We don't care about the provenance of the machine image, so this is no
longer applicable to have when displaying info.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
ToHumanReadable() exists twice now, there is no reason for this just
call the function on the backend event type is fine as this still has to
be used there.
It also fixes a bug where the wrong event type was passed to the
template which did not match the docs and json output.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add new event type in cmd/podman to better match the docker format.
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Adds `ConnectionInfo()` to the `MachineConfig` and fills out
`InspectInfo` accordingly. Additionally fixes the "inspect with go format" test.
Changes `ConfigPath` to `ConfigDir` to better represent the
output.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Podman machine reset is a new command that will "reset" your podman
machine environment. Reset is defined as:
* Stop and Remove all VMs
* Remove the following directories:
- configuration dir i.e. ~/.config/containers/podman/machine/qemu
- data dir i.e. ~/.local/.share/containers/podman/machine/qemu
When deleting, if errors are encountered, they will be batched and spit
out at the end. Podman will try to proceed even in error in doing what
it was told.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Followup to:
- #21060, where I added new struct checks (but did not make them fatal)
- #21534, which added per-interface stats and a .Network field,
but its documentation was slightly off
Signed-off-by: Ed Santiago <santiago@redhat.com>
The reserved annotation io.podman.annotations.volumes-from is made public to let user define volumes-from to have one container mount volumes of other containers.
The annotation format is: io.podman.annotations.volumes-from/tgtCtr: "srcCtr1:mntOpts1;srcCtr2:mntOpts;..."
Fixes: containers#16819
Signed-off-by: Vikas Goel <vikas.goel@gmail.com>
The new file was not really documented, so leave some pointers on how it
works and that the new file should not be edited manually.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This mirrors how the Docker API handles things, allowing us to be
more compatible with Docker and more verbose on the Libpod API.
Stats are given as per network interface in the container, but
still aggregated for `podman stats` and `podman pod stats`
display (so the CLI does not change, only the Libpod and Compat
APIs).
Signed-off-by: Matt Heon <mheon@redhat.com>
The `--stars` option was incorrectly documented as meaning
the number of stars to filter by. This has been corrected
to indicate that it is the minimum number of stars to filter
by.
Tweaked wording of podman-search.md stars filter text
Signed-off-by: Kaniel Kirby <piratey7007@runbox.com>
Just like all the other inspect commands that accept multiple args we
should just make podman pod inspect output a json array.
This makes the code more consistent and removes the extra workaround
which was needed before to support this.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The pasta network mode has been added in podman v4.4 and this causes a
conflict with named networks that could also be called "pasta". To not
break anything we had special logic to prefer the named network over the
network mode. Now with 5.0 we can break this and remove this awkward
special handling from the code.
Containers created with 4.X that use a named network pasta will also
continue to work fine, this chnage will only effect the creation of new
containers with a named network pasta and instead always used the
network mode pasta. We now also block the creation of networks with the
name "pasta".
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We were pinned to a specific commit to ensure that tests kept
passing. Hopefully they pass now, as we need to grab latest runc
for CVE fixes.
Also grab Buildah main to fix a build issue on FreeBSD. After a
botched manual vendor, I used Ed's treadmill script and squashed
it into this commit to make Git happy. Thanks bunches Ed.
Signed-off-by: Matt Heon <mheon@redhat.com>
We now no longer write containers.conf, instead system connections and
farms are written to a new file called podman-connections.conf.
This is a major rework and I had to change a lot of things to get this
to compile again with my c/common changes.
It is a breaking change for users as connections/farms added before this
commit can now no longer be removed or modified directly. However because
the logic keeps reading from containers.conf the old connections can
still be used to connect to a remote host.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
On Mac and Windows systems the --latest option is not supported
this PR mentions this fact in the examples section of the man page.
Also added documentation and consistency to the man pages examples
sections.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
New CI validation check: all keys in quadlet.go must be
documented at least once in podman-systemd.unit.5.md.
Adding '// deprecated' next to an enum definition will
exclude said key from the documentation cross-checks.
And, because the md file lists keys in both table and block
form, make sure those all match.
And make sure everything is sorted in lexical order, in
both .go source and in man page.
And add a validation check to make sure it stays that way.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Initial impetus was #20958 (ps --format .Label abc). This is
a complicated solution to a simple-seeming problem.
The problem: .Label is a cobra *function*, something I did not
know about nor handle.
Solution: recognize cobra functions. Switch to __complete,
not __completeNoDesc, so we can see the number of arguments
required. Invent new man-page format for documenting functions.
And, finally, start enforcing how functions (and cobra structs)
are documented.
This discovered a never-used completion function, .Recycle(),
in podman-events. Remove it.
[NO NEW TESTS NEEDED] - the .go change is an excision of dead code.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Update farm build to directly push images to a registry
after all the builds are complete on all the nodes.
