Commit Graph

598 Commits

Author SHA1 Message Date
Alexander Wellbrock 6fa1c7e465
Fix unmount doc reference in image.rst
This pointed to the container-unmount doc page. It now points to the
expected podman-image-unmount doc page.

Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>
2021-03-31 16:00:22 +02:00
OpenShift Merge Robot 2d824d85e1
Merge pull request #9888 from baude/machineign
podman machine init --ignition-path
2021-03-31 15:24:47 +02:00
OpenShift Merge Robot a373e2fdf3
Merge pull request #9885 from ashley-cui/machinels
Add podman machine ls
2021-03-30 22:36:25 +02:00
Ashley Cui ef4e91a59e Add podman machine list
podman machine list lists all virtual machines & indicates the default VM
connection, if it exists. it also can take a --format flag arg as a go
template.

[NO TESTS NEEDED]

Signed-off-by: Ashley Cui <acui@redhat.com>
2021-03-30 14:56:21 -04:00
baude b898b19e45 podman machine init --ignition-path
allow for the user to provide an alternate ignition-file rather than the
auto-generated one.

updated docs to describe ramifications of providing an alterate ignition
file.

[NO TESTS NEEDED]

Signed-off-by: baude <bbaude@redhat.com>
2021-03-30 09:44:04 -05:00
Daniel J Walsh 5b50fa565f
Document --volume from podman-remote run/create client
[NO TESTS NEEDED] This PR is mainly documentation and some code cleanup.

Also cleanup and consolidate handling of other hanlding of podman-remote
hidden options.

Fixes: https://github.com/containers/podman/issues/9874

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-03-30 10:05:54 -04:00
OpenShift Merge Robot 08eab3f8f7
Merge pull request #9307 from Luap99/powershell-completion
Add powershell completions
2021-03-29 15:17:44 +00:00
OpenShift Merge Robot 00792f8c95
Merge pull request #9856 from Luap99/fix-longflag
[CI:DOCS] Fix long option format on docs.podman.io
2021-03-29 14:40:44 +00:00
Paul Holzinger 6a78fcaa0a Add powershell completions
Add support for generating powershell completion files. This is especially
useful for people using the podman remote client on windows.

[NO TESTS NEEDED]

Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
2021-03-29 15:00:09 +02:00
Paul Holzinger bc48211924 Fix long option format on docs.podman.io
Escape the two dashes, otherwise they are combined into one long dash.
I tested that this change is safe and still renders correctly on github
and with the man pages.

This commit also contains a small change to make it build locally.
Assuming you have the dependencies installed you can do:
```
cd docs
make html
```
Preview the html files in docs/build/html with
`python -m http.server 8000 --directory build/html`.

Fixes containers/podman.io#373

Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
2021-03-29 14:38:25 +02:00
Valentin Rothberg fe270c7524 man pages: correct seccomp-policy label
The implementation uses `io.containers.seccomp.profile` while the docs
mentioned `io.podman`.  Correct the two references in the docs to
reflect the implementation.

Fixes: #9853
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2021-03-29 11:45:59 +02:00
baude 7a79f708a4 Podman machine enhancements
Podman machine remove is now called `rm`.

Podman machine create now supports resizing the image to the value of
--disk-size as provided.  The default is to 10G.

Added systemd unit file on guest via ignition that sends a Ready message
to the host over a virtio-socket so that we know when the VM is booted
and ready for use.

Podman machine commands no longer require a VM name as an argument.  A
default VM name is defined and if no VM name is provided as a arg, the
default will be used.

