Commit Graph

53 Commits

Author SHA1 Message Date
Paul Holzinger 47fff4b007
improve slirp4netns allow_host_loopback docs
The default ip is 10.0.2.2 but is always the second ip from the
slirp4netns subnet, which can be changed via the cidr option.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2090166

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-09-14 10:55:02 +02:00
Ed Santiago 76eb06330f Man pages: refactor common options: --tls-verify
Ugh. This had about five different variations among twelve files.
I went with the version from podman-create, kube play, login, pull,
push, run. The others:

 - manifest-add and create did not include the "true, false, missing"
   text. Now they do. (If this text is N/A to these two, please yell).
   Also, these two were written with "talking" instead of "contacting"
   the registry.

 - podman-build had "does not work with remote", but this
   does not seem to be true, so I removed it. None of the
   other files had that.

 - the wording in podman-search is just weird, with "if needed"
   and "is listed" and unclear "insecure registries". I just
   nuked it all. If that wording was deliberate, for some reason
   that applies only to podman-search, please yell.

 - podman-container-runlabel has one diff that I like, actually
   spelling out containers-registries.conf(5), but incorporating
   that would make this even harder to review. I will add that
   to my in-progress doc-cleanup PR.

Review recommendation: run hack/markdown-preprocess-review but
just quit out of it immediately (on both popups). Ignore it completely.
Then cd /tmp/markdown-preprocess-review.diffs/tls-verify and run

    $ clear;for i in podman-*;do echo;echo $i;wdiff -t $i zzz-chosen.md;done

This will show the major diffs between each version and the chosen one.
Assumes you have wdiff installed. If you have another colorize-actual-
individual-word-diffs tool installed, use that. I like cdif[1].

 [1] https://github.com/kaz-utashiro/sdif-tools

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-13 11:15:23 -06:00
Ed Santiago d4a0003122 Man pages: Refactor common options: --publish
Almost identical between podman-create, run, and pod-create.
The "Notes" are different, so I left those duplicated between
podman-create and run, and left the different one in pod-create.

podman-container-restore also has --publish but it's unrelated.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-13 09:02:34 -06:00
Ed Santiago dacd594247 Man pages: refactor common options: --publish-all
Only shared between podman-create and run. The latter was
updated in #5192, and that is the text I chose.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-13 07:51:39 -06:00
Ed Santiago 74e0511c96 Man pages: refactor common options: --os (pull)
Only shared by podman-create, -pull, -run. No changes
made other than whitespace, so this should be a gimme.

podman-build, import, and manifest-* also have --os options,
but those are unrelated and I can't find a way to combine
any two of them.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-13 06:35:15 -06:00
Ed Santiago f30d4852ef Man pages: refactor common options: --ip
Between podman-create, run, and pod-create. The big difference
is that I changed 'IP' to 'IPv4' in podman-pod-create, I believe
that was an oversight in #12611.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-13 05:14:25 -06:00
Ed Santiago 09ba2e0b9e Man pages: refactor common options: --rootfs
podman-create and -run only. The SELinux text was added
to podman-run (but not -create) in #3631, and reformatted
in #5192. I assume here that it also applies to podman-create.

Per feedback from Dan, added :s0 to SELinux context

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-12 17:56:57 -06:00
Ed Santiago 43da39d317 Man pages: refactor common options: --volumes-from
Removed a spurious right-bracket; went with upper-case for options;
removed 'you's; added some <<container|pod>>s.

Hard to review because none of the existing man pages had it
quite right.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-12 06:59:19 -06:00
Ed Santiago 3a9a7dcdcd Man pages: refactor common options: --volume
This one is a nightmare, because --volume has been edited
in four different files throughout the years (five if you
count podman-build, which I am not including in this PR).
Those edits have not always been done in sync.

The list of options was reordered 2022-06-28 by Giuseppe in #14734,
but only in podman-create and -run (not in podman-pod-*). No
explanation of why, but I'll assume he knew what he was doing,
and have accepted that for the reference copy.

There was also a big edit in #8519.

The "Propagation property...bind mounted" sentence first appeared
in pod-clone, in #14299 by cdoern, with no obvious source of where
it came from. I choose to include it in the reference copy.

