Commit Graph

2457 Commits

Author SHA1 Message Date
Erik Sjölund 685c736185 source code comments and docs: fix typos, language, Markdown layout
- fix a/an before noun
- fix loose -> lose
- fix "the the"
- fix lets -> let's
- fix Markdown layout
- fix a few typos
- remove unnecessary text in troubleshooting.md

Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
2023-05-22 07:52:16 +02:00
binghongtao 29749362a0
podman: Added find slirp4netns binary file from helper_binaries_dir
[NO NEW TESTS NEEDED]

Fixes: #18568
Signed-off-by: binghongtao <695097494plus@gmail.com>
2023-05-20 03:17:22 +08:00
OpenShift Merge Robot 3d8ab1fb22
Merge pull request #18606 from edsantiago/fix_wonky_kube_table
Fix discombobulated kubernetes support table
2023-05-17 14:33:03 -04:00
Daniel J Walsh 588dbcb516
Merge pull request #18614 from eriksjolund/improve_security_in_mysql_examples
[CI:DOCS] Improve security in mysql examples
2023-05-17 14:31:04 -04:00
OpenShift Merge Robot ae66ad4265
Merge pull request #18601 from giuseppe/block-PODMAN_USERNS-and---pod
run: block PODMAN_USERNS and --pod
2023-05-17 14:15:53 -04:00
Erik Sjölund a99ad3b364 [CI:DOCS] Improve security in mysql examples
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
2023-05-17 19:44:05 +02:00
Ed Santiago 458f2e8ed7 Fix discombobulated kubernetes support table
- remove "nolink", it was showing up in actual man page. Just
  use backslash-dot instead.
- remove empty table cells, replace with the word "no"

Fixes: #18603

Signed-off-by: Ed Santiago <santiago@redhat.com>
2023-05-17 09:17:56 -06:00
Giuseppe Scrivano 192ad70e98
run: ignore PODMAN_USERNS with --pod
the combination --pod and --userns is already blocked.  Ignore the
PODMAN_USERNS variable when a pod is used, since it would cause to
create a new user namespace for the container.

Ideally a container should be able to do that, but its user namespace
must be a child of the pod user namespace, not a sibling.  Since
nested user namespaces are not allowed in the OCI runtime specs,
disallow this case, since the end result is just confusing for the
user.

Closes: https://github.com/containers/podman/issues/18580

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2023-05-17 16:49:16 +02:00
Ed Santiago bf0cea76c7 fix HTMLSpan warnings
'make docs' has been spitting out these warnings:

   WARNING: go-md2man does not handle node type HTMLSpan

Warnings suck, they cost us important time and attention.

This warning is always caused by left-angle-brackets in markdown
but they are very hard to find. I've found them and fixed them.
Warnings are now gone.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2023-05-17 07:21:14 -06:00
Daniel J Walsh 32c2cea0f9
Remove future tense from man pages
Remove all will, would, could, should and use present tense.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-05-16 15:10:33 -04:00
OpenShift Merge Robot 07d2fbcd52
Merge pull request #18567 from ashley-cui/doc
[CI:DOCS] Document podman-machine-default behavior
2023-05-16 03:05:21 -04:00
Ashley Cui b9aaafbe17 Document podman-machine-default behavior
When no name arg is given to Podman machine commands, Podman assumes the machine name is podman-machine-default. Document this behavior.

Signed-off-by: Ashley Cui <acui@redhat.com>
2023-05-15 14:23:17 -04:00
Daniel Rudolf ae5cbf37cf
Fix documentation of `--network-cmd-path` CLI option
The `--network-cmd-path` CLI option only affects rootless networks using `slirp4netns(1)`, not `pasta(1)`.  Following #18568 Podman should rather use the more generic `r.config.FindHelperBinary()` method (and therefore honour the `helper_binaries_dir` config) to find the path to the `slirp4netns` binary and deprecate the misleading `--network-cmd-path` CLI option.  However, since this wasn't implemented yet we can't deprecate `--network-cmd-path` as of now.  Adding a note anyway.

Fixes #18560

Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
2023-05-15 17:47:40 +02:00
Daniel J Walsh 13f787842d
Fix handling of .containenv on tmpfs
Fixes: https://github.com/containers/podman/issues/18531

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-05-13 06:03:21 -04:00
Ygal Blum 26f1e95ab4 Kube Play - Support multi-doc YAML files for configmap argument
Read the entire YAML file in case of a multi-doc file
Adjust the unit test
Add a system test
Add comment in the man page

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2023-05-11 13:13:08 +03:00
OpenShift Merge Robot dc01ce8768
Merge pull request #18515 from vrothberg/fix-18486
quadlet: support `HostName`
2023-05-09 11:21:28 -04:00
Valentin Rothberg b97be3406b quadlet: support `HostName`
Add a new `HostName` field to Quadlet `.container` files.

