Commit graph

657 commits

Author SHA1 Message Date
Debarshi Ray
23256cb443 doc/toolbox-init-container: Avoid mentioning an implementation detail
SELinux is always meant to be disabled. The exact location of the code
is a historical accident and isn't meant to imply that SELinux might
be optionally enabled.

https://github.com/containers/toolbox/pull/814
2021-06-26 13:16:42 +02:00
Debarshi Ray
963219b2da doc/toolbox-enter: Restore text about the default naming scheme
This reverts parts of commit ea452d7ced.

https://github.com/containers/toolbox/pull/814
2021-06-26 13:16:42 +02:00
Debarshi Ray
a0457c8fdb doc/toolbox-run: Style fix
https://github.com/containers/toolbox/pull/814
2021-06-26 13:16:42 +02:00
Debarshi Ray
52880eefc9 doc/toolbox-init-container: Synchronize with doc/toolbox-create
Avoid phrases like "shortcoming of container configuration", because
it makes one wonder why a known shortcoming is even being used or not
being fixed. Immutability also has its advantages for certain
use-cases, and it's beyond the scope of this manual to have a full
blown discussion about the pros and cons of OCI containers. Interested
readers can research that on their own.

https://github.com/containers/toolbox/pull/814
2021-06-26 13:16:42 +02:00
Debarshi Ray
637e90c75d README.md, doc/toolbox: Synchronize with doc/toolbox-create
https://github.com/containers/toolbox/pull/814
2021-06-26 13:16:42 +02:00
Debarshi Ray
55952c8605 doc/toolbox-create: Put toolbox set-up before entry point & tweak them
This builds upon commit ea452d7ced.

The configuration of a toolbox container is a higher level topic than
the entry point, and the entry point is mentioned as one part of it.
Therefore, putting the section on toolbox set-up earlier in the text
makes it nicely flow from the DESCRIPTION section into the Entry Point
sub-section.

Emphasize the user-visible features of a toolbox container, and not
the underlying implementation details, and avoid using too much jargon
about container technology.

https://github.com/containers/toolbox/pull/814
2021-06-26 13:16:42 +02:00
Debarshi Ray
4b70754a24 doc/toolbox-create: Restore the Entry Point sub-section
It was a deliberate decision to have entry point documented in both
toolbox-create(1) and toolbox-init-container(1). For technical
documentation it's sometimes good to repeat the same thing if it's
sufficiently important. Either to refresh the user's memory or to draw
their attention to it. Having to traverse too many references can get
disorienting. eg., parts of README.md are already repeated in
toolbox(1).

In this case, the entry point is very directly related to the create
command because the command sets it up, and unlike HTML documents,
it's awkward to follow links from manuals.

This reverts parts of commit ea452d7ced.

https://github.com/containers/toolbox/pull/814
2021-06-26 13:15:13 +02:00
Debarshi Ray
eaa59e9759 doc/toolbox-create: Generalize the text for the --image option
The DESCRIPTION already explains the details of the set-up on Fedora,
so there's no need to be so specific here. Plus, conceptually, it's not
meant to be Fedora-specific. Fedora is just an example and happens to
be the most well-supported one at the moment, but that will change.

https://github.com/containers/toolbox/pull/814
2021-06-26 09:14:49 +02:00
Debarshi Ray
3f14358dc6 doc/toolbox-create: Use singular for consistency
The rest of the DESCRIPTION section refers to toolbox containers in the
singular, not plural.

https://github.com/containers/toolbox/pull/814
2021-06-26 09:01:10 +02:00
Debarshi Ray
596d5c42b3 doc/toolbox-create: Explain host integration & don't mention security
https://github.com/containers/toolbox/pull/814
2021-06-26 08:55:27 +02:00
Debarshi Ray
ec1503fe9a doc/toolbox-create: Keep image details in the same paragraph
https://github.com/containers/toolbox/pull/814
2021-06-26 08:49:39 +02:00
Debarshi Ray
78adfe4a8f doc/toolbox-list: Drop a reference to buildah
This is a continuation of commit ea452d7ced, which dropped all
references to buildah.

https://github.com/containers/toolbox/pull/814
2021-06-26 03:49:48 +02:00
Debarshi Ray
4391b5846c doc/toolbox-run: Skip implementation bits, keep user-visible behaviour
This reverts parts of commit ea452d7ced.

https://github.com/containers/toolbox/pull/814
2021-06-26 03:43:43 +02:00
Debarshi Ray
42e17cead2 doc/toolbox: Skip details about the URL of the Fedora image
Some aspects of the Fedora image are described in toolbox-create(1),
but the exact URL of the image is an implementation detail. As Toolbox
grows, it will become unwieldy to describe these details in the
top-level manual.

https://github.com/containers/toolbox/pull/814
2021-06-26 03:19:53 +02:00
Debarshi Ray
db937965f7 doc/toolbox: Remove some duplicated text
The manuals for the individual commands were already listed above.

