Move the podman build opts to cmd/common so that
it can be used by podman build and podman farm build
[NO NEW TESTS NEEDED]
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
this pr has the basic plumbing that allows the e2e machine tests to run
with the hyperv provider.
it requires a special fcos image right now because gvforwarder was not
in the upstream fcos images for hyperv.
changed the way "provider" is set; moved GetProvider functions to
pkg/machine/provider. provider is now set at the machine level.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Add support for --layerLabel.
Support for --cw is only added for the local client. I am not sure how
I would wire this over remote. The current code parse the options in
the frontend which hard codes the Tmpdir field to an incorrect value if
we would json marshal this vie remote API so it would not work in real
remote cases.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Commit 2 of 2: manual fixes to get tests to pass.
Mostly adding "-q", but in some cases reverting back to Exit(0)
with progress-message checks.
Plus, fix a typo in an error message
Signed-off-by: Ed Santiago <santiago@redhat.com>
Shortcuts like unix:path and unix:/path do not work everywhere,
so make sure to use unix://path when quoting the url (or address)
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
If some volumes are specified in containers.conf, they are currently
added twice to the containers spec causing the container to fail:
$ head -n2 ~/.config/containers/containers.conf
[containers]
volumes = ["/tmp:/tmp"]
$ podman pod create --name foo
7ac7f97f9b74a596332483e4a13e58cb9c8d997e9c5baae46804ae0acc26cbc6
$ podman run --pod=foo alpine true
Error: "/tmp": duplicate mount destination
The fix is to ignore the setting from containers.conf when setting the
pod default configuration.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
When the "rmi" part of "run --rmi" fails due to image being in use
by another container (or for any reason, actually), issue a warning
message, not an error.
Signed-off-by: Ed Santiago <santiago@redhat.com>
From the Go specification:
"3. If the map is nil, the number of iterations is 0." [1]
Therefore, an additional nil check for before the loop is unnecessary.
[NO NEW TESTS NEEDED]
[1]: https://go.dev/ref/spec#For_range
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Use `add_compression` field from `containers.conf` if found instead and
`CLI` field `--add-compression` is not set.
Signed-off-by: Aditya R <arajan@redhat.com>
Value of `--force-compression` should be already `true` is
`--compression-format` is selected otherwise let users decide.
Signed-off-by: Aditya R <arajan@redhat.com>
Adds support for --force-compression which allows end-users to force
push blobs with the selected compresison in --compression option, in
order to make sure that blobs of other compression on registry are not
reused.
Signed-off-by: Aditya R <arajan@redhat.com>
Adds support for --force-compression which allows end-users to force
push blobs with the selected compresison in --compression option, in
order to make sure that blobs of other compression on registry are not
reused.
Is equivalent to: force-compression here: https://docs.docker.com/build/exporters/#compression
Closes: https://github.com/containers/podman/issues/18660
Signed-off-by: Aditya R <arajan@redhat.com>
Support a new concept in containers.conf called "modules". A "module"
is a containers.conf file located at a specific directory. More than
one module can be loaded in the specified order, following existing
override semantics.
There are three directories to load modules from:
- $CONFIG_HOME/containers/containers.conf.modules
- /etc/containers/containers.conf.modules
- /usr/share/containers/containers.conf.modules
With CONFIG_HOME pointing to $HOME/.config or, if set, $XDG_CONFIG_HOME.
Absolute paths will be loaded as is, relative paths will be resolved
relative to the three directories above allowing for admin configs
(/etc/) to override system configs (/usr/share/) and user configs
($CONFIG_HOME) to override admin configs.
Pulls in containers/common/pull/1599.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add new --farm flag to podman system connection add so that
a user can add a new connection to a farm immediately.
Update system connection remove such that when a connection is
removed, the connection is also removed from any farms that have it.
Add docs and tests for these changes.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Podman farm update allows users to update a farm by addig
connections, removing connections, or changing the default farm.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
The podman farm create command allows users to create
farms from the avaiable podman system connections.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Podman should ignore failures to find a cidfile when stoping the
container if the user specified --ignore
Fixes: https://github.com/containers/podman/issues/19546
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The `--add-host` option now accepts the special string `host-gateway`
instead of an IP Address, which will be mapped to the host IP address.
