The --rmi flag will delete the container image after its execution
unless that image is already been used by another container(s).
This is useful when one wants to execute a container once and remove
any resources attached to it.
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
this pr splits off some of the network container create options into a different flag set. the options in question are:
--add-host
--dns
--dns-opt
--dns-search
--ip
--mac-address
--network
--no-hosts
--publish
in the future, these options are going to be added to the pod create flags. this makes that transition easier and provides for less code duplication.
Signed-off-by: Brent Baude <bbaude@redhat.com>
We have a lot of cludgy code trying to make --net and --network equivalent.
This will allow --net to still exists but will eliminate the help and confusion.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Use GetDefaultAuthFile() from buildah.
For podman command(except login), if authfile does not exist returns error.
close#4328
Signed-off-by: Qi Wang <qiwan@redhat.com>
Docker CLI calls the healthcheck flags "--health-*", instead of
"--healthcheck-*".
Introduce the former, in order to keep compatibility, and alias
the later, in order to avoid breaking current usage.
Change "--healthcheck-*" to "--health-*" in the docs and tests.
Signed-off-by: Hunor Csomortáni <csomh@redhat.com>
Mark hidden all references to signature-policy
Default all uses of --authfile
Add --authfile support to podman run and podman create.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In cases where the remote client culls options to a command, we need to
be sure that the lookup for that flag does not result in a nil pointer.
To do so, we add a Remote attribute to the podman struct and then cli
helper funcs are now aware they are remote.
Signed-off-by: baude <bbaude@redhat.com>
Fixes the ability to run (create,start) a container and attach to its
console correctly. We can now also exit from the console without
hanging the remote client.
Signed-off-by: baude <bbaude@redhat.com>
add the ability to create and run containers via the podman-remote
client.
we now create an intermediate layer from the the create/run cli flags.
the intermediate layer can be converted into a createconfig or into a
varlink struct. Once transported, the varlink struct can be converted
back to an intermediate layer and then to a createconfig.
remote terminals are not supported yet.
Signed-off-by: baude <bbaude@redhat.com>
in the few places where we care about skipping the storage
initialization, we can simply use the process effective UID, instead
of relying on a global boolean flag.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
We have a very high performance JSON library that doesn't need to
perform code generation. Let's use it instead of our questionably
performant, reflection-dependent deep copy library.
Most changes because some functions can now return errors.
Also converts cmd/podman to use jsoniter, instead of pkg/json,
for increased performance.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Remove hardcoded '(default: true)' strings from bool flags,
and '(default this-or-that)' from string flags.
First because it's unmaintainable duplication that would cause
confusion should someone ever change the default and not notice
the message.
Second, because cobra[1] already prints '(default XXXX)' for
all options with non-false non-nil default. So in each of
these cases, current podman help behavior is:
$ podman login --help
...
--tls-verify Require HTTPS ... (default: true) (default true)
This PR eliminates that duplication.
[1] actually spf13/pflag/flag.go
The only nontrivial one of these is start.go, where the default
for sigProxy depends on the --attach flag. Solution: change
the command-line default to false, and implement the new
conditional default in logic. Bonus: removed unnecessary
check, because now if sigProxy is set without --attach,
we can guarantee that it was done by the user. But please
pay close scrutiny to this particular section in case
there's something I missed.
Signed-off-by: Ed Santiago <santiago@redhat.com>
we fire the cleanup process asynchronously so we might race with a
command like: podman run --rm --name foo ... && podman run --rm --name foo
Fix it by ensuring the container is deleted before we exit. This
will race with the "cleanup" process, but it is fine as one of the two
commands will fail with ErrNoSuchCtr while the other succeeds.
Closes: https://github.com/containers/libpod/issues/2619
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
to prepare for being able to remotely run a container, we need to
perform a refactor to get code out of main because it is not
reusable. the shared location is a good starting spot though
eventually some will likely end up in pkg/spec/ at some point.
Signed-off-by: baude <bbaude@redhat.com>
Conceptually simple: include, where applicable, a brief
description of command-line options for each subcommand.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Adds the third chunk of Cobra examples to the cli help.
As were putting together a release tomorrow, tried to
hit the heavy commands with this PR.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Prior, a pod would have to be started immediately when created, leading to confusion about what a pod state should be immediately after creation. The problem was podman run --pod ... would error out if the infra container wasn't started (as it is a dependency). Fix this by allowing for recursive start, where each of the container's dependencies are started prior to the new container. This is only applied to the case where a new container is attached to a pod.
Also rework container_api Start, StartAndAttach, and Init functions, as there was some duplicated code, which made addressing the problem easier to fix.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
iFix builtin volumes to work with podman volume
Currently builtin volumes are not recored in podman volumes when
they are created automatically. This patch fixes this.
Remove container volumes when requested
Currently the --volume option on podman remove does nothing.
This will implement the changes needed to remove the volumes
if the user requests it.
When removing a volume make sure that no container uses the volume.
Signed-off-by: Daniel J Walsh dwalsh@redhat.com
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When cleaning up containers, we presently remove the exit file
created by Conmon, to ensure that if we restart the container, we
won't have conflicts when Conmon tries writing a new exit file.
