The `podman system prune` command is able to remove build containers that were created during the build, but were not removed because the build terminated unexpectedly.
By default, build containers are not removed to prevent interference with builds in progress. Use the **--build** flag when running the command to remove build containers as well.
Fixes: https://issues.redhat.com/browse/RHEL-62009
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
This should be set only by podman as it is used for the podman generate
systemd --new command. For the api it was set to the system service
command which is simply pointless. It must be empty in these cases.
Fixes#25026
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
the podman artifact verb is used to manage OCI artifacts. the following
verbs were added to `podman artifact`:
* add
* inspect
* ls
* pull
* push
* rm
Notable items with this PR:
* all artifact commands and their output are subject to change. i.e.
consider all of this tech preview
* there is no way to add a file to an artifact that already exists in
the store. you would need to delete and recreate the artifact.
* all references to artifacts names should be fully qualified names in
the form of repo/name:tag (i.e. quay.io/artifact/foobar:latest)
* i understand that we will likely want to be able to attribute things
like arch, etc to artifact files. this function is not available yet.
Many thanks to Paul Holzinger for autocompletion PRs and review PRs that
fixed issues early on.
Also fix up some Args function to specify the correct number of args.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Signed-off-by: Brent Baude <bbaude@redhat.com>
Fix the typo s/provider/providers/ and give a concrete example to avoid
pitfalls such as the on in #25023.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Fixes: https://github.com/containers/podman/issues/25002
Also add the ability to inspect containers for
UseImageHosts and UseImageHostname.
Finally fixed some bugs in handling of --no-hosts for Pods,
which I descovered.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Leo Liu <silver886@users.noreply.github.com>
Add comment
In shell completion, there is `.exe` suffix on Windows and this does not provide same experience across platforms, #16499
Signed-off-by: Leo Liu <silver886@users.noreply.github.com>
Create unit test for `.exe` suffix removal
Signed-off-by: Leo Liu <11664880+silver886@users.noreply.github.com>
Update comments
Signed-off-by: Leo Liu <11664880+silver886@users.noreply.github.com>
Fix new issues found by usetesting, mainly we should use t.TempDir() in
test which makes the code better as this will be removed on test end
automatically so no need for defer or any error checking.
Also fix issues reported by exptostd, these mainly show where we can
switch the imports to the std maps/slices packages instead of the
golang.org/x/exp/... packages.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Found in debian testing where by default there are no unqualified search
registries installed. As such the test failed as the FIXME said. Now
there is no need for the test to assume anything.
Instead set our own config via CONTAINERS_REGISTRIES_CONF then we can
do exact matches, except that env was not read in the shell completion
code so move some code around to make it read the var in the same way as
podman login/logout.
Signed-off-by: Paul Holzinger <git@holzinger.dev>
When the --index flag is used, `manifest annotate` shouldn't be
expecting a second non-flag argument.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Use filepath utility instead of generic string replace to convert path
on Windows. This also separates OS specific implementations to separate
compilation sources and removes redundant check for virtualization
provider on Windows platform.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
* Add --hosts-file flag to container create, container run and pod create
* Add HostsFile field to pod inspect and container inspect results
* Test BaseHostsFile config in containers.conf
Signed-off-by: Gavin Lam <gavin.oss@tutamail.com>
New flags in a `podman update` can change the configuration of HealthCheck when the container is started, without having to restart or recreate the container.
This can help determine why a given container suddenly started failing HealthCheck without interfering with the services it provides. For example, reconfigure HealthCheck to keep logs longer than the usual last X results, store logs to other destinations, etc.
Fixes: https://issues.redhat.com/browse/RHEL-60561
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
- fix issues found by recvcheck
- skip k8s files from recvcheck
- remove two removed linters gomnd and execinquery
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
By default today, the container is always started if its pod is also
started. This prevents to create custom with systemd where containers in
a pod could be started through their `[Install]` section.