Signed-off-by: Gregor Eichelberger <gregor.eichelberger@tuwien.ac.at>
follow-up for https://github.com/containers/podman/pull/19526
on io.Copy() errors make sure the temporary file is closed.
[NO NEW TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Compat api for containers/stop should take -1 value
Add support for `podman stop --time -1`
Add support for `podman restart --time -1`
Add support for `podman rm --time -1`
Add support for `podman pod stop --time -1`
Add support for `podman pod rm --time -1`
Add support for `podman volume rm --time -1`
Add support for `podman network rm --time -1`
Fixes: https://github.com/containers/podman/issues/17542
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Adds support for --add-compression which accepts multiple compression
formats and when used it will add all instances in a manifest list with
requested compression formats.
Signed-off-by: Aditya R <arajan@redhat.com>
Forcing users to set --rm when setting --rmi is just bad UI.
If I want the image to be removed, it implies that I want the
container removed that I am creating.
Fixes: https://github.com/containers/podman/issues/15640
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In certain cases REGISTRY_AUTH_FILE is set but the auth file
does not exists yet, do not throw error unless user specified
a file directly using --authfile.
Fixes: https://github.com/containers/podman/issues/18405
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
If a user puts a quadlet file in his homedirectory with
the same name as one in /etc/containers/systemd/user or
/etc/containers/systemd/user/$UID, then only use the one in
homedir and ignore the others.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a new "healthy" sdnotify policy that instructs Podman to send the
READY message once the container has turned healthy.
Fixes: #6160
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
**podman compose** is a thin wrapper around an external compose provider
such as docker-compose or podman-compose. This means that `podman
compose` is executing another tool that implements the compose
functionality but sets up the environment in a way to let the compose
provider communicate transparently with the local Podman socket. The
specified options as well the command and argument are passed directly
to the compose provider.
The default compose providers are `docker-compose` and `podman-compose`.
If installed, `docker-compose` takes precedence since it is the original
implementation of the Compose specification and is widely used on the
supported platforms (i.e., Linux, Mac OS, Windows).
If you want to change the default behavior or have a custom installation
path for your provider of choice, please change the `compose_provider`
field in `containers.conf(5)`. You may also set the
`PODMAN_COMPOSE_PROVIDER` environment variable.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Only use the word "please" in these situations:
- reader is asked to do something inconvenient
- reader is asked for permission
- reader is asked for forgiveness
Remove other uses of the word "please" to
make the language more efficient.
[NO NEW TESTS NEEDED]
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
`podman system service` + TCP is not a configuration we should be
recommending. There was already language about this in the
manpages, but it was not sufficient in explaining how bad of an
idea this is. Expand the manpage warnings, add a dedicated
heading so people notice, and add a warning every time the
service starts with a TCP URL that directs people to the manpage
to see that explanation.
Signed-off-by: Matt Heon <mheon@redhat.com>
Adds an `--podman-only` flag to `podman generate kube` to allow for
reserved annotations to be included in the generated YAML file.
Associated with: #19102
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Disable leaking the LISTEN_* variables into containers which are
observed to be passed by systemd even without being socket activated as
described in https://access.redhat.com/solutions/6512011.
[NO NEW TESTS NEEDED] - Ultimately, the solution 6512011 should be updated.
Fixes: bugzilla.redhat.com/show_bug.cgi?id=2180483
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Adds a `--no-trunc` flag to `podman kube generate` preventing the
annotations from being trimmed at 63 characters. However, due to
the fact the annotations will not be trimmed, any annotation that is
longer than 63 characters means this YAML will no longer be Kubernetes
compatible. However, these YAML files can still be used with `podman
kube play` due to the addition of the new flag below.
Adds a `--no-trunc` flag to `podman kube play` supporting YAML files with
annotations that were not truncated to the Kubernetes maximum length of
63 characters.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
This commit extends `Volume` and `Network` unit definitions with two
additional parameters, `VolumeName` and `NetworkName`, which will,
respectively, set a user-defined name for the corresponding volume and
network. This is similar to how the `ContainerName` directive currently
works, and should allow for smoother transitions to Quadlet-managed
resources.