The "**copy**" option seems to work in pod-create, so I'm including
it in the reference copy. Someone please yell loudly if this is
not the case.

The "disables SELinux separation for containers used in the build",
no idea, changed that to just "for the container/pod"

The "advanced users / overlay / upperdir / workdir" paragraph
makes zero sense to me, but hey, I assume it applies to all
the commands, so I put it in the reference copy.

Finally, there's still a mishmash of backticks, asterisks, underscores,
and even quotation marks. Someone is gonna have to perform major
cleanup on this one day, but at least it'll be in only one place.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-09 08:20:31 -06:00
Valentin Rothberg aad29e759c health check: add on-failure actions
For systems that have extreme robustness requirements (edge devices,
particularly those in difficult to access environments), it is important
that applications continue running in all circumstances. When the
application fails, Podman must restart it automatically to provide this
robustness. Otherwise, these devices may require customer IT to
physically gain access to restart, which can be prohibitively difficult.

Add a new `--on-failure` flag that supports four actions:

- **none**: Take no action.

- **kill**: Kill the container.

- **restart**: Restart the container.  Do not combine the `restart`
               action with the `--restart` flag.  When running inside of
               a systemd unit, consider using the `kill` or `stop`
               action instead to make use of systemd's restart policy.

- **stop**: Stop the container.

To remain backwards compatible, **none** is the default action.

Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2022-09-09 13:02:05 +02:00
Ed Santiago 4fbc4b8f79 Man pages: refactor common options: --privileged
An easy one. Went with the version from podman-run.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-07 06:41:44 -06:00
OpenShift Merge Robot 7946628734
Merge pull request #15653 from edsantiago/docs_dedup_sysctl
[CI:DOCS] Man pages: refactor common options: --sysctl
2022-09-07 14:36:56 +02:00
OpenShift Merge Robot 2f555c0c74
Merge pull request #15621 from ventifus/fix-manpage-header
[CI:DOCS] Fix manpage header formatting
2022-09-06 19:26:53 +02:00
Andrew Denton 63c779a857 Fix manpage headers
Signed-off-by: Andrew Denton <adenton@redhat.com>
2022-09-06 09:37:13 -07:00
Ed Santiago 4675103c22 Man pages: refactor common options: --sysctl
As promised, harder and harder to review. Please take your time
with this one.

For IPC, I went with the list form. For net, I used the single-
sentence form instead of a one-element list.

The container/pod diffs are clumsy, sorry. Maybe it's time to
start thinking of a more flexible conditional mechanism, but
I'd really like to avoid that so I hope this is acceptable.

In the first sentence I went with 'namespaced' (final 'd') in
all instances. I also got rid of the 'new' in 'new pod' in
pod-clone.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-06 09:59:14 -06:00
Ed Santiago 40cd1c0ff5 Man pages: refactor common options: --device
The refactors are starting to get harder to review - sorry.

Here the differences are pretty small, mostly changes to the
"it is a combination" wording and some asteriskization.

The more significant diffs are that there are some Notes that
are pod- or container- or build-specific; I needed to move those
from the middle to the end, then keep them in the source files
themselves. I don't think this affects readability of the
resulting man pages, but your opinion may differ.

Last important thing: I included the /dev/fuse text in the
common option, which means it will now show up in podman-build
(it was not previously there). If this text is not applicable
to podman-build, please LMK ASAP so I can just move it back
to individual source files.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-06 08:20:32 -06:00
Ed Santiago b9df3a6a9f Man pages: refactor common options: --label
Went with the podman-run version, where the "example" is
in the option template as per our guidelines.

