespace created for this pod. Containers in a pod will inherit the kernel namespaces from the first container added.
func WithPodPID ¶
func WithPodPID() PodCreateOption
WithPodPID tells containers in this pod to use the pid namespace created for this pod. Containers in a pod will inherit the kernel namespaces from the first container added.
func WithPodParent ¶
func WithPodParent() PodCreateOption
WithPodCgroups tells containers in this pod to use the cgroup created for this pod. This can still be overridden at the container level by explicitly specifying a Cgroup parent.
func WithPodUTS ¶
func WithPodUTS() PodCreateOption
WithPodUTS tells containers in this pod to use the uts namespace created for this pod. Containers in a pod will inherit the kernel namespaces from the first container added.
func WithPodUser ¶
func WithPodUser() PodCreateOption
WithPodUser tells containers in this pod to use the user namespace created for this pod. Containers in a pod will inherit the kernel namespaces from the first container added. TODO implement WithUserNSFrom, so WithUserNsFromPod functions properly Then this option can be added on the pod level
func WithServiceContainer ¶ added in v4.2.0
func WithServiceContainer(id string) PodCreateOption
WithServiceContainer associates the specified service container ID with the pod.
type PodFilter ¶
PodFilter is a function to determine whether a pod is included in command output. Pods to be outputted are tested using the function. A true return will include the pod, a false return will exclude it.
type RootlessNetNS ¶
func (*RootlessNetNS) Cleanup ¶
func (r *RootlessNetNS) Cleanup(runtime *Runtime) error
Clean up the rootless network namespace if needed. It checks if we have running containers with the bridge network mode. Cleanup() expects that r.Lock is locked
func (*RootlessNetNS) Do ¶
func (r *RootlessNetNS) Do(toRun func() error) error
Do - run the given function in the rootless netns. It does not lock the rootlessCNI lock, the caller should only lock when needed, e.g. for cni operations.
type Runtime ¶
type Runtime struct {
// contains filtered or unexported fields
}
Runtime is the core libpod runtime
func NewRuntime ¶
func NewRuntime(ctx context.Context, options ...RuntimeOption) (*Runtime, error)
NewRuntime creates a new container runtime Options can be passed to override the default configuration for the runtime
func NewRuntimeFromConfig ¶
func NewRuntimeFromConfig(ctx context.Context, userConfig *config.Config, options ...RuntimeOption) (*Runtime, error)
NewRuntimeFromConfig creates a new container runtime using the given configuration file for its default configuration. Passed RuntimeOption functions can be used to mutate this configuration further. An error will be returned if the configuration file at the given path does not exist or cannot be loaded
func (*Runtime) Build ¶
func (r *Runtime) Build(ctx context.Context, options buildahDefine.BuildOptions, dockerfiles ...string) (string, reference.Canonical, error)
Build adds the runtime to the imagebuildah call
func (*Runtime) ConnectContainerToNetwork ¶
func (r *Runtime) ConnectContainerToNetwork(nameOrID, netName string, netOpts types.PerNetworkOptions) error
ConnectContainerToNetwork connects a container to a CNI network
func (*Runtime) DefaultOCIRuntime ¶
func (r *Runtime) DefaultOCIRuntime() OCIRuntime
DefaultOCIRuntime return copy of Default OCI Runtime
func (*Runtime) DeferredShutdown ¶
DeferredShutdown shuts down the runtime without exposing any errors. This is only meant to be used when the runtime is being shutdown within a defer statement; else use Shutdown
func (*Runtime) DisconnectContainerFromNetwork ¶
DisconnectContainerFromNetwork removes a container from its CNI network
func (*Runtime) EnableLabeling ¶
func (*Runtime) Events ¶
Events is a wrapper function for everyone to begin tailing the events log with options
func (*Runtime) EvictContainer ¶
func (r *Runtime) EvictContainer(ctx context.Context, idOrName string, removeVolume bool) (string, error)
EvictContainer removes the given container partial or full ID or name, and returns the full ID of the evicted container and any error encountered. It should be used to remove a container when obtaining a Container struct pointer has failed. Running container will not be stopped. If removeVolume is specified, named volumes used by the container will be removed also if and only if the container is the sole user.
func (*Runtime) GetAllContainers ¶
GetAllContainers is a helper function for GetContainers
func (*Runtime) GetAllPods ¶
GetAllPods retrieves all pods
func (*Runtime) GetAllVolumes ¶
GetAllVolumes retrieves all the volumes
func (*Runtime) GetConfig ¶
GetConfig returns a copy of the configuration used by the runtime. Please use GetConfigNoCopy() in case you only want to read from but not write to the returned config.
func (*Runtime) GetConfigNoCopy ¶
GetConfig returns the configuration used by the runtime. Note that the returned value is not a copy and must hence only be used in a reading fashion.
func (*Runtime) GetContainer ¶
GetContainer retrieves a container by its ID
func (*Runtime) GetContainers ¶
func (r *Runtime) GetContainers(filters ...ContainerFilter) ([]*Container, error)
GetContainers retrieves all containers from the state Filters can be provided which will determine what containers are included in the output. Multiple filters are handled by ANDing their output, so only containers matching all filters are returned
func (*Runtime) GetContainersByList ¶
GetContainersByList is a helper function for GetContainers which takes a []string of container IDs or names
func (*Runtime) GetDefaultNetworkName ¶
GetDefaultNetworkName returns the network interface which is used by the runtime
func (*Runtime) GetDiff ¶
GetDiff returns the differences between the two images, layers, or containers
func (*Runtime) GetExecDiedEvent ¶
func (r *Runtime) GetExecDiedEvent(ctx context.Context, nameOrID, execSessionID string) (*events.Event, error)
GetExecDiedEvent takes a container name or ID, exec session ID, and returns that exec session's Died event (if it has already occurred).
