This allows us to attach to attach to just stdout or stderr or
stdin, or any combination of these.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #608
Approved by: baude
When a container is transitioning from running to stopped and stats is runnings,
we should not break stats if we are unable to get stats for that container.
Resolves: #598
Signed-off-by: baude <bbaude@redhat.com>
Closes: #599
Approved by: mheon
This patch changes the way the inspect command output is displayed
on the screen when the format is set to JSON.
Note: if the output is redirected to a file the output is *not*
escaped.
For example, before this commit if you run:
$ sudo podman inspect --format "json" daveimg
[
{
...
"Author": "Dave \u003cdave@corp.io\u003e",
}
...
]
with this patch the output will be:
[
{
...
"Author": "Dave <dave@corp.io>",
}
...
]
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
Closes: #602
Approved by: mheon
--group-add
--blkio-weight-device
--device-read-bps
--device-write-bps
--device-read-iops
--device-write-iops
--group-add now supports group names as well as the gid associated with them.
All the --device flags work now with moderate changes to the code to support both
bps and iops.
Added tests for all the flags.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #590
Approved by: mheon
When an image name has no reponames, you should still be able to run it
by ID. When doing so, imageName needs to be set to "" so we don't hit an index
out of range error
Resolves: #587
Signed-off-by: baude <bbaude@redhat.com>
Closes: #593
Approved by: mheon
In our ezrly development, we always allocated a tty when not -d. Now we should only allocated when the user asks for it.
Resolves: #573
Signed-off-by: baude <bbaude@redhat.com>
Closes: #574
Approved by: rhatdan
We no longer require an explicit Init() to start a container, as
Start() will now call Init() if the container is not initialized.
Remove explicit Init() invocations from run and start to help
with dependency ordering - less time for a dependency to go down
before we start.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #577
Approved by: rhatdan
Adds support for mounting secrets especially on RHEL where the container
can use the host subsription to run yum
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #544
Approved by: rhatdan
so that it is possible to use systemd to automatically restart the
container:
[Service]
Type=forking
PIDFile=/run/awesome-service.pid
ExecStart=/usr/bin/podman run --conmon-pidfile=/run/awesome-service.pid --name awesome -d IMAGE /usr/bin/do-something
ExecStopPost=/usr/bin/podman rm awesome
Restart=always
Closes: https://github.com/projectatomic/libpod/issues/534
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #549
Approved by: rhatdan
podman parse and attach were using a very small portion of the kubernetes code
but using it caused a signficant increase in binary size.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #559
Approved by: rhatdan
When no image is found, display a useful error message. Also, in imageToRef
protect against a nil image being passed.
Resolves: #553
Signed-off-by: baude <bbaude@redhat.com>
Closes: #555
Approved by: mheon
If the user does not specify foo=bar, then the exec code should
look for the foo environment variable in its environment and pass it
in. This is the way podman run works.
Also added tests to make sure this all works.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #552
Approved by: mheon
Add only when it's not already present.
Add a more specific version in podman spec generation
so we get 'container=podman' not 'container=libpod'
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #540
Approved by: baude
Cull funcs from runtime_img.go which are no longer needed. Also, fix any remaining
spots that use the old image technique.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #532
Approved by: mheon
Both podman run and create have an option to write the container ID to a file. The option
is called cidfile. If the cidfile exists, we should not create or run a container but rather
output a sensical error message.
Resolves: #530
Signed-off-by: baude <bbaude@redhat.com>
Closes: #531
Approved by: rhatdan
An image name is really just a tag. When an image has multiple tags, we should be
able to "delete" the one of its tags without harm. In this case, the "delete' is
really a form of Untag (removing the tag from the image).
If an image has multiple tags and the user tries to delete by ID without force, this
should be denied because when you delete by ID there is no distinguishing it like
image tags.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #528
Approved by: mheon
Migrate the podman create and commit subcommandis to leverage the images library. I also had
to migrate the cmd/ portions of run and rmi.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #498
Approved by: mheon
Having a default workdir is causing us not to use the
container images workdir.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #501
Approved by: mheon
This solves our prior problems with attach races by ensuring the
order is correct.
Also contains substantial cleanups to the attach code.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #482
Approved by: baude
This represents the stage3 implementation for the image library. At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references. This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #484
Approved by: baude
Other container runtimes include the tmpfs mount points in their inspect
output. Podman should as well. It is under hostconfig.
Resolves: #483
Signed-off-by: baude <bbaude@redhat.com>
Closes: #488
Approved by: rhatdan
Return and print the correct list of images by adding all specified
RepoTags to one image object, and priting them separately in
repository:repotag pairs.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #477
Approved by: rhatdan
The default outout for podman ps should limit itself if the command is long. If the command
is more than 20 characters, we truncate the command and add an elipses to it.