A manifest list is then created locally and pushed to
the registry as well.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
The quotes are interpreted as part of the value, so that, for example,
`HealthCmd="true"` is translated to the podman argument
`--health-cmd "\"true\""`.
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
Let's support --config option by setting environment variable
DOCKER_CONFIG instead of ignoring it for docker compatibility, so
it could be used to locate config.json as authentication file.
Also add a test case for this change, remove the deprecated one.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
podman-kube-generate created from pod:
1. podman volume create mariadb_data
2. podman run --env MARIADB_ROOT_PASSWORD=x --name some-mariadb \
-v mariadb_data:/var/lib/mysql -P -d mariadb:10.11
3. + command in doc.
podman-run - using MARIADB_ROOT_PASSWORD environment variables for a
while now.
Signed-off-by: Daniel Black <daniel@mariadb.org>
Changes SSH key behavior such that there is a single persisted key for all
machines across all providers. If there is no key that is located at
`.local/share/containers/podman/machine/` then it is created. The keys are
not deleted when the last machine on the host is removed.
The main motivation for this change is it leads to fewer files created on the
host as a result of vm configuration. Having `n` machines on your system doesn't
result in `2n` machine-related files in `.ssh` on your system anymore.
As a result of ssh keys being persisted by default, the `--save-keys` flag
on `podman machine rm` will no longer be supported.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Add support for using multiple `Ulimit=` options in `.container` files.
Before, only the last `Ulimit=` option was used in the podman command.
Update podman-systemd.unit.5 docs to reflect this change.
Add `test/e2e/quadlet/ulimit.container` to e2e tests.
Signed-off-by: Paul Nettleton <k9@k9withabone.dev>
The docs have this note for the `--compress` flag
> Note: This flag can only be set with --format=docker-dir.
Yet the provided example has `--compress` with `--format=oci-dir`
Signed-off-by: gardar <gardar@users.noreply.github.com>
Began as a review of #20983, a community PR from @krumelmonster
for moving divisive-language footnotes closer to the point
where they're used. In the process, I noticed a lot of poor
markdown, mostly bad use of whitespace. Cleaned it up, added
some italic/bold/tty markdown to options, and cleaned up
some language I found confusing.
Thanks to @krumelmonster for initial PR.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Also Support for podman pod ps --format '{{ .Label label }}'
Finally fix support for --format '{{ .Podname }}'
When user specifies .Podname this implies --pod was passed.
Fixes: https://github.com/containers/podman/issues/20957
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
add a new option --preserve-fd that allows to specify a list of FDs to
pass down to the container.
It is similar to --preserve-fds but it allows to specify a list of FDs
instead of the maximum FD number to preserve.
--preserve-fd and --preserve-fds are mutually exclusive.
It requires crun since runc would complain if any fd below
--preserve-fds is not preserved.
Closes: https://github.com/containers/podman/issues/20844
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This PR closes#20585
Add Inital support for Entrypoint on quadlets
Add Bats Tests for Entrypoint
Updates the documentation with one example to use the Entrypoint option
Signed-off-by: Odilon Sousa <osousa@redhat.com>
Update the health-start-period docs to clarify what exactly
the health-start-period flag does based on whether the health
check command succeeds or fails.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
When the `Mask=` and `Unmask=` quadlet options were initially added,
they were mistakenly placed in the [Kube] section when they should be in
the [Container] section. This commit corrects the mistake and adds
example usage to the [Container] options table.
Signed-off-by: Paul Nettleton <k9@k9withabone.dev>
The option `farm` which is used to specify the farm to be used, is moved to farm build command from farm command.
closes#20752
Signed-off-by: Chetan Giradkar <cgiradka@redhat.com>
Be specific that the `-v` flag only affects RUN instructions. The
previous wording left it ambiguous, and people might have concluded that
it applied to ADD and COPY as well.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When committing containers to create new images, accept a container
config blob being passed in the body of the API request by adding a
Config field to our API structures. Populate it from the body of
requests that we receive, and use its contents as the body of requests
that we make.
Make the libpod commit endpoint split changes values at newlines, just
like the compat endpoint does.
Pass both the config blob and the "changes" slice to buildah's Commit()
API, so that it can handle cases where they overlap or conflict.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
For a source file like `foo.container`, look for drop in named
`foo.container.d/*.conf` and merged them into the main file. The
dropins are applied in alphabetical order, and files in earlier
diretories override later files with same name.
This is similar to how systemd dropins work, see:
https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html
Also adds some tests for these
Signed-off-by: Alexander Larsson <alexl@redhat.com>
The default is OCI runtime specific, there is no way for Podman to
know it.