[NO TESTS NEEDED]

Signed-off-by: baude <bbaude@redhat.com>
2021-03-27 10:08:11 -05:00
OpenShift Merge Robot 47006d32ed
Merge pull request #9726 from tunacado/add_runroot_mount_require_to_systemd_gen
Add RequiresMountsFor= to systemd generate
2021-03-26 15:59:12 +00:00
Robb Manes 748826fc88 Add RequiresMountsFor= to systemd generate
It is rare but possible that storage locations for the graphroot and the
runroot are not mounted at boot time, and therefore might race when
doing container operations.  An example we've seen in the wild is that a
slow tmpfs mount for the runroot would suddenly mount over /run, causing
the container to lose all currently-running data, requiring a system
refresh to get it back.

This patch adds RequiresMountsFor= to the systemd.unit header to ensure
the paths for both the graphroot and runroot are mounted prior to
starting any generated unit files.

Signed-off-by: Robb Manes <rmanes@redhat.com>
2021-03-26 08:53:26 -04:00
Ashley Cui f663857103 Rename podman machine create to init and clean up
Rename podman machine create to init because we're initing a VM, not
really creating it
Wire up CPUs flag
Suppress QEMU GUI from popping up when not in debug mode

[NO TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
2021-03-25 17:45:27 -04:00
baude 4ab8a6f67e Improvements for machine
clean up ci failures and add appropriate arch,os exclusion tags

Signed-off-by: baude <bbaude@redhat.com>
2021-03-25 11:02:33 -05:00
Ashley Cui e766113737 Add --execute flag to podman machine ssh
--execute, -e allows to execute a command through ssh

Signed-off-by: Ashley Cui <acui@redhat.com>
2021-03-25 08:46:43 -05:00
baude b5f54a9b23 introduce podman machine
podman machine allows podman to create, manage, and interact with a vm
running some form of linux (default is fcos).  podman is then configured
to be able to interact with the vm automatically.

while this is usable on linux, the real push is to get this working on
both current apple architectures in macos.

Ashley Cui contributed to this PR and was a great help.

[NO TESTS NEEDED]

Signed-off-by: baude <bbaude@redhat.com>
2021-03-25 08:43:51 -05:00
Ashley Cui a861f6fd3e Podman machine CLI and interface stub
Podman machine will be a mac-only command that manages the VM where
containers are run. Currently, only the CLI is written and the interface
function for the VM management is stub for future developement

The podman machine cli is only built on mac builds.

Signed-off-by: Ashley Cui <acui@redhat.com>
2021-03-25 08:41:11 -05:00
OpenShift Merge Robot 860de13d4f
Merge pull request #9749 from jwillikers/generate-kube-persistent-volume-claim
Generate Kubernetes PersistentVolumeClaims from named volumes
2021-03-23 13:20:22 -07:00
TomSweeneyRedHat fb628e32f4 [CI:DOCS] Add note to mappings for user/group userns in build
Add a note to the `--userns-uid-map` and `--userns-gid-map` options in
the `podman build` man page.

Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1930509

Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2021-03-22 11:56:38 -04:00
Jordan Williams 1e255b6df9
Generate Kubernetes PersistentVolumeClaims from named volumes
Fixes #5788

This commit adds support for named volumes in podman-generate-kube.
Named volumes are output in the YAML as PersistentVolumeClaims.
To avoid naming conflicts, the volume name is suffixed with "-pvc".
This commit adds a corresponding suffix for host path mounts.
Host path volumes are suffixed with "-host".

Signed-off-by: Jordan Williams <jordan@jwillikers.com>
2021-03-19 13:52:35 -05:00
Ashley Cui 3d01d42f26 Docs: removing secrets is safe for in-use secrets
Add docs explaining that it is safe to remove a secret that is in use by
a container: secrets are copied and mounted into the container at
creation

Signed-off-by: Ashley Cui <acui@redhat.com>
2021-03-16 16:18:58 -04:00
Daniel J Walsh c9ef260710
Document CONTAINERS_CONF/CONTAINERS_STORAGE_CONF Env variables
Also Switch to using CONTAINERS_REGISTRIES_CONF for registries.conf
overrides.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-03-10 06:34:47 -05:00
xcffl dc0c72a48b
Docs: Add docs to access APIs inside container
Signed-off-by: xcffl <2216902+xcffl@users.noreply.github.com>
2021-03-10 07:47:52 +08:00
Valentin Rothberg 2abfef3809 podman cp: ignore EPERMs in rootless mode
Ignore permission errors when copying from a rootless container.
TTY devices inside rootless containers are owned by the host's
root user which is "nobody" inside the container's user namespace
rendering us unable to even read them.