Resolves: #464
Signed-off-by: baude <bbaude@redhat.com>
Closes: #466
Approved by: rhatdan
The progress should not be show for import, load, and commit. It makes machine
parsing of the output much more difficult. Also, each command should output an
image ID or name for the user.
Added a --verbose flag for users that still want to see progress.
Resolves issue #450
Signed-off-by: baude <bbaude@redhat.com>
Closes: #456
Approved by: rhatdan
If a container stops, we should stop the logging capability and
gracefully exit. However, if the container pauses, we should allow
the log to continue.
Resolves issue: #435
Signed-off-by: baude <bbaude@redhat.com>
Closes: #437
Approved by: baude
Due to the way ps arguments work, it was possible to display pids
that dont below to the container in top output. We now filter pids
that dont belong to the container out of the output. This also means
the pid column must be present in the output or we throw an error.
This resolves issue #391
Signed-off-by: baude <bbaude@redhat.com>
Closes: #400
Approved by: rhatdan
The exit code should be derived in the batch operation and pulled
from the batchinfo struct.
Resolves issue #407
Signed-off-by: baude <bbaude@redhat.com>
Closes: #408
Approved by: rhatdan
When trying to tag an alias (tag) of an image using only the shortname
and no tag, we were unable to find the image in storage. This corrects
that issue and adds an integration test to protect against regression. I
also updated the man page per the filed issue.
While writing the integration test, I discovered that inspect could also
not find a tagged image without its :tag.
Resolves Issue #385
Resolves Issue #384
Signed-off-by: baude <bbaude@redhat.com>
Closes: #398
Approved by: mheon
The podman ps command for non-json targets has the ability to use a "batched" function
which limits the use of locks needed. The collection of output for JSON should use
this too.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #380
Approved by: rhatdan
--image-volumes tells podman what to do with the image volumes in the image config
There are 3 options: bind, tmpfs, and ignore
bind puts the volume contents in /var/lib/containers/storage/container-id/volumes/vol-dir
and bind mounts it into the container at /vol-dir
tmpfs mounts /vol-dir as a tmps into the container
ignore doesn't mount the image volumes onto the container
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #377
Approved by: rhatdan
The exit codes for 126 and 127 were reversed. For the record, the exit
codes used are as follows:
* 125 if ‘chroot’ itself fails
* 126 if COMMAND is found but cannot be invoked
* 127 if COMMAND cannot be found
This resolves issue #367
Signed-off-by: baude <bbaude@redhat.com>
Closes: #378
Approved by: baude
Inspect should be able to inspect one or more containers depending
on the user input. Therefore, inspect output should be in array
format so the consumer could potentially iterate it. This PR allows
users to specify one more or containers|images|or a mix for
inspection. The output, as stated, is therefore in array form. This
holds true even for a singular image.
In the case that the user enters an invalid container|image "name", we
handle that gracefully. Podman will output json for the valid names
until it reaches the invalid one. For example:
In this case, podman will out the json for alpine and then print an
error about 123 being invalid. It will not continute onto busybox.
This behavior imatates docker.
This addresses issue #360
Signed-off-by: baude <bbaude@redhat.com>
Closes: #371
Approved by: baude
Previous code was using slow routines to collect some of the information
needed to output images. Specifically size was being calculated instead
of using the cached, already known size already available. Also, straight-
lined several of the code paths. Overall assessment is that these
improvements cut the time for images in half.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #365
Approved by: mheon
podman save would write the progress bar to the image tar file
when the output was redirected with >.
Fixed the writer to write to stderr for all commands using writer
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #362
Approved by: mheon
We should be able to run nested podman containers in particular
for our testing environment. i.e. eat our own dog food.
Some privileges had to be corrected in order for this to work
correctly.
Added a third papr target that runs podman tests inside podman. I
marked the test as not required right now as we get more confident
in the results
Signed-off-by: baude <bbaude@redhat.com>
Closes: #340
Approved by: rhatdan
podman does not implement --all for images
intermediate images are only generated during the build process. they are
children to the image once built. until buildah supports caching builds,
it will not generate these intermediate images.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #344
Approved by: rhatdan
When using podman to pull an image, print the image id after
the image is pulled.
Resolves issue #329
Signed-off-by: baude <bbaude@redhat.com>
Closes: #342
Approved by: rhatdan
When an image does not have an ENTRYPOINT nor a CMD and the
user does not provide a command in the CLI, we should fail
gracefully.
