bwrap-oci was filling this information for us, but if we want to use
runc we need to ensure the "user" namespace is always present and that
valid uid/gid mappings exist in the OCI configuration file.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1226
Approved by: rhatdan
The feedback when deleting containers was asking the user if they
wanted to delete images, instead of containers. This updates the
feedback to use the correct terminology.
Closes: #1218
Approved by: rhatdan
we should never release the lock until the entire read+write operation
is completed as the data might have changed between the read and the
write.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1214
Approved by: baude
Change the install data format to keep a list of containers for each
image installed, so that multiple containers for the same image can be
installed and uninstalled.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1559935
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1214
Approved by: baude
when --system or --user are used, hide the warning:
Note: Switching from the 'docker' backend to the 'ostree' backend based
on the 'atomic.type' label in the image. You can use --storage to
override this behaviour.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1216
Approved by: TomSweeneyRedHat
The inline help for `atomic containers update` currently shows
`--rebase=REBASE` which is not very helpful in terms of what kind of
argument is supposed to be passed to that flag.
This change just adds a `metavar` to show that users should pass in an
image name to the `--rebase` flag.
Closes: #1204
Approved by: giuseppe
Before, we save a docker image to a tar and use docker-archive to
perform copying image to ostree. Now, we can do that easily using
`skopeo copy docker-daemon:image:latest ostree:image@/ostree/repo`.
Therefore, changing the code to utilize that.
And since now, we are considered fully migrated to using skopeo only
path, let's also refactor the skopeo checking a bit to a higher level
logic to avoid duplication
Closes: #1180
Approved by: giuseppe
Based on earlier commits, the old importing layers to ostree
will become no longer useful after the introduction of new
copying docker images using skopeo.
Therefore, those two functions will get removed
Closes: #1180
Approved by: giuseppe
Originally, we only support copying images from docker to ostree using
ostree layering copy way. But that method is a lot slower in comparison to
skopeo copy. Since nowadays skopeo already start support copying
from docker-archive to ostree, let's replace that here in order to be consistent
with the previous commit. (I.e: only support skopeo and no ostree fallback)
Also, to keep the image name from docker tar to be consistent, part of
the old functionality of extracting the tarfile was reused. The name
was read from the information inside the docker tar. Therefore, the
image name is independent from the tar file name, making the name
consistent
Lastly, the logic for using skopeo copy to ostree was refactored so
it can be reused for future skopeo copying operations
Closes: #1180
Approved by: giuseppe
Based on discussion, skopeo is assumed to include support for
ostree copy from now on.
The users will now be noted to upgrade skopeo to newest version
if their skopeo version does not support copy to ostree.
For now, looks like user will be able to use skopeo copy with ostree
after version 0.1.20, so skopeo v0.1.21 should contain the feature
1d5c681f0f
Closes: #1180
Approved by: giuseppe
do not reload the list of all the images every time we check if an image
is dangling. This makes "images list" extremely slow when used on the
Docker backend.
On my system (with ~100 images), this patch brings down the wall clock
from ~10 seconds to ~0.5 seconds:
$ /usr/bin/time -v ./atomic images list -a 2>&1 | grep "wall clock"
Elapsed (wall clock) time (h:mm:ss or m:ss): 0:09.84
to:
$ /usr/bin/time -v ./atomic images list -a 2>&1 | grep "wall clock"
Elapsed (wall clock) time (h:mm:ss or m:ss): 0:00.58
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1200
Approved by: rhatdan
atomic containers update --rebase=$TO $CONTAINER attempts to pull the
image if it is missing in the repository.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1198
Approved by: rhatdan
this code was added for pulling directly from an OSTree repository. It
wasn't never really used and it expects the image to be fully exploded
in an ostree commit without supporting OCI layers.
Dropping this part also avoid confusion with what we do with Skopeo
where "ostree:" is supported both as source and destination.
Closes: https://github.com/projectatomic/atomic/issues/1193
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1197
Approved by: rhatdan
it allows to select a different OCI runtime to use with atomic run.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1196
Approved by: rhatdan
Refactor pieces related to handling container service in
do_checkout function. Again, no functionality should be impacted.
Closes: #1188
Approved by: giuseppe
In 'do_checkout' function, we tend to make symlink when prefix is not
specified. However, that has been done twice, if prefix is not specified.
