The rather raw and scarce output of `podman auto-update` has been a
thorn in my eyes for a longer while. So far, Podman would only print
updated systemd units, one per line, without further formatting.
Motivated by issue #9949 which is asking for some more useful
information in combination with a dry-run feature, I sat down and
reflected which information may come in handy.
Running `podman auto-update` will now look as follows:
```
$ podman auto-update
Trying to pull [...]
UNIT CONTAINER IMAGE POLICY UPDATED
container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false
```
Also refactor the spaghetti code in the backend a bit to make it easier
to digest and maintain.
For easier testing and for the sake of consistency with other commands
listing output, add a `--format` flag.
The man page will get an overhaul in a follow up commit.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Pass a single context.Context through the call stack. If auto-updates
will ever be made available for REST calls, the context will help
supporting disconnected clients.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Use the `HasDifferentDigest()` method of the image to replace the
previous checks if an image needs to be updated.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Fix a bug were an authfile label in a container would mistakenly
override the authfile path for all subsequent checks.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The output of auto-update leaves quite some space for improvements. One
thing is to make it more obvious which systemd units were restarted.
With this change, the output looks as follows:
```
$ podman auto-update
Trying to pull...
Restarted the following systemd units:
$unit-1
$unit-2
$unit-3
```
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The master->main rename broke this. Also update the runtime along with
a comment w/ link to the actual job definitions.
Signed-off-by: Chris Evich <cevich@redhat.com>
If mounting to existing directory the uid/gid should be preserved.
Primary uid/gid of container shouldn't be used.
Signed-off-by: Matej Vasek <mvasek@redhat.com>
If the user specifies "*" in a .dockerignore or a .containerignore
then podman-remote build should not exclude the Dockerfile or
Containerfile or any content pointed to by `-f` in the context
directory.
We still need these files on the server side to complete the build.
Fixes: https://github.com/containers/podman/issues/9867
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When optional information such as container IDs and names in pods, the
headers are not displayed. This fix restored the headers.
Documentation of this subcommand is also updated.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
The hostname `host.containers.internal` is way easier to remember and should IMHO be preferred to be used, as it is:
a) easier to remember than some random IP
b) if the IP changes some time in the future the container will continue to work
And explain hostname adding in more detail
As per @mheon's suggestion.
And explain hostname adding *reason*
Also implies an suggestion for using the hostname instead.
And port change from podman-create man page to podman-run, too
Signed-off-by: rugk <rugk+git@posteo.de>
With docker-compose, there is a use case where you can `docker-compose
up -d`, then change a file like docker-compose.yml and run up again.
This requires a ContainerConfig with at least Volumes be populated in
the inspect data. This PR adds just that.
Fixes: #10795
Signed-off-by: Brent Baude <bbaude@redhat.com>
You've renamed your branch from master to main and thus this URL here did not work anymore and caused a glitch in displaying the image in the docs.
Signed-off-by: rugk <rugk+git@posteo.de>
* Change references of 'master' to 'main' in URLs e.g. https://github.com/containers/podman/blob/main/install.md
* Wrap names of files or programs by '`' e.g. `dnf`, `containers.conf`, `/etc/subuid`, etc.
* Change sentence with ambiguous subject to 'Root privileges are required to add or update entries within these files'
* Link to kernel.org documentation for the `getpwent` command
* Change sentence: 'Note that the values for each user must be unique ~and without any overlap~'
* Make references to the Podman project upper-case instead of lower-case
* Reorder sentence 'Update the `/etc/subuid` and `/etc/subgid` with fields for each user' to emphasize 'For each user'
* Remove reference to asciiart demos and update README.md link
Signed-off-by: Colin Eberl Coe <ebb-earl-co@pm.me>
We should not be exposing the store outside of Libpod. We want to
encapsulate it as an internal implementation detail - there's no
reason functions outside of Libpod should directly be
manipulating container storage. Convert the last use to invoke a
method on Libpod instead, and remove the function.
[NO TESTS NEEDED] as this is just a refactor.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Remove outdated information on go bindings. Moved the tips for
debugging into the REAME and tidied up relevant links.
Fixes: #9334
[CI_DOCS]
[NO TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Use libimage for removing the manifest instead of going directly
through the store.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The rootless cni namespace needs a valid /etc/resolv.conf file. On some
distros is a symlink to somewhere under /run. Because the kernel will
follow the symlink before mounting, it is not possible to mount a file
at exactly /etc/resolv.conf. We have to ensure that the link target will
be available in the rootless cni mount ns.
Fixes#10855
Also fixed a bug in the /var/lib/cni directory lookup logic. It used
`filepath.Base` instead of `filepath.Dir` and thus looping infinitely.
Fixes#10857
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If the tempdir for the OS does not have a podman/, machine start will fail. An example would be after a reboot. We now create the podman dir if it does not exist.
Fixes#10824
[NO TESTS NEEDED]
Signed-off-by: baude <baude@baudes-Mac-mini.localdomain>
Signed-off-by: Brent Baude <bbaude@redhat.com>
Add a new service reaper package. Podman currently does not reap all
child processes. The slirp4netns and rootlesskit processes are not
reaped. The is not a problem for local podman since the podman process
dies before the other processes and then init will reap them for us.
However with podman system service it is possible that the podman
process is still alive after slirp died. In this case podman has to reap
it or the slirp process will be a zombie until the service is stopped.
The service reaper will listen in an extra goroutine on SIGCHLD. Once it
receives this signal it will try to reap all pids that were added with
`AddPID()`. While I would like to just reap all children this is not
possible because many parts of the code use `os/exec` with `cmd.Wait()`.
If we reap before `cmd.Wait()` things can break, so reaping everything
is not an option.
[NO TESTS NEEDED]
Fixes#9777
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The new cobra v1.2.0 release brings a number of bug fixes for shell
completion scripts. Regenerate the scripts with `make completions`
to sync them with the upstream version, currently we have some custom
ones to avoid some upstream bugs. Because the new cobra version has
all fixes we should use the upstream scripts.
Add a check to CI to ensure we always use the up to date scripts.
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Valentin Rothberg
OpenShift Merge Robot
Chris Evich
Matej Vasek
dependabot[bot]
Daniel J Walsh
Hironori Shiina
cdoern
rugk
Brent Baude
Colin Eberl Coe
Matthew Heon
Paul Holzinger
Mehul Arora
Shion Tanaka
baude