The entry point of toolbox containers is prominently documented in
toolbox-create(1) and toolbox-init-container(1). It's not clear why
someone who has just come across toolbox(1) would want to know about
the entry point. It's, after all, an implementation detail. They
probably don't even know what's an entry point to begin with. The
top-level manual should give the reader an overall view of the tool
from a user's perspective, and let the other manuals draw them into the
finer details of things.

https://github.com/containers/toolbox/pull/814
2021-06-26 02:54:50 +02:00
Debarshi Ray
549e7ab7ca doc/toolbox: Avoid mentioning UBI until the support settles down a bit
https://github.com/containers/toolbox/pull/814
2021-06-26 02:47:04 +02:00
Debarshi Ray
ea78b15b09 doc/toolbox: Restore --verbose
It's good to document the --log-level and --log-podman flags because
they can give us some flexibility with the logging in future, but it's
still desirable to keep --verbose (and the -vv trick) in the manual.

Toolbox is still a small enough code base that not too many log levels
are actually needed, yet. The complexity of remembering which log
level reveals which detail soon starts to outweigh the simplicity of
dumping as much as possible, since there aren't that many log messages
to begin with. It's a lot easier to type and remember things like
--verbose, -v and -vv, than their newer counterparts, and they are a
reasonably widely used convention (eg., flatpak, nmap, ssh, etc.).

If some day Toolbox grows to have a significantly larger number of log
messages, then it's possible that --verbose would be of less use, but
that's not the case today.

https://github.com/containers/toolbox/pull/814
2021-06-26 02:43:04 +02:00
Debarshi Ray
d98f89aaa2 Update the short description to match the text on the GitHub project
https://github.com/containers/toolbox/pull/814
2021-06-26 02:42:31 +02:00
Debarshi Ray
4536e2c8c2 cmd/run: Optimize 'enter' and 'run' in the non-fallback case
Currently, the 'enter' command involves two extra invocations of
'podman exec' to detect if the user's chosen shell and current working
directory are present inside the toolbox container. Each invocation is
sufficiently expensive to add a noticeable overhead to the 'enter' and
'run' commands. Moreover, file system operations being inherently racy,
it's always better to detect errors and handle them instead of trying
to pre-emptively avoid them.

Therefore, this shuffles the code around to attempt the non-fallback
invocation, and then handle the errors by attempting a series of
fallbacks for the command and the current working directory.

Unfortunately, in case of a missing command, capsh(1) adds an extra
error message that seems difficult to get rid of:
  $ toolbox enter
  /bin/sh: /bin/zsh: No such file or directory
  Error: command /bin/zsh not found in container fedora-toolbox-34
  Using /bin/bash instead.

https://github.com/containers/toolbox/pull/813
2021-06-26 01:09:31 +02:00
Debarshi Ray
323afb9433 cmd/run: Split out the code to construct the arguments to 'podman exec'
This will be used by the subsequent commit to optimize the 'enter' and
'run' commands in the non-fallback case, by attempting the fallback
only if an error was encountered by the main 'podman exec' invocation,
as opposed to pre-emptively setting up the fallback.

https://github.com/containers/toolbox/pull/813
2021-06-25 23:45:11 +02:00
Debarshi Ray
5ac77773af test/system: Test the handling of unknown flags with each command
This is a continuation of commit 9fdf10f2e1, which added a test
for the handling of unknown flags but without specifying any command.

https://github.com/containers/toolbox/pull/812
2021-06-25 19:24:01 +02:00
Debarshi Ray
f47be20383 cmd/initContainer: Don't ignore unknown flags, yet
The reason for setting FParseErrWhitelist.UnknownFlags to 'true' was to
prepare for a future when the 'init-container' command would have fewer
options than it does now.

