In podman-systemd we are intersecting the worlds of containers
and systemd, and I had to stop and think to understand what
`Exec=` does.
I tried to clarify things more here.
I found it especially confusing because the example at the
very top of the file does:
```
Image=quay.io/fedora/fedora
Exec=sleep 10
```
But that only makes sense because the fedora base image
(being generic) doesn't define an `ENTRYPOINT`, just a `CMD`.
But IMO by far the most common usage for podman-systemd
is "app images" which conventionally should use `ENTRYPOINT`
in general. Maybe we should change the default example,
but I'm leaving that for a later followup.
(It perhaps would have been less confusing if this field
had been called `Args=` to make clear it's quite different
in practice from systemd `ExecStart=`)
Signed-off-by: Colin Walters <walters@verbum.org>
Adds a `NetworkAlias=` key to both .container and .pod quadlet files,
which translates to the `--network-alias` option to `podman run` and
`podman pod create` respectively. Can be repeated multiple times.
Signed-off-by: Félix Saparelli <felix@passcod.name>
I found that Quadlet didn't currently have support for log options.
This merge allows Quadlet to handle log options and correctly
pass those values through to `podman run` for Container and Kube
types.
Syntactically consistent with existing parameters:
```ini
[Container]
Image=localhost/imagename
LogOpt=path=/var/log/container/mycontainer.json
LogOpt=size=10mb
```
Signed-off-by: Brett Calliss <brett@obligatory.email>
.build files allow to build an image via Quadlet. The keys from a .build
file are translated to arguments of a `podman build` command by Quadlet.
Minimal keys for .build files are `ImageTag=` and a context directory,
see `SetWorkingDirectory=`, or a `File=` pointing to a Containerfile.
After sorting .build files into the Quadlet dependency order, there
remains a possible dependency cycle issue between .volume and .build
files: A .volume can have `Image=some.build`, and a .build can have
`Volume=some.volume:/some/volume`.
We solve this dependency cycle by prefilling resourceNames with all
image names from .build files before converting all the unit files.
This results in an issue for the test suite though: For .volume's
depending on *.image or *.build, we need to copy these additional
dependencies to the test's quadletDir, otherwise the test will fail.
This is necessary, because `handleImageSource()` actually needs to know
the image name defined in the referenced *.{build,image} file. It cannot
fall back on the default names, as it is done for networks or volumes,
for example.
Signed-off-by: Johannes Maibaum <jmaibaum@gmail.com>
If a container unit starts on boot with a dependency on `default.target`
the image unit may start too soon, before network is ready. This cause
the unit to fail to pull the image.
- Add a dependency on `network-online.target` to make sure image pulls
don't fail.
See https://github.com/containers/podman/issues/21873
- Document the hardcoded dependency on `network-online.target` for images unit
and explain how it can be overriden if necessary.
- tests/e2e/quadlet: Add `assert-last-key-regex`
Required to test the `After=` override in [Unit] section
See https://github.com/containers/podman/pull/22057#issuecomment-2008959993
- quadlet/unitfile: add a prepenUnitLine method
Requirements on networks should be inserted at the top of the
section so the user can override them.
Signed-off-by: jbtrystram <jbtrystram@redhat.com>
New CI validation check: all keys in quadlet.go must be
documented at least once in podman-systemd.unit.5.md.
Adding '// deprecated' next to an enum definition will
exclude said key from the documentation cross-checks.
And, because the md file lists keys in both table and block
form, make sure those all match.
And make sure everything is sorted in lexical order, in
both .go source and in man page.
And add a validation check to make sure it stays that way.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The quotes are interpreted as part of the value, so that, for example,
`HealthCmd="true"` is translated to the podman argument
`--health-cmd "\"true\""`.
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
Add support for using multiple `Ulimit=` options in `.container` files.
Before, only the last `Ulimit=` option was used in the podman command.
Update podman-systemd.unit.5 docs to reflect this change.
Add `test/e2e/quadlet/ulimit.container` to e2e tests.
Signed-off-by: Paul Nettleton <k9@k9withabone.dev>
This PR closes#20585
Add Inital support for Entrypoint on quadlets
Add Bats Tests for Entrypoint
Updates the documentation with one example to use the Entrypoint option
Signed-off-by: Odilon Sousa <osousa@redhat.com>
When the `Mask=` and `Unmask=` quadlet options were initially added,
they were mistakenly placed in the [Kube] section when they should be in
the [Container] section. This commit corrects the mistake and adds
example usage to the [Container] options table.
Signed-off-by: Paul Nettleton <k9@k9withabone.dev>
For a source file like `foo.container`, look for drop in named
`foo.container.d/*.conf` and merged them into the main file. The
dropins are applied in alphabetical order, and files in earlier
diretories override later files with same name.
This is similar to how systemd dropins work, see:
https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html
Also adds some tests for these
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Add support for .pod unit files with only PodmanArgs, GlobalArgs, ContainersConfModule and PodName
Add support for linking .container units with .pod ones
Add e2e and system tests
Add to man page
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
This expands support for the (previously) boolean `Notify` directive, in
support of healthcheck determined SD-NOTIFY event emission, as
supported by Podman with the `--sdnotify=healthy` option.
Closes: #18189
Signed-off-by: Alex Palaistras <alex@deuill.org>
Support UIDMap, GIDMap, SubUIDMap and SubGIDMap
If any of them are set disregard the deprecated Remap keys
Add tests and man
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Users fail to realize that they can use other systemd
options within the quadlet files, like ExecStartPre.
This change should make it clearer to the users.
https://github.com/containers/podman/discussions/20642
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add Quadlet key and disconnect relationship withr read-only
Update and add tests
Update man with new key
Remove the reference to VolatileTmpfs in the man page to reduce its
usage, since the same functionality can be achieved using the Tmpfs key
while keeping its support to maintain backward compatibility
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
openshift-merge-bot[bot]
Misaki Kasumi
Colin Walters
Ygal Blum
Daniel J Walsh
benniekiss
Félix Saparelli
Brett Calliss
marinmo
Johannes Maibaum
jbtrystram
Jonas Berlin
localhost
WesselAtWork
Eric D. Helms
Valentin Rothberg
Joel Purra
Alexander Larsson
Ed Santiago
Cedric Staniewski
Paul Nettleton
Odilon Sousa
Daniel Mendizabal
Marta
Alex Palaistras
Paul Holzinger