Most network commands/features work with both netavark and CNI. When
we added added netavark most docs were not vetted and thus still use CNI
network, it should just say network.
Fixes#14990
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
added the following flags and handling for podman pod create
--memory-swap
--cpuset-mems
--device-read-bps
--device-write-bps
--blkio-weight
--blkio-weight-device
--cpu-shares
given the new backend for systemd in c/common, all of these can now be exposed to pod create.
most of the heavy lifting (nearly all) is done within c/common. However, some rewiring needed to be done here
as well!
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Update the init container type default to once instead
of always to match k8s behavior.
Add a new annotation that can be used to change the init
ctr type in the kube yaml.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
--latest : pause/unpause the latest container.
--filter : pause/unpause the filtered container.
--cidfile : Read container ID from the specified file and pause/unpause the container.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
podman-remote has a dependency on $(SRCBINDIR), because on
Mac and Windows that's a special dir that may not exist.
But depending on a directory means depending on its mtime,
which changes every time a file in it is updated, which
means running 'make' twice in a row will rebuild podman-remote
for no good reason.
Solution: GNU Make has the concept of "order-only" prerequisites,
precisely for this situation. Use it. Since it's an obscure
feature, document it.
UPDATE: This exposed some nasty duplication wrt podman-remote rules.
Clean those up, and add comments to some confusing sections.
Fixes: #14756
(Also, drive-by edit to remove a stray misdocumented non-option)
Signed-off-by: Ed Santiago <santiago@redhat.com>
[CI:DOCS]
document the podman network create -o=isolate which allows networks to cut themselves off
from external connections.
resolves#5805
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Filter flag is added for podman stop and podman --remote stop. Filtering logic is implemented in
getContainersAndInputByContext(). Start filtering can be manipulated to use this logic as well to limit redundancy.
Signed-off-by: Karthik Elango <kelango@redhat.com>
I added the shorthand option for `podman pull --all-tags`. Like Docker,
Podman can now do `podman pull -a`.
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
Followup to #14906, in which a nonexistent option was found
in a man page. The xref script was designed to catch that,
but I was too lax in my parsing: the option was documented
using wrong syntax, and the script didn't catch it.
Solution: do not allow *any* unrecognized cruft in the
option description lines. And fix all improperly-written
entries to conform to the rule:
**--option**=*value(s)*
Two asterisks around option, which must have two dashes. One
asterisk around value(s).
This is going to cause headaches for some people adding new
options, but I don't think I can fix that: there are many
factors that make an unparseable line. Adding 'hint' code
would make the script even more complex than it is. I have
to assume that our contributors are smart enough to look
at surrounding context and figure out the right way to
specify options.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The "podman kube play" command is designed to be a replacement for the
"podman play kube" command.
It performs the same function as "play kube" while also still working with the same flags and options.
The "podman play kube" command is still functional as an alias of "kube play".
Closes#12475
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Correct spelling and typos.
* Improve language.
Co-authored-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Reference --uidmap in --gidmap docs for additional information
* Remove --gidmap example "groupname -> 100000 / 30000 -> 0"
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Add example "Extracting the list of container registries with a Go template".
(The example was already present but in a much shorter form)
* Add example "Extracting the list of container registries from JSON with jq".
* Add shell completion instructions
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Make sure that the docs for pull policies is consistent with Buildah and
reflects the implementation.
Further improve the help messages and auto completions.
[NO NEW TESTS NEEDED]
Fixes: #14846
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This addresses:
Symlinks don't work on podman machine on macOS Monterey when using volumes feature #13784
This change does NOT exactly fix the bug, but it does allow the user to
work around it via 'podman init' option, e.g.:
podman machine init -v "$HOME/git:$HOME/git:ro:security_model=none"
If the default security model were to be changed to 'none', then that
would fix the bug, at the possible cost of breaking any use cases that
depend on 'mapped-xattr'.
The documentation of the purpose and behavior of the different security
models seems to be rather light:
https://wiki.qemu.org/Documentation/9psetup#Starting_the_Guest_directly
From testing, it appears that the mapped-xattr security model intends to
manage symlinks such that the guest can see the symlinks but the host
only sees regular files (with extended attributes). As far as I can
tell, this behavior only makes sense when the guest is the only thing
that ever needs to create and read symlinks. Otherwise, symlinks created
on the host are unusable on the guest, and vice versa.
As per the original commit: 8e7eeaa4dd
[NO NEW TESTS NEEDED]
Also document existing ro and rw options.
Also remove misleading statement about /mnt. By my observation, this
line is incorrect. If the intended meaning is different, then I don't
understand.
The default volume is mounted read/write and is not within /mnt.
[core@localhost ~]$ mount | grep 9p
vol0 on /Users/chickey type 9p (rw,relatime,sync,dirsync,access=client,trans=virtio)
Signed-off-by: Corey Hickey <chickey@tagged.com>
add support for the --uts flag in pod create, allowing users to avoid
issues with default values in containers.conf.
uts follows the same format as other namespace flags:
--uts=private (default), --uts=host, --uts=ns:PATH
resolves#13714
Signed-off-by: Charlie Doern <cdoern@redhat.com>
using the new resource backend, implement podman pod create --memory which enables
users to modify memory.max inside of the parent cgroup (the pod), implicitly impacting all
children unless overriden
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Podman Machine crashes if run as root. When creating the machine, we write the ignition so that the UID of the core user matches the UID of the user on the host. We by default, create the root user on the machine with UID 0. If the user on the host is root, the core UID and the Root UID collide, causing a the VM not to boot.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
add two new options to the volume create command: copy and nocopy.
When nocopy is specified, the files from the container image are not
copied up to the volume.
Closes: https://github.com/containers/podman/issues/14722
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Libpod requires that all volumes are stored in the libpod db. Because
volume plugins can be created outside of podman, it will not show all
available plugins. This podman volume reload command allows users to
sync the libpod db with their external volume plugins. All new volumes
from the plugin are also created in the libpod db and when a volume from
the db no longer exists it will be removed if possible.
There are some problems:
- naming conflicts, in this case we only use the first volume we found.
This is not deterministic.
- race conditions, we have no control over the volume plugins. It is
possible that the volumes changed while we run this command.
Fixes#14207
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Replace "setup", "lookup", "cleanup", "backup" with
"set up", "look up", "clean up", "back up"
when used as verbs. Replace also variations of those.
* Improve language in a few places.
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
add the ability to filter networks by their dangling status via:
`network ls --filter dangling=true/false`
Fixes: #14595
Signed-off-by: Carlo Lobrano <c.lobrano@gmail.com>
expose the --shm-size flag to podman pod create and add proper handling and inheritance
for the option.
resolves#14609
Signed-off-by: Charlie Doern <cdoern@redhat.com>
OpenShift Merge Robot
Paul Holzinger
Charlie Doern
Urvashi Mohnani
Toshiki Sonoda
Ed Santiago
Erik Sjölund
openshift-ci[bot]
Karthik Elango
Jake Correnti
Daniel J Walsh
Niall Crowe
Valentin Rothberg
Corey Hickey
Ashley Cui
Giuseppe Scrivano
Carlo Lobrano