func (*Runtime) GetExecSessionContainer ¶
GetExecSessionContainer gets the container that a given exec session ID is attached to.
func (*Runtime) GetHostDistributionInfo ¶
func (r *Runtime) GetHostDistributionInfo() define.DistributionInfo
GetHostDistributionInfo returns a map containing the host's distribution and version
func (*Runtime) GetLastContainerEvent ¶
func (r *Runtime) GetLastContainerEvent(ctx context.Context, nameOrID string, containerEvent events.Status) (*events.Event, error)
GetLastContainerEvent takes a container name or ID and an event status and returns the last occurrence of the container event
func (*Runtime) GetLatestContainer ¶
GetLatestContainer returns a container object of the latest created container.
func (*Runtime) GetLatestPod ¶
GetLatestPod returns a pod object of the latest created pod.
func (*Runtime) GetName ¶
GetName retrieves the name associated with a given full ID. This works for both containers and pods, and does not distinguish between the two. If the given ID does not correspond to any existing Pod or Container, ErrNoSuchCtr is returned.
func (*Runtime) GetOCIRuntimePath ¶
GetOCIRuntimePath retrieves the path of the default OCI runtime.
func (*Runtime) GetRootlessNetNs ¶
func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error)
GetRootlessNetNs returns the rootless netns object. If create is set to true the rootless network namespace will be created if it does not exists already. If called as root it returns always nil. On success the returned RootlessCNI lock is locked and must be unlocked by the caller.
func (*Runtime) GetRunningContainers ¶
GetRunningContainers is a helper function for GetContainers
func (*Runtime) GetRunningPods ¶
GetRunningPods returns an array of running pods
func (*Runtime) GetSecretsStorageDir ¶
GetSecretsStorageDir returns the directory that the secrets manager should take
func (*Runtime) HasContainer ¶
HasContainer checks if a container with the given ID is present
func (*Runtime) HealthCheck ¶
func (r *Runtime) HealthCheck(name string) (define.HealthCheckStatus, error)
HealthCheck verifies the state and validity of the healthcheck configuration on the container and then executes the healthcheck
func (*Runtime) IsExternalContainerCallback ¶
func (r *Runtime) IsExternalContainerCallback(_ context.Context) libimage.IsExternalContainerFunc
IsExternalContainerCallback returns a callback that be used in `libimage` to figure out whether a given container is an external one. A container is considered external if it is not present in libpod's database.
func (*Runtime) IsStorageContainerMounted ¶
MountedStorageContainer returns whether a storage container is mounted along with the mount path
func (*Runtime) LibimageRuntime ¶
LibimageRuntime ... to allow for a step-by-step migration to libimage.
func (*Runtime) ListStorageContainers ¶
func (r *Runtime) ListStorageContainers() ([]*StorageContainer, error)
ListStorageContainers lists all containers visible to c/storage.
func (*Runtime) Log ¶
func (r *Runtime) Log(ctx context.Context, containers []*Container, options *logs.LogOptions, logChannel chan *logs.LogLine) error
Log is a runtime function that can read one or more container logs.
func (*Runtime) LookupContainer ¶
LookupContainer looks up a container by its name or a partial ID If a partial ID is not unique, an error will be returned
func (*Runtime) LookupContainerID ¶
LookupContainerId looks up a container id by its name or a partial ID If a partial ID is not unique, an error will be returned
func (*Runtime) LookupPod ¶
LookupPod retrieves a pod by its name or a partial ID If a partial ID is not unique, an error will be returned
func (*Runtime) LookupVolume ¶
LookupVolume retrieves a volume by unambiguous partial name.
func (*Runtime) MountStorageContainer ¶
MountStorageContainer mounts the storage container's root filesystem
func (*Runtime) Network ¶
func (r *Runtime) Network() nettypes.ContainerNetwork
Network returns the network interface which is used by the runtime
func (*Runtime) NewContainer ¶
func (r *Runtime) NewContainer(ctx context.Context, rSpec *spec.Spec, spec *specgen.SpecGenerator, infra bool, options ...CtrCreateOption) (*Container, error)
NewContainer creates a new container from a given OCI config.
func (*Runtime) NewPod ¶
func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, options ...PodCreateOption) (_ *Pod, deferredErr error)
NewPod makes a new, empty pod
func (*Runtime) NewSystemEvent ¶ added in v4.1.1
NewSystemEvent creates a new event for libpod as a whole.
func (*Runtime) Pods ¶
Pods retrieves all pods Filters can be provided which will determine which pods are included in the output. Multiple filters are handled by ANDing their output, so only pods matching all filters are returned
func (*Runtime) PrepareVolumeOnCreateContainer ¶
func (*Runtime) PruneContainers ¶
func (r *Runtime) PruneContainers(filterFuncs []ContainerFilter) ([]*reports.PruneReport, error)
PruneContainers removes stopped and exited containers from localstorage. A set of optional filters can be provided to be more granular.