However, there's no need to prepare for it, because the version of
toolbox(1) that's bind mounted into the container is the same as the
one on the host. So, FParseErrWhitelist.UnknownFlags can be set in
future if, or when, the number of flags do get reduced.

This reverts commit 5c2086e9ea.

https://github.com/containers/toolbox/pull/807
2021-06-25 11:32:43 +02:00
Debarshi Ray
55cbccea9d cmd/root: Sprinkle some debug logs
https://github.com/containers/toolbox/pull/809
2021-06-25 11:28:57 +02:00
Debarshi Ray
4a1aa4652e Ensure that all unknown error messages are limited to the debug logs
This builds upon commit eedfdda535, which added more information
to the error messages presented to the user by including the errors
thrown by the lower layers of the code.

However, if the errors are being thrown by external modules, or are
coming from functions that are too many layers below, then it is
difficult to guarantee their contents. They might be duplicating
information added by the upper layers, or in extreme cases might even
contain JSON blobs, simply because it made sense for the API contracts
of the functions generating the errors.

Therefore, it's better to put them in the debug logs to retain control
over what gets displayed to the user under normal (ie., non-debug)
operation.

https://github.com/containers/toolbox/pull/809
2021-06-25 11:28:57 +02:00
Debarshi Ray
00b3741a3e cmd/create: Don't wrap an empty error
Fallout from eedfdda535

https://github.com/containers/toolbox/pull/809
2021-06-25 11:28:57 +02:00
Ondřej Míchal
1e823b74b3 completion/bash: Completely drop flag --very-verbose
Follow up to 7fafcd271e

https://github.com/containers/toolbox/pull/806
2021-06-23 22:53:05 +02:00
Debarshi Ray
9a0e1b201d cmd/create: Style fixes
It's good to avoid subtle variations in the logic for /boot and /usr,
unless actually necessary, because it makes the code easier to read.

Fallout from 7ec26a27df

https://github.com/containers/toolbox/pull/804
2021-06-23 13:35:34 +02:00
Debarshi Ray
9fdf10f2e1 test/system: Test the handling of unknown flags
https://github.com/containers/toolbox/pull/802
2021-06-23 13:13:59 +02:00
Debarshi Ray
f2efc0f758 cmd/root: Unbreak handling of unknown flags
Even though SilenceUsage is set to 'true', to have full control over
what gets shown in the case of an error, there is still (at least?)
one occasion in which the usage function set using SetUsageFunc (ie.,
rootUsage) is used - when an unknown flag is used. For example,
'toolbox --foo'. Oddly enough, an unknown command won't lead to
rootUsage. eg., 'toolbox foo'.

Since rootUsage uses executableBase, that variable needs to be set
earlier, which means that setUpGlobals needs to run before rootUsage.
It turns out that the PersistentPreRunE hook (ie., preRun) doesn't get
invoked when an unknown flag is encountered. Therefore, we can't put
setUpGlobals inside preRun.

This reverts commit 6bbbedf675.

https://github.com/containers/toolbox/pull/802
2021-06-23 13:13:59 +02:00
Ondřej Míchal
c6c2e426e0 cmd/list: Support images without names
Some people create images manually. If such created images are recognize
as toolbox images (they have the proper labels) but do not have
a name/tag then 'toolbox list' will panic due to index being out of
range.

https://github.com/containers/toolbox/pull/800
2021-06-22 21:58:29 +02:00
Debarshi Ray
eaefb3d125 cmd/list: Style fixes
Fallout from 2369da5d31

https://github.com/containers/toolbox/pull/799
2021-06-22 10:52:53 +02:00
Debarshi Ray
712ee66473 cmd/rm, cmd/rmi: Style fixes
Fallout from 06dcdbe2a6

https://github.com/containers/toolbox/pull/798
2021-06-22 03:42:39 +02:00
Debarshi Ray
df620b8c89 cmd/root: Style fix
Fallout from 8bc0018eaa

https://github.com/containers/toolbox/pull/797
2021-06-22 02:54:36 +02:00
Debarshi Ray
fb411796bf README.md, cmd/initContainer: Don't require /etc/machine-id in images
Since /etc/machine-id is bind mounted into the toolbox container from
the host operating system, it doesn't make sense to make it mandatory
for images to have that file. Apparently, (some?) Arch Linux images
don't have /etc/machine-id.

