It really does not make sense to call RemoveConnection() twice and then
update the config file a third time in updateDefaultMachineinConfig().
This results in unnecessary reads/writes and more code.
Simplyfy this into one function that is only called once and do all
updates at once.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
system reset it says it will delete containers, images, networks, etc...
However it will also delete the graphRoot and runRoot directories.
Normally this is not an issue, however in same cases these directories
were set to the users home directory or some other important system
directory.
As first step simply show the directories that are configured and thus
will be deleted by reset. As future step we could implement some
safeguard will will not delete some known important directories however
I tried to keep it simple for now.
[NO NEW TESTS NEEDED]
see #18349 and #18295
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We should return the raw state string without any extra formatting in
this case.
`{{.Status}}` returns the nicely formatted string used in the default ps
output, e.g. `Up 2 seconds ago`, while `{{.State}}` returns the state as
string, e.g. `running`.
This matches the docker output and allows better use in scripts.
Fixes#18244
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Resolves Win Installer CI issues where dep processing variance can
pull in gpgme, which doesn't compile on Windows without a
specialized msys2 setup.
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
sysinfo.NumCPU already falls back to runtime.NumCPU in case the
platform-specific sysinfo.numCPU returns 0, see
554799639f/pkg/sysinfo/numcpu.go (L8-L13)
Also omit a second call to sysinfo.NumCPU and use the result from the
earlier call.
[NO NEW TESTS NEEDED]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Wire in support for writing the digest of the pushed image to a
user-specified file. Requires some massaging of _internal_ APIs
and the extension of the push endpoint to integrate the raw manifest
(i.e., in bytes) in the stream.
Closes: #18216
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Closes#17767Closes#17768
System test for image list and history dates
* Changed field separator in the test to `;` for easier parsing
* Converted date output from image history and image list to be comparable
Signed-off-by: rbagd <mail@rbagd.eu>
Commands like podman-create(1), podman-run(1), podman-inspect(1),
podman-ps(1) will emit formatted output upon success. This allows
the output from commands to be emitted directly to a file and
can supersede the --noout parameter by using /dev/null. An issue
with --noout was also remedied.
This closes issue #18120.
Signed-off-by: Ali Rizvi-Santiago <arizvisa@gmail.com>
Allow users to customize the network_interface option is the network
config. For bridge this allows users to change the bridge name and for
maclvan it will be the same as `--opt parent=...`.
However the main reason for this option is to allow netavark plugins to
make use of it. I demoed the host-device plugin which makes use of this
as an example. While we could let users set them via --opt it is more
natural to just use the field which is designed for that purpose.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Use the kube_generate_type from the containers.conf as
the default value for the --type flag for kube generate.
Override the default when userexplicitly sets the --type
flag.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Buildah uses a different logic to pass environment variable to executor
now after: https://github.com/containers/buildah/pull/4702/files so
podman should same logic and pass env by reference.
Signed-off-by: Aditya R <arajan@redhat.com>
Bump containers/(storage, common, buildah and image)
Changes since 2023-01-01:
- skip mount-cache-selinux-long-name test under remote, with
a FIXME requesting that someone see if it can be made to work.
- skip six tests that fail under rootless-remote
- add new --build-arg-file option:
- update man page
Squash of:
* cf56eb1865
* 561f082772
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Aditya R <arajan@redhat.com>
At the time of making this commit, the package `github.com/ghodss/yaml`
is no longer actively maintained.
`sigs.k8s.io/yaml` is a permanent fork of `ghodss/yaml` and is actively
maintained by Kubernetes SIG.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
I recently wanted to check which version of Quadlet I was using and
found a `-version` flag to be missing. Since Quadlet and Podman are
bundled together, it seems reasonable to me for them to share the same
version.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Purely cosmetic change for consistency.
[NO NEW TESTS NEEDED] as it doesn't change functionality.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add the command along with the abi and tunnel support
Add e2e tests
Add man page
Add apiv2 test to ensure return codes
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
The podman kube generate command can now generate a
Deployment kind when the --ype flag is set to deployment.
By default, a Pod spec will be generated if --type flag is
not set.
Add --replicas flag to kube generate to allow users to set
the value of replicas in the generated yaml when generating a
Deployment kind.
Add e2e and minikube tests for this feature.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Since commit bae07b6ea2 we exit with 1 one errors. This caused problem
for the mac installer which fails because of the error now.