func (*Runtime) PruneVolumes ¶
func (r *Runtime) PruneVolumes(ctx context.Context, filterFuncs []VolumeFilter) ([]*reports.PruneReport, error)
PruneVolumes removes unused volumes from the system
func (*Runtime) RemoveContainer ¶
func (r *Runtime) RemoveContainer(ctx context.Context, c *Container, force bool, removeVolume bool, timeout *uint) error
RemoveContainer removes the given container If force is specified, the container will be stopped first If removeVolume is specified, named volumes used by the container will be removed also if and only if the container is the sole user Otherwise, RemoveContainer will return an error if the container is running
func (*Runtime) RemoveContainersForImageCallback ¶
func (r *Runtime) RemoveContainersForImageCallback(ctx context.Context) libimage.RemoveContainerFunc
RemoveContainersForImageCallback returns a callback that can be used in `libimage`. When forcefully removing images, containers using the image should be removed as well. The callback allows for more graceful removal as we can use the libpod-internal removal logic.
func (*Runtime) RemoveDepend ¶
func (r *Runtime) RemoveDepend(ctx context.Context, rmCtr *Container, force bool, removeVolume bool, timeout *uint) ([]*reports.RmReport, error)
RemoveDepend removes all dependencies for a container. If the container is an infra container, the entire pod gets removed.
func (*Runtime) RemovePod ¶
func (r *Runtime) RemovePod(ctx context.Context, p *Pod, removeCtrs, force bool, timeout *uint) error
RemovePod removes a pod If removeCtrs is specified, containers will be removed Otherwise, a pod that is not empty will return an error and not be removed If force is specified with removeCtrs, all containers will be stopped before being removed Otherwise, the pod will not be removed if any containers are running
func (*Runtime) RemoveStorageContainer ¶
RemoveStorageContainer removes a container from c/storage. The container WILL NOT be removed if it exists in libpod. Accepts ID or full name of container. If force is set, the container will be unmounted first to ensure removal.
func (*Runtime) RemoveVolume ¶
RemoveVolume removes a volumes
func (*Runtime) RenameContainer ¶
func (r *Runtime) RenameContainer(ctx context.Context, ctr *Container, newName string) (*Container, error)
RenameContainer renames the given container. Returns a copy of the container that has been renamed if successful.
func (*Runtime) RestoreContainer ¶
func (r *Runtime) RestoreContainer(ctx context.Context, rSpec *spec.Spec, config *ContainerConfig) (*Container, error)
RestoreContainer re-creates a container from an imported checkpoint
func (*Runtime) RunRoot ¶
RunRoot retrieves the current c/storage temporary directory in use by Libpod.
func (*Runtime) SecretsManager ¶
func (r *Runtime) SecretsManager() (*secrets.SecretsManager, error)
SecretsManager returns the directory that the secrets manager should take
func (*Runtime) SetRemoteURI ¶ added in v4.1.0
SetRemoteURI records the API server URI
func (*Runtime) Shutdown ¶
Shutdown shuts down the runtime and associated containers and storage If force is true, containers and mounted storage will be shut down before cleaning up; if force is false, an error will be returned if there are still containers running or mounted
func (*Runtime) StorageConfig ¶
func (r *Runtime) StorageConfig() storage.StoreOptions
StorageConfig retrieves the storage options for the container runtime
func (*Runtime) StorageContainer ¶
func (*Runtime) StorageContainers ¶
StorageContainers returns a list of containers from containers/storage that are not currently known to Podman.
func (*Runtime) SystemContext ¶
func (r *Runtime) SystemContext() *types.SystemContext
SystemContext returns the imagecontext
func (*Runtime) UnmountStorageContainer ¶
UnmountStorageContainer unmounts the storage container's root filesystem
func (*Runtime) UpdateVolumePlugins ¶ added in v4.2.0
func (r *Runtime) UpdateVolumePlugins(ctx context.Context) *define.VolumeReload
UpdateVolumePlugins reads all volumes from all configured volume plugins and imports them into the libpod db. It also checks if existing libpod volumes are removed in the plugin, in this case we try to remove it from libpod. On errors we continue and try to do as much as possible. all errors are returned as array in the returned struct. This function has many race conditions, it is best effort but cannot guarantee a perfect state since plugins can be modified from the outside at any time.
func (*Runtime) Volumes ¶
func (r *Runtime) Volumes(filters ...VolumeFilter) ([]*Volume, error)
Volumes retrieves all volumes Filters can be provided which will determine which volumes are included in the output. If multiple filters are used, a volume will be returned if any of the filters are matched
func (*Runtime) WithPod ¶
func (r *Runtime) WithPod(pod *Pod) CtrCreateOption
WithPod adds the container to a pod. Containers which join a pod can only join the Linux namespaces of other containers in the same pod. Containers can only join pods in the same libpod namespace.
type RuntimeContainerMetadata ¶
type RuntimeContainerMetadata struct { // The provided name and the ID of the image that was used to // instantiate the container. ImageName string `json:"image-name"` // Applicable to both PodSandboxes and Containers ImageID string `json:"image-id"` // Applicable to both PodSandboxes and Containers // The container's name, which for an infrastructure container is usually PodName + "-infra". ContainerName string `json:"name"` // Applicable to both PodSandboxes and Containers, mandatory CreatedAt int64 `json:"created-at"` // Applicable to both PodSandboxes and Containers MountLabel string `json:"mountlabel,omitempty"` // Applicable to both PodSandboxes and Containers }
RuntimeContainerMetadata is the structure that we encode as JSON and store in the metadata field of storage.Container objects. It is used for specifying attributes containers when they are being created, and allows a container's MountLabel, and possibly other values, to be modified in one read/write cycle via calls to storageService.ContainerMetadata, RuntimeContainerMetadata.SetMountLabel, and storageService.SetContainerMetadata.