Closes: #19003
Signed-off-by: Alex Palaistras <alex@deuill.org>
Previous tests have worked by pure chance since the client and server
ran on the same host; the server picked up the credentials created by
the client login.
Extend the gating tests and add a new integration test which is further
capable of exercising the remote code.
Note that fixing authentication support requires adding a new
`--authfile` CLi flag to `manifest inspect`. This will at least allow
for passing an authfile to be bindings. Username and password are not
yet supported.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Podman will always pass down --syslog to conmon since 13c2aca21.
However there systems without syslog running, likely in container
setups. As reported in this was already a problem before when debug
level is used. Then conmon will pass down --syslog back to the podman
container cleanup command causing it to fail without doing anything.
Given that I think it is better to just ignore the error and log it on
debug level, we need to make sure cleanup works consistently.
[NO NEW TESTS NEEDED]
Fixes#19075
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Users may want to replace the secret used within containers, without
destroying the secret and recreating it.
Partial fix for https://github.com/containers/podman/issues/18667
Make sure podman --remote secret inspect and podman secret inspect
return the same error message.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Previously podman was using "MB" and "GB" (binary) for input but
"MB" and "GB" (decimal) for output, which was causing confusion.
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
The --authfile flag has been ignored. Fix that and add a test to make
sure we won't regress another time. Requires a new --tls-verify flag
to actually test the code.
Also bump c/common since common/pull/1538 is required to correctly check
for updates. Note that I had to use the go-mod-edit-replace trick on
c/common as c/buildah would otherwise be moved back to 1.30.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2218315
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This adds the 'system service' command to the build on FreeBSD and
suppresses the call to servicereaper.Start which is only needed to
support slirp4netns on Linux. A stub for compat.StatsContainer is also
added - stats are still supported via the libpod.StatsContainer API
call.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
It is pretty complicated to display the secret on the host, but is
not really secured. This patch makes it easier to examine the secret.
Partial fix for https://github.com/containers/podman/issues/18667
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Ensures that for each hypervisor implementation, their `config.go` file
deals with implementing the `VirtProvider` interface while the
`machine.go` file is for implementing the `VM` interface.
Moves the `Virtualization` type into a common file and
created wrappers for the individual hypervisors. Allows for shared
functions that are exactly the same while providing the flexibility to
create hypervisor-specific implementations of the functions.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Support two new wait conditions, "healthy" and "unhealthy". This
further paves the way for integrating sdnotify with health checks which
is currently being tracked in #6160.
Fixes: #13627
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Massage the internal APIs to use a string slice instead of a state slice
for passing wait conditions. This paves the way for waiting on
non-state conditions such as "healthy".
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Most of the code moved there so if from there and remove it here.
Some extra changes are required here. This is a bit of a mess. The pipe
handling makes this a bit more difficult.
[NO NEW TESTS NEEDED] This is just a rework, existing tests must pass.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add support for `--imagestore` in podman which allows users to split the filesystem of containers vs image store, imagestore if configured will pull images in image storage instead of the graphRoot while keeping the other parts still in the originally configured graphRoot.
This is an implementation of
https://github.com/containers/storage/pull/1549 in podman.
Signed-off-by: Aditya R <arajan@redhat.com>
The backend allows for any start/end ip in the subnet. There is no
reason to limit the cli to only CIDR subnets. This allows for much more
flexibility.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit creates a new command `podmansh` command which can be used by
administrators to provide a confined shell to their users.
The user will only have access to the volumes and capabilities for that
user.
Co-authored-by: Paul Holzinger <pholzing@redhat.com>
Co-authored-by: Daniel Walsh <dwalsh@redhat.com>
Co-authored-by: Petr Lautrbach <lautrbach@redhat.com>
Co-authored-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
add routes using the --route flag.
the no_default_route option in --opt prevents a default route from
getting added automatically.