If the helper is already installed do not treat this as hard error and
just log it instead.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
with libhvee, we are able to do the basics of podman machine management
on hyperv. The basic functions like init, rm, stop, and start are all
functional. Start and stop will periodically throw a benign error
processing the hyperv message being returned from the action. The error
is described in the todo's below.
notable items:
* no podman commands will work (like ps, images, etc)
* the machine must be initialized with --image-path and fed a custom image.
* disk size is set to 100GB statically.
* the vm joins the default hyperv network which is TCP/IP network based.
* podman machine ssh does not work
* podman machine set does not work
* you can grab the ip address from hyperv and fake a machine connection
with `podman system connection`.
* when booting, use the hyperv console to know the boot is complete.
TODOs:
* podman machine ssh
* podman machine set
* podman machine rm needs force bool
* disk size in NewMachine is set to 100GB
* podman start needs to wait until fully booted
* establish a boot complete signal from guest
* implement gvproxy like user networking
* fix benign failures in stop/start -> Error: error 2147749890 (FormatMessage failed with: The system cannot find message text for message number 0x%1 in the message file for %2.)
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
When we searching any image at a container registry,
--cert-dir and --creds could be required
as well as push, pull, etc.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
We should return a proper exit code to signal the failure.
[NO NEW TESTS NEEDED] We do have any tests on macOS.
Fixes#17785
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The --stream flag is being used extensively in the tests and some blog
posts refer to it which has been causing some confusion on why the flag
was hidden. I do not see a good reason to hide it anymore, so unhide it
and add some docs.
[NO NEW TESTS NEEDED] as it's already being tested.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Currently Podman prevents SELinux container separation,
when running within a container. This PR adds a new
--security-opt label=nested
When setting this option, Podman unmasks and mountsi
/sys/fs/selinux into the containers making /sys/fs/selinux
fully exposed. Secondly Podman sets the attribute
run.oci.mount_context_type=rootcontext
This attribute tells crun to mount volumes with rootcontext=MOUNTLABEL
as opposed to context=MOUNTLABEL.
With these two settings Podman inside the container is allowed to set
its own SELinux labels on tmpfs file systems mounted into its parents
container, while still being confined by SELinux. Thus you can have
nested SELinux labeling inside of a container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
there are no commands that are not supported by rootless mode, but
some commands require to run in the user namespace.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add a hidden flag to set the database backend and plumb it into
podman-info. Further add a system test to make sure the flag and the
info output are working properly.
Note that the test may need to be changed once we settled on how
to test the sqlite backend in CI.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add a way to keep play kube running in the foreground and terminating all pods
after receiving a a SIGINT or SIGTERM signal. The pods will also be
cleaned up after the containers in it have exited.
If an error occurrs during kube play, any resources created till the
error point will be cleane up also.
Add tests for the various scenarios.
Fixes#14522
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
when running rootless on cgroupv1, Podman+OCI runtime do not setup a
separate cgroup for the container. Spawned containers will run in the
same cgroup as the podman system service process, thus will be killed
when the cgroup is destroyed, as it is the case when running as a
systemd service.
[NO NEW TESTS NEEDED]
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2170444
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
before we can support hyperv as a virtualization option for podman
machine, several areas in machine will require cleanup. this is the
first pass of these changes to keep the review burden low. changes
include:
* convert artifact, format (image format) and compression to enums
with string methods
* rename Provider interface to VirtProvider
* change Provider implementation in QEMU to QEMUVirt
* change Provider implementation in WSL to WSLVirt
as mentioned earlier, there will be several more of these refactoring
PRs because assumptions were made about associations of platforms and
virt providers as well as compression and image formats.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Only enforce the passthrough log driver for Quadlet. Commit 68fbebf
introduced a regression on the `podman-kube@` template as `podman logs`
stopped working and settings from containers.conf were ignored.
Fixes: #17482
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Podman machine os apply takes a takes a OCI image with container native ostree functionality and rebases the machine os on that image.
Currently, this requires the guest os inside the vm to use rpm-ostree.
When specifying an image, any container transport may be specified. If a
container transport is not specified, OS apply will attempt to search
the local containers-storage for the image, and if it is not found, it
will then attempt to use the Docker transport to pull from a remote
registry.