We add a key `StartWithPod=`, enabled by default, that enables one to
disable that behavior.
This prevents the pod service from changing the state of the container
service.
Fixes#24401
Signed-off-by: Farya L. Maerten <me@ltow.me>
One of the problems with the Events() API was that you had to call it in
a new goroutine. This meant the the error returned by it had to be read
back via a second channel. This cuased other bugs in the past but here
the biggest problem is that basic errors such as invalid since/until
options were not directly returned to the caller.
It meant in the API we were not able to write http code 200 quickly
because we always waited for the first event or error from the
channels. This in turn made some clients not happy as they assume the
server hangs on time out if no such events are generated.
To fix this we resturcture the entire event flow. First we spawn the
goroutine inside the eventer Read() function so not all the callers have
to. Then we can return the basic error quickly without the goroutine.
The caller then checks the error like any normal function and the API
can use this one to decide which status code to return.
Second we now return errors/event in one channel then the callers can
decide to ignore or log them which makes it a bit more clear.
Fixes c46884aa93 ("podman events: check for an error after we finish reading events")
Fixes#23712
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Clarifies the behavior of --interactive in both attached and unattached
scenarios.
Adds a caveat and explanation for --interactive being hungry as
described in https://github.com/containers/podman/issues/24370.
Signed-off-by: Alicia Boya García <aboya@igalia.com>
This fixes two problems, first if a port is published and exposed it
should not be shown twice. It is enough to show the published one.
Second, if there is a huge range the ports were no grouped causing the
output to be unreadable basically. Now we group exposed ports like we do
with the normal published ports.
Fixes#23317
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This can never included a comma in the protocol so it just complicated
things for no reason, we never needed this and commit edc3dc5e11 already
ensures this cannot happen.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
There is no good reason for the special case, kube and pod units
definitely need it. Volume and network units maybe not but for
consistency we add it there as well. This makes the docs much easier to
write and understand for users as the behavior will not differ.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
As documented in the issue there is no way to wait for system units from
the user session[1]. This causes problems for rootless quadlet units as
they might be started before the network is fully up. TWhile this was
always the case and thus was never really noticed the main thing that
trigger a bunch of errors was the switch to pasta.
Pasta requires the network to be fully up in order to correctly select
the right "template" interface based on the routes. If it cannot find a
suitable interface it just fails and we cannot start the container
understandingly leading to a lot of frustration from users.
As there is no sign of any movement on the systemd issue we work around
here by using our own user unit that check if the system session
network-online.target it ready.
Now for testing it is a bit complicated. While we do now correctly test
the root and rootless generator since commit ada75c0bb8 the resulting
Wants/After= lines differ between them and there is no logic in the
testfiles themself to say if root/rootless to match specifics. One idea
was to use `assert-key-is-rootless/root` but that seemed like more
duplication for little reason so use a regex and allow both to make it
pass always. To still have some test coverage add a check in the system
test to ask systemd if we did indeed have the right depdendencies where
we can check for exact root/rootless name match.
[1] https://github.com/systemd/systemd/issues/3312Fixes#22197
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Prior to this commit, many scp functions existed without option structs, which would make extending functionality (adding new options) impossible without breaking changes, or without adding redundant wrapper functions.
This commit adds in new option types for various scp related functions, and changes those functions' signatures to use the new options.
This commit also modifies the `ImageEngine.Scp()` function's interface to use the new opts.
The commit also renames the existing `ImageScpOptions` entity type to `ScpTransferImageOptions`. This is because the previous `ImageScpOptions` was inaccurate, as it is not the actual options for `ImageEngine.Scp()`. `ImageEngine.Scp()` should instead receive `ImageScpOptions`.
This commit should not change any behavior, however it will break the existing functions' signatures.
Signed-off-by: Zachary Hanham <z.hanham00@gmail.com>
since the effect would be to lower the rlimits when their definition
is higher than the default value.
