We had a bogus setting for secrets in our default containers.conf
[secret] should have been [secrets].
Also added a test to make sure this never happens again.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Commit ebfe786429 changed the default logging driver k8s-file to
journald. The only consumer of the log-driver is Podman which I think
still needs some more time to stabilize. Vendoring containers/common
into Podman has revealed quite some warts (see
containers/podman/pull/10222) which reduced my confidence level.
To resolve the chicken-egg-problem of maturing the journald driver, I
want to only partially revert commit ebfe786429. The built-in default
remains k8s-file while the containers.conf sets it to journald. The
intention behind is to make sure that running systems are not impacted
but we can change Fedora to journald to increase coverage.
Once the confidence level is back to normal, we can change the default
to journald. Latest before RHEL9.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This eliminates the concern of log files growing infinitely and also
records all containers for posterity rather then allowing the removal
of a container to destroy the record.
Partially fixes: https://github.com/containers/podman/issues/9158
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This reverts commit 451f5fb68b.
Journald is not yet passing Podman CI. We need to temporarily revert
the commit to unblock secrets work.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Currently when pulling/pushing images we default to the format
of the source image. When Building images we default to OCI.
Customers have asked us to allow them to force a specific image
type when pushing to a registry.
We already have a flag to building images.
This PR adds image_default_format to define the format to be used
by all tools create/building/pulling and pusing images.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This will allow users to configure the amount of parallel copies that
the container engines are allowed to do. This allows users to configure
their systems to match their available network settings.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In the containers.conf we default to true, but in code and man page
it is defaulted to false. Since Podman wants it defaulted to true
we need to change default and man page to match.
Also fixed the testing for SELinux, which would never succeed on an SELinux box.
Helps fix: https://github.com/containers/podman/pull/8844
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Systemd is now complaining or mentioning /var/run as a legacy directory.
It has been many years where /var/run is a symlink to /run on all
most distributions, make the change to the default.
Partial fix for https://github.com/containers/podman/issues/8369
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Users could have any one of the OCI runtimes installed,
code will search for default. This way they do not need
to modify defaults if they have "crun" installed.
Search order will be crun, runc, kata
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We decided that making users explicitly list plugins they wanted
to use was not a bad thing, and greatly simplifies our
implementation. As such, we need a place to do that, and
`containers.conf` is the logical location.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Also fixup some formatting issues in man pages.
Fix generation of multiple man pages.
Partial fix for: https://github.com/containers/podman/issues/7888
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Since secrets is shared by buildah, podman and cri-o, we need
to move it to containers/common.
Also move containers-mounts.conf.5.md to common from podman,
since this is common to all packages.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This flag would allow users to run the podman command
in podman-remote mode by default. If you are primarily using
podman to access a remote server, you might want to enable this
flag and not have to install podman-remote as well as podman command.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The current description is wrong it says that no-common does
not use cgrous, when it should say there is no cgroup
created for the conmon process.
Fixes: https://github.com/containers/common/issues/321
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Some users want to stick to "docker" format escecially since some older
container registries don't properly support OCI images.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We want to make sure that the TERM envionment variable is always
set. TERM defaulted to ansi might be better, but we want to match
Docker defaults, so we will stick at xterm.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently it is difficult to modify the path to the storage.conf
file for setting up testing. It is hard coded to use /etc/containers/storage.conf.
Adding this envionment variable, will allow us to write tests on storage.conf
that do not override the system defaults.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add an option to control the default behavior of `podman save` or other
container engines. If set to "true", the engine will create a
multi-image (docker) archive. By default, Podman will interpret
additional arguments as tags that'll be stored in the archive's
manifest. Docker interprets additional arguments as images to allow for
creating multi-image archives. This option allows users to chose how
they wish the default behavior to look like, so we don't break
compatibility with existing Podman workloads while being compatible
with Docker.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
hooks_dir_path was in wrong location, should be under Enigne section
network_cmd_path was not documented.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We need to identify the list of containers that support KVM separation, these
containers can run with a different SELinux label, and we might be able to
make different decisions in the container engines about how to launch these
containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The `pause:3.1` has wrong configs for non-amd64 images as they all claim
to be for amd64. The issue has now been fixed in the latest
`pause:3.2`.
[1] https://github.com/kubernetes/kubernetes/issues/87325
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
OpenShift Merge Robot
Vikas Goel
Matej Vasek
Daniel J Walsh
Tino Rusch
Brent Baude
Valentin Rothberg
Matthew Heon
Ashley Cui
pacoxu
Tom Sweeney
Jhon Honce
Qi Wang