The architecture of OS apply is as follows:
podman machine os apply ssh's into the machine and calls podman machine os
apply. on the secondary call to podman machine os apply, apply
recognizes that it is inside the machine and does image operations, and
finally calls rpm-ostree rebase.
Tests are written but commented out, due to the chicken-and-egg problem.
Signed-off-by: Ashley Cui <acui@redhat.com>
* add tests
* add documentation for --shm-size-systemd
* add support for both pod and standalone run
Signed-off-by: danishprakash <danish.prakash@suse.com>
Commit 2f29639bd3 added a UX improvement to cleanup/teardown when
running the specified YAML has failed. However, the teardown happens
unconditionally such that rerunning the same YAML file will teardown the
previously created workload instead of just failing with a name-conflict
error (e.g., "pod already exists"). The regression popped up testing
the Ansible system role with Podman v4.4.0.
For now, do not teardown at all on error to quickly fix this regression
for the upcoming Podman v4.4.1 release. The UX improvement is still
desired but must be conditional and only happen on newly created
resources, which probably requires moving it down to the backend.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Quadlet should not exit with failure if no files to process have been
found. Otherwise, even simple operations such as reloading systemd
will fail as it retriggers generators.
Fixes: #17374
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Just like buildkit buildah must allow cleaning the buildcache and cache generated on host by --mount=type=cache just like buildkit's prune command.
See: https://github.com/moby/buildkit#cache
Signed-off-by: Aditya R <arajan@redhat.com>
Add test to verify that updates without a pids-limit specified no longer
overwrite the previous value.
Also fixes erroneous warning generated by remote clients:
"Resource limits are not supported and ignored on cgroups V1 rootless
systems"
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
(podman push) and (podman manifest push) now support --sign-by-sigstore=param-file,
using the containers-sigstore-signing-params.yaml(5) file format.
That notably adds support for Fulcio and Rekor signing.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This is a cleaner solution and guarantees the variables
will be used before they are initialized.
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Every podman command is paying the price for this compile even when they
don't use the Regex, this will speed up start of podman by a little.
[NO NEW TESTS NEEDED] Existing tests should catch issues.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
If the run errors, cobra does not execute post runs. It is a somehow
known issue (https://github.com/spf13/cobra/issues/914) but problematic
for Podmand as the runtime is shutdown during post run.
Since some commands overwrite the post run and a general lack in cobra
of post runs on errors, move the shutting down the engines directly into
Execute. Fixing the issue may fix a number of flakes.
Note that the shutdowns are NOPs for the remote client.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add a new flag --publish
Remote - Pass PublishPorts as a string array
ABI - translate the string array to Ports and merge with the ports in the spec
Add e2e tests
Add option to man doc
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
The current code modifies a global variable which works but is bad
design since it could be uses elsewhere. Since we just exit after the df
command this is not an issue right now but it could become one in the
future.
A better fix is to implement a custom `MarshalJSON()` method on the
struct which will be called if this struct will be marshaled.
[NO NEW TESTS NEEDED]
Fixes some changes from 24b1e81c5d, the test should from there should
still pass.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Reasoning
---------
When the log-driver is passthrough, the journal socket is passed to the containers as-is which has two advantages:
1. journald can see who the actual sender of the log event is,
rather than thinking everything comes from the conmon process
2. conmon will not have to copy all the log data
Code Changes
------------
If log-driver was not set by the user and service-container is set use
passthrough as the default log-driver
Update the system tests
- explicitly set logdriver in sdnotify and play tests
- podman-kube template test: Verify the default log driver for service-container
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Added the functionality for a user to update the PIDs limit for a
container.
Fixes: #16543
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Issue #16928 rightly points out that qcow2 images are not used on all
podman architectures.
Fixes: #16928
Signed-off-by: Brent Baude <bbaude@redhat.com>
If you are running temporary containers within podman play kube
we should really be running these in read-only mode. For automotive
they plan on running all of their containers in read-only temporal
mode. Adding this option guarantees that the container image is not
being modified during the running of the container.
The containers can only write to tmpfs mounted directories.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
...make sure podman rejects being called with incompatible options
Replaces: https://github.com/containers/podman/pull/16813
Which is stuck in CI and Ed is on break.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Since we open /dev/null to set it as STDIN we can close it after the
dup2() call. Using defer is not good enough since this function will
never exit since the http server will block. This is not a problem but
it reduces the open fds from the service by one.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This allows use to use STDOUT directly without having to call open
again, also this makes the export API endpoint much more performant
since it no longer needs to copy to a temp file.