func (*RuntimeContainerMetadata) SetMountLabel ¶
func (metadata *RuntimeContainerMetadata) SetMountLabel(mountLabel string)
SetMountLabel updates the mount label held by a RuntimeContainerMetadata object.
type RuntimeOption ¶
A RuntimeOption is a functional option which alters the Runtime created by NewRuntime
func WithCNIConfigDir ¶
func WithCNIConfigDir(dir string) RuntimeOption
WithCNIConfigDir sets the CNI configuration directory.
func WithCNIPluginDir ¶
func WithCNIPluginDir(dir string) RuntimeOption
WithCNIPluginDir sets the CNI plugins directory.
func WithCgroupManager ¶
func WithCgroupManager(manager string) RuntimeOption
WithCgroupManager specifies the manager implementation name which is used to handle cgroups for containers. Current valid values are "cgroupfs" and "systemd".
func WithConmonEnv ¶
func WithConmonEnv(environment []string) RuntimeOption
WithConmonEnv specifies the environment variable list for the conmon process.
func WithConmonPath ¶
func WithConmonPath(path string) RuntimeOption
WithConmonPath specifies the path to the conmon binary which manages the runtime.
func WithDefaultInfraCommand ¶
func WithDefaultInfraCommand(cmd string) RuntimeOption
WithDefaultInfraCommand sets the command to run on pause container start up.
func WithDefaultMountsFile ¶
func WithDefaultMountsFile(mountsFile string) RuntimeOption
WithDefaultMountsFile sets the file to look at for default mounts (mainly secrets). Note we are not saving this in the database as it is for testing purposes only.
func WithEnableSDNotify ¶
func WithEnableSDNotify() RuntimeOption
WithEnableSDNotify sets a runtime option so we know whether to disable socket/FD listening
func WithEventsLogger ¶
func WithEventsLogger(logger string) RuntimeOption
WithEventsLogger sets the events backend to use. Currently supported values are "file" for file backend and "journald" for journald backend.
func WithHooksDir ¶
func WithHooksDir(hooksDirs ...string) RuntimeOption
WithHooksDir sets the directories to look for OCI runtime hook configuration.
func WithMigrate ¶
func WithMigrate() RuntimeOption
WithMigrate instructs libpod to migrate container configurations to account for changes between Engine versions. All running containers will be stopped during a migration, then restarted after the migration is complete.
func WithMigrateRuntime ¶
func WithMigrateRuntime(requestedRuntime string) RuntimeOption
WithMigrateRuntime instructs Engine to change the default OCI runtime on all containers during a migration. This is not used if `MigrateRuntime()` is not also passed. Engine makes no promises that your containers continue to work with the new runtime - migrations between dissimilar runtimes may well break things. Use with caution.
func WithNamespace ¶
func WithNamespace(ns string) RuntimeOption
WithNamespace sets the namespace for libpod. Namespaces are used to create scopes to separate containers and pods in the state. When namespace is set, libpod will only view containers and pods in the same namespace. All containers and pods created will default to the namespace set here. A namespace of "", the empty string, is equivalent to no namespace, and all containers and pods will be visible.
func WithNetworkBackend ¶
func WithNetworkBackend(name string) RuntimeOption
WithNetworkBackend specifies the name of the network backend.
func WithNetworkCmdPath ¶
func WithNetworkCmdPath(path string) RuntimeOption
WithNetworkCmdPath specifies the path to the slirp4netns binary which manages the runtime.
func WithNoPivotRoot ¶
func WithNoPivotRoot() RuntimeOption
WithNoPivotRoot sets the runtime to use MS_MOVE instead of PIVOT_ROOT when starting containers.
func WithNoStore ¶
func WithNoStore() RuntimeOption
WithNoStore sets a bool on the runtime that we do not need any containers storage.
func WithOCIRuntime ¶
func WithOCIRuntime(runtime string) RuntimeOption
WithOCIRuntime specifies an OCI runtime to use for running containers.
func WithRegistriesConf ¶
func WithRegistriesConf(path string) RuntimeOption
WithRegistriesConf configures the runtime to always use specified registries.conf for image processing.
func WithRenumber ¶
func WithRenumber() RuntimeOption
WithRenumber instructs libpod to perform a lock renumbering while initializing. This will handle migrations from early versions of libpod with file locks to newer versions with SHM locking, as well as changes in the number of configured locks.
func WithReset ¶ added in v4.2.0
func WithReset() RuntimeOption
WithReset instructs libpod to reset all storage to factory defaults. All containers, pods, volumes, images, and networks will be removed. All directories created by Libpod will be removed.
func WithRuntimeFlags ¶
func WithRuntimeFlags(runtimeFlags []string) RuntimeOption
WithRuntimeFlags adds the global runtime flags to the container config
func WithSignaturePolicy ¶
func WithSignaturePolicy(path string) RuntimeOption
WithSignaturePolicy specifies the path of a file which decides how trust is managed for images we've pulled. If this is not specified, the system default configuration will be used instead.
func WithStaticDir ¶
func WithStaticDir(dir string) RuntimeOption
WithStaticDir sets the directory that static runtime files which persist across reboots will be stored.
func WithStorageConfig ¶
func WithStorageConfig(config storage.StoreOptions) RuntimeOption
WithStorageConfig uses the given configuration to set up container storage. If this is not specified, the system default configuration will be used instead.