Enable the integration test which was temporarily disabled for rootless
users.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2021-03-09 09:02:14 +01:00
Daniel J Walsh 9eac4a7f7b
podman-remote build does not support volumes
Remove --volume option from podman-remote since it is
not supported, also add information to podman-build man page
indicating options not supported over remote connections.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-03-08 13:46:42 -05:00
Daniel J Walsh 326f3eda31
Handle podman build --dns-search
Fixes: https://github.com/containers/podman/issues/9574

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-03-07 08:08:32 -05:00
Jakub Guzik 3ae580b0ef [ci skip] Bad formatting fix in build documentation
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
2021-03-06 01:49:41 +01:00
OpenShift Merge Robot 7b76340864
Merge pull request #9568 from wjt/podman-system-service-timeout-docs
[ci:docs] podman-system-service.1.md: fix timeout example
2021-03-04 10:32:25 -05:00
OpenShift Merge Robot 87e20560ac
Merge pull request #9536 from jmguzik/enable-cgroupsv2-sec-opts
Enable cgroupsv2 rw mount via security-opt unmask
2021-03-03 12:28:54 -05:00
Jakub Guzik 81a3f8a432 Add /sys/fs/cgroup as readonly path in docs
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
2021-03-03 15:27:45 +01:00
Will Thompson 63a3b8a093 podman-system-service.1.md: fix timeout example
The rest of this document claims that the argument is called '--time',
not '--timeout', and that the value is expressed in seconds. As
currently written, the example (which ostensibly runs the API service
for 5 seconds) uses the '--timeout' spelling (which actually does work,
as an undocumented alias) and passes a value of '5000', which is more
than an hour. Fix both.

[NO TESTS NEEDED] as this is a simple documentation change.

Signed-off-by: Will Thompson <wjt@endlessos.org>
2021-03-02 14:31:43 +00:00
Steve Phillips cc679d952a
podman-image-sign.1.md: typo fix
identify -> identity

Signed-off-by: Steve Phillips <steve@tryingtobeawesome.com>
2021-02-27 09:05:25 -08:00
Kier Davis 431f755197 podman-system-connection.1.md: fix copy/paste error
Signed-off-by: Kier Davis <me@kierdavis.com>
2021-02-24 11:09:19 -06:00
Eduardo Vega 874f2327e6 Add U volume flag to chown source volumes
Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
2021-02-22 22:55:19 -06:00
OpenShift Merge Robot a6e7d19c46
Merge pull request #9445 from jmguzik/no-header-info-for-systemd-generation
No header info for systemd generation
2021-02-22 13:44:43 -05:00
Jakub Guzik d2f3098c6f --no-header flag implementation for generate systemd
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
2021-02-22 14:48:33 +01:00
Daniel J Walsh f06dd45e0c
Allow podman play kube to read yaml file from stdin
Fixes: https://github.com/containers/podman/issues/8996

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-02-19 12:53:25 -05:00
baude cf2a551896 [CI:DOCS]basic networking guide
created a basic networking guide for podman that outlines the common
network setups for podman.