The test doesn't fail on the previous version, unless the system is
configured with a nofile ulimit higher than the default value.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2317721
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
When we are activated by systemd the code assumed that we had a valid
URL which was not the case so it failed to parse the URL which causes
the info call to fail all the time.
This fixes two problems first add the schema to the systemd activated
listener URL so it can be parsed correctly but second simply do not
parse it as url as all we care about in the info call is if it is unix
and the file path exists.
Fixes#24152
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit was automatically cherry-picked
by buildah-vendor-treadmill v0.3
from the buildah vendor treadmill PR, #13808
* Fix conflict caused by Ed's local-registry PR in buildah
* Wire in "new" --retry and --retry-delay, these existed for longer
but where non functional.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Change getUnitDirs to maintain a slice in addition to the map and return the slice
Add helper functions to make the code more readable
Adjust unit tests
Restore system test
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
These flags can affect the output of the HealtCheck log. Currently, when a container is configured with HealthCheck, the output from the HealthCheck command is only logged to the container status file, which is accessible via `podman inspect`.
It is also limited to the last five executions and the first 500 characters per execution.
This makes debugging past problems very difficult, since the only information available about the failure of the HealthCheck command is the generic `healthcheck service failed` record.
- The `--health-log-destination` flag sets the destination of the HealthCheck log.
- `none`: (default behavior) `HealthCheckResults` are stored in overlay containers. (For example: `$runroot/healthcheck.log`)
- `directory`: creates a log file named `<container-ID>-healthcheck.log` with JSON `HealthCheckResults` in the specified directory.
- `events_logger`: The log will be written with logging mechanism set by events_loggeri. It also saves the log to a default directory, for performance on a system with a large number of logs.
- The `--health-max-log-count` flag sets the maximum number of attempts in the HealthCheck log file.
- A value of `0` indicates an infinite number of attempts in the log file.
- The default value is `5` attempts in the log file.
- The `--health-max-log-size` flag sets the maximum length of the log stored.
- A value of `0` indicates an infinite log length.
- The default value is `500` log characters.
Add --health-max-log-count flag
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Add --health-max-log-size flag
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Add --health-log-destination flag
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Modify `RemoveConnections` to verify the new default system connection's
rootful state matches the rootful-ness of the podman machine it is associated
with.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Moves the `DefaultMachineName` constant out of `pkg/machine` and into
`pkg/machine/define`.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Use os.ReadDir recursively instead of filepath.WalkDir
Use map instead of list to easily find looped Symlinks
Update existing tests and add a more elaborate one
Update the man page
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
* podman manifest remove doesn't accept references as descriptions of
what to remove from a list or index; only use digests in the man page
* podman manifest remove only removes one thing at a time; correct the
man page examples
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
There is no point in logging them, the directories not existing is fine
and expected and logging these by default when useing -dryrun just
causes confusion.
Fixes#23620
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When you sort by repository a user most likely also want the tags to be
sorted as well. At the very least to get a stable output as the order
could be changed pull podman tag/pull even if they keep using the same
tag name.
Fixes#23803
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The kube generate command can now generate a yaml for
the Job kind and the kube play command can create a pod
and containers with podman when passed in a Job yaml.
Add relevant tests and docs for this.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Podman machine list now supports a new option, --all-providers, which lists all machines from all providers.
Signed-off-by: Ashley Cui <acui@redhat.com>
The podman container cleanup process runs asynchronous and by the time
it gets the lock it is possible another podman process already did the
cleanup and then did a new init() to start it again. If the cleanup
process gets the lock there it will cause very weird things.
This can be observed in the remote start API as CI flakes.
Fixes#23754
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When we use passthrough logging and the --rmi option should not try to
delete the image right away. Simply speak passthough only means do not
print the cotnainer id but we should never try to delete the image here
as this will be done in the cleanup process.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Since commit 458ba5a8af the cleanup process now removes the image as
well, thus the removal is racy and it will cause an error here.