Signed-off-by: Jan Hendrik Farr <github@jfarr.cc>
This fixes a lint issue, but I'm keeping it in its own commit so
it can be reverted independently if necessary; I don't know what
side effects this may have. I don't *think* there are any
issues, but I'm not sure why it wasn't a pointer in the first
place, so there may have been a reason.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
For filter=id=XXX (containers, pods) and =ctr-ids=XXX (pods):
if XXX is only hex characters, treat it as a PREFIX
otherwise, treat it as a REGEX
Add tests. Update documentation. And fix an incorrect help message.
Fixes: #18471
Signed-off-by: Ed Santiago <santiago@redhat.com>
To debug a deadlock, we really want to know what lock is actually
locked, so we can figure out what is using that lock. This PR
adds support for this, using trylock to check if every lock on
the system is free or in use. Will really need to be run a few
times in quick succession to verify that it's not a transient
lock and it's actually stuck, but that's not really a big deal.
Signed-off-by: Matt Heon <mheon@redhat.com>
This is a general debug command that identifies any lock
conflicts that could lead to a deadlock. It's only intended for
Libpod developers (while it does tell you if you need to run
`podman system renumber`, you should never have to do that
anyways, and the next commit will include a lot more technical
info in the output that no one except a Libpod dev will want).
Hence, hidden command, and only implemented for the local driver
(recommend just running it by SSHing into a `podman machine` VM
in the unlikely case it's needed by remote Podman).
These conflicts should normally never happen, but having a
command like this is useful for debugging deadlock conditions
when they do occur.
Signed-off-by: Matt Heon <mheon@redhat.com>
This probably should have been in the API since the beginning,
but it's not too late to start now.
The extra information is returned (both via the REST API, and to
the CLI handler for `podman rm`) but is not yet printed - it
feels like adding it to the output could be a breaking change?
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
When we do path completion in images a user could try to complete a
simple relative path, e.g. podman run $IMAGE e... should complete to etc
if this path exists in the image. Right now we panic in this case as the
current check didn't account for an empty string in simplePathJoinUnix().
In such a case return the path directly because we can not alter what
the user typed on the cli and must return a path without slash as well
in order for the shell to suggest the completion.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2209809
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Short description in man pages:
* Use imperative form
Command help (cobra.Command.Short):
* Capitalize first letter
* Use imperative form
* Remove ending full stop when the short description
only contains one sentence without any commas
Command help (cobra.Command.Long):
* Capitalize first letter unless the sentence starts
with a command "podman command ..."
* Use imperative form when the long description is
identical or almost identical to the short description.
This modification was only done in a few places.
Command tables:
* Use imperative form in the "Description" column
[NO NEW TESTS NEEDED]
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Implement means for reflecting failed containers (i.e., those having
exited non-zero) to better integrate `kube play` with systemd. The
idea is to have the main PID of `kube play` exit non-zero in a
configurable way such that systemd's restart policies can kick in.
When using the default sdnotify-notify policy, the service container
acts as the main PID to further reduce the resource footprint. In that
case, before stopping the service container, Podman will lookup the exit
codes of all non-infra containers. The service will then behave
according to the following three exit-code policies:
- `none`: exit 0 and ignore containers (default)
- `any`: exit non-zero if _any_ container did
- `all`: exit non-zero if _all_ containers did
The upper values can be passed via a hidden `kube play
--service-exit-code-propagation` flag which can be used by tests and
later on by Quadlet.
In case Podman acts as the main PID (i.e., when at least one container
runs with an sdnotify-policy other than "ignore"), Podman will continue
to wait for the service container to exit and reflect its exit code.
Note that this commit also fixes a long-standing annoyance of the
service container exiting non-zero. The underlying issue was that the
service container had been stopped with SIGKILL instead of SIGTERM and
hence exited non-zero. Fixing that was a prerequisite for the exit-code
propagation to work but also improves the integration of `kube play`
with systemd and hence Quadlet with systemd.
Jira: issues.redhat.com/browse/RUN-1776
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The examples show that --dns-add 8.8.8.8,1.1.1.1 is valid but it fails,
fix this by using StringSliceVar which splits at commas.