This resolves issue #328
Signed-off-by: baude <bbaude@redhat.com>
Closes: #333
Approved by: mheon
When running a privileged container, it should inherit the same
devices the host has.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #330
Approved by: mheon
By not getting data that we don't need and adding more locking
functions under the batch, we are able to cut the time for listing
50 containers in half. More to come.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #325
Approved by: mheon
Changing these fields caused the output of podman inspect to more
closely match docker inspect.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #306
Approved by: mheon
When an image has an ENTRYPOINT defined, we should be honoring it. The
problem is described in issue #321.
Also, added buildah binary to test runtimes for testing entrypoint and
will also allow us to test podman build as well.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #322
Approved by: rhatdan
Rework port code for generalized clean up and to address
issue #269 where additional portbindings between host
and containers we being introduced by error.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #308
Approved by: mheon
Fix issues with tailing of container logs as described
in issue #16. Also add in the ability to use a duration or
known time stamp formats for the --since flag.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #317
Approved by: mheon
If the output is to a terminal, return a new line at the end of the
output so that the output is visually appealing. If the output is being
piped, or saved to a file, basically not being outputted to a terminal, do
not print a new line at the end of the output. This ensures any further data
manipulation with the results happens smoothly without requiring to remember
the '/n' at the end of the output.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Made a change to make sure that the output paths of podman inspect
matches that of docker inspect. For example to get the stop signal
you should be able to do podman inspect ctr --format {{.Config.StopSignal}}
and the same thing in docker will give the same results.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #292
Approved by: rhatdan
podman search queries a registry for a matching image and prints
the output.
I added a new flag called "registry" giving the user the option
to search a specific registry if they don't want to search all
their default registries.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #241
Approved by: rhatdan
Issue #169 describes a common failure when running podman top where
if the commands inside the container container a space in them, podman
will panic. This was occuring because we take the output from ps and
attempt to format it nicely for output and things like JSON. Given that
this cannot be predicted or dealt with programatically, the decision was
made to deprecate the format switch and simply output what ps provides
us.
Migrated top integration tests to ginkgo.
Resolves Issue: https://github.com/projectatomic/libpod/issues/169
Signed-off-by: baude <bbaude@redhat.com>
Closes: #291
Approved by: rhatdan
Migrate create and commit bats tests to the ginkgo
test suite. In doing so, some structures had to be
moved to pkg/podmanstructs/podmanstructs.go so we
could do better verification of test results.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #286
Approved by: rhatdan
podman login would add on the registry name to the cert-dir path
making containers/image look in a directory that did not exist for
certificates.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #283
Approved by: rhatdan
When network == none, the container should only have a
loopback interface and that's it.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #176
Approved by: baude
Migrate ps, pull, push, and rm from bats to ginkgo.
Also, fixed a conditional issue with adding ports
when an image defines the port and the user wants
to override it.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #277
Approved by: baude
Normal Stop should not need a timeout, and should use the default
Add a function that does accept a timeout aside it
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #272
Approved by: rhatdan
When the Go template was given with \t in between fields,
the \t was not being recognized as a tab.
Fixes that issue.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #265
Approved by: rhatdan
QE found issues with formatting the go template and
the man page was lacking information.
Changed the format of the output to match latest docker.
Add shortID function that returns the truncated ID
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #258
Approved by: rhatdan
Changed the Created At value to match the format of docker ps
and fixed the value for Running For to reflect the time elapsed
since the container has been started. Initially it was showing
the time elapsed since the container was created.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #257
Approved by: rhatdan
The order of the flags was casuing issue.
Enabled SkipArgReorder to fix the problem.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #259
Approved by: rhatdan
When trying to determine if a user-provided string that describes
an image (ID, fq name, shortname, tagged), there were some
inefficiencies where we looked up images multiple times to derive
information about local images.
Signed-off-by: baude <bbaude@redhat.com>
podman port reports the port mappings per container. it can be used
to report the ports ofa single container or latest container or all
containers.
in the case of a single container, the user can add an option filter for
port and protocol.
Signed-off-by: baude <bbaude@redhat.com>
Because the podman ps command has to collection a lot of information
from various places, many of which are controlled by locks, it is a
good candidate for doing batch operations under a single lock.
Signed-off-by: baude <bbaude@redhat.com>
QE pointed out a few things missing/wrong with ps
This PR addresses those issues.
Added functionality for getting mounts and size also
Fixed a few issues with the --filter params, for
example filter with partial information.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #250
Approved by: rhatdan
When an image has a port to expose, we need to expose it. User's input overrides the
image's port information.
Also, enable port information in ps so we can see which random port is assigned.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #249
Approved by: rhatdan
Set up nbetworking ports for the following use cases:
* bind the same port between host and container
* bind a specific host port to a different container port
* bind a random host port to a specific container port
Signed-off-by: baude <bbaude@redhat.com>
Closes: #214
Approved by: baude
Fix errors when containers are not running.
