The nolintlint linter does not deny the use of `//nolint`
Instead it allows us to enforce a common nolint style:
- force that a linter name must be specified
- do not add a space between `//` and `nolint`
- make sure nolint is only used when there is actually a problem
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This is an enhancement for the podman system prune feature.
In this issue, it is mentioned that 'network prune' should be
wired into 'podman system prune'
https://github.com/containers/podman/issues/8673
Therefore, I add the function to remove unused networks.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Changes since 2022-05-31:
- add --omit-history option (buildah PR 4028)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
command
Previously, if a container was not running, and the user ran the `podman
stats` command, an error would be reported: `Error: container state
improper`.
Podman now reports stats as the fields' default values for their
respective type if the container is not running:
```
$ podman stats --no-stream demo
ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS CPU TIME AVG CPU %
4b4bf8ce84ed demo 0.00% 0B / 0B 0.00% 0B / 0B 0B / 0B 0 0s 0.00%
```
Closes: #14498
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
implement podman pod clone, a command to create an exact copy of a pod while changing
certain config elements
current supported flags are:
--name change the pod name
--destroy remove the original pod
--start run the new pod on creation
and all infra-container related flags from podman pod create (namespaces etc)
resolves#12843
Signed-off-by: cdoern <cdoern@redhat.com>
I don't see a reason why we don't support --remove-signatures
from remote push, so adding support.
Fixes: https://github.com/containers/podman/issues/14558
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a new `--overwrite` flag to `podman cp` to allow for overwriting in
case existing users depend on the behavior; they will have a workaround.
By default, the flag is turned off to be compatible with Docker and to
have a more sane behavior.
Fixes: #14420
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Note that the bud-logfile-with-split-logfile-by-platform test is skipped
on the remote client (see #14544).
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
add an option to configure the driver timeout when creating a volume.
The default is 5 seconds but this value is too small for some custom drivers.
Signed-off-by: cdoern <cdoern@redhat.com>
- The State() function now returns machine.Starting status instead of an
empty string if the VM is in the process of starting.
- The `CheckExclusiveActiveVM()` function returns `true` to prevent
starting a VM while another is in the process of starting.
- `podman machine ls` displays "Currently starting" under "Last Up" for
the starting VM
- `podman machine ls` supports `{{.Starting}}` boolean field in the format
- `podman machine inspect` displays "starting" in the "State" field for
the starting VM
Signed-off-by: Shane Smith <shane.smith@shopify.com>
For some reason commit 5b79cf15a0 moved the container create options
parsing from cmd/podman/common to pkg/api/handlers. However it did not
remove the old code. Unfortunately it moved the code from an outdated
version and did not update it before this commit was merged.
Therefore a couple of regressions were introduced. I manually compared
both versions and found three missing bugfixes.
I fixed the network test again that was changed in bce97a3b5d. We
want bridge as default even as rootless. Sine the test is not run as
rootless in CI the regression was not caught.
Also the no hosts test never worked since it was missing the import
check if the hosts file exists.
I don't think we can check for the volume parsing change since this only
works on windows/wsl.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When you try to complete a path which exists and it is a file the
completion logic did not check the parent dir for other matching file
names. To fix that we have to check if the current completion is not a
dir and use the parent dir in this case.
See the updated test for an example why this is required.
Also make sure directories are correctly completed, the shell always
adds the "/" as suffix to signal the user that this path is a directory.
In this case we do not want to automatically add a space. When the path
is a regular file we want the space after the suggestion since there is
nothing more to complete.
This better matches the normal default shell completion.
The test were changed to not assume any particular ordering since this
is irrelevant for the shell completion script and there is no guarantee
about the ordering.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Firstly, reset is now managed by the runtime itself as a part of
initialization. This ensures that it can be used even with
runtimes that would otherwise fail to be created - most notably,
when the user has changed a core path
(runroot/root/tmpdir/staticdir).
Secondly, we now attempt a best-effort removal even if the store
completely fails to be configured.
Third, we now hold the alive lock for the entire reset operation.
This ensures that no other Podman process can start while we are
running a system reset, and removes any possibility of a race
where a user tries to create containers or pull images while we
are trying to perform a reset.
[NO NEW TESTS NEEDED] we do not test reset last I checked.
Fixes#9075
Signed-off-by: Matthew Heon <mheon@redhat.com>
In podman run --help, the message said megabyte, gigabyte, etc. In reality podman takes mebibytes, gibibytes, etc.
[CI:DOCS]
Signed-off-by: Karthik Elango <kelango@redhat.com>
The comma-separated podman load output isn't conducive for using the
subsequent images. For tarballs with multiple images, the comma
separator must be manually identified and a suitable range identified.