Fixes: #8874

Signed-off-by: baude <bbaude@redhat.com>
2021-02-18 13:21:33 -06:00
paranlee a532994f8b Fix typo podman run doc in flag -pid=mode "efault"
Signed-off-by: paranlee <paran.lee@mail.uk>
2021-02-16 20:46:21 +09:00
OpenShift Merge Robot f98605e0e4
Merge pull request #9125 from ashley-cui/secretswiring
Implement Secrets
2021-02-09 17:51:08 +01:00
Ashley Cui 832a69b0be Implement Secrets
Implement podman secret create, inspect, ls, rm
Implement podman run/create --secret
Secrets are blobs of data that are sensitive.
Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file.
After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname]
This secret will not be commited to an image on a podman commit

Signed-off-by: Ashley Cui <acui@redhat.com>
2021-02-09 09:13:21 -05:00
baude 91ea3fabd6 add network prune
add the ability to prune unused cni networks.  filters are not implemented
but included both compat and podman api endpoints.

Fixes :#8673

Signed-off-by: baude <bbaude@redhat.com>
2021-02-06 07:37:29 -06:00
Ed Santiago dfa9a340ad Makefile: make bin/* real targets!
Backstory: every time you run 'make podman' or even
just 'make', you get a full recompile. This is sub-ideal.

Cause: I don't really know. It looks complicated. #5017
introduced a .PHONY for bin/podman, for reasons not
explained in the PR. Then, much later, #5880 well-
intentionedly but improperly tweaked the 'find'
command used in defining SOURCES, adding a -prune
but without the corresponding and required -print.
Let's just say, it was an unfortunate cascade of events.

This PR fixes the SOURCES definition and removes the
highly-undesired .PHONY from podman & podman-remote,
making it so you can type 'make' and, oh joy, not
build anything if it's current. The way 'make' is
supposed to work.

Why fix this now? Because my PR (#9209) was failing in CI,
in the Validate step:

    Can't exec "./bin/podman": No such file or directory at hack/xref-helpmsgs-manpages line 223.

It failed even on Re-run, and only passed once I force-pushed
the PR (with no changes, just a new commit SHA). I have no idea
why bin/podman wasn't built, and I have zero interest in pursuing
that right now, but the proper solution is to add bin/podman as
a Makefile dependency for that particular test. So done.

While I'm at it, fix what is pretty clearly a typo in a .PHONY

And, finally, fix a go-md2man warning introduced in #9189

[NO TESTS NEEDED]

Signed-off-by: Ed Santiago <santiago@redhat.com>
2021-02-03 05:49:17 -07:00
OpenShift Merge Robot 8f51d325af
Merge pull request #9174 from bitstrings/master
Make slirp MTU configurable (network_cmd_options)
2021-02-03 06:51:23 -05:00
bitstrings 0959196807 Make slirp MTU configurable (network_cmd_options)
The mtu default value is currently forced to 65520.
This let the user control it using the config key network_cmd_options,
i.e.: network_cmd_options=["mtu=9000"]

Signed-off-by: bitstrings <pino.silvaggio@gmail.com>
2021-02-02 13:50:26 -05:00
baude e11d8f15e8 add macvlan as a supported network driver
instead of using the --macvlan to indicate that you want to make a
macvlan network, podman network create now honors the driver name of
*macvlan*.  Any options to macvlan, like the parent device, should be
specified as a -o option.  For example, -o parent=eth0.

the --macvlan option was marked as deprecated in the man page but is
still supported for the duration of 3.0.

Signed-off-by: baude <bbaude@redhat.com>
2021-02-01 14:42:38 -06:00
OpenShift Merge Robot 8f3bcf6247
Merge pull request #9144 from vrothberg/fix-9134
Revert "podman build --pull: use correct policy"
2021-01-29 13:27:19 -05:00
Daniel J Walsh d7c356552e
Podman-remote push can support --format
Fix man page to document podman push --format fully.

Also found that push was not handling the tlsverify so fixed this.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-29 08:48:35 -05:00
Valentin Rothberg c0bf0ba9e5 podman build --pull: refine help message and docs
Refine and correct the wording of the `--pull` flag in the help message
and the docs.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2021-01-28 18:00:22 +01:00
Daniel J Walsh 84f7bdc4db
Switch podman image push handlers to use abi
Change API Handlers to use the same functions that the
local podman uses.