I noticed that there was no export API test so I added one.
And lastly opening /dev/stdout will not work on windows.
Fixes#16870
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Bump to buildah ca578b290144 and use new `cacheTo` and `cacheFrom` API.
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
Support .network file to create a systemd service that runs podman network create
Support networks with .network suffix in Container and Kube to link with Quadlet created networks
Add E2E Tests
Add man doc
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Normally quadlet picks up whether to behave like a user or system
instance based on the binary name, but for the tests we want the
ability to pass `--user` to modify this using a single binary.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
In the recent past, I met the frequent need to wait for a container to
exist that, at the same time, may get removed (e.g., system tests in [1]).
Add an `--ignore` option to podman-wait which will ignore errors when a
specified container is missing and mark its exit code as -1. Also
remove ID fields from the WaitReport. It is actually not used by
callers and removing it makes the code simpler and faster.
Once merged, we can go over the tests and simplify them.
[1] github.com/containers/podman/pull/16852
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Also fix a number of duplicate words. Yet disable the new `dupword`
linter as it displays too many false positives.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add --ignore flag to the command line
Add a new parameter to the NetworkCreate interface in pkg/domain for CreateOptions
Add a new API Network CreateWithOptions in pkg/bindings
Remote API - Add a query parameter to set the ignore flag
Kube - use the IgnoreIfExists flag when creating the default network instead of handling the failure
Add e2e tests
Update man page for podman-network-create
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Just like podman-remote run users should still be able to set volumes,
of course the source must be on the server machine but this is already
the case for podman machine for example.
Fixes#16694
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The remote client should be allowed to specify if the container should
be run with the proxy env vars. It will still use the proxy vars from
the server process and not the client. This makes podman-remote more
consistent with the local version and easier to use in environments
where a proxy is required.
Fixes#16520
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If an error happening while playing a kube yaml,
clean up any pods, containers, and volumes that might
have been created before the error was hit.
This improves the user experience for when they go to
re-run the same yaml with their fixes and podman doesn't
complain about any existing workloads from the previously
failed run.
Suppress the clean up output when clean up happens after an
error as the user doesn't need to see or know about that.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Move the handling of userns keys from ConvertContainer to a separate method
Adjust the method according to the different supported values
Use the new method in both ConvertContainer and ConvertKube
Pass isUser to ConvertKube as well
Add tests
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
This just calls GC on the local storage, which will remove any leftover
directories from previous containers that are not in the podman db anymore.
This is useful primarily for transient store mode, but can also help in
the case of an unclean shutdown.
Also adds some e2e test to ensure prune --external works.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This handles the transient store options from the container/storage
configuration in the runtime/engine.
Changes are:
* Print transient store status in `podman info`
* Print transient store status in runtime debug output
* Add --transient-store argument to override config option
* Propagate config state to conmon cleanup args so the callback podman
gets the same config.
Note: This doesn't really change any behaviour yet (other than the changes
in containers/storage).
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Startup healthchecks are similar to K8S startup probes, in that
they are a separate check from the regular healthcheck that runs
before it. If the startup healthcheck fails repeatedly, the
associated container is restarted.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Introduce machine os and machine os apply. Note that these are both stubs at the current moment, and do not introduce functionality. In order to build them, you must use the `experimental` build tag, or use `make podman-remote-experimental`
[NO NEW TESTS NEEDED]
as there is no actual functionality and this is a WIP.
Signed-off-by: Ashley Cui <acui@redhat.com>
Depending on the backend (CNI, netavark) we support different drivers,
the auto completion should only suggest the ones that are available.
This list is podman info so we can get the correct list for local and
remote.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Podman --noout was not suppressing output from commands that do not
create the podman engine. Now, podman --noout properly suppresses output
from every command.
Fixes: https://github.com/containers/podman/issues/16201
Signed-off-by: Ashley Cui <acui@redhat.com>
Fix a bug for special-casing "." where Podman has mistakenly been
looking for a "." suffix instead of interpreting it as a path.
Add regression tests for the host-to-container, container-to-host and
container-to-container use cases. Have separate tests for each to
verify that previous Podman versions fail each case.
