Found in debian testing where by default there are no unqualified search
registries installed. As such the test failed as the FIXME said. Now
there is no need for the test to assume anything.
Instead set our own config via CONTAINERS_REGISTRIES_CONF then we can
do exact matches, except that env was not read in the shell completion
code so move some code around to make it read the var in the same way as
podman login/logout.
Signed-off-by: Paul Holzinger <git@holzinger.dev>
* Add --hosts-file flag to container create, container run and pod create
* Add HostsFile field to pod inspect and container inspect results
* Test BaseHostsFile config in containers.conf
Signed-off-by: Gavin Lam <gavin.oss@tutamail.com>
* podman manifest remove doesn't accept references as descriptions of
what to remove from a list or index; only use digests in the man page
* podman manifest remove only removes one thing at a time; correct the
man page examples
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The expectation with --cgroups=disabled is that the current cgroup is
used by the container.
Currently the --cgroups=disabled is passed directly to the OCI
runtime, but it doesn't stop Podman from creating a new cgroup when it
doesn't own the current one.
Closes: https://github.com/containers/podman/issues/20910
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The logic here is more complex than I would like, largely due to
the behavior of `podman inspect` for running containers. When a
container is running, `podman inspect` will source as much as
possible from the OCI spec used to run that container, to grab
up-to-date information on things like devices. We don't want to
change this, it's definitely the right behavior, but it does make
updating a running container inconvenient: we have to rewrite the
OCI spec as part of the update to make sure that `podman inspect`
will read the correct resource limits.
Also, make update emit events. Docker does it, we should as well.
Signed-off-by: Matt Heon <mheon@redhat.com>
Commit 03f6589f3 added basic support for pull-error event from libimage
but it contains several problems:
1. storing the error as error type prevents it from being unmarshalled,
thus change it to a string
2. the error was never propagated from the libimage event to the podman
event struct
3. the error message was not wired into the cli and API
This commit fixes these problems.
Fixes#21458
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Like docker podman network inspect should output the information of
running container with their ip/mac address on this network.
However the output format is not docker compatible as this cannot
include all the info we have and the previous output was already not
compatible so this is not new.
New example output:
```
[
{
...
"containers": {
"7c0d295779cee4a6db7adc07a99e635909413a390eeab9f951edbc4aac406bf1": {
"name": "c2",
"interfaces": {
"eth0": {
"subnets": [
{
"ipnet": "10.89.0.4/24",
"gateway": "10.89.0.1"
},
{
"ipnet": "fda3:b4da:da1e:7e9d::4/64",
"gateway": "fda3:b4da:da1e:7e9d::1"
}
],
"mac_address": "1a:bd:ca:ea:4b:3a"
}
}
},
"b17c6651ae6d9cc7d5825968e01d6b1e67f44460bb0c140bcc32bd9d436ac11d": {
"name": "c1",
"interfaces": {
"eth0": {
"subnets": [
{
"ipnet": "10.89.0.3/24",
"gateway": "10.89.0.1"
},
{
"ipnet": "fda3:b4da:da1e:7e9d::3/64",
"gateway": "fda3:b4da:da1e:7e9d::1"
}
],
"mac_address": "f6:50:e6:22:d9:55"
}
}
}
}
}
]
```
Fixes#14126
Fixes https://issues.redhat.com/browse/RHEL-3153
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Moving from Go module v4 to v5 prepares us for public releases.
Move done using gomove [1] as with the v3 and v4 moves.
[1] https://github.com/KSubedi/gomove
Signed-off-by: Matt Heon <mheon@redhat.com>
We now no longer write containers.conf, instead system connections and
farms are written to a new file called podman-connections.conf.
This is a major rework and I had to change a lot of things to get this
to compile again with my c/common changes.
It is a breaking change for users as connections/farms added before this
commit can now no longer be removed or modified directly. However because
the logic keeps reading from containers.conf the old connections can
still be used to connect to a remote host.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Cut is a cleaner & more performant api relative to SplitN(_, _, 2) added in go 1.18
Previously applied this refactoring to buildah:
https://github.com/containers/buildah/pull/5239
Signed-off-by: Philip Dubé <philip@peerdb.io>
For all commands with a --filter option, cross-reference
against man pages, and vice-versa.
I'm sorry. I know this script has gone off the deep end.
[NO NEW TESTS NEEDED] although actually I would like to test some broken completions
Signed-off-by: Ed Santiago <santiago@redhat.com>
Support a new concept in containers.conf called "modules". A "module"
is a containers.conf file located at a specific directory. More than
one module can be loaded in the specified order, following existing
override semantics.