The code tried to ignore the error with errors.Is() but this never works
across the remote API. However the API already has a ignore option so
juts use that and fix the error message so that we can easily find the
root cause and I do not have to guess where the log was written.
Fixes#23719
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This started off as an attempt to make `podman stop` on a
container started with `--rm` actually remove the container,
instead of just cleaning it up and waiting for the cleanup
process to finish the removal.
In the process, I realized that `podman run --rmi` was rather
broken. It was only done as part of the Podman CLI, not the
cleanup process (meaning it only worked with attached containers)
and the way it was wired meant that I was fairly confident that
it wouldn't work if I did a `podman stop` on an attached
container run with `--rmi`. I rewired it to use the same
mechanism that `podman run --rm` uses, so it should be a lot more
durable now, and I also wired it into `podman inspect` so you can
tell that a container will remove its image.
Tests have been added for the changes to `podman run --rmi`. No
tests for `stop` on a `run --rm` container as that would be racy.
Fixes#22852
Fixes RHEL-39513
Signed-off-by: Matt Heon <mheon@redhat.com>
The new golangci-lint version 1.60.1 has problems with typecheck when
linting remote files. We have certain pakcages that should never be
inlcuded in remote but the typecheck tries to compile all of them but
this never works and it seems to ignore the exclude files we gave it.
To fix this the proper way is to mark all packages we only use locally
with !remote tags. This is a bit ugly but more correct. I also moved the
DecodeChanges() code around as it is called from the client so the
handles package which should only be remote doesn't really fit anyway.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Rootless units placed in `users` would be loaded for root when
`/etc/containers/systemd` is a symlink. In this case, since
`UnitDirAdmin` is hardcoded, `userLevelFilter` always returns `true`.
If `/etc/containers/systemd/users` is a symlink, any user would load
other users' units.
Fix the above two problems.
Fixes: #23483
Signed-off-by: Uzinn Kagurazaka <uzinn.kagurazaka@11555511.xyz>
Add support for the ServiceName key for all unit types
Extend the PodInfo struct into UnitInfo to consolidate all prepopulated data into a single map
Use the NodesInfo map instead of the resourceName
Update the UnitInfo in the convert function instead of returning it
No need to replace extension anymore just remove it
All e2e tests with dependencies on other Quadlet files moved to a separate section
Add the capability of overriding the service name in the test
Add e2e tests for the new functionality
Adjust integration tests
Update the MAN page
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Fixes: e62c928642 ("Make podman-compose refer to podman-compose(1) when using an external provider")
- test: add coverage for PODMAN_COMPOSE_WARNING_LOGS
Signed-off-by: Petter Mikkelsen <43xhyr9m@anonaddy.me>
Using the ExactArgs(1) function is better because we have less
duplication of the error text and the ValidArgsFunction uses that to
suggest shell completion. The command before this commit would suggest
connection names even if there was already one arg on the cli set.
However because there is the --all option we still must exclude that
first.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Change the warning message at runtime to refer to the man page of podman-compose instead of "the documentation"
Add instructions in the man page on how to disable the warning emitted by podman-compose when using an external compose provider
Signed-off-by: marinmo <bugzilla@marinmo.org>
openshift-merge-bot[bot]
Jan Rodák
Paul Holzinger
Daniel J Walsh
Brent Baude
Valentin Rothberg
Leo Liu
Ygal Blum
Paul Holzinger
Misaki Kasumi
Nalin Dahyabhai
Arthur Sengileyev
Gavin Lam
Farya L. Maerten
Alicia Boya García
Zachary Hanham
Giuseppe Scrivano
Ed Santiago
Sainath Sativar
Jake Correnti
Jerome Degroote
Paul Wright
Paul Wright
flouthoc
Urvashi Mohnani
Mikel Olasagasti Uranga
Ashley Cui
Matt Heon
Chad Dougherty
Uzinn Kagurazaka
tomsweeneyredhat
Petter Mikkelsen
benniekiss
Anders F Björklund
marinmo