[CI:DOCS]
Closes: https://github.com/containers/podman/issues/20754
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add support for .pod unit files with only PodmanArgs, GlobalArgs, ContainersConfModule and PodName
Add support for linking .container units with .pod ones
Add e2e and system tests
Add to man page
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Move the options for the podman build doc to a common md
that can be used by both podman build and podman farm build.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
This expands support for the (previously) boolean `Notify` directive, in
support of healthcheck determined SD-NOTIFY event emission, as
supported by Podman with the `--sdnotify=healthy` option.
Closes: #18189
Signed-off-by: Alex Palaistras <alex@deuill.org>
Add a new `no-dereference` mount option supported by crun 1.11+ to
re-create/copy a symlink if it's the source of a mount. By default the
kernel will resolve the symlink on the host and mount the target.
As reported in #20098, there are use cases where the symlink structure
must be preserved by all means.
Fixes: #20098
Fixes: issues.redhat.com/browse/RUN-1935
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This mostly just inherits the c/common/pkg/auth implementation,
except that AuthFilePath and DockerCompatAuthFilePath can not be set
simultaneously, so don't unnecessarily explicitly set AuthFilePath.
c/common already handles that.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Support UIDMap, GIDMap, SubUIDMap and SubGIDMap
If any of them are set disregard the deprecated Remap keys
Add tests and man
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Users fail to realize that they can use other systemd
options within the quadlet files, like ExecStartPre.
This change should make it clearer to the users.
https://github.com/containers/podman/discussions/20642
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
QEMU usb-host driver which is the one for passthrough, supports two
options for selecting an USB devices in the host to provide it to the
VM:
- Bus and Device number the device is plugged
- Vendor and Product information of the USB devices
https://qemu-project.gitlab.io/qemu/system/devices/usb.html
This commit allows a user to configure podman machine with either of
options, with new --usb command line option for podman machine init.
Examples
podman machine init tosovm4 --usb vendor=13d3,product=5406
podman machine init tosovm3 --usb bus=1,devnum=4 --usb bus=1,devnum=3
This commit also allows a user to change the USBs configured with
--usb command line option for podman machine set.
Note that this commit does not handle host device permissions nor
verify that the USB devices exists.
Signed-off-by: Victor Toso <victortoso@redhat.com>
The docs were rather vague about the deprecation of CNI, make it clear
that we are going to remove it with 5.0 as we decided to do that in our
planning.
Also while looking at the podman network create docs I noticed
--ipam-driver dhcp was still documented as not supported with netavark
so I fixed that as well.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Docker allows the passing of -1 to indicate the maximum limit
allowed for the current process.
Fixes: https://github.com/containers/podman/issues/19319
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This solves `--security-opt unmask=ALL` still masking the path.
[NO NEW TESTS NEEDED] Can't easily test this as we do not have
access to it in CI.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
All `[]string`s in containers.conf have now been migrated to attributed
string slices which require some adjustments in Buildah and Podman.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add Quadlet key and disconnect relationship withr read-only
Update and add tests
Update man with new key
Remove the reference to VolatileTmpfs in the man page to reduce its
usage, since the same functionality can be achieved using the Tmpfs key
while keeping its support to maintain backward compatibility
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Users can specify BUILDAH_ISOLATION environment variable to change the
default.
Fixes: https://github.com/containers/podman/issues/20024
Currently podman play kube is defaulting to chroot, which is the least
safe version of build, we should always default to secure whenever
possible. Chroot should only be used when building within a container.
No great way to tests this.
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The network backend will ignore ports for macvlan and ipvlan networks so
they do not do anything. No warning or error is shown because containers
may be later connected to a bridge network in which case they would be
useful.
Fixes#17927
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If you change this option all the containers disappear from the default
connection and socket. Thus it is required to recreate the resources.
Sharing between root and rootless is not possible for various reasons.
Fixes#19936
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
openshift-merge-bot[bot]
Jake Correnti
Paul Holzinger
AhmedGrati
Vikas Goel
Daniel J Walsh
Brent Baude
Ed Santiago
Giuseppe Scrivano
Lokesh Mandvekar
localhost
Joel Purra
Matt Heon
Piratey7007
James Hurst
Colin Walters
Alexander Larsson
Urvashi Mohnani
Ygal Blum
Cedric Staniewski
Ming Liu
Daniel Black
Oleksandr Redko
Paul Nettleton
gardar
Odilon Sousa
Anchit Bajaj
Daniel Mendizabal
Chetan Giradkar
Nalin Dahyabhai
kaivol
Erik Sjölund
Marta
Arthur Sengileyev
Alex Palaistras
Valentin Rothberg
Miloslav Trmač
Andreas Gerstmayr
Joshua Beighton
Victor Toso
Jan Pazdziora
openshift-ci[bot]
Matthew Heon
林博仁(Buo-ren, Lin)