At the same time:

Cleanup and pass proper bindings.  Remove cli options from
podman-remote push.  Cleanup manifest push.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-27 09:27:25 -05:00
OpenShift Merge Robot 5d444466e1
Merge pull request #9106 from baude/issue9104
[CI:DOCS]update state of restful service
2021-01-26 17:26:01 +01:00
OpenShift Merge Robot 41dd1eb8a2
Merge pull request #9022 from cevich/swagger_upload
Cirrus: Upload swagger YAML in every context
2021-01-26 16:53:57 +01:00
baude 35c89ccc5b [CI:DOCS]update state of restful service
we have not updated the state of the restful service. it is no longer
considered under development.  additionally, clarified our support of
remote clients.

Fixes: #9104

Signed-off-by: baude <bbaude@redhat.com>
2021-01-26 09:12:07 -06:00
OpenShift Merge Robot f13385e80e
Merge pull request #8761 from ybelleguic/fix-man-page-on-overlayfs-in-rootless-mode
[CI:DOCS] Fix man page for fuse-overlayfs config in rootless mode
2021-01-26 15:59:58 +01:00
Daniel J Walsh 5623cb9d3d
Fix --arch and --os flags to work correctly
Currently podman implements --override-arch and --overide-os
But Podman has made these aliases for --arch and --os.  No
reason to have to specify --override, since it is clear what
the user intends.

Currently if the user specifies an --override-arch field but the
image was previously pulled for a different Arch, podman run uses
the different arch.  This PR also fixes this issue.

Fixes: https://github.com/containers/podman/issues/8001

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-25 14:58:24 -05:00
OpenShift Merge Robot 23b879d72f
Merge pull request #9085 from rhatdan/docs
Fix typo
2021-01-25 20:48:51 +01:00
TeeVenDick 75698b4b78
Fix typo
Copied from @TeeVenDick patch https://github.com/containers/podman/pull/9072

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-25 10:34:23 -05:00
baude 393a8f0261 disable dnsname when --internal
when doing a network creation, the dnsname plugin should be disabled
when the --internal bool is set.  a warning is displayed if this
happens and docs are updated.

Signed-off-by: baude <bbaude@redhat.com>
2021-01-25 08:51:15 -06:00
OpenShift Merge Robot 1305f7c47a
Merge pull request #9067 from Luap99/podman-manifest-exists
podman manifest exists
2021-01-23 11:05:09 +01:00
Paul Holzinger 6e6a38b416 podman manifest exists
Add podman manifest exists command with remote support.

Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
2021-01-22 20:19:13 +01:00
xcffl 94f96c78a6 Add a notice to remove pod before starting service
Signed-off-by: xcffl <2216902+xcffl@users.noreply.github.com>
2021-01-22 18:28:19 +08:00
Paul Holzinger 9d31fed5f7 podman volume exists
Add podman volume exists command with remote support.

Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
2021-01-21 19:18:51 +01:00
Chris Evich 4e4d318b71
Cirrus: Upload swagger YAML in every context
The podman documentation site uses javascript to display
API documentation at:

http://docs.podman.io/en/latest/Reference.html

As input, the javascript sources from a CORS-enabled Google Cloud
Storage object.  This commit ensures the storage object is present and
updated for every Cirrus-CI execution context: Tags, Branches, and PRs.

As of this commit, the documentation site only utilizes the object
uploaded by the Cirrus-CI run on the `master` branch:
`swagger-master.yaml`.  The file produced and uploaded due to a PR is
intended for testing purposes: Confirm it's generation and uploading are
both functional.