Fixes: #16421
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
--connection was failing due to the servicedestinations array being empty on runtime.
Fix by making sure the cached config is used
resolves#16282
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Add quiet and no-info flags to podman machine start.
No-info suppresses helpful informational tips
Quiet suppresses machine start progress output, as well as informational
tips.
Signed-off-by: Ashley Cui <acui@redhat.com>
`--format json` should not be the same as `--format {{json .}}`, the
later should actually run through the go template and thus create one
json object per entry instead of an json array.
Includes a vendor of c/common@main since it requires a fix from there as
well.
This matches docker compat.
Fixes#16436
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Up - do not fail if volume already exists, use the existing one
Down - allow the user to remove the volume by passing --force
Add tests
Update the documentation
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Conceptually equivalent to networking by means of slirp4netns(1),
with a few practical differences:
- pasta(1) forks to background once networking is configured in the
namespace and quits on its own once the namespace is deleted:
file descriptor synchronisation and PID tracking are not needed
- port forwarding is configured via command line options at start-up,
instead of an API socket: this is taken care of right away as we're
about to start pasta
- there's no need for further selection of port forwarding modes:
pasta behaves similarly to containers-rootlessport for local binds
(splice() instead of read()/write() pairs, without L2-L4
translation), and keeps the original source address for non-local
connections like slirp4netns does
- IPv6 is not an experimental feature, and enabled by default. IPv6
port forwarding is supported
- by default, addresses and routes are copied from the host, that is,
container users will see the same IP address and routes as if they
were in the init namespace context. The interface name is also
sourced from the host upstream interface with the first default
route in the routing table. This is also configurable as documented
- sandboxing and seccomp(2) policies cannot be disabled
- only rootless mode is supported.
See https://passt.top for more details about pasta.
Also add a link to the maintained build of pasta(1) manual as valid
in the man page cross-reference checks: that's where the man page
for the latest build actually is -- it's not on Github and it doesn't
match any existing pattern, so add it explicitly.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Remove the container/pod ID file along with the container/pod. It's
primarily used in the context of systemd and are not useful nor needed
once a container/pod has ceased to exist.
Fixes: #16387
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
--insecure and --verbose flags for docker compatibility
--tls-verify for syntax compatibility and allow users to inspect
manifests at remote Container Registiries without requiring tls.
Helps fix: https://github.com/containers/podman/issues/14917
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add the abilitiy to deploy the generated kube yaml to a
kubernetes cluster with the podman kube apply command.
Add support to directly apply containers, pods, or volumes
by passing in their names or ids to the command.
Use the kubernetes API endpoints and http requests to connect
to the cluster and deploy the various kubernetes object kinds.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
The rest of the code has been using golang.org/x/* for the IsTerminal()
API for a long time, not github.com/mattn/go-isatty. It seems better to
stick to packages from the golang.org domain, whenever possible, and one
less dependency is always a good thing.
The modules were not cleaned up with 'make vendor' because 'go mod tidy'
was running into:
go: error loading go 1.16 module graph:
github.com/containers/image/v5@v5.23.1-0.20221015133641-1921a1993c67
requires
github.com/honeycombio/beeline-go@v1.9.0 requires
github.com/mattn/go-sqlite3@v2.0.3+incompatible: reading
github.com/mattn/go-sqlite3/go.mod at revision v2.0.3: unknown
revision v2.0.3
If reproducibility with go 1.16 is not needed:
go mod tidy -compat=1.17
Since go.mod already requires Go 1.17, the following commands were
manually run:
$ go mod tidy -compat=1.17
$ go mod vendor
$ go mod verify
Further modifications to go.sum were done manually based on the
complaints from postbuild.sh run by the CI.
[NO NEW TESTS NEEDED] as it's not a functional change.
Fixes: 85db895012 ("logging: new mode -l passthrough")
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
The binary name is not the same as in the old quadlet, and can anyway
differ in system and user runs, so use os.Args[0] to get the right name
in the comment.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Truncate the container and pod ID files instead of throwing an error.
The main motivation is to prevent redundant work when starting systemd
units. Throwing an error when the file already exists is not preventing
races or file corruptions, so let's leave that to the user which in
almost all cases are generated (and tested) systemd units.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This ignores the create request if the named volume already exists.
It is very useful when scripting stuff.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Use `Default()` instead of re-loading containers.conf.