func WithSyslog ¶
func WithSyslog() RuntimeOption
WithSyslog sets a runtime option so we know that we have to log to the syslog as well
func WithTmpDir ¶
func WithTmpDir(dir string) RuntimeOption
WithTmpDir sets the directory that temporary runtime files which are not expected to survive across reboots will be stored. This should be located on a tmpfs mount (/tmp or /run for example).
func WithVolumePath ¶
func WithVolumePath(volPath string) RuntimeOption
WithVolumePath sets the path under which all named volumes should be created. The path changes based on whether the user is running as root or not.
type Service ¶ added in v4.2.0
type Service struct { // Pods running as part of the service. Pods []string `json:"servicePods"` }
A service consists of one or more pods. The service container is started before all pods and is stopped when the last pod stops. The service container allows for tracking and managing the entire life cycle of service which may be started via `podman-play-kube`.
type State ¶
type State interface { // Close performs any pre-exit cleanup (e.g. closing database // connections) that may be required Close() error // Refresh clears container and pod states after a reboot Refresh() error // GetDBConfig retrieves several paths configured within the database // when it was created - namely, Libpod root and tmp dirs, c/storage // root and tmp dirs, and c/storage graph driver. // This is not implemented by the in-memory state, as it has no need to // validate runtime configuration. GetDBConfig() (*DBConfig, error) // ValidateDBConfig validates the config in the given Runtime struct // against paths stored in the configured database. // Libpod root and tmp dirs and c/storage root and tmp dirs and graph // driver are validated. // This is not implemented by the in-memory state, as it has no need to // validate runtime configuration that may change over multiple runs of // the program. ValidateDBConfig(runtime *Runtime) error // SetNamespace() sets the namespace for the store, and will determine // what containers are retrieved with container and pod retrieval calls. // A namespace of "", the empty string, acts as no namespace, and // containers and pods in all namespaces will be returned. SetNamespace(ns string) error // Resolve an ID into a Name. Since Podman names and IDs are globally // unique between Pods and Containers, the ID may belong to either a pod // or container. Despite this, we will always return ErrNoSuchCtr if the // ID does not exist. GetName(id string) (string, error) // Return a container from the database from its full ID. // If the container is not in the set namespace, an error will be // returned. Container(id string) (*Container, error) // Return a container ID from the database by full or partial ID or full // name. LookupContainerID(idOrName string) (string, error) // Return a container from the database by full or partial ID or full // name. // Containers not in the set namespace will be ignored. LookupContainer(idOrName string) (*Container, error) // Check if a container with the given full ID exists in the database. // If the container exists but is not in the set namespace, false will // be returned. HasContainer(id string) (bool, error) // Adds container to state. // The container cannot be part of a pod. // The container must have globally unique name and ID - pod names and // IDs also conflict with container names and IDs. // The container must be in the set namespace if a namespace has been // set. // All containers this container depends on must be part of the same // namespace and must not be joined to a pod. AddContainer(ctr *Container) error // Removes container from state. // Containers that are part of pods must use RemoveContainerFromPod. // The container must be part of the set namespace. // All dependencies must be removed first. // All exec sessions referencing the container must be removed first. RemoveContainer(ctr *Container) error // UpdateContainer updates a container's state from the backing store. // The container must be part of the set namespace. UpdateContainer(ctr *Container) error // SaveContainer saves a container's current state to the backing store. // The container must be part of the set namespace. SaveContainer(ctr *Container) error // ContainerInUse checks if other containers depend upon a given // container. // It returns a slice of the IDs of containers which depend on the given // container. If the slice is empty, no container depend on the given // container. // A container cannot be removed if other containers depend on it. // The container being checked must be part of the set namespace. ContainerInUse(ctr *Container) ([]string, error) // Retrieves all containers presently in state. // If a namespace is set, only containers within the namespace will be // returned. AllContainers() ([]*Container, error) // Get networks the container is currently connected to. GetNetworks(ctr *Container) (map[string]types.PerNetworkOptions, error) // Add the container to the given network with the given options NetworkConnect(ctr *Container, network string, opts types.PerNetworkOptions) error // Remove the container from the given network, removing all aliases for // the container in that network in the process. NetworkDisconnect(ctr *Container, network string) error // Return a container config from the database by full ID GetContainerConfig(id string) (*ContainerConfig, error) // Add the exit code for the specified container to the database. AddContainerExitCode(id string, exitCode int32) error // Return the exit code for the specified container. GetContainerExitCode(id string) (int32, error) // Remove exit codes older than 5 minutes. PruneContainerExitCodes() error // Add creates a reference to an exec session in the database. // The container the exec session is attached to will be recorded. // The container state will not be modified. // The actual exec session itself is part of the container's state. // We assume higher-level callers will add the session by saving the // container's state before calling this. This only ensures that the ID // of the exec session is associated with the ID of the container. // Implementations may, but are not required to, verify that the state // of the given container has an exec session with the ID given. AddExecSession(ctr *Container, session *ExecSession) error // Get retrieves the container a given exec session is attached to. GetExecSession(id string) (string, error) // Remove a reference to an exec session from the database. // This will not modify container state to remove the exec session there // and instead only removes the session ID -> container ID reference // added by AddExecSession. RemoveExecSession(session *ExecSession) error // Get the IDs of all exec sessions attached to a given container. GetContainerExecSessions(ctr *Container) ([]string, error) // Remove all exec sessions for a single container. // Usually used as part of removing the container. // As with RemoveExecSession, container state will not be modified. RemoveContainerExecSessions(ctr *Container) error // PLEASE READ FULL DESCRIPTION BEFORE USING. // Rewrite a container's