Added tests to ensure it is working.
Fixes#18632
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Enable the --configmap flag for the remote case of podman
kube play. Users can pass in the paths to the configmap files
for kube play to use when creating the pods and containers from
a kube yaml file. The configmap file is read and the contents are
appended to the contents of the main yaml file before passed to the
remote client.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
When no name arg is given to Podman machine commands, Podman assumes the machine name is podman-machine-default. Document this behavior.
Signed-off-by: Ashley Cui <acui@redhat.com>
The `--network-cmd-path` CLI option only affects rootless networks using `slirp4netns(1)`, not `pasta(1)`. Following #18568 Podman should rather use the more generic `r.config.FindHelperBinary()` method (and therefore honour the `helper_binaries_dir` config) to find the path to the `slirp4netns` binary and deprecate the misleading `--network-cmd-path` CLI option. However, since this wasn't implemented yet we can't deprecate `--network-cmd-path` as of now. Adding a note anyway.
Fixes#18560
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
If there's a container defined in multiple directories use the following
precedence:
$XDG_CONFIG_HOME/containers/systemd/ or ~/.config/containers/systemd/
takes precedence over /etc/containers/systemd/users/$(UID) and this
takes precedence over /etc/containers/systemd/users/
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
Fixes: https://github.com/containers/podman/issues/16354
Currently we check on the server side, which ends up generating a bad
error message.
$ podman --remote build foo/
ERRO[0000] While reading directory /home/dwalsh/go/src/github.com/containers/podman/foo: EOF
Error: stat /var/tmp/libpod_builder1249622306/build/Dockerfile: no such file or directory
With this change you will get
./bin/podman --remote build foo/
Error: Containerfile not specified and no Containerfile or Dockerfile found in context directory, /home/dwalsh/podman/foo
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
I would like to allow admin to control quadlet containers
in users homedirs.
If an admin sets a quadlet in
/etc/containers/systemd/users, then all users will run these
quadlet services when they login.
If an admin places a quadlet in /etc/containers/systemd/users/$(USERNAME)
then only the USERNAME will execute this quadlet service when
they login.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We have a spacial logic to create a better user error that hints at
podman machine, however because we string matched it missed the case of
the ssh connection.
Stop doing string comparison and return a proper error and match it with
errors.As()
[NO NEW TESTS NEEDED]
see https://github.com/containers/podman/discussions/18426
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
this pr is the first pass at enabling podman machine to use the apple hypervisor. there are still several TODO
areas like host networking. once the decision is handled on what host networking should look like, these TODOs
should be fairly quick to resolve. they also will impact the remove methods.
you must also have vfkit (https://github.com/crc-org/vfkit)
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Add Restarts column to the podman pod ps output to show the total number
of times the containers in a pod were restarted. This is the same as the
restarts column displayed by kubernetes with kubectl get pods. This will
only be displayed when --format={{.Restarts}}.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Add Restarts column to the podman ps output to show how many times a
container was restarted based on its restart policy. This column will be
displayed when --format={{.Restarts}}.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Add --restart flag to pod create to allow users to set the
restart policy for the pod, which applies to all the containers
in the pod. This reuses the restart policy already there for
containers and has the same restart policy options.
Add "never" to the restart policy options to match k8s syntax.
It is a synonym for "no" and does the exact same thing where the
containers are not restarted once exited.
Only the containers that have exited will be restarted based on the
restart policy, running containers will not be restarted when an exited
container is restarted in the same pod (same as is done in k8s).
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
GetSystemDefaultProvider reworked to fetch provider value from
the config file.
Additional environment variable CONTAINERS_MACHINE_PROVIDER is
supported to override the config for testing purposes.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
It really does not make sense to call RemoveConnection() twice and then
update the config file a third time in updateDefaultMachineinConfig().
This results in unnecessary reads/writes and more code.
Simplyfy this into one function that is only called once and do all
updates at once.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
system reset it says it will delete containers, images, networks, etc...
However it will also delete the graphRoot and runRoot directories.
Normally this is not an issue, however in same cases these directories
were set to the users home directory or some other important system
directory.