I could not include the network- or volume-create
man pages, nor podman build.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-03 05:49:52 -06:00
OpenShift Merge Robot 0e66f75f2a
Merge pull request #15604 from edsantiago/docs_dedup_deviceXY
[CI:DOCS] Man pages: refactor common options: --device-X-Y
2022-09-02 12:57:45 +02:00
OpenShift Merge Robot 475cac4432
Merge pull request #15601 from edsantiago/docs_dedup_name
[CI:DOCS] Man pages: refactor common options: --name
2022-09-01 23:41:53 +02:00
Ed Santiago 3d09d47a25 Man pages: refactor common options: --device-X-Y
Followup from #15276: add the FAQ-26 link, and fix one
broken replacement.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-01 13:11:44 -06:00
Charlie Doern 050f3291b9 implement podman update
podman update allows users to change the cgroup configuration of an existing container using the already defined resource limits flags
from podman create/run. The supported flags in crun are:

this command is also now supported in the libpod api via the /libpod/containers/<CID>/update endpoint where
the resource limits are passed inthe request body and follow the OCI resource spec format

–memory
–cpus
–cpuset-cpus
–cpuset-mems
–memory-swap
–memory-reservation
–cpu-shares
–cpu-quota
–cpu-period
–blkio-weight
–cpu-rt-period
–cpu-rt-runtime
-device-read-bps
-device-write-bps
-device-read-iops
-device-write-iops
-memory-swappiness
-blkio-weight-device

resolves #15067

Signed-off-by: Charlie Doern <cdoern@redhat.com>
2022-09-01 13:02:01 -04:00
Ed Santiago c63830166c Man pages: refactor common options: --name
Only for podman-create and -run, unfortunately: all the
others are too different, and can't easily be combined.

I went with the podman-run version because it was most
recently updated in #5192.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-01 10:58:00 -06:00
OpenShift Merge Robot 9b4dac4c4d
Merge pull request #15389 from giuseppe/userns-map-user
podman: add uid and gid options to keep-id
2022-08-31 08:37:34 -04:00
Ed Santiago 1ed9a47409 Man pages: refactor common options: --restart
Only applicable to podman-create and -run. I went with the -run
version because it is cleaner and more recently updated.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-30 08:35:53 -06:00
Giuseppe Scrivano 8637548a36
docs: move userns options to separate file
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2022-08-30 15:10:41 +02:00
Giuseppe Scrivano e015c9e3f7
podman: add uid and gid options to keep-id
add two new options to the keep-id user namespace option:

- uid: allow to override the UID used inside the container.
- gid: allow to override the GID used inside the container.

For example, the following command will map the rootless user (that
has UID=0 inside the rootless user namespace) to the UID=11 inside the
container user namespace:

$ podman run --userns=keep-id:uid=11 --rm -ti  fedora cat /proc/self/uid_map
         0          1         11
        11          0          1
        12         12      65525

Closes: https://github.com/containers/podman/issues/15294

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2022-08-30 14:39:27 +02:00
Ed Santiago 62d87aa9ba Man pages: refactor common options: --subXidname
Whew! This one started off identical everywhere, but the version
in podman-run got fixed in #1380, then again in #5192, with no
corresponding fixes to any of the other man pages.

I went with the podman-run version, with a small change in wording.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-30 05:28:28 -06:00
Ed Santiago 4e18c8100f Man pages: refactor common options: --http-proxy
Only between podman-create and -run. (podman-build is too
different). I went with the podman-run version.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-29 06:47:07 -06:00
Ed Santiago d19438fa6d Man pages: refactor common options: --dns-*
--dns-opt and --dns-search, but only in podman-create and -run.
Went with the -run version in both cases; --dns-opt remained
unchanged, but in --dns-search I changed 'and' to 'with'.

Did not consolidate podman-build or podman-pod-create: too
different.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-29 05:37:52 -06:00
Ed Santiago 42fdc72aa8 Man pages: refactor common options: --systemd
I went with the podman-run version, which better conforms to
style conventions.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-25 08:52:41 -06:00
Ed Santiago 2fed2a2829 Man pages: refactor common options: --pid
I chose the one from podman-run, but reordered ns/private
to put them in alphabetical order.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-24 11:48:43 -06:00
OpenShift Merge Robot 34d516840d
Merge pull request #15453 from edsantiago/docs_dedup_ipc
[CI:DOCS] Man pages: refactor common options: --ipc
2022-08-24 10:15:34 -04:00
OpenShift Merge Robot 67c4068bb3
Merge pull request #15443 from flouthoc/env-merge-support
run,create: add support for `--env-merge` for preprocessing default environment variables
2022-08-24 09:14:42 -04:00
Ed Santiago 33ab7e846a Man pages: refactor common options: --ipc
This is not an easy one to review, sorry.

