With previous versions of Podman (like v1.9.2) it was always possible to
specify the log level in any case, for example `INFO`. This behavior has
silently changed, where the `--log-level` flag only accepts lower case
levels. This commit re-enables the old behavior and adds an e2e test for
it.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Switch the libpod references to podman in the CONTRIBUTING.md.
Update the cirrus-ci link so we can get a green build again :)
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
The seccomp/containers-golang library is not maintained any more and we
should stick to containers/common.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Add support for multi level subcommands.
e.g. podman system connection.
Update the flags and add note for containers.conf.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Our previous flow was to perform a hijack before passing a
connection into Libpod, and then Libpod would attach to the
container's attach socket and begin forwarding traffic.
A problem emerges: we write the attach header as soon as the
attach complete. As soon as we write the header, the client
assumes that all is ready, and sends a Start request. This Start
may be processed *before* we successfully finish attaching,
causing us to lose output.
The solution is to handle hijacking inside Libpod. Unfortunately,
this requires a downright extensive refactor of the Attach and
HTTP Exec StartAndAttach code. I think the result is an
improvement in some places (a lot more errors will be handled
with a proper HTTP error code, before the hijack occurs) but
other parts, like the relocation of printing container logs, are
just *bad*. Still, we need this fixed now to get CI back into
good shape...
Fixes#7195
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Fix podman build man pages to match buildah functionality.
Also document .dockerignore formatted files.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
it allows to manually tweak the configuration for cgroup v2.
we will expose some of the options in future as single
options (e.g. the new memory knobs), but for now add the more generic
--cgroup-conf mechanism for maximum control on the cgroup
configuration.
OCI specs change: https://github.com/opencontainers/runtime-spec/pull/1040
Requires: https://github.com/containers/crun/pull/459
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
In podman 1.0 if you executed a command like:
podman run --user dwalsh --cap-add net_bind_service alpine nc -l 80
It would work, and the user dwalsh would get the capability, in
podman 2.0, only root and the binding set gets the capability.
This change restores us back to the way podman 1.0 worked.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
because a pod's network information is dictated by the infra container at creation, a container cannot be created with network attributes. this has been difficult for users to understand. we now return an error when a container is being created inside a pod and passes any of the following attributes:
* static IP (v4 and v6)
* static mac
* ports -p (i.e. -p 8080:80)
* exposed ports (i.e. 222-225)
* publish ports from image -P
Signed-off-by: Brent Baude <bbaude@redhat.com>
Fixes: 4c75fe3f70 ("fix pod creation with "new:" syntax")
Commit 4c75fe3f70 passes all net options to the pod but forgot
to unset the options for the container creation. This leads to
erros when using flags like `--ip` since we tried setting
the ip on the pod and container which obviously fails.
I didn't notice the bug because we don't throw an error when
specifing port bindings on a container which joins the pods
network namespace. (#7373)
Also allow the use of `--hostname` and pass that option to the
pod and unset it for the container. The container has to use
the pods hostname anyway. This would error otherwise.
Added tests to prevent regression.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
When `podman rmi --force` is run, it will remove any containers
that depend on the image. This includes Podman containers, but
also any other c/storage users who may be using it. With Podman
containers, we use the standard Podman removal function for
containers, which handles all edge cases nicely, shutting down
running containers, ensuring they're unmounted, etc.
Unfortunately, no such convient function exists (or can exist)
for all c/storage containers. Identifying the PID of a Buildah,
CRI-O, or Podman container is extremely different, and those are
just the implementations under the containers org. We can't
reasonably be able to know if a c/storage container is *in use*
and safe for removal if it's not a Podman container.
At the very least, though, we can attempt to unmount a storage
container before removing it. If it is in use, this will fail
(probably with a not-particularly-helpful error message), but if
it is not in use but not fully cleaned up, this should make our
removing it much more robust than it normally is.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
As of a few minutes ago (relative to this commit), Cirrus
defines the CIRRUS_CHANGE_TITLE envariable as "First line
of CIRRUS_CHANGE_MESSAGE"[1]. Replace all conditionals
accordingly.
[1] f8d2530c60
Reasoning: up until this PR, the presence of CI:IMG
or CI:DOCS *in the body* of the commit message would trigger
those magic CI code flows. This violates POLA, and actually
led to a bad PR (#7317) being merged because CI never ran.
Fixes: #7374
Signed-off-by: Ed Santiago <santiago@redhat.com>
* override --url and/or --identity fields from containers.conf
* --connection flag has higher precedence than ActiveService from
containers.conf. Which is set via podman system connection default
* Add newline to error message printed on stderr
* Added --connection to bash completion and documentation
* Updated bindings to query server in case of no path or /
Closes #jira-991
Fixes#7276
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Squashed commits to work around CI issue
info, images, run, networking tests: remove some skip_if_remote()s
that were added in the varlink days. All of these tests now seem
to work with APIv2.
help test: check that first output line from 'podman --help'
is the program description (regression check for #7273).
load test: clean up stray images, rewrite test to make it conform
to existing convention. In the process, discover and file #7337
exec test (and networking): file #7360, and add FIXME comment
to skip()s suggesting evaluating those tests once that is fixed.
pod test: now that #6328 is fixed, use 'podman pod inspect --format'
instead of relying on jq
Various other tests: add an explanation of why test is disabled
so we can more easily distinguish "this will never be meaningful
under remote" vs "hey, doesn't work for now, but maybe someday".
Signed-off-by: Ed Santiago <santiago@redhat.com>
Sascha Grunert
OpenShift Merge Robot
Giuseppe Scrivano
Paul Holzinger
Matthew Heon
Ed Santiago
Matthew Heon
Daniel J Walsh
Ashley Cui
zhangguanzhang
Wong Hoi Sing Edison
Brent Baude
Lokesh Mandvekar