configuration. // This function breaks libpod's normal prohibition on a read-only // configuration, and as such should be used EXTREMELY SPARINGLY and // only in very specific circumstances. // Specifically, it is ONLY safe to use thing function to make changes // that result in a functionally identical configuration (migrating to // newer, but identical, configuration fields), or during libpod init // WHILE HOLDING THE ALIVE LOCK (to prevent other libpod instances from // being initialized). // Most things in config can be changed by this, but container ID and // name ABSOLUTELY CANNOT BE ALTERED. If you do so, there is a high // potential for database corruption. // There are a lot of capital letters and conditions here, but the short // answer is this: use this only very sparingly, and only if you really // know what you're doing. RewriteContainerConfig(ctr *Container, newCfg *ContainerConfig) error // This is a more limited version of RewriteContainerConfig, though it // comes with the added ability to alter a container's name. In exchange // it loses the ability to manipulate the container's locks. // It is not intended to be as restrictive as RewriteContainerConfig, in // that we allow it to be run while other Podman processes are running, // and without holding the alive lock. // Container ID and pod membership still *ABSOLUTELY CANNOT* be altered. // Also, you cannot change a container's dependencies - shared namespace // containers or generic dependencies - at present. This is // theoretically possible but not yet implemented. // If newName is not "" the container will be renamed to the new name. // The oldName parameter is only required if newName is given. SafeRewriteContainerConfig(ctr *Container, oldName, newName string, newCfg *ContainerConfig) error // PLEASE READ THE DESCRIPTION FOR RewriteContainerConfig BEFORE USING. // This function is identical to RewriteContainerConfig, save for the // fact that it is used with pods instead. // It is subject to the same conditions as RewriteContainerConfig. // Please do not use this unless you know what you're doing. RewritePodConfig(pod *Pod, newCfg *PodConfig) error // PLEASE READ THE DESCRIPTION FOR RewriteContainerConfig BEFORE USING. // This function is identical to RewriteContainerConfig, save for the // fact that it is used with volumes instead. // It is subject to the same conditions as RewriteContainerConfig. // The exception is that volumes do not have IDs, so only volume name // cannot be altered. // Please do not use this unless you know what you're doing. RewriteVolumeConfig(volume *Volume, newCfg *VolumeConfig) error // Accepts full ID of pod. // If the pod given is not in the set namespace, an error will be // returned. Pod(id string) (*Pod, error) // Accepts full or partial IDs (as long as they are unique) and names. // Pods not in the set namespace are ignored. LookupPod(idOrName string) (*Pod, error) // Checks if a pod with the given ID is present in the state. // If the given pod is not in the set namespace, false is returned. HasPod(id string) (bool, error) // Check if a pod has a container with the given ID. // The pod must be part of the set namespace. PodHasContainer(pod *Pod, ctrID string) (bool, error) // Get the IDs of all containers in a pod. // The pod must be part of the set namespace. PodContainersByID(pod *Pod) ([]string, error) // Get all the containers in a pod. // The pod must be part of the set namespace. PodContainers(pod *Pod) ([]*Container, error) // Adds pod to state. // The pod must be part of the set namespace. // The pod's name and ID must be globally unique. AddPod(pod *Pod) error // Removes pod from state. // Only empty pods can be removed from the state. // The pod must be part of the set namespace. RemovePod(pod *Pod) error // Remove all containers from a pod. // Used to simultaneously remove containers that might otherwise have // dependency issues. // Will fail if a dependency outside the pod is encountered. // The pod must be part of the set namespace. RemovePodContainers(pod *Pod) error // AddContainerToPod adds a container to an existing pod. // The container given will be added to the state and the pod. // The container and its dependencies must be part of the given pod, // and the given pod's namespace. // The pod must be part of the set namespace. // The pod must already exist in the state. // The container's name and ID must be globally unique. AddContainerToPod(pod *Pod, ctr *Container) error // RemoveContainerFromPod removes a container from an existing pod. // The container will also be removed from the state. // The container must be in the given pod, and the pod must be in the // set namespace. RemoveContainerFromPod(pod *Pod, ctr *Container) error // UpdatePod updates a pod's state from the database. // The pod must be in the set namespace. UpdatePod(pod *Pod) error // SavePod saves a pod's state to the database. // The pod must be in the set namespace. SavePod(pod *Pod) error // Retrieves all pods presently in state. // If a namespace has been set, only pods in that namespace will be // returned. AllPods() ([]*Pod, error) // Volume accepts full name of volume // If the volume doesn't exist, an error will be returned Volume(volName string) (*Volume, error) // LookupVolume accepts an unambiguous partial name or full name of a // volume. Ambiguous names will result in an error. LookupVolume(name string) (*Volume, error) // HasVolume returns true if volName exists in the state, // otherwise it returns false HasVolume(volName string) (bool, error) // VolumeInUse goes through the container dependencies of a volume // and checks if the volume is being used by any container. If it is // a slice of container IDs using the volume is returned VolumeInUse(volume *Volume) ([]string, error) // AddVolume adds the specified volume to state. The volume's name // must be unique within the list of existing volumes AddVolume(volume *Volume) error // RemoveVolume removes the specified volume. // Only volumes that have no container dependencies can be removed RemoveVolume(volume *Volume) error // UpdateVolume updates the volume's state from the database. UpdateVolume(volume *Volume) error // SaveVolume saves a volume's state to the database. SaveVolume(volume *Volume) error // AllVolumes returns all the volumes available in the state AllVolumes() ([]*Volume, error) }
State is a storage backend for libpod's current state. A State is only initialized once per instance of libpod. As such, initialization methods for State implementations may safely assume they will be run as a singleton. For all container and pod retrieval methods, a State must retrieve the Configuration struct of the container or pod and include it in the returned struct. The State of the container or pod may optionally be included as well, but this is not a requirement. As such, all containers and pods must be synced with the database via the UpdateContainer and UpdatePod calls before any state-specific information is retrieved after they are pulled from the database. Generally speaking, the syncContainer() call should be run at the beginning of all API operations, which will silently handle this.