As first step simply show the directories that are configured and thus
will be deleted by reset. As future step we could implement some
safeguard will will not delete some known important directories however
I tried to keep it simple for now.
[NO NEW TESTS NEEDED]
see #18349 and #18295
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We should return the raw state string without any extra formatting in
this case.
`{{.Status}}` returns the nicely formatted string used in the default ps
output, e.g. `Up 2 seconds ago`, while `{{.State}}` returns the state as
string, e.g. `running`.
This matches the docker output and allows better use in scripts.
Fixes#18244
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Resolves Win Installer CI issues where dep processing variance can
pull in gpgme, which doesn't compile on Windows without a
specialized msys2 setup.
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
sysinfo.NumCPU already falls back to runtime.NumCPU in case the
platform-specific sysinfo.numCPU returns 0, see
554799639f/pkg/sysinfo/numcpu.go (L8-L13)
Also omit a second call to sysinfo.NumCPU and use the result from the
earlier call.
[NO NEW TESTS NEEDED]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Wire in support for writing the digest of the pushed image to a
user-specified file. Requires some massaging of _internal_ APIs
and the extension of the push endpoint to integrate the raw manifest
(i.e., in bytes) in the stream.
Closes: #18216
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Closes#17767Closes#17768
System test for image list and history dates
* Changed field separator in the test to `;` for easier parsing
* Converted date output from image history and image list to be comparable
Signed-off-by: rbagd <mail@rbagd.eu>
Commands like podman-create(1), podman-run(1), podman-inspect(1),
podman-ps(1) will emit formatted output upon success. This allows
the output from commands to be emitted directly to a file and
can supersede the --noout parameter by using /dev/null. An issue
with --noout was also remedied.
This closes issue #18120.
Signed-off-by: Ali Rizvi-Santiago <arizvisa@gmail.com>
Allow users to customize the network_interface option is the network
config. For bridge this allows users to change the bridge name and for
maclvan it will be the same as `--opt parent=...`.
However the main reason for this option is to allow netavark plugins to
make use of it. I demoed the host-device plugin which makes use of this
as an example. While we could let users set them via --opt it is more
natural to just use the field which is designed for that purpose.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Use the kube_generate_type from the containers.conf as
the default value for the --type flag for kube generate.
Override the default when userexplicitly sets the --type
flag.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Buildah uses a different logic to pass environment variable to executor
now after: https://github.com/containers/buildah/pull/4702/files so
podman should same logic and pass env by reference.
Signed-off-by: Aditya R <arajan@redhat.com>
Bump containers/(storage, common, buildah and image)
Changes since 2023-01-01:
- skip mount-cache-selinux-long-name test under remote, with
a FIXME requesting that someone see if it can be made to work.
- skip six tests that fail under rootless-remote
- add new --build-arg-file option:
- update man page
Squash of:
* cf56eb1865
* 561f082772
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Aditya R <arajan@redhat.com>
At the time of making this commit, the package `github.com/ghodss/yaml`
is no longer actively maintained.
`sigs.k8s.io/yaml` is a permanent fork of `ghodss/yaml` and is actively
maintained by Kubernetes SIG.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
I recently wanted to check which version of Quadlet I was using and
found a `-version` flag to be missing. Since Quadlet and Podman are
bundled together, it seems reasonable to me for them to share the same
version.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Purely cosmetic change for consistency.
[NO NEW TESTS NEEDED] as it doesn't change functionality.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add the command along with the abi and tunnel support
Add e2e tests
Add man page
Add apiv2 test to ensure return codes
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
The podman kube generate command can now generate a
Deployment kind when the --ype flag is set to deployment.
By default, a Pod spec will be generated if --type flag is
not set.
Add --replicas flag to kube generate to allow users to set
the value of replicas in the generated yaml when generating a
Deployment kind.
Add e2e and minikube tests for this feature.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Since commit bae07b6ea2 we exit with 1 one errors. This caused problem
for the mac installer which fails because of the error now.