Docker CLI on the other hand, has one image identifier per line:
Loaded image: repo1/name1:latest
Loaded image: repo1/name1:tag1
Loaded image: repo2/name2:tag1
(as of Docker version 20.10.16, build aa7e414).
Switch `podman load` to this format for consistency and usability.
[NO NEW TESTS NEEDED]
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Add shell completion for paths inside the container or image. Currently
podman run IMAGE [TAB] only uses the default shell completion which
suggests paths on the host. This is fine for some cases but often the
user wants a path which only exists in the image/container.
This commits adds support for that. Both podman create/run can now
complete the paths from the image, podman cp ctr:... now completes paths
from the actual container.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When the volume does not exist we should output an error stating so and
not some generic one.
Fixes#14411
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Forward the ssh exit code to the podman caller. This is useful for
scripts. Use the same logic as podman unshare.
Fixes#14401
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Libpod or packages under /pkg should never import from /cmd/...
This will quickly result in import cycles and weird code paths.
Also there is no reason to use this special code we can just use
syscall.SIGHUB as SIGNAL.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Allowing custom flags to provider has the potential to break all the
hand-crafted commands currently in use. This could become a support
nightmare.
```release-note
NONE
```
[NO NEW TESTS NEEDED]
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Buildah already supports using `--layers` with `--squash` after https://github.com/containers/buildah/pull/3674
if user wants to do so hence podman must honor similar configuration
in `--squash-all` behaviour if user wants to using cache.
PS: We cannot alter behaviour of `podman build --squash` for
docker-compat reasons hence this feature can be easily supported by
`--squash-all`.
Closes: https://github.com/containers/buildah/issues/4011
Signed-off-by: Aditya R <arajan@redhat.com>
These two functions were doing the exact same thing just
with cidfile and pod-id-file separately. Combine the functionality
to one function to remove repetative code.
Fix the TODO in cmd/podman/validate/args.go
[NO NEW TESTS NEEDED]
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Fix up the parseEnv function to differentiate
between a label and env when parsing.
Don't do a system lookup when parsing labels.
[NO NEW TESTS NEEDED]
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Same block contains similar lines above this is not needed as this looks
redundant.
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
Refactor test for deadlock by comparing error text vs. actual
ErrWillDeadlock constant. When running with --remote the error
constant will always be not equal to the error returned by the API.
```release-note
NONE
```
[NO NEW TESTS NEEDED]
Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Option left in images/diff.go CLI as comment implies it is needed for
backwards compatibility.
```release-note
NONE
```
[NO NEW TESTS NEEDED]
Signed-off-by: Jhon Honce <jhonce@redhat.com>
I am constantly attempting to add the podname to the last
argument to podman pod create. Allowing this makes it match
podman volume create and podman network create.
It does not match podman container create, since podman container create
arguments specify the arguments to run with the container.
Still need to support the --name option for backwards compatibility.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
There is no good way to recommend labels for podman container runlabel.
Add the missing max-size log option. These are the only documented
options so the completion should not suggest something different.
Add proper --stop-signal completion. It will now complete all supported
signal names both upper and lowercase depending on the user input. Also
it work with and without the SIG prefix.
Fixing the TODOs in this file are more complicated since they describe
bigger features.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently this list is not exported from c/storage and the group
decided this will not be changed.
```release-note
NONE
```
Signed-off-by: Jhon Honce <jhonce@redhat.com>
- Look for and prevent lower-case arg descriptions:
podman cmd [arg]
- Look for and prevent optional-mandatory misordering:
podman cmd [ARG] ARG
- Tighter whitespace checks (and fix podman pod ps)
- simplify a no-longer-necessary mess! #8635 fixed the
horrible "CONTAINER | IMAGE" strings (with spaces),
so there's no longer a need to special-case those.
The one-extra-arg check is now much cleaner.
Minor refactoring.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Make sure that `podman image mount` prints a pretty table unless there
is only argument passed and without a custom format. Fixing a TODO item
brought me to the specific code location and revealed the fart in the
logic.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
It is better to just reuse the existing constants instead of duplicating
the strings.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
docker-archive was missing from the completions. To prevent duplication
use the same format list as podman save.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add all option that are supported by the podman inspect --type flag to
the completions. Also use the same constants instead of duplicating the
strings. In order to do this I had to move the definitions into the
common package to prevent an import cycle.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The completion suggested incorrect values for `podman events --filter
type=` . It should only list types not the event status. Also make sure
to use the constants instead of duplicating the strings.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
From a template users POV it is not importent when they use a struct field or
method. They only notice the difference when the function requires arguments.
So lets be nice and let the user know that this method requires arguments
via the help text.
This is how it now looks like when the completion descriptions are enabled
on bash:
```
$ bin/podman ps --format {{.Created.A
{{.Created.AddDate (This is a function and requires 3 arguments) {{.Created.After (This is a function and requires 1 argument)
{{.Created.Add (This is a function and requires 1 argument) {{.Created.AppendFormat (This is a function and requires 2 arguments)
```
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently we only support structs in a template string like this:
`{{.var1.test.` -> this meams that test must be a struct field on var1.