type StorageContainer ¶
type StorageContainer struct { ID string Names []string Image string CreateTime time.Time PresentInLibpod bool }
StorageContainer represents a container present in c/storage but not in libpod.
type Volume ¶
type Volume struct {
// contains filtered or unexported fields
}
Volume is a libpod named volume. Named volumes may be shared by multiple containers, and may be created using more complex options than normal bind mounts. They may be backed by a mounted filesystem on the host.
func (*Volume) Anonymous ¶
Anonymous returns whether this volume is anonymous. Anonymous volumes were created with a container, and will be removed when that container is removed.
func (*Volume) Config ¶
func (v *Volume) Config() (*VolumeConfig, error)
Config returns the volume's configuration.
func (*Volume) CreatedTime ¶
CreatedTime returns the time the volume was created at. It was not tracked for some time, so older volumes may not contain one.
func (*Volume) GenerateForKube ¶
func (v *Volume) GenerateForKube() *v1.PersistentVolumeClaim
GenerateForKube generates a v1.PersistentVolumeClaim from a libpod volume.
func (*Volume) Inspect ¶
func (v *Volume) Inspect() (*define.InspectVolumeData, error)
Inspect provides detailed information about the configuration of the given volume.
func (*Volume) IsDangling ¶
IsDangling returns whether this volume is dangling (unused by any containers).
func (*Volume) MountCount ¶
MountCount returns the volume's mountcount on the host from state Useful in determining if volume is using plugin or a filesystem mount and its mount
func (*Volume) MountPoint ¶
MountPoint returns the volume's mountpoint on the host
func (*Volume) Scope ¶
Scope retrieves the volume's scope. Libpod does not implement volume scoping, and this is provided solely for Docker compatibility. It returns only "local".
func (*Volume) UsesVolumeDriver ¶
UsesVolumeDriver determines whether the volume uses a volume driver. Volume drivers are pluggable backends for volumes that will manage the storage and mounting.
func (*Volume) VolumeInUse ¶
VolumeInUse goes through the container dependencies of a volume and checks if the volume is being used by any container.
type VolumeConfig ¶
type VolumeConfig struct { // Name of the volume. Name string `json:"name"` // ID of the volume's lock. LockID uint32 `json:"lockID"` // Labels for the volume. Labels map[string]string `json:"labels"` // The volume driver. Empty string or local does not activate a volume // driver, all other values will. Driver string `json:"volumeDriver"` // The location the volume is mounted at. MountPoint string `json:"mountPoint"` // Time the volume was created. CreatedTime time.Time `json:"createdAt,omitempty"` // Options to pass to the volume driver. For the local driver, this is // a list of mount options. For other drivers, they are passed to the // volume driver handling the volume. Options map[string]string `json:"volumeOptions,omitempty"` // Whether this volume is anonymous (will be removed on container exit) IsAnon bool `json:"isAnon"` // UID the volume will be created as. UID int `json:"uid"` // GID the volume will be created as. GID int `json:"gid"` // Size maximum of the volume. Size uint64 `json:"size"` // Inodes maximum of the volume. Inodes uint64 `json:"inodes"` // DisableQuota indicates that the volume should completely disable using any // quota tracking. DisableQuota bool `json:"disableQuota,omitempty"` // Timeout allows users to override the default driver timeout of 5 seconds Timeout int }
VolumeConfig holds the volume's immutable configuration.
type VolumeCreateOption ¶
A VolumeCreateOption is a functional option which alters the Volume created by NewVolume
func WithVolumeDisableQuota ¶ added in v4.1.0
func WithVolumeDisableQuota() VolumeCreateOption
WithVolumeDisableQuota prevents the volume from being assigned a quota.
func WithVolumeDriver ¶
func WithVolumeDriver(driver string) VolumeCreateOption
WithVolumeDriver sets the volume's driver. It is presently not implemented, but will be supported in a future Podman release.
func WithVolumeDriverTimeout ¶ added in v4.2.0
func WithVolumeDriverTimeout(timeout int) VolumeCreateOption
WithVolumeDriverTimeout sets the volume creation timeout period
func WithVolumeGID ¶
func WithVolumeGID(gid int) VolumeCreateOption
WithVolumeGID sets the GID that the volume will be created as.
func WithVolumeInodes ¶
func WithVolumeInodes(inodes uint64) VolumeCreateOption
WithVolumeInodes sets the maximum inodes of the volume
func WithVolumeLabels ¶
func WithVolumeLabels(labels map[string]string) VolumeCreateOption
WithVolumeLabels sets the labels of the volume.
func WithVolumeName ¶
func WithVolumeName(name string) VolumeCreateOption
WithVolumeName sets the name of the volume.
func WithVolumeNoChown ¶
func WithVolumeNoChown() VolumeCreateOption
WithVolumeNoChown prevents the volume from being chowned to the process uid at first use.