Signed-off-by: Chris Evich <cevich@redhat.com>
2021-01-21 10:26:57 -05:00
Yohan Belléguic 6518391e87 Fix man page for fuse-overlayfs config in rootless mode
Signed-off-by: Yohan Belléguic <yohan.belleguic@arkea.com>
2021-01-20 14:58:42 +01:00
OpenShift Merge Robot 5e7262ddf5
Merge pull request #9021 from Luap99/podman-network-exists
podman network exists
2021-01-19 16:56:17 -05:00
Ed Santiago 37abec240a [CI:DOCS] fix go-md2man HTMLSpan warnings
I'm tired of seeing these every time I run 'make':

   WARNING: go-md2man does not handle node type HTMLSpan

Cause: left-angle-brackets ( < ) in document source

Solution:
  1) backquote-escape those that need to be shown, usually
     ones referring to an argument or email address; or
  2) Actual HTML ( <sup> and <a> ) which are meant to be
     shown in generated HTML docs but can't be shown in
     man pages, we filter out via a sed expression.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2021-01-19 12:59:03 -07:00
Paul Holzinger a45d22a1dd podman network exists
Add podman network exists command with remote support.

Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
2021-01-19 15:18:03 +01:00
OpenShift Merge Robot 341c4b1fd9
Merge pull request #8942 from rhatdan/push
Allow podman push to push manifest lists
2021-01-17 06:52:35 -05:00
Daniel J Walsh cf51c7ed9f
Allow podman push to push manifest lists
When doing a podman images, manifests lists look just like images, so
it is logical that users would assume that they can just podman push them
to a registry.  The problem is we throw out weird errors when this happens
and users need to somehow figure out this is a manifest list rather then
an image, and frankly the user will not understand the difference.

This PR will make podman push just do the right thing, by failing over and
attempting to push the manifest if it fails to push the image.

Fix up handling of manifest push

Protocol should bring back a digest string, which can either be
printed or stored in a file.

We should not reimplement the manifest push setup code in the tunnel
code but take advantage of the api path, to make sure remote and local
work the same way.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-15 13:24:34 -05:00
OpenShift Merge Robot 7d3a628c6b
Merge pull request #8982 from Luap99/container-rename-bindings
Container rename bindings
2021-01-15 10:48:27 -05:00
Paul Holzinger 0688f080b8 Fix missing podman-container-rename man page link
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
2021-01-15 12:57:33 +01:00
Daniel J Walsh c88022589a
Bump to containers/buildah 1.9.2
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-15 06:23:19 -05:00
OpenShift Merge Robot 3fcf346890
Merge pull request #8955 from mheon/rename
Container Rename
2021-01-14 22:03:01 -05:00
Matthew Heon 997de2f8e9 Initial implementation of renaming containers
Basic theory: We remove the container, but *only from the DB*.
We leave it in c/storage, we leave the lock allocated, we leave
it running (if it is). Then we create an identical container with
an altered name, and add that back to the database. Theoretically
we now have a renamed container.

The advantage of this approach is that it doesn't just apply to
rename - we can use this to make *any* configuration change to a
container that does not alter its container ID.

Potential problems are numerous. This process is *THOROUGHLY*
non-atomic at present - if you `kill -9` Podman mid-rename things
will be in a bad place, for example. Also, we can't rename
containers that can't be removed normally - IE, containers with
dependencies (pod infra containers, for example).

The largest potential improvement will be to move the majority of
the work into the DB, with a `RecreateContainer()` method - that
will add atomicity, and let us remove the container without
worrying about depencies and similar issues.

Potential problems: long-running processes that edit the DB and
may have an older version of the configuration around. Most
notable example is `podman run --rm` - the removal command needed
to be manually edited to avoid this one. This begins to get at
the heart of me not wanting to do this in the first place...

This provides CLI and API implementations for frontend, but no
tunnel implementation. It will be added in a future release (just
held back for time now - we need this in 3.0 and are running low
on time).

This is honestly kind of horrifying, but I think it will work.