--all, --latest, containers can not be used at same time.
Should match the output of docker stats, 0 values replaced by "--"
Should return stats right away if container is not running.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #244
Approved by: TomSweeneyRedHat
Each of these options are destructive in nature, meaning if the user
adds one of them, all current ones are removed from the produced
resolv.conf.
* dns-server allows the user to specify dns servers.
* dns-opt allows the user to specify special resolv.conf options
* dns-search allows the user to specify search domains
The add-host option is not destructive and truly just adds the host
to /etc/hosts.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #231
Approved by: mheon
Created containers that haven't hit runc yet should still
be considered created (not dead).
Also, fixed loop for deleting containers as leftover code
still exited there that prevented proper deletion of containers
that could be deleted.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #238
Approved by: rhatdan
If user does not specify seccomp file or seccomp file does not exist,
then use the default seccomp settings.
Still need to not hard code /etc/crio/seccomp.json, should move this to
/usr/share/seccomp/seccomp.json
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #233
Approved by: baude
podman command has storage options as a global option,
these should be set there, rather then in the create and
run commands.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #234
Approved by: baude
Remove existing code for sharing namespaces and replace with use
of this API
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #220
Approved by: rhatdan
A compatibility option of --net should alias the --network
option. The --net option will only override --network if
--network is not explicitly set and --net is. Both default
to 'bridge'.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #228
Approved by: mheon
Create a mocked CLI instance so we can test that user-input
functions to run (create) end up in the spec correctly. It will
also help protect against regression include type changes.
We can decide if we want to test items one at a time or several
at a time.
Signed-off-by: baude <bbaude@redhat.com>
It is desirable to have a --latest switch on the podman wait
command so we can wait on the latest container created to end.
Also, fixes a panic with latest where no containers are available.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #201
Approved by: baude
It is desirable to have a shortcut for the most
recently created container. We can now use "**latest"
to represent the most recent container instead of its
container ID or name. For example:
Signed-off-by: baude <bbaude@redhat.com>
Closes: #179
Approved by: baude
Removing by shortname was not working. Also pruned
container storage's remove func from rmi and moved it into
an image.Remove func, which consolidates our usage of cs.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #188
Approved by: baude
This code is from when we were using libkpod and kept track of stores.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #183
Approved by: TomSweeneyRedHat
While pulling by shortname (fedora-minimal) worked, running a container
by the short name did not due to a logic error.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #182
Approved by: rhatdan
We should be pulling information out of the image to set the
defaults to use when setting up the container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #110
Approved by: mheon
Allow for the user to specify network=host|bridge. If network
is not specified, the default will be bridge. While "none" is now
a valid option, it is not included in this.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #164
Approved by: rhatdan
Do not re-order the args for exec. Like run, it is very possible
that a user will pass a -something in their command and this currently
does not work.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #168
Approved by: baude
podman run/create have the ability to set the stop timeout flag.
We need to stop it in the database.
Also Allowing negative time for stop timeout makes no sense, so switching
to timeout of uint, allows user to specify huge timeout values.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #158
Approved by: TomSweeneyRedHat
This commit adds a mechanism to override the default certs dir by using
command line flag `--cert-dir` for kpod login.
Another flag `--tls-verify` is also added which lets you skip certificate
validation when contacting container registry.
Signed-off-by: Suraj Deshmukh <surajd.service@gmail.com>
Closes: #75
Approved by: rhatdan
podman commit allows the user to commit containers
as images with options of tagging th image, setting
a commit message, setting the auther, and making
changes to the instructions.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #143
Approved by: rhatdan
Stop Signal from kpod create/run was not fully plumbed in,
This will pass the stopsignal into the container database on
create and run of containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #156
Approved by: mheon
Also add --quiet option to kpod create/run since
this will help with writing tests.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #140
Approved by: TomSweeneyRedHat
podman run would print "Trying to pull..." twice
when pulling an image to create a container.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #154
Approved by: rhatdan
Print out the error if unable to remove image due to multiple tags
or due to it being used in a container and continue to remove all
the other images.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #153
Approved by: rhatdan
Need to pull in the latest containers/storage and containers/image to fix lots of
issues. Also want to update runtime-tools to take advantage of newer generate
code.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #152
Approved by: rhatdan
Matthew Heon
baude
Boaz Shuster
umohnani8
TomSweeneyRedHat
Daniel J Walsh
Giuseppe Scrivano
Matthew Heon
Valentin Rothberg
Seth Jennings
Jhon Honce
Naadir Jeewa
Suraj Deshmukh