There are three directories to load modules from:
- $CONFIG_HOME/containers/containers.conf.modules
- /etc/containers/containers.conf.modules
- /usr/share/containers/containers.conf.modules
With CONFIG_HOME pointing to $HOME/.config or, if set, $XDG_CONFIG_HOME.
Absolute paths will be loaded as is, relative paths will be resolved
relative to the three directories above allowing for admin configs
(/etc/) to override system configs (/usr/share/) and user configs
($CONFIG_HOME) to override admin configs.
Pulls in containers/common/pull/1599.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add a new "healthy" sdnotify policy that instructs Podman to send the
READY message once the container has turned healthy.
Fixes: #6160
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Support two new wait conditions, "healthy" and "unhealthy". This
further paves the way for integrating sdnotify with health checks which
is currently being tracked in #6160.
Fixes: #13627
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
When we do path completion in images a user could try to complete a
simple relative path, e.g. podman run $IMAGE e... should complete to etc
if this path exists in the image. Right now we panic in this case as the
current check didn't account for an empty string in simplePathJoinUnix().
In such a case return the path directly because we can not alter what
the user typed on the cli and must return a path without slash as well
in order for the shell to suggest the completion.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2209809
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Depending on the backend (CNI, netavark) we support different drivers,
the auto completion should only suggest the ones that are available.
This list is podman info so we can get the correct list for local and
remote.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
For systems that have extreme robustness requirements (edge devices,
particularly those in difficult to access environments), it is important
that applications continue running in all circumstances. When the
application fails, Podman must restart it automatically to provide this
robustness. Otherwise, these devices may require customer IT to
physically gain access to restart, which can be prohibitively difficult.
Add a new `--on-failure` flag that supports four actions:
- **none**: Take no action.
- **kill**: Kill the container.
- **restart**: Restart the container. Do not combine the `restart`
action with the `--restart` flag. When running inside of
a systemd unit, consider using the `kill` or `stop`
action instead to make use of systemd's restart policy.
- **stop**: Stop the container.
To remain backwards compatible, **none** is the default action.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
"podman kube generate" creates Kubernetes YAML from Podman containers,
pods or volumes. Users will still be able to use "podman generate
kube" as an alias of "kube generate".
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
implement new ssh interface into podman
this completely redesigns the entire functionality of podman image scp,
podman system connection add, and podman --remote. All references to golang.org/x/crypto/ssh
have been moved to common as have native ssh/scp execs and the new usage of the sftp package.
this PR adds a global flag, --ssh to podman which has two valid inputs `golang` and `native` where golang is the default.
Users should not notice any difference in their everyday workflows if they continue using the golang option. UNLESS they have been using an improperly verified ssh key, this will now fail. This is because podman was incorrectly using the
ssh callback method to IGNORE the ssh known hosts file which is very insecure and golang tells you not yo use this in production.
The native paths allows for immense flexibility, with a new containers.conf field `SSH_CONFIG` that specifies a specific ssh config file to be used in all operations. Else the users ~/.ssh/config file will be used.
podman --remote currently only uses the golang path, given its deep interconnection with dialing multiple clients and urls.
My goal after this PR is to go back and abstract the idea of podman --remote from golang's dialed clients, as it should not be so intrinsically connected. Overall, this is a v1 of a long process of offering native ssh, and one that covers some good ground with podman system connection add and podman image scp.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Make sure that the docs for pull policies is consistent with Buildah and
reflects the implementation.
Further improve the help messages and auto completions.
[NO NEW TESTS NEEDED]
Fixes: #14846
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Update the podman pod unpause to only show the paused
containers with autocomplete.
Fix a typo in the help command.
Update the unpause function to only attempt an unpause
on pasued pods instead of all the pods.
Update the tests accordingly.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
implement podman pod clone, a command to create an exact copy of a pod while changing
certain config elements
current supported flags are:
--name change the pod name
--destroy remove the original pod
--start run the new pod on creation
and all infra-container related flags from podman pod create (namespaces etc)
resolves#12843
Signed-off-by: cdoern <cdoern@redhat.com>
When you try to complete a path which exists and it is a file the
completion logic did not check the parent dir for other matching file
names. To fix that we have to check if the current completion is not a
dir and use the parent dir in this case.
See the updated test for an example why this is required.
Also make sure directories are correctly completed, the shell always
adds the "/" as suffix to signal the user that this path is a directory.