Also rework how the containers.conf objects are handled for parsing the
CLI. Previously, we were conflating "loading the defaults" with
"storing values from the CLI" with "libpod may further change fields"
which ultimately led to various bugs and test failues.
To address the issue, separate the defaults from the values from the CLI
and properly name the fields to make the semantics less ambiguous.
[NO NEW TESTS NEEDED] as it's not a functional change.
Fixes: containers/common/issues/1200
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Fixed the issue of `--format` and `--verbose` flags being allowed in
combination with one another.
Implemented functionality for `--format json` or `--format '{{ json }}' `.
Implemented command-completion help for `--format`.
Fixes: #16204
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
Reduce the number of top-level packages in ./pkg by moving quadlet
packages under ./pkg/systemd.
[NO NEW TESTS NEEDED] - no functional change.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Fix two bugs in `system df`:
1. The total size was calculated incorrectly as it was creating the sum
of all image sizes but did not consider that a) the same image may
be listed more than once (i.e., for each repo-tag pair), and that
b) images share layers.
The total size is now calculated directly in `libimage` by taking
multi-layer use into account.
2. The reclaimable size was calculated incorrectly. This number
indicates which data we can actually remove which means the total
size minus what containers use (i.e., the "unique" size of the image
in use by containers).
NOTE: The c/storage version is pinned back to the previous commit as it
is buggy. c/common already requires the buggy version, so use a
`replace` to force/pin.
Fixes: #16135
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Based on the initial port in https://github.com/containers/quadlet/pull/41
This contains the unit tests and the testcases from the C code as well
as modification to the podman spec file based on what the quadlet
spec file looks like, producing a podman-quadlet subpackage.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Motivated to have a working `make lint` on Fedora 37 (beta).
Most changes come from the new `gofmt` standards.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The new cobra update fixed a bug which caused some options to not be
included in --help when there was already a option with the same name
on a parent command.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Fixed issue where executing the command `podman pod logs -l` would panic
because it was indexing into an empty arguments array.
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
This patch extends the podman run command with support for checkpoint
images. When `podman run` is invoked with an image that contains
a checkpoint, it would restore the container from that checkpoint.
Example:
podman run -d --name looper busybox /bin/sh -c \
'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done'
podman container checkpoint --create-image checkpoint-image-1 looper
podman run checkpoint-image-1
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
Podman allows to store a container checkpoints as an images.
This patch makes the check that is used to recognise such checkpoint
images reusable by moving it in utils. This functionality will be reused
in a subsequent patch to extend the `podman run` command with support
for checkpoint images.
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
add the key used in newly initialized machines to the user's known_hosts file. This ensures that golang will be able to ssh into the machine using
podman-remote. Also, remove the /dev/null redirection for podman machine ssh's known_hosts file.
resolves#15347
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Changes since 2022-09-09:
- man page: add --skip-unused-stages (buildah 4249)
- man page: bring in new Note for --cache-ttl (4248)
- system tests: de-stutter (4205)
- (internal): in skip() applier: escape asterisk, otherwise
the "bud with --dns* flags" sed expression never applies.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Allow overwrite of the signature-policy file
by passing signature-policy flag to podman save command
Closes: https://github.com/containers/podman/issues/15869
Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
Add --label/-l label flag to secret create, and show labels when
inspecting secrets. Also allow labeling secrets via libpod/compat API.
Signed-off-by: Ashley Cui <acui@redhat.com>
Package `io/ioutil` was deprecated in golang 1.16, preventing podman from
building under Fedora 37. Fortunately, functionality identical
replacements are provided by the packages `io` and `os`. Replace all
usage of all `io/ioutil` symbols with appropriate substitutions
according to the golang docs.
Signed-off-by: Chris Evich <cevich@redhat.com>
Alias
podman --context -> podman --connection
podman context use -> podman system connection default
podman context rm -> podman system connection rm
podman context create -> podman system connection add
podman context ls ->podman system connection ls
podman context inspect ->podman system connection ls --json (For
specified connections)
Podman context is a hidden command, but can be used for existing scripts
that assume Docker under the covers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Unlikely to happen but when there is an error printing the data to
stdout (either as json or go template) we should not just log it and
exit with 0. Instead return a proper error and exit with 125.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output, we can add a new test for the
newline bug when the common PR is vendored in.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output, we can add a new test for the
newline bug when the common PR is vendored in.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output, we can add a new test for the
newline bug when the common PR is vendored in.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output, we can add a new test for the
newline bug when the common PR is vendored in.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output, we can add a new test for the
newline bug when the common PR is vendored in.