Fixes: #18486
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2023-05-09 13:35:54 +02:00
Petr Lautrbach bdb3ed7950 Fix preference of user quadlets directories
If there's a container defined in multiple directories use the following
precedence:

$XDG_CONFIG_HOME/containers/systemd/ or ~/.config/containers/systemd/
takes precedence over /etc/containers/systemd/users/$(UID) and this
takes precedence over /etc/containers/systemd/users/

Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
2023-05-09 12:06:38 +02:00
Daniel J Walsh 27891a6640
Update docs/source/markdown/podman-systemd.unit.5.md
Co-authored-by: Valentin Rothberg <vrothberg@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-05-05 05:48:33 -04:00
Daniel J Walsh 73d3487cce
Allow user quadlets to be stored under /etc
I would like to allow admin to control quadlet containers
in users homedirs.

If an admin sets a quadlet in
/etc/containers/systemd/users, then all users will run these
quadlet services when they login.

If an admin places a quadlet in /etc/containers/systemd/users/$(USERNAME)
then only the USERNAME will execute this quadlet service when
they login.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-05-04 10:06:41 -04:00
Hussam Qasem 42c8227209
Update podman-completion.1.md
Remove extra period.

Signed-off-by: Hussam Qasem <68053227+hussam-qasem@users.noreply.github.com>
2023-05-04 11:24:24 +03:00
OpenShift Merge Robot a4e37ad659
Merge pull request #18354 from Luap99/reset
system reset: show graphRoot/runRoot before removal
2023-05-03 05:26:01 -04:00
Urvashi Mohnani db4ad54f92 Add {{.Restarts}} to podman pod ps
Add Restarts column to the podman pod ps output to show the total number
of times the containers in a pod were restarted. This is the same as the
restarts column displayed by kubernetes with kubectl get pods. This will
only be displayed when --format={{.Restarts}}.

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
2023-05-02 10:30:07 -04:00
Urvashi Mohnani 0fef113a4b Add {{.Restarts}} to podman ps
Add Restarts column to the podman ps output to show how many times a
container was restarted based on its restart policy. This column will be
displayed when --format={{.Restarts}}.

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
2023-05-02 10:30:07 -04:00
Urvashi Mohnani edbeee5238 Add --restart flag to pod create
Add --restart flag to pod create to allow users to set the
restart policy for the pod, which applies to all the containers
in the pod. This reuses the restart policy already there for
containers and has the same restart policy options.
Add "never" to the restart policy options to match k8s syntax.
It is a synonym for "no" and does the exact same thing where the
containers are not restarted once exited.
Only the containers that have exited will be restarted based on the
restart policy, running containers will not be restarted when an exited
container is restarted in the same pod (same as is done in k8s).

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
2023-05-02 10:29:58 -04:00
OpenShift Merge Robot 0b51f447b8
Merge pull request #18366 from AndroidKitKat/main
[CI:DOCS] Fix simple typo in podman-network-create.md
2023-04-27 07:34:24 -04:00
OpenShift Merge Robot af185b2f25
Merge pull request #18362 from rhatdan/quadlet
Support systemd optional prefix '-' for devices.
2023-04-27 02:59:18 -04:00
OpenShift Merge Robot 832b098471
Merge pull request #18303 from n1hility/user-mode
Add user-mode networking feature to Windows/WSL
2023-04-26 16:01:48 -04:00
Daniel J Walsh d51911f7b0
Support systemd optional prefix '-' for devices.
Systemd supports unit files with a prefix '-' which
tells the system to check if the content exists before
using it. This would allow the QM project to specify
AddDevice=-/dev/kvm, which would add the /dev/kvm device
to the container iff it exists on the host.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-04-26 14:22:57 -04:00
AndroidKitKat d905e412e8
Fix simple typo in podman-network-create.md
Found a typo today while reading documentation.

Simple enough change :-) 

Signed-off-by: Mike Eisemann <me@michaeleisemann.com>

Signed-off-by: AndroidKitKat <me@michaeleisemann.com>
2023-04-26 12:14:19 -04:00
Paul Holzinger 6aaf6a2843
system reset: show graphRoot/runRoot before removal
system reset it says it will delete containers, images, networks, etc...
However it will also delete the graphRoot and runRoot directories.
Normally this is not an issue, however in same cases these directories
were set to the users home directory or some other important system
directory.

As first step simply show the directories that are configured and thus
will be deleted by reset. As future step we could implement some
safeguard will will not delete some known important directories however
I tried to keep it simple for now.

[NO NEW TESTS NEEDED]

see #18349 and #18295

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-04-26 16:02:59 +02:00
Jason T. Greene 230ddbe0ca Add user mode networking feature to Windows
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
2023-04-24 17:11:54 -05:00
Valentin Rothberg 1361c6a334 [CI:DOCS] Quadlet: clarify overriding user/system services
Highlight that existing user and system services may be overridden if
they have same name as the Quadlet file.  Also point the user to
systemctl and how to list existing files.