Since a missing containerPath for a directory is handled the same way,
there's no reason not to do the same for regular files. It will make
life a bit easier for those creating toolbox images for different
distributions.

https://github.com/containers/toolbox/pull/710
2021-06-22 02:31:30 +02:00
Debarshi Ray
dd3936c223 cmd/initContainer: Add more information to errors from mountBind
Errors thrown from 'toolbox init-container' are usually not shown to
the user. One has to use 'podman start --attach ...' to see them.
Therefore, it's worth adding the extra bit of information to the error.

https://github.com/containers/toolbox/pull/710
2021-06-22 02:31:30 +02:00
Debarshi Ray
7cbb7f39f5 cmd/initContainer: State that it's a directory in the debug logs
A subsequent commit will handle a missing containerPath when bind
mounting a regular file like /etc/machine-id. Therefore, it's better to
explicitly state that this code is dealing with a directory.

https://github.com/containers/toolbox/pull/710
2021-06-22 02:31:30 +02:00
Ondřej Míchal
dd5cd5f25a playbooks/setup-env: Show versions of more packages
https://github.com/containers/toolbox/pull/795
2021-06-22 00:00:57 +02:00
Ondřej Míchal
7d133001f4 test/system: Fix variable dereference
https://github.com/containers/toolbox/pull/793
2021-06-21 18:42:21 +02:00
Debarshi Ray
e8512828c1 cmd/list, test/system: Ignore the problem of UBI not being listed
Not having the corresponding image for UBI toolbox containers show up
in 'toolbox list' is a rough edge. However, the whole UBI feature is
a bit experimental. It's about a gratis RHEL environment getting
created in a jiffy on any host, which is something that hasn't been
done before, and those containers also suffer from various shortcomings
because of the limited package set of UBI.

So it's not that big of a problem if it takes a release or two to
hammer out the details. Especially since it's likely that there will
be a special Toolbox-specific image that's created out of the UBI RPM
repositories, which will likely have the com.github.containers.toolbox
label.

There's also the issue that 0.1.0 needs to be finished, and for that
the the churn needs to be kept down. Changing the labels can very
likely lead to compatibility issues in the future, because of which it
either can't be removed for a while or the wrong images start to get
listed. Some of the older labels have finally been removed, so it's
better not to add more to the list.

In short, this problem will likely fix itself in the coming months, so
it's wise not to create complications trying to rush through a fix.

This reverts commits 1df36591d0 and
e09de9f3e5.

https://github.com/containers/toolbox/issues/753
2021-06-19 01:12:08 +02:00
Ondřej Míchal
1df36591d0 list: Fix typo
Fallout from https://github.com/containers/toolbox/pull/776

https://github.com/containers/toolbox/pull/782
2021-06-01 07:40:06 +02:00
Ondřej Míchal
e09de9f3e5 list: Recognize UBI8 as Toolbox image & split tracked labels
UBI[0] does not have the recommend Toolbox labels used to track whether
an image/container is truly a toolbox image/container. Thankfully, they
have a number of labels to choose from that we can use to identify the
image. The "com.redhat.component=ubi8-container" seems to be ideal.

The approach of using the UBI8 label introduces one problem though. If
we were to use only one set of labels for both images and containers,
containers created with Podman and not Toolbox from UBI8 would also be
marked as toolbox containers. This is not desired and therefore there
are now two sets of labels. Ones for images where the new label has been
added and other for containers that stays the same.
2021-06-01 01:49:54 +02:00
Ondřej Míchal
54a2ca1ead test/system: Decouple image caching from Zuul
Since the rewrite of the system test suite[0] we've relied on the Zuul
playbooks for taking care of caching images using Skopeo for increasing
the reliability of the tests (in the past the instability of the Fedora
registry caused problems). This state is problematic if we want to use
the tests in other environments than the Zuul CI. This moves the caching
from Zuul into the system tests.

Currently, Bats does not support officially suite-wide setup and
teardown functions. The solution I chose was to add two new test files
that are executed before and after all tests. This may complicate the
execution of cherry-picked tests but that is not a very common use case
anyway.

The tests are now to some extent capable of adjusting to the host
environment. This is meant in the sense of: I'm running on RHEL, the
"default image" is UBI; I'm running on Fedora, the "default image" is
fedora-toolbox. This mechanism relies on os-release, which is the same
as what Toolbox itself uses.