In this case we do not want to automatically add a space. When the path
is a regular file we want the space after the suggestion since there is
nothing more to complete.
This better matches the normal default shell completion.
The test were changed to not assume any particular ordering since this
is irrelevant for the shell completion script and there is no guarantee
about the ordering.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add shell completion for paths inside the container or image. Currently
podman run IMAGE [TAB] only uses the default shell completion which
suggests paths on the host. This is fine for some cases but often the
user wants a path which only exists in the image/container.
This commits adds support for that. Both podman create/run can now
complete the paths from the image, podman cp ctr:... now completes paths
from the actual container.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
There is no good way to recommend labels for podman container runlabel.
Add the missing max-size log option. These are the only documented
options so the completion should not suggest something different.
Add proper --stop-signal completion. It will now complete all supported
signal names both upper and lowercase depending on the user input. Also
it work with and without the SIG prefix.
Fixing the TODOs in this file are more complicated since they describe
bigger features.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It is better to just reuse the existing constants instead of duplicating
the strings.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
docker-archive was missing from the completions. To prevent duplication
use the same format list as podman save.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add all option that are supported by the podman inspect --type flag to
the completions. Also use the same constants instead of duplicating the
strings. In order to do this I had to move the definitions into the
common package to prevent an import cycle.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The completion suggested incorrect values for `podman events --filter
type=` . It should only list types not the event status. Also make sure
to use the constants instead of duplicating the strings.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
From a template users POV it is not importent when they use a struct field or
method. They only notice the difference when the function requires arguments.
So lets be nice and let the user know that this method requires arguments
via the help text.
This is how it now looks like when the completion descriptions are enabled
on bash:
```
$ bin/podman ps --format {{.Created.A
{{.Created.AddDate (This is a function and requires 3 arguments) {{.Created.After (This is a function and requires 1 argument)
{{.Created.Add (This is a function and requires 1 argument) {{.Created.AppendFormat (This is a function and requires 2 arguments)
```
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently we only support structs in a template string like this:
`{{.var1.test.` -> this meams that test must be a struct field on var1.
Now with this var1 and test could also be either a map or function which
returns a struct.
A actual example:
`podman container inspect --format {{.NetworkSettings.Networks.netname.`
Now we can complete the struct fileds after netname. Note that this
cannot complete map keys since they are empty by default, so it is
impossible to get them in the completion logic.
Also this fixes a panic with embeeded nil structs
Fixes#14223
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When a struct is embeeded it is possible that we end up with same names
but different types, this results in incorrect completions. The go
template logic always preferes the actual field/method name before the
one from the embedded one. Thefore the completion logic should do the
same. First get all method/fields names from the struct and then only
add the field names from the embedded struct when they are not already
present in the list.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In a template you cann call function that are defined on a type, however
this is only useful if they return one value. If it returns more than
one the template cannot know what value it has to display.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
go templates only support exported fields, so the completion logic must
filter the private fields out.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The completion logic currently suggest also the functions that are
defined for this type. However this did not work correctly when it was
defined as pointer to that type on not the actual type.
This commit fixes that problem. To test you can compare the difference
between `podman stats --format {{.[TAB]` with and without this commit.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add the notion of an "exit policy" to a pod. This policy controls the
behaviour when the last container of pod exits. Initially, there are
two policies:
- "continue" : the pod continues running. This is the default policy
when creating a pod.
- "stop" : stop the pod when the last container exits. This is the
default behaviour for `play kube`.
In order to implement the deferred stop of a pod, add a worker queue to
the libpod runtime. The queue will pick up work items and in this case
helps resolve dead locks that would otherwise occur if we attempted to
stop a pod during container cleanup.
Note that the default restart policy of `play kube` is "Always". Hence,
in order to really solve #13464, the YAML files must set a custom
restart policy; the tests use "OnFailure".
Fixes: #13464
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
We should not include the anonymous twice in the suggestions.
one example is `podman network ls --format {{.` it will also show
`{{.Network` but since Network is the actual struct all fields are
already shown so there is no need for it to be suggested.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Paul Holzinger
Gavin Lam
Nalin Dahyabhai
Giuseppe Scrivano
Matt Heon
Paul Holzinger
openshift-merge-bot[bot]
Philip Dubé
Ed Santiago
Daniel J Walsh
Valentin Rothberg
Urvashi Mohnani
Chetan Giradkar
Erik Sjölund
Niall Crowe
Charlie Doern
cdoern
OpenShift Merge Robot