Closes: #18275
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2023-04-24 11:22:07 +02:00
Valentin Rothberg 1f1525f2e1 support `--digestfile` for remote push
Wire in support for writing the digest of the pushed image to a
user-specified file.  Requires some massaging of _internal_ APIs
and the extension of the push endpoint to integrate the raw manifest
(i.e., in bytes) in the stream.

Closes: #18216
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2023-04-21 10:28:40 +02:00
arctic-alpaca 1cac535062
Update API reference to include v4.5
Signed-off-by: arctic-alpaca <67190338+arctic-alpaca@users.noreply.github.com>
2023-04-17 14:52:36 +02:00
Paul Holzinger e7a3236358
docs: update network tutorial with netavark DHCP support
Add instructions on how to start the netavark dhcp proxy. Also list
version requirements.

Fixes #17635

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-04-14 12:16:26 +02:00
Ygal Blum 4aced7e3eb Quadlet - do not set log-driver by default
Update e2e tests not to expect the flag
System tests - explicitly set the log driver to be able to parse the output

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2023-04-13 09:14:40 +03:00
OpenShift Merge Robot 8a9386d898
Merge pull request #18145 from sohankunkerkar/registry-migration
*: migrate image registry to registry.k8s.io
2023-04-12 06:37:28 -04:00
Park Jaeon d38b22d507
fix: Document removing anonymous volumes at create
[NO NEW TESTS NEEDED]
Signed-off-by: Park Jaeon <me@finalchild.dev>
2023-04-12 09:44:50 +09:00
Paul Holzinger b526839a4e
docs: update podman-network-create.1
- add information about netavark plugins
- add missing arguments to options the require an arg
- document that container dns is only supported with bridge

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-04-11 17:04:42 +02:00
Paul Holzinger ed99a979ce
network create: add --interface-name
Allow users to customize the network_interface option is the network
config. For bridge this allows users to change the bridge name and for
maclvan it will be the same as `--opt parent=...`.
However the main reason for this option is to allow netavark plugins to
make use of it. I demoed the host-device plugin which makes use of this
as an example. While we could let users set them via --opt it is more
natural to just use the field which is designed for that purpose.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-04-11 17:04:33 +02:00
Sohan Kunkerkar 64ea5971a1 *: migrate image registry to registry.k8s.io
This change is a part of the bigger umbrella issue: https://github.com/kubernetes/k8s.io/issues/4780
Currently, we need this change to get in https://github.com/cri-o/cri-o/pull/6742,
which is failing in CI due to inconsistent vendoring.

Signed-off-by: Sohan Kunkerkar <sohank2602@gmail.com>
2023-04-11 10:30:43 -04:00
Daniel J Walsh 1f2775cbdc
Merge pull request #18130 from flouthoc/bump-deps
vendor: bump `containers/(storage, buildah, image, common)`
2023-04-10 13:33:44 -04:00
Daniel J Walsh 0a89a22c71
Merge pull request #18105 from rhatdan/codespell
Fix up codespell errors
2023-04-10 13:33:04 -04:00
Aditya R 260bc3ec4c
vendor: bump containers/(storage, common, buildah, image)
Bump containers/(storage, common, buildah and image)

Changes since 2023-01-01:
 - skip mount-cache-selinux-long-name test under remote, with
   a FIXME requesting that someone see if it can be made to work.

 - skip six tests that fail under rootless-remote

 - add new --build-arg-file option:
 - update man page

Squash of:
* cf56eb1865
* 561f082772

Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Aditya R <arajan@redhat.com>
2023-04-10 17:30:14 +05:30
Daniel J Walsh c4e79fc169
Fix up codespell errors
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-04-08 00:53:38 -04:00
Daniel J Walsh a5dd5c20ee
Capitalize all uid,gid and id words that are not options in docs
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-04-08 00:41:47 -04:00
OpenShift Merge Robot 430603950b
Merge pull request #18098 from xduugu/quadlet-userns
quadlet: add `UserNS` option key
2023-04-07 23:31:53 -04:00
Cedric Staniewski f6a50311c5 quadlet: add `UserNS` option key
The `UserNS` key will replace the `RemapGid`, `RemapUid`, `RemapUidSize`
and `RemapUsers` options which are therefore marked as deprecated by
this commit.

Closes #17984

Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
2023-04-07 17:19:21 +02:00
Ed Santiago 761eca9e75 e2e tests: fix racy flakes
...mostly just test code that wasn't doing the required waits.

My first approach in the kube-play test was to add "--wait".
Bit mistake! The --wait flag, counterintuitively and counter to
documentation, actually destroys all pods+containers+everything
on exit. (Or tries -- see #17803). Since this violates POLA
and is undocumented, I include here a fix to the man page.

Despite my best intentions, I can't reasonably check every single
test for missing waits, especially in kube-play where failing
containers will get retried forever so we can't wait. We'll
just have to fix flakes as we see them.

Fixes: #17958
Fixes: #18071

Signed-off-by: Ed Santiago <santiago@redhat.com>
2023-04-05 13:51:59 -06:00