Signed-off-by: Matthew Heon <mheon@redhat.com>
2021-01-14 18:29:28 -05:00
Matthew Heon b53cb57680 Initial implementation of volume plugins
This implements support for mounting and unmounting volumes
backed by volume plugins. Support for actually retrieving
plugins requires a pull request to land in containers.conf and
then that to be vendored, and as such is not yet ready. Given
this, this code is only compile tested. However, the code for
everything past retrieving the plugin has been written - there is
support for creating, removing, mounting, and unmounting volumes,
which should allow full functionality once the c/common PR is
merged.

A major change is the signature of the MountPoint function for
volumes, which now, by necessity, returns an error. Named volumes
managed by a plugin do not have a mountpoint we control; instead,
it is managed entirely by the plugin. As such, we need to cache
the path in the DB, and calls to retrieve it now need to access
the DB (and may fail as such).

Notably absent is support for SELinux relabelling and chowning
these volumes. Given that we don't manage the mountpoint for
these volumes, I am extremely reluctant to try and modify it - we
could easily break the plugin trying to chown or relabel it.

Also, we had no less than *5* separate implementations of
inspecting a volume floating around in pkg/infra/abi and
pkg/api/handlers/libpod. And none of them used volume.Inspect(),
the only correct way of inspecting volumes. Remove them all and
consolidate to using the correct way. Compat API is likely still
doing things the wrong way, but that is an issue for another day.

Fixes #4304

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2021-01-14 15:35:33 -05:00
Daniel J Walsh a7c0c9125f
Add more information and examples on podman and pipes
Improve the documentation to help users to know proper way to
use podman within a pipe.

Helps Prevent: https://github.com/containers/podman/issues/8916

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-13 15:08:46 -05:00
OpenShift Merge Robot 183f443a58
Merge pull request #8957 from srcshelton/feature/issue-8945
Add 'MemUsageBytes' format option
2021-01-13 06:28:00 -05:00
Stuart Shelton a6af56f5b4 Add 'MemUsageBytes' format option
Although storage is more human-readable when expressed in SI units,
IEC/JEDEC (Bytes) units are more pertinent for memory-related values
(and match the format of the --memory* command-line options).

(To prevent possible compatibility issues, the default SI display is
left unchanged)

See https://github.com/containers/podman/issues/8945

Signed-off-by: Stuart Shelton <stuart@shelton.me>
2021-01-12 23:38:08 +00:00
Daniel J Walsh a6046dceef
Remove the ability to use [name:tag] in podman load command
Docker does not support this, and it is confusing what to do if
the image has more then one tag.  We are dropping support for this
in podman 3.0

Fixes: https://github.com/containers/podman/issues/7387

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-12 17:38:32 -05:00
OpenShift Merge Robot 5575c7be20
Merge pull request #8819 from chen-zhuohan/add-pre-checkpoint
Add pre-checkpoint and restore with previous
2021-01-12 07:57:05 -05:00
unknown 2aa381f2d0 add pre checkpoint
Signed-off-by: Zhuohan Chen <chen_zhuohan@163.com>
2021-01-10 21:38:28 +08:00
Daniel J Walsh 3d453f9d2e
podman build --force-rm defaults to true in code
The man page and code should match for what is the default settings.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-10 05:52:33 -05:00
Paul Holzinger 38baf3d5e2 Add Networks format placeholder to podman ps and pod ps
`podman ps --format {{.Networks}}` will show all connected networks for
this container. For `pod ps` it will show the infra container networks.

Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
2021-01-09 19:15:43 +01:00
Paul Holzinger 1242e7b7a6 Add network filter for podman ps and pod ps
Allow to filter on the network name or full id.
For pod ps it will filter on the infra container networks.

Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
2021-01-09 17:03:32 +01:00
OpenShift Merge Robot 49db79e735
Merge pull request #8781 from rst0git/cr-volumes
Add support for checkpoint/restore of containers with volumes
2021-01-08 10:41:05 -05:00
Daniel J Walsh d9ebbbfe5b
Switch references of /var/run -> /run
Systemd is now complaining or mentioning /var/run as a legacy directory.
It has been many years where /var/run is a symlink to /run on all
most distributions, make the change to the default.