Now with this var1 and test could also be either a map or function which
returns a struct.
A actual example:
`podman container inspect --format {{.NetworkSettings.Networks.netname.`
Now we can complete the struct fileds after netname. Note that this
cannot complete map keys since they are empty by default, so it is
impossible to get them in the completion logic.
Also this fixes a panic with embeeded nil structs
Fixes#14223
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When a struct is embeeded it is possible that we end up with same names
but different types, this results in incorrect completions. The go
template logic always preferes the actual field/method name before the
one from the embedded one. Thefore the completion logic should do the
same. First get all method/fields names from the struct and then only
add the field names from the embedded struct when they are not already
present in the list.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In a template you cann call function that are defined on a type, however
this is only useful if they return one value. If it returns more than
one the template cannot know what value it has to display.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
go templates only support exported fields, so the completion logic must
filter the private fields out.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The completion logic currently suggest also the functions that are
defined for this type. However this did not work correctly when it was
defined as pointer to that type on not the actual type.
This commit fixes that problem. To test you can compare the difference
between `podman stats --format {{.[TAB]` with and without this commit.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add the notion of a "service container" to play kube. A service
container is started before the pods in play kube and is (reverse)
linked to them. The service container is stopped/removed *after*
all pods it is associated with are stopped/removed.
In other words, a service container tracks the entire life cycle
of a service started via `podman play kube`. This is required to
enable `play kube` in a systemd unit file.
The service container is only used when the `--service-container`
flag is set on the CLI. This flag has been marked as hidden as it
is not meant to be used outside the context of `play kube`. It is
further not supported on the remote client.
The wiring with systemd will be done in a later commit.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Rather than assuming a filesystem path, the API service URI is recorded
in the libpod runtime configuration and then reported as requested.
Note: All schemes other than "unix" are hard-coded to report URI exists.
Fixes#12023
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
podman system reset did not clean up machines fully, leaving some config
files, and breaking machines. Now it removes all machines files fully.
Signed-off-by: Ashley Cui <acui@redhat.com>
The default log driver is not used when using play kube
without --log-driver. The LogDriver function needs to
be called in order to use the default log driver.
fixes#13781
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
Add the notion of an "exit policy" to a pod. This policy controls the
behaviour when the last container of pod exits. Initially, there are
two policies:
- "continue" : the pod continues running. This is the default policy
when creating a pod.
- "stop" : stop the pod when the last container exits. This is the
default behaviour for `play kube`.
In order to implement the deferred stop of a pod, add a worker queue to
the libpod runtime. The queue will pick up work items and in this case
helps resolve dead locks that would otherwise occur if we attempted to
stop a pod during container cleanup.
Note that the default restart policy of `play kube` is "Always". Hence,
in order to really solve #13464, the YAML files must set a custom
restart policy; the tests use "OnFailure".
Fixes: #13464
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The errcheck linter makes sure that errors are always check and not
ignored by accident. It spotted a lot of unchecked errors, mostly in the
tests but also some real problem in the code.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
I was asked to refactor machine inspect output to represent more common
and basic information. machine inspect now has information that would
be appropriate for different machines.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
podman image search accepts a go template, we can use the same shell
completion logic which is used everywhere else in the code.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
For the AutocompleteFormat function we expect the correct template
struct which is used in the golang template. The function can handle
both struct and pointer to a struct. Using the reference is more
efficient since it doe snot have to copy the whole struct.
Also change some structs to use he actual type from the template instead
of some nested one to make sure it has to correct fields.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It used the wrong struct so not all fields were listed in the
completion.
Fixes podman images --format and podman image history --format
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We should not include the anonymous twice in the suggestions.
one example is `podman network ls --format {{.` it will also show
`{{.Network` but since Network is the actual struct all fields are
already shown so there is no need for it to be suggested.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
AutocompleteFormat() takes the format struct as argument. Often the structs
are deeply nested and contain other structs. Up until now if there was a
pointer to a struct the logic was not able to get the field names from
that, simply because the pointer was nil. However it is possible to
create a new initialized type with reflect.New(). This allows us to
complete all struct fields/functions even when there nil pointers.
Therefore we can drop the extra initialization which was done by some
callers.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Truncate by default to avoid long descriptions from rendering the output
unreadable.
[NO NEW TESTS NEEDED]
Fixes: #14044
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Allow podman machine set to change CPUs, Memory and Disk size of a QEMU machine after its been created.
Disk size can only be increased.
If one setting fails to be changed, the other settings will still be applied.
Signed-off-by: Ashley Cui <acui@redhat.com>
The linter ensures a common code style.