func WithVolumeOptions ¶
func WithVolumeOptions(options map[string]string) VolumeCreateOption
WithVolumeOptions sets the options of the volume.
func WithVolumeSize ¶
func WithVolumeSize(size uint64) VolumeCreateOption
WithVolumeSize sets the maximum size of the volume
func WithVolumeUID ¶
func WithVolumeUID(uid int) VolumeCreateOption
WithVolumeUID sets the UID that the volume will be created as.
type VolumeFilter ¶
VolumeFilter is a function to determine whether a volume is included in command output. Volumes to be outputted are tested using the function. a true return will include the volume, a false return will exclude it.
type VolumeState ¶
type VolumeState struct { // Mountpoint is the location where the volume was mounted. // This is only used for volumes using a volume plugin, which will mount // at non-standard locations. MountPoint string `json:"mountPoint,omitempty"` // MountCount is the number of times this volume has been requested to // be mounted. // It is incremented on mount() and decremented on unmount(). // On incrementing from 0, the volume will be mounted on the host. // On decrementing to 0, the volume will be unmounted on the host. MountCount uint `json:"mountCount"` // NeedsCopyUp indicates that the next time the volume is mounted into // a container, the container will "copy up" the contents of the // mountpoint into the volume. // This should only be done once. As such, this is set at container // create time, then cleared after the copy up is done and never set // again. NeedsCopyUp bool `json:"notYetMounted,omitempty"` // NeedsChown indicates that the next time the volume is mounted into // a container, the container will chown the volume to the container process // UID/GID. NeedsChown bool `json:"notYetChowned,omitempty"` // UIDChowned is the UID the volume was chowned to. UIDChowned int `json:"uidChowned,omitempty"` // GIDChowned is the GID the volume was chowned to. GIDChowned int `json:"gidChowned,omitempty"` }
VolumeState holds the volume's mutable state. Volumes are not guaranteed to have a state. Only volumes using the Local driver that have mount options set will create a state.
type YAMLContainer ¶
type YAMLContainer struct { v1.Container Resources *v1.ResourceRequirements `json:"resources,omitempty"` }
YAMLContainer represents the same k8s API core Container struct with a small change and that is having Resources as a pointer to k8s API core ResourceRequirements. Because Go doesn't omit empty struct and we want to omit Status in YAML if it's empty. Fixes: GH-11998
type YAMLPod ¶
type YAMLPod struct { v1.Pod Spec *YAMLPodSpec `json:"spec,omitempty"` Status *v1.PodStatus `json:"status,omitempty"` }
YAMLPod represents the same k8s API core Pod struct with a small change and that is having Spec as a pointer to YAMLPodSpec and Status as a pointer to k8s API core PodStatus. Because Go doesn't omit empty struct and we want to omit Status in YAML if it's empty. Fixes: GH-11998
func ConvertV1PodToYAMLPod ¶
ConvertV1PodToYAMLPod takes k8s API core Pod and returns a pointer to YAMLPod
type YAMLPodSpec ¶
type YAMLPodSpec struct { v1.PodSpec Containers []*YAMLContainer `json:"containers"` }
YAMLPodSpec represents the same k8s API core PodSpec struct with a small change and that is having Containers as a pointer to YAMLContainer. Because Go doesn't omit empty struct and we want to omit Status in YAML if it's empty. Fixes: GH-11998
type YAMLService ¶
type YAMLService struct { v1.Service Status *v1.ServiceStatus `json:"status,omitempty"` }
YAMLService represents the same k8s API core Service struct with a small change and that is having Status as a pointer to k8s API core ServiceStatus. Because Go doesn't omit empty struct and we want to omit Status in YAML if it's empty. Fixes: GH-11998
func GenerateKubeServiceFromV1Pod ¶
func GenerateKubeServiceFromV1Pod(pod *v1.Pod, servicePorts []v1.ServicePort) (YAMLService, error)
GenerateKubeServiceFromV1Pod creates a v1 service object from a v1 pod object
Source Files ¶
- boltdb_state.go
- boltdb_state_internal.go
- boltdb_state_linux.go
- container.go
- container_api.go
- container_commit.go
- container_config.go
- container_copy_linux.go
- container_exec.go
- container_graph.go
- container_inspect.go
- container_internal.go
- container_internal_linux.go
- container_linux.go
- container_log.go
- container_log_unsupported.go
- container_path_resolution.go
- container_stat_linux.go
- container_top_linux.go
- container_validate.go
- diff.go
- doc.go
- events.go
- healthcheck.go
- healthcheck_linux.go
- info.go
- kube.go
- mounts_linux.go
- networking_linux.go
- networking_machine.go
- networking_slirp4netns.go
- oci.go
- oci_conmon.go
- oci_conmon_attach_linux.go
- oci_conmon_exec_linux.go
- oci_conmon_linux.go
- oci_missing.go
- oci_util.go
- options.go
- pod.go
- pod_api.go
- pod_internal.go
- pod_status.go
- pod_top_linux.go
- reset.go
- runtime.go
- runtime_cstorage.go
- runtime_ctr.go
- runtime_img.go
- runtime_migrate.go
- runtime_pod.go
- runtime_pod_linux.go
- runtime_renumber.go
- runtime_volume.go
- runtime_volume_linux.go
- runtime_worker.go
- service.go
- state.go
- stats.go
- storage.go
- util.go
- util_linux.go
- volume.go
- volume_inspect.go
- volume_internal.go
- volume_internal_linux.go