If the helper is already installed do not treat this as hard error and
just log it instead.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
with libhvee, we are able to do the basics of podman machine management
on hyperv. The basic functions like init, rm, stop, and start are all
functional. Start and stop will periodically throw a benign error
processing the hyperv message being returned from the action. The error
is described in the todo's below.
notable items:
* no podman commands will work (like ps, images, etc)
* the machine must be initialized with --image-path and fed a custom image.
* disk size is set to 100GB statically.
* the vm joins the default hyperv network which is TCP/IP network based.
* podman machine ssh does not work
* podman machine set does not work
* you can grab the ip address from hyperv and fake a machine connection
with `podman system connection`.
* when booting, use the hyperv console to know the boot is complete.
TODOs:
* podman machine ssh
* podman machine set
* podman machine rm needs force bool
* disk size in NewMachine is set to 100GB
* podman start needs to wait until fully booted
* establish a boot complete signal from guest
* implement gvproxy like user networking
* fix benign failures in stop/start -> Error: error 2147749890 (FormatMessage failed with: The system cannot find message text for message number 0x%1 in the message file for %2.)
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
When we searching any image at a container registry,
--cert-dir and --creds could be required
as well as push, pull, etc.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
We should return a proper exit code to signal the failure.
[NO NEW TESTS NEEDED] We do have any tests on macOS.
Fixes#17785
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The --stream flag is being used extensively in the tests and some blog
posts refer to it which has been causing some confusion on why the flag
was hidden. I do not see a good reason to hide it anymore, so unhide it
and add some docs.
[NO NEW TESTS NEEDED] as it's already being tested.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Currently Podman prevents SELinux container separation,
when running within a container. This PR adds a new
--security-opt label=nested
When setting this option, Podman unmasks and mountsi
/sys/fs/selinux into the containers making /sys/fs/selinux
fully exposed. Secondly Podman sets the attribute
run.oci.mount_context_type=rootcontext
This attribute tells crun to mount volumes with rootcontext=MOUNTLABEL
as opposed to context=MOUNTLABEL.
With these two settings Podman inside the container is allowed to set
its own SELinux labels on tmpfs file systems mounted into its parents
container, while still being confined by SELinux. Thus you can have
nested SELinux labeling inside of a container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
there are no commands that are not supported by rootless mode, but
some commands require to run in the user namespace.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add a hidden flag to set the database backend and plumb it into
podman-info. Further add a system test to make sure the flag and the
info output are working properly.
Note that the test may need to be changed once we settled on how
to test the sqlite backend in CI.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add a way to keep play kube running in the foreground and terminating all pods
after receiving a a SIGINT or SIGTERM signal. The pods will also be
cleaned up after the containers in it have exited.
If an error occurrs during kube play, any resources created till the
error point will be cleane up also.
Add tests for the various scenarios.
Fixes#14522
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
when running rootless on cgroupv1, Podman+OCI runtime do not setup a
separate cgroup for the container. Spawned containers will run in the
same cgroup as the podman system service process, thus will be killed
when the cgroup is destroyed, as it is the case when running as a
systemd service.
[NO NEW TESTS NEEDED]
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2170444
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Urvashi Mohnani
Brent Baude
Daniel J Walsh
Paul Holzinger
Ed Santiago
Lokesh Mandvekar
danishprakash
Anders F Björklund
Giuseppe Scrivano
Eng Zer Jun
Aditya R
OpenShift Merge Robot
Christian Hörtnagl
Valentin Rothberg
Gregor Eichelberger
binghongtao
Boaz Shuster
Erik Sjölund
Hari Kannan
Matt Heon
Chetan Giradkar
Jake Correnti
Alex Palaistras
Black-Hole1
Doug Rabson
Alex Jia
Jan Hendrik Farr
Matthew Heon
Luca Di Maio
Ashley Cui
Daniel Rudolf
Jason T. Greene
Petr Lautrbach
Arthur Sengileyev
Leo Ochoa
huangyanfeng
Carlo Teubner
Tobias Klauser
openshift-ci[bot]
rbagd
Park Jaeon
Ali Rizvi-Santiago
Ygal Blum
Toshiki Sonoda
vyasgun