- use switch/case instead of else if
- use if instead of switch/case for single case statement
- add space between comment and text
- detect the use of defer with os.Exit()
- use short form var += "..." instead of var = var + "..."
- detect problems with append()
```
newSlice := append(orgSlice, val)
```
This could lead to nasty bugs because the orgSlice will be changed in
place if it has enough capacity too hold the new elements. Thus we
newSlice might not be a copy.
Of course most of the changes are just cosmetic and do not cause any
logic errors but I think it is a good idea to enforce a common style.
This should help maintainability.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Removing two files that are not needed. One is likely an accidental
check-in and the other is a empty file.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Based on WSL2 9p support: remaps windows paths to /mnt/<drive> locations for
both podman and Docker API clients.
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
podman machine was using the file modification time to get the running status
add three new config entries Starting (bool) Created (time) LastUp (time) to actually
keep track of when these events happened. This means we can use the config file
to actually store this data and not mess up the created/last-up time.
This fixes the issues where the machine would report running 15 seconds before it was up.
Also fixes the issue of modifying the file manually and saying the machine is "up"
[NO NEW TESTS NEEDED]
resolves#13711
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
This PR introduces a test suite for podman machine. It can currently be
run on developers' local machines and is not part of the official CI
testing; however, the expectation is that any work on machine should
come with an accompanying test.
At present, the test must be run on Linux. It is untested on Darwin.
There is no Makefile target for the test. It can be run like `ginkgo -v
pkg/machine/test/.`. It should be run as a unprivileged user.
Signed-off-by: Brent Baude <bbaude@redhat.com>
go1.18 deprecates `strings.Title()`. However for our use case this is
still fine. The recommended replacement is adding about 400kb binary
size so lets keep using this for now.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This reverts commit cc3790f332.
We can't change rootful to rootfull because `rootful` is written into the machine config. Changing this will break json unmarshalling, which will break existing machines.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
golint, scopelint and interfacer are deprecated. golint is replaced by
revive. This linter is better because it will also check for our error
style: `error strings should not be capitalized or end with punctuation or a newline`
scopelint is replaced by exportloopref (already endabled)
interfacer has no replacement but I do not think this linter is
important.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
golang.org/x/crypto/ssh/terminal is deprecated. The package was moved to
golang.org/x/term. golang.org/x/crypto/ssh/terminal was already just
calling golang.org/x/term itslef so there are no functional changes.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We are inconsistent on the name, we should stick with rootfull.
[NO NEW TESTS NEEDED] Existing tests should handle this and no tests for
machines exists yet.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
From a security point of view, it would be nice to be able to map a
rootless usernamespace that does not use your own UID within the
container.
This would add protection against a hostile process escapping the
container and reading content in your homedir.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This is an enhancement proposal for the checkpoint / restore feature of
Podman that enables container migration across multiple systems with
standard image distribution infrastructure.
A new option `--create-image <image>` has been added to the
`podman container checkpoint` command. This option tells Podman to
create a container image. This is a standard image with a single layer,
tar archive, that that contains all checkpoint files. This is similar to
the current approach with checkpoint `--export`/`--import`.
This image can be pushed to a container registry and pulled on a
different system. It can also be exported locally with `podman image
save` and inspected with `podman inspect`. Inspecting the image would
display additional information about the host and the versions of
Podman, criu, crun/runc, kernel, etc.
`podman container restore` has also been extended to support image
name or ID as input.
Suggested-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
The podman machine ls command would benefit from a --quiet flag which
would only print the machine names without the extra information. It
also implies --noheader as well. This can be helpful for scripting with
the podman cli.
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
containers.conf now has a default volumes field for podman machine.
this pr inserts those values as the default volumes in init.
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
`DefineCreateFlags` was excluding clone from using the memory-swappiness flag leading the value to be zero
when our deafult is -1. Rearrange the if/else to give clone these memory related options
resolves#13856
Signed-off-by: cdoern <cdoern@redhat.com>
It allows to customize the entry that is written to the `/etc/passwd`
file when --passwd is used.
Closes: https://github.com/containers/podman/issues/13185
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This reverts commit e133a06d2f.
@nalind found a proper fix in c/storage [1] to address the performance
issue. So we really don't need the flag anymore. Note the flag has
never made it into any release.
[1] d76b3606fc
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
openshift-ci[bot]
Paul Holzinger
Toshiki Sonoda
Daniel J Walsh
Jake Correnti
OpenShift Merge Robot
cdoern
Valentin Rothberg
cdoern
Shane Smith
Matthew Heon
Karthik Elango
Alexander Scheel
Jhon Honce
Aditya R
Urvashi Mohnani
Ed Santiago
Jason T. Greene
Ashley Cui
Giuseppe Scrivano
Niall Crowe
Brent Baude
Radostin Stoyanov