Partial fix for https://github.com/containers/podman/issues/8369

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-07 05:37:24 -05:00
Radostin Stoyanov 288ccc4c84 Include named volumes in container migration
When migrating a container with associated volumes, the content of
these volumes should be made available on the destination machine.

This patch enables container checkpoint/restore with named volumes
by including the content of volumes in checkpoint file. On restore,
volumes associated with container are created and their content is
restored.

The --ignore-volumes option is introduced to disable this feature.

Example:

 # podman container checkpoint --export checkpoint.tar.gz <container>

The content of all volumes associated with the container are included
in `checkpoint.tar.gz`

 # podman container checkpoint --export checkpoint.tar.gz --ignore-volumes <container>

The content of volumes is not included in `checkpoint.tar.gz`. This is
useful, for example, when the checkpoint/restore is performed on the
same machine.

 # podman container restore --import checkpoint.tar.gz

The associated volumes will be created and their content will be
restored. Podman will exit with an error if volumes with the same
name already exist on the system or the content of volumes is not
included in checkpoint.tar.gz

 # podman container restore --ignore-volumes --import checkpoint.tar.gz

Volumes associated with container must already exist. Podman will not
create them or restore their content.

Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
2021-01-07 07:51:19 +00:00
baude 0f45ea02ac sort api endpoints in documentation
users would like api endpoints to be sorted in documentation.  this
should assist in this. i do not expect that thisd will be the entire
fix. it looks like ci is not building and pushing docs rn.

Signed-off-by: baude <bbaude@redhat.com>
2020-12-24 09:52:01 -06:00
baude c81e29525b add --cidfile to container kill
Add the ability to read container ids from one or more files for the
kill command.

Fixes: #8443

Signed-off-by: baude <bbaude@redhat.com>
2020-12-23 12:01:46 -06:00
OpenShift Merge Robot 54b82a175f
Merge pull request #8787 from jsoref/spelling
Spelling
2020-12-23 17:38:43 +01:00
Tobias Boesch 3cc0801516
Document uid/gidmap are based on subuid/gid mapping
* Closes #6123

Signed-off-by: Tobias Boesch <tobias.boesch@googlemail.com>
2020-12-23 11:47:59 +01:00
Daniel J Walsh b41fa90a4c
Merge pull request #8774 from cevich/events_file_docs
[CI:DOCS] Document location of backend events file
2020-12-23 04:43:16 -05:00
Daniel J Walsh 767e1ac17f
Merge pull request #8804 from baude/issue8512
add pod filter for ps
2020-12-23 04:42:30 -05:00
Josh Soref 4fa1fce930 Spelling
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
2020-12-22 13:34:31 -05:00
baude c50c75419b add pod filter for ps
adds the ability to filter containers based on the filter "pod".  the
value can be a pod name or its full or partial id.

Fixes: #8512

Signed-off-by: baude <bbaude@redhat.com>
2020-12-22 09:40:39 -06:00
Daniel J Walsh 04b43ccf64
Add Security information to podman info
When debugging issues, it would be helpful to know the
security settings of the system running into the problem.
Adding security info to `podman info` is also useful to users.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-12-22 08:13:14 -05:00
Chris Evich ea6c1c5bd0
Document location of backend events file
Signed-off-by: Chris Evich <cevich@redhat.com>
2020-12-18 16:18:27 -05:00
Valentin Rothberg adcb3a7a60 remote copy
Implement `podman-remote cp` and break out the logic from the previously
added `pkg/copy` into it's basic building blocks and move them up into
the `ContainerEngine` interface and `cmd/podman`.

The `--pause` and `--extract` flags are now deprecated and turned into
nops.

Note that this commit is vendoring a non-release version of Buildah to
pull in updates to the copier package.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2020-12-18 12:08:49 +01:00