I went with the version from podman-create. The differences
against podman-run are subtle: apostrophes, whitespace, and
the arg description in the '####' line. Suggestion for review:
run hack/markdown-preprocess-review, then after you finish
with that, cd /tmp/markdown<TAB>/ipc and use your favorite
two-file diff tool to compare podman-run* against zzz*.

I did not even try to combine the podman-build one; that one
is too different.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-24 06:58:20 -06:00
Ed Santiago ef6285a6f2 Man pages: refactor common options: --gidmap
Two versions: one for container-related commands, one for pods.

The container one is easy: all versions matched, so I made no
changes.

The pod one is hard to review. I went with the pod-clone
version because the pod-create one looks suspicious: it
talks in terms of containers, not pods. It's possible
that I've got it wrong, and that these two cannot be
combined, so please review very carefully. I strongly
recommend using hack/markdown-preprocess-review for this one.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-24 05:43:23 -06:00
Ed Santiago c64a6ba072 Man pages: Refactor common options: --workdir
I chose the version from podman-run because it is the most
up-to-date, and most correct wrt current syntax guidelines.
Differences are in arg description, language, and asterisks.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-24 04:43:06 -06:00
Aditya R b4584ea854
run,create: add support for --env-merge for preprocessing vars
Allow end users to preprocess default environment variables before
injecting them into container using `--env-merge`

Usage
```
podman run -it --rm --env-merge some=${some}-edit --env-merge
some2=${some2}-edit2 myimage sh
```

Closes: https://github.com/containers/podman/issues/15288

Signed-off-by: Aditya R <arajan@redhat.com>
2022-08-24 14:06:25 +05:30
Ed Santiago 7d7aead511 Man pages: refactor common options: --device-cgroup-rule
I chose the version from podman-create. (This is unusual. podman-run
tends to have the better-maintained, more up-to-date version.)

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-23 13:02:09 -06:00
Ed Santiago 2c03681b2c Man pages: refactor common options: --disable-content-trust
A NOP option. I chose the container word, of course, and the
word 'option' instead of 'flag'. I also hyphenated where needed.

I'm choosing to eliminate the "not on remote" text, because I
don't think it's true: podman-remote happily accepts that
flag on all those commands, including build. (It's marked
as hidden on build, but still accepted).

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-23 10:10:35 -06:00
Ed Santiago 5c9bac141e Man pages: refactor common options: --cpus
Only on podman create and run: the --cpus option on container-clone
and pod-clone can probably be combined, but maybe later. pod-create
has unique wording that can't be combined.

This is a freebie to review: the text in both files was already
identical, and I made no changes to it. hack/markdown-preprocess-review
will agree, and show you no diffs, because there are none worth
seeing.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-23 08:04:36 -06:00
OpenShift Merge Robot 5948320951
Merge pull request #15384 from sstosh/options-cgroupsv1-rootless
Warning messages are printed and ignored if we use an unsupported option on cgroups V1 rootless systems
2022-08-23 09:42:47 -04:00
OpenShift Merge Robot c5abac27b5
Merge pull request #15420 from sstosh/fix-trouble
[CI:DOCS] Update Troubleshooting.md
2022-08-23 09:24:14 -04:00
Toshiki Sonoda 64339d47c1 Warning messages are printed and ignored if we use an unsupported option
When an unsupported limit on cgroups V1 rootless systems
is requested, podman prints an warning message and
ignores the option/flag.

```
  Target options/flags:
    --cpu-period, --cpu-quota, --cpu-rt-period, --cpu-rt-runtime,
    --cpus, --cpu-shares, --cpuset-cpus, --cpuset-mems, --memory,
    --memory-reservation, --memory-swap, --memory-swappiness,
    --blkio-weight, --device-read-bps, --device-write-bps,
    --device-read-iops, --device-write-iops, --blkio-weight-device
```

Related to https://github.com/containers/podman/discussions/10152

Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
2022-08-23 11:54:31 +09:00
Ed Santiago 74388fe75f Man pages: refactor common options: --pod-id-file
Much like --cidfile (#15414), --pod-id-file has two meanings.
One is used in pod-related commands, one in container ones.
Both meanings read the file, so the read/write split used
in --cidfile is not applicable here.

podman-pod-create keeps its --pod-id-file option because
that one cannot be refactored: that's the only command (now)
that writes a pod-id file.