[0] https://github.com/containers/toolbox/pull/517

https://github.com/containers/toolbox/pull/774
2021-06-01 00:41:20 +02:00
Ondřej Míchal
a24c2f6dc1 test/system: Bump secondary fedora image from 29 to 32
The fedora-toolbox:32 image is the first of images in the renamed
toolbox image repository[0]. With the change we can drop the
pull_image_old() function because it was kept only for the old image.

Seems like newer version of ShellCheck checks the validity of variable
names (SC2153). This caused a false positive, so I silenced it.

[0] https://github.com/containers/toolbox/pull/615

https://github.com/containers/toolbox/pull/780
2021-05-31 12:28:24 +02:00
Ondřej Míchal
d36cf1cf43 ci: Drop testing on Fedora 32
Fedora 32 has reached EOL in 25/05/2021[0]. Bye bye...

[0] https://fedorapeople.org/groups/schedule/f-32/f-32-all-tasks.html

https://github.com/containers/toolbox/pull/779
2021-05-27 00:37:55 +02:00
Ondřej Míchal
871d905ceb test/system: Use env var for invoking Toolbox
The system test refactor[0] replaced the 'run_toolbox' helper function
with 'run toolbox', which is a normal invocation of Toolbox. This makes
it impossible to override Toolbox used during the tests using env var.

[0] https://github.com/containers/toolbox/pull/693
2021-05-26 22:52:40 +02:00
Ondřej Míchal
2369da5d31 cmd/list: Filter images/containers using labels
Instead of executing 'podman ps|images' several times in a row, call
them only once and get output with all images/containers. Then, filter
out the JSON using labels and keep images/containers only with matching
labels.

This simplifies the code significantly and cuts down the execution time
of 'toolbox list'. The speed gain is noticeable:

- the system has 5 images and 10 containers

Before patch: ~1.45s
After patch:  ~0.85s
2021-05-24 17:28:02 +02:00
Ondřej Míchal
49460ebc56 cmd/list: Track labels of images/containers
This will be needed in a following commit.
2021-05-24 17:28:02 +02:00
Ondřej Míchal
ea452d7ced doc: Update to match current state & extend docs
- Update "See also" sections

Toolbox does not use Buildah for a considerable time now[0]. We can stop
referencing it in the "See also" sections of the documentation.

In some places mention podman command man pages where they are relevant.

- Add section about toolbox images/containers

Toolbox only supports certain OCI images. These should be documented.
Also, document the change of fedora-toolbox image name.

- Add a section about toolbox container setup

Toolbox containers are specifically configured OCI containers. This
should be documented so that users know what they're using.

- Remove redundant part documentation

The description of what `toolbox init-container` does is already in
toolbox-init-container(1). There's no need to have it in
toolbox-create(1). Instead, replace the text with a hint to visit the
other part of documentation.

- Clarify behaviour of --image option

The fact that Toolbox by default tries to pull from the Fedora
registry[1] should be noted.

- Update synopsis & description of commands

Mention options passed to `podman exec`. Remove redundant paragraph
about container names (is already dealt with in toolbox-create(1)).

There's no need to mention the name of the default container on Fedora
since Toolbox now also supports RHEL.

Mention the default used image on unrecognised systems.

Emphasize the fact that toolboxes are not a fully sandboxed environment.

Update the wording of the description and splits it into a few
subsections.

The description of the --monitor-host was inaccurate and while the
option will go away in the future[2], it is currently in and should be
more documented.

[0] https://github.com/containers/toolbox/pull/160
[1] https://registry.fedoraproject.org
[2] https://github.com/containers/toolbox/pull/617

https://github.com/containers/toolbox/pull/512
2021-05-24 17:15:50 +02:00
Ondřej Míchal
3db59abf2a cmd/run: Use home folder when $PWD is not in toolbox
Since v0.0.91[0] Toolbox throws an error if $PWD is not available in a
toolbox. While this fixes the problem with 'toolbox enter/run' silently
failing to enter/exec in a container, it still requires an action to be
made by the user. I believe it is better to handle such situations more
gracefully by falling back to entering the user's home folder + printing
a warning about doing so.

[0] https://github.com/containers/toolbox/pull/370
2021-05-24 15:31:29 +02:00
Trung Lê
66c49e0926 Rename Dockerfile to Containerfile
https://github.com/containers/toolbox/pull/757
2021-05-24 15:26:35 +02:00