when running container creation as rootless on the compatibility layer,
we need to make sure settings are not being done for memory and memory
swappiness.
Signed-off-by: baude <bbaude@redhat.com>
Allow users to specify unbindable on volume command line
Switch internal mounts to rprivate to help prevent leaks.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This is a continuation of #8189 and #8085.
When doing a `docker build` command, if the `--pull` command is not specified
or set to `false` the pullOption used is `PullifMissing`. This causes the
build to pull the image only if it is not present in local storage. It also will
raise an error if the image is not found in the registry (or the registry is down),
even if the image is present in local storage.
If the `--pull` command IS specified or specified with an argument of `true`, the
build will always pull the image from the registries. This uses the pullOption
`PullAlways`. It also will raise an error if the image is not found in the registry,
even if the image is present in local storage.
These changes now brings the pull functionality for `podman build` into line
with `docker build`.
However, I consider this to be a breaking change. Previously if you did
`podman build --pull`, `podman build` or `podman build --pull = true`, then
the image would be pulled from the registry if there was not an image in
local storage or if the image in the registry was newer than the one in
local storage. An error would *NOT* be raised if there was not an image in
the registry or the registry was down as long as there was a copy in the local
storage. An error would be raised if the image could not be retrieved from
both the registry and local storage. This is the PullOption `PullIfNewer`.
I believe this also differs from what Buildah does at this time but I'm too
beat to chase that down at the moment.
Personally I'd like to use the `PullIfNewer` for at least `--pull` and
`--pull=true` so that you don't get an error if the registry has a network
hiccup and the image is already stored locally. But this differs from Docker.
I'd like to post scrum about this at our next stand up to make sure we're
all on the same page about the ramifications of this change.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Remove the search limit check since the c/image v5.6.0 supports pagination and can give result over 100 entries.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Most of the builtin golang functions like os.Stat and
os.Open report errors including the file system object
path. We should not wrap these errors and put the file path
in a second time, causing stuttering of errors when they
get presented to the user.
This patch tries to cleanup a bunch of these errors.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The behavior should be as follows: Unset, pull if missing by
default, obey the `--pull-never` and `--pull-always` flags. Set
to false, pull never. Set to true, pull always.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Add a new "image" mount type to `--mount`. The source of the mount is
the name or ID of an image. The destination is the path inside the
container. Image mounts further support an optional `rw,readwrite`
parameter which if set to "true" will yield the mount writable inside
the container. Note that no changes are propagated to the image mount
on the host (which in any case is read only).
Mounts are overlay mounts. To support read-only overlay mounts, vendor
a non-release version of Buildah.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
podman inspect only had the capabilities to inspect containers and images. if a user wanted to inspect a pod, volume, or network, they would have to use `podman network inspect`, `podman pod inspect` etc. Docker's cli allowed users to inspect both volumes and networks using regular inspect, so this commit gives the user the functionality
If the inspect type is not specified using --type, the order of inspection is:
containers
images
volumes
networks
pods
meaning if container that has the same name as an image, podman inspect would return the container inspect.
To avoid duplicate code, podman network inspect and podman volume inspect now use the inspect package as well. Podman pod inspect does not because podman pod inspect returns a single json object while podman inspect can return multiple)
Signed-off-by: Ashley Cui <acui@redhat.com>
when using the compatibility endpoint to create a container, we should only set certain resources when we are provided a value for them or we result in fields with zero values.
Signed-off-by: baude <bbaude@redhat.com>
Currently if you run an interactive session of podman run and
specifiy the --cidfile option, the cidfile will not get created
until the container finishes running. If you run a detached
container, it will get created right away. This Patch creates
the cidfile as soon as the container is created. This could allow
other tools to use the cidefile on all running containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Auto updates have inititally been marked as experimental which allowed
us to receive initital feedback from the community. More than half a
year has passed and we are now confident to mark `podman-auto-update`
as stable.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Detached containers and detach keys are only created with the podman run, i
exec, and start commands. We do not store the detach key sequence or the
detach flags in the database, nor does Docker. The current code was ignoreing
these fields but documenting that they can be used.
Fix podman create man page and --help output to no longer indicate that
--detach and --detach-keys works.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When using 'podman build --pull=true', the image was not pulled
if the image being pulled was present locally, but a newer version
was in the repository. It was only pulled if there was no image
in local storage.
In addition, the pull-never option was ignored. The line
`if flags.Pull{` at line 244 was always returning true
negating the default pullPolicy of PullNever.
Reworked the algorthim for the selection process. Now
PullIfNewer is set to the default, and then we set the
pullPolicy appropriately based on the other flags
passed in to this routine.
As an FYI, logic run in the calling functions ensures
that we have only one pull flag in the command.
Addresses: #8024
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
All formatting for containers stack moved into one package
The does not correct issue with headers when using custom tables
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Want to have man pages match commands, since we have lots of printed
man pages with using Options, we will change the command line to use
Options in --help.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In older versions of podman, we supported decimal numbers defaulting
to microseconds. This PR fixes to allow users to continue to specify
only digits.
Also cleaned up documentation to fully describe what input for --interval flag.
Finally improved testing on podman wait to actually make sure the command succeeded.
Fixed tests to work on podman-remote.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently we leak stdin into podman builds, which can lead
to issues like run commands inside of the container waiting for
user input.
We should not take input from users other then if the user specifies
podman build -f - or podman build -, which are taken care of in other code.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
when using the compatibility layer to create containers, it used code paths to the pkg/spec which is the old implementation of containers. it is error prone and no longer being maintained. rather that fixing things in spec, migrating to specgen usage seems to make the most sense. furthermore, any fixes to the compat create will not need to be ported later.
Signed-off-by: baude <bbaude@redhat.com>
When defining multiple ports (same src/dst) like `-p 80:80 -p 443:443`
then podman will not show the complete output on `podman ps` (only
`0.0.0.0:80->80/tcp` in the example). This also applies to port ranges.
This patch refactors the port loop by pre-checking for ranges and
displaying them correctly to the end user.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
These options are now fully supported in the remote API and should no
longer be hidden and/or documented as non supported.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
External containers are containers created outside of Podman.
For example Buildah and CRI-O Containers.
$ buildah from alpine
alpine-working-container
$ buildah run alpine-working-container touch /test
$ podman container exists --external alpine-working-container
$ podman container diff alpine-working-container
C /etc
A /test
Added --external flag to refer to external containers, rather then --storage.
Added --external for podman container exists and modified podman ps to use
--external rather then --storage. It was felt that --storage would confuse
the user into thinking about changing the storage driver or options.
--storage is still supported through the use of aliases.
Finally podman contianer diff, does not require the --external flag, since it
there is little change of users making the mistake, and would just be a pain
for the user to remember the flag.
podman container exists --external is required because it could fool scripts
that rely on the existance of a Podman container, and there is a potential
for a partial deletion of a container, which could mess up existing users.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* system df
* events
* fix error handling from go routine
* update tests to use gomega matchers for better error messages
* system info
* version
* volume inspect
Signed-off-by: Jhon Honce <jhonce@redhat.com>
OpenShift Merge Robot
Paul Holzinger
baude
Daniel J Walsh
TomSweeneyRedHat
Jordan Christiansen
Qi Wang
Matthew Heon
Jhon Honce
Valentin Rothberg
Ashley Cui
Sascha Grunert
Matthew Heon