Reviewable using hack/markdown-preprocess-review but I
did take some liberties with the #### args because they
were wrong. And, since I had to much with the description
text anyway (resulting in diffs), I also took the liberty
of cleaning up a double space.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-22 18:37:38 -06:00
Toshiki Sonoda 0f768cef3b [CI:DOCS] Update Troubleshooting.md
- Fix the item number
- Fix the links

Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
2022-08-23 08:47:02 +09:00
Ed Santiago 46f31361f8 Man pages: refactor common options: --cidfile
There are two meanings: one writes a cidfile, the other reads.
Split into two .md files.

This can be reviewed with hack/markdown-preprocess-review .
The main differences you'll see are all in cidfile.read:

  1) I use the <<subcommand>> feature. This works nicely for
     kill, pause/unpause, and stop. It works less nicely for
     rm, because the man page will show "...and rm the container"
     (a human might prefer to see "REMOVE the container"). Given
     the benefit of this cleanup, I think this is a fine tradeoff.

  2) I choose to include the "multiple times" text even on man pages
     where it wasn't present before. I tested to make sure it works.

  3) The #### line I choose is IMHO the best one.

Minor differences:

  * I believe the "remove the container" text in podman-kill
    and podman-stop is a copy/paste error. This PR fixes it.

  * The only differences between the cidfile.write texts is
    the #### line (my version is best) and a final period.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-22 12:17:20 -06:00
Valentin Rothberg fbe2bd87b0 [CI:DOCS] elaborate on image lookups of foreign platforms
After pulling/creating an image of a foreign platform, Podman will
happily use it when looking it up in the local storage and will not
pull down the image matching the host platform.

As discussed in #12682, the reasoning for it is Docker compatibility and
the fact that user already rely on the behavior.  While Podman is now
emitting a warning when an image is in use not matching the local
platform, the documentation was lacking that information.

Fixes: #15300
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2022-08-22 16:38:20 +02:00
Ed Santiago f0e8640755 Man pages: refactor common options: authfile
Refactor the --authfile option.

My suggestion for review:
  1) run hack/markdown-preprocess-review and immediately Ctrl-Q to
     quit out of diffuse, which is completely unusable for this
     many files; then
  2) cd /tmp/markdown-preprocess-review.diffs/authfile
     - this is the directory created by the review script
  3) rm podman-image-sign* podman-log* podman-search.1.md.in
     - because they're essentially identical to podman-create
  4) rm podman-manifest-* podman-push.*
     - because they're 100% identical to podman-kube-play
  5) rm podman-kube-play*
     - because it's apart-from-whitespace identical to podman-build
       (use "wdiff" to confirm)
  6) rm podman-auto-update*
     - because that's the one I chose (hence == zzz-chosen.md)

(You should obviously run your own diff/cmp before rm, to confirm
my assertions about which files are identical).

After all that, you have a manageable number of files which
you can scan, read, diff against zzz-chosen.md, even run diffuse.

This option is IMHO the poster child for why we need this kind
of man page refactoring.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-16 09:13:38 -06:00
Ed Santiago a78b67a47b Man pages: refactor common options: --annotation
Refactor the --annotation option, but only between podman create,
kube play, and run.

This does not include:

 * podman build:
   - usage is in terms of images, not containers/pods

 * manifest add, manifest annotate:
   - usage is in terms of images, not containers/pods
   - also, wording is slightly different

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-16 07:04:48 -06:00
Ed Santiago 22f3dd4c29 Man pages: refactor common options: arch
Smaller, more reviewable chunks.

This is just one option, --arch. Future PRs may, if the reviewing
is easy, include multiple options. This one includes fixes to
the preprocessor script, though:

 * big oops, I was not handling '<<something pod|something>>'
   where 'pod' appears other than the beginning of the string.
 * I was also not handling 'container<<| or pod>>', where one
   side was empty.
 * Behavior change: <<subcommand>>, on podman-pod-foo,
   becomes just 'foo' (not 'pod foo'). This will be useful
   in a future PR where we refactor --pod-id-file.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-15 12:31:30 -06:00