Thus remove the unused logic
Closes: #1188
Approved by: giuseppe
if we try "atomic run IMAGE" then the command creates a "oneshot"
container, modifies the args for the config.json file and it runs the
specified command.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1186
Approved by: baude
_get_backend_index_from_string returned a wrong index as it considers
all the backends supported, not the current ones available.
Take rid of the function and lookup directly into the available backends
list.
Fix this exception:
Namespace(_class=<class 'Atomic.uninstall.Uninstall'>, args=[], assumeyes=False, debug=True, display=False, force=False, func='uninstall', ignore=False, image='etcd', name=None, opt1=None, opt2=None, opt3=None, profile=False, storage='ostree')
list assignment index out of range
Traceback (most recent call last):
File "./atomic", line 185, in <module>
sys.exit(_func())
File "atomic/Atomic/uninstall.py", line 54, in uninstall
be, img_obj = beu.get_backend_and_image_obj(self.args.image, str_preferred_backend=self.args.storage)
File "atomic/Atomic/backendutils.py", line 88, in get_backend_and_image_obj
del backends[self._get_backend_index_from_string(str_preferred_backend)]
IndexError: list assignment index out of range
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1182
Approved by: ashcrow
The files inside the container are labelled by Skopeo when the image is
pulled to the OSTree storage.
Instead the root directory is created by atomic and by default it gets
the label "unconfined_u:object_r:container_share_t:s0".
Make sure we label the rootfs with the same label of '/'.
We have changed the way files are labelled by Skopeo but we forgot to
change the label for the rootfs created by atomic. This patch ensures
the SELinux label for the rootfs is set.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1544175
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1185
Approved by: cgwalters
This fixes https://github.com/projectatomic/atomic/issues/1179.
Before, we assumed the image ref with 64 characters is default to
image layers(images with repository <none>), but as issue 1179
pointed out, there are some exceptions.
We now migrated to check if the ref is hex. If the ref is hex, we
can conclude it should be images with repository <none>
Closes: #1181
Approved by: giuseppe
latest dnf failed the installation with:
"Error: Will not install a source rpm package"
Specify an empty source rpm tag so that the rpm is not considered a
source rpm.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1183
Approved by: TomasTomecek
It solves a TypeError exception:
Traceback (most recent call last):
File "/bin/atomic", line 185, in <module>
sys.exit(_func())
File "/usr/lib/python2.7/site-packages/Atomic/install.py", line 134, in install
return be.install(self.image, self.name)
File "/usr/lib/python2.7/site-packages/Atomic/backends/_ostree.py", line 128, in install
return self.syscontainers.install(image, name)
File "/usr/lib/python2.7/site-packages/Atomic/syscontainers.py", line 563, in install
return_value = self._install(image, name)
File "/usr/lib/python2.7/site-packages/Atomic/syscontainers.py", line 686, in _install
self._checkout_wrapper(repo, name, image, 0, SystemContainers.CHECKOUT_MODE_INSTALL, values=values, remote=self.args.remote, system_package=self.args.system_package)
File "/usr/lib/python2.7/site-packages/Atomic/syscontainers.py", line 797, in _checkout_wrapper
return self._checkout(repo, options)
File "/usr/lib/python2.7/site-packages/Atomic/syscontainers.py", line 813, in _checkout
return self._do_checkout(repo, options)
File "/usr/lib/python2.7/site-packages/Atomic/syscontainers.py", line 1126, in _do_checkout
rpm_install_content = self._handle_system_package_files(options, manifest, exports)
File "/usr/lib/python2.7/site-packages/Atomic/syscontainers.py", line 469, in _handle_system_package_files
new_installed_files_checksum = RPMHostInstall.rm_add_files_to_host(options["installed_files_checksum"], exports, options["prefix"] or "/", files_template=installed_files_template, values=options["values"], rename_files=rename_files, use_links=use_links)
File "/usr/lib/python2.7/site-packages/Atomic/rpm_host_install.py", line 155, in rm_add_files_to_host
created = RPMHostInstall._copyfile(selinux_hnd, src_file, dest_path, try_hardlink=try_hardlink)
File "/usr/lib/python2.7/site-packages/Atomic/rpm_host_install.py", line 24, in _copyfile
ctx = selinux.selabel_lookup_raw(selinux_hnd, dest, mode)
TypeError: in method 'selabel_lookup_raw', argument 3 of type 'char const *'
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1542144
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1175
Approved by: peterbaouoft