Unfortunately, we need to retain that exit file (at least until
we get a workable events system), so we can read it in cases
where the container has been removed before 'podman run' can read
its exit code.
So instead of removing it, rename it, so there's no conflict with
Conmon, and we can still read it later.
Fixes: #1640
Signed-off-by: Matthew Heon <mheon@redhat.com>
At present, when manually detaching from an attached container
(using the detach hotkeys, default C-p C-q), Podman will still
wait for the container to exit to obtain its exit code (so we can
set Podman's exit code to match). This is correct in the case
where attach finished because the container exited, but very
wrong for the manual detach case.
As a result of this, we can no longer guarantee that the cleanup
and --rm functions will fire at the end of 'podman run' - we may
be exiting before we get that far. Cleanup is easy enough - we
swap to unconditionally using the cleanup processes we've used
for detached and rootless containers all along. To duplicate --rm
we need to also teach 'podman cleanup' to optionally remove
containers instead of cleaning them up.
(There is an argument for just using 'podman rm' instead of
'podman cleanup --rm', but cleanup does have different semantics
given that we only ever expect it to run when the container has
just exited. I think it might be useful to keep the two separate
for things like 'podman events'...)
Signed-off-by: Matthew Heon <mheon@redhat.com>
Subcommands should not be showing the global flags. This causes the important
information to scroll off the screen.
Also fixed a typo on runCommmand (Too many 'm's)
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In the previous CLI, we had an accurate depiction of commands
available for the remote client and those available for the
local client.
Signed-off-by: baude <bbaude@redhat.com>
We intend to migrate to the cobra cli from urfave/cli because the
project is more well maintained. There are also some technical reasons
as well which extend into our remote client work.
Signed-off-by: baude <bbaude@redhat.com>
We have no consistancy in out option usages and descritions
on whether or not the first letter should be capatalized.
This patch forces them all to be capatilized.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We are missing the equivalence of the docker system commands
This patch set adds `podman system prune`
and `podman system info`
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
when starting or running a container that has --rm, if the starting
container fails (like due to an invalid command), the container should
get removed.
Resolves: #1985
Signed-off-by: baude <bbaude@redhat.com>
Previous commits ensured that we would use database-configured
paths if not explicitly overridden.
However, our runtime generation did unconditionally override
storage config, which made this useless.
Move rootless storage configuration setup to libpod, and change
storage setup so we only override if a setting is explicitly
set, so we can still override what we want.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Addressing:
podman run -it -a STDERR --rm alpine /bin/ash
hanging. As we droped stdin as soon as -a was used. Notice this is contrary to
what D-tool does and contrary to what podman help implies:
podman run --help | grep interact
--interactive, -i Keep STDIN open even if not attached
Signed-off-by: Šimon Lukašík <slukasik@redhat.com>
To work better with Kata containers, we need to delete() from the
OCI runtime as a part of cleanup, to ensure resources aren't
retained longer than they need to be.
To enable this, we need to add a new state to containers,
ContainerStateExited. Containers transition from
ContainerStateStopped to ContainerStateExited via cleanupRuntime
which is invoked as part of cleanup(). A container in the Exited
state is identical to Stopped, except it has been removed from
the OCI runtime and thus will be handled differently when
initializing the container.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
We added a timeout for convenience, but most invocations don't
care about it. Refactor it into WaitWithTimeout() and add a
Wait() that doesn't require a timeout and uses the default.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1527
Approved by: mheon
This chunk was mistakenly removed with ecec1a5430
Introduce it back as it solves the pull of an image that is not yet in
the storage when using create/run.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1521
Approved by: baude
Create two new createInit for checking if the cotnainer is initialized
correctly.
createContainer which creates the actual container and containerConfig
Also added libpodruntime.GetContainerRuntime to put common runtime code
into separate function.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Waiting uses a lot of CPU, so drop back to checking once/second
and allow user to pass in the interval.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
change the tests to use chroot to set a numeric UID/GID.
Go syscall.Credential doesn't change the effective UID/GID of the
process.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
move re-exec later on, so that we can check whether we need to join
the infra container user namespace or we need to create another one.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
Don't print potentially verbose help messages in case of usage errors,
but print only the usage error followed by a pointer to the command's
help. This aligns with Docker.
```
$ podman run -h
flag needs an argument: -h
See 'podman run --help'.
```
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1379
Approved by: rhatdan
Move the `-h` short flag from `--help` to `--hostname` for podman-run,
podman-create and podman-pod-create to be compatible with Docker.
Fixes: #1367
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1373
Approved by: rhatdan
Need to get some small changes into libpod to pull back into buildah
to complete buildah transition.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1270
Approved by: mheon
This fixes a race condition where conmon is still writing the exit
file and the container is exiting.
Also we should not be ignoring the -a stdin flag if the user specifies
--interactive mode.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1086
Approved by: baude
Boaz Shuster
Brent Baude
Daniel J Walsh
Qi Wang
Hunor Csomortáni
Giuseppe Scrivano
Matthew Heon
Ed Santiago
Sebastian Jug
OpenShift Merge Robot
TomSweeneyRedHat
Peter Hunt
Matthew Heon
Šimon Lukašík
Matthew Heon
Valentin Rothberg