Also fixa bug since the table format is expected to print headers as
well.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output, we can add a new test for the
newline bug when the common PR is vendored in.
Also fix a bug where a invlaid template would not cause a exit code > 0,
see the added test case.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output, we can add a new test for the
newline bug when the common PR is vendored in.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output, we can add a new test for the
newline bug when the common PR is vendored in.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
podman --events-backend none events should return with an error since it
will never be able to actually list events.
Fixes part three of #15688
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
For systems that have extreme robustness requirements (edge devices,
particularly those in difficult to access environments), it is important
that applications continue running in all circumstances. When the
application fails, Podman must restart it automatically to provide this
robustness. Otherwise, these devices may require customer IT to
physically gain access to restart, which can be prohibitively difficult.
Add a new `--on-failure` flag that supports four actions:
- **none**: Take no action.
- **kill**: Kill the container.
- **restart**: Restart the container. Do not combine the `restart`
action with the `--restart` flag. When running inside of
a systemd unit, consider using the `kill` or `stop`
action instead to make use of systemd's restart policy.
- **stop**: Stop the container.
To remain backwards compatible, **none** is the default action.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Just like the other inspect commands `podman pod inspect p1 p2` should
return the json for both.
To correctly implement this we follow the container inspect logic, this
allows use to reuse the global inspect command.
Note: To not break the existing single pod output format for podman pod
inspect I added a pod-legacy inspect type. This is only used to make
sure we will print the pod as single json and not an array like for the
other commands. We cannot use the pod type since podman inspect --type
pod did return an array and we should not break that as well.
Fixes#15674
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
--debug should not be a global flag, you can only use this as podman
--debug never podman ps --debug. This matches docker and allows us to
add the shorthand "D" since they now no longer conflict.
Fixes changes from commit 2d30b4dee5 which claims to add -D but never
did.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
podman events --format {{.ID}} was not working since the template was
converted to a range but we only render each event individually.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
podman update allows users to change the cgroup configuration of an existing container using the already defined resource limits flags
from podman create/run. The supported flags in crun are:
this command is also now supported in the libpod api via the /libpod/containers/<CID>/update endpoint where
the resource limits are passed inthe request body and follow the OCI resource spec format
–memory
–cpus
–cpuset-cpus
–cpuset-mems
–memory-swap
–memory-reservation
–cpu-shares
–cpu-quota
–cpu-period
–blkio-weight
–cpu-rt-period
–cpu-rt-runtime
-device-read-bps
-device-write-bps
-device-read-iops
-device-write-iops
-memory-swappiness
-blkio-weight-device
resolves#15067
Signed-off-by: Charlie Doern <cdoern@redhat.com>
if we are running in a container in the root cgroup, Podman tries to
move itself to a sub-cgroup. This could be a problem in a setup where
the cgroups are not writeable, so just log a debug message and
continue, since anyway it is a best-effort operation.
Closes: https://github.com/containers/podman/issues/15498
[NO NEW TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
NOTE: This does not edit the use-sigstore-attachments value
in registries.d, similarly to how (podman image trust set) didn't
set the lookaside paths for simple signing.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
the `podman save` command was failing on windows due to the use of a
colon between the drive letter and first directory. the check was
intended for Linux and not windows.
Fixes#15247
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Allow end users to preprocess default environment variables before
injecting them into container using `--env-merge`
Usage
```
podman run -it --rm --env-merge some=${some}-edit --env-merge
some2=${some2}-edit2 myimage sh
```
Closes: https://github.com/containers/podman/issues/15288
Signed-off-by: Aditya R <arajan@redhat.com>
`podman kube play` can create pods and containers from YAML
read from a URL poiniting to a YAML file.
For example: `podman kube play https://example.com/demo.yml`.
`podman kube down` can also teardown pods and containers created
from that YAML file by also reading YAML from a URL, provided the
YAML file the URL points to has not been changed or altered since
it was used to create pods and containers
Closes#14955
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
Support inspecting image healthcheck using docker supported
`.Config.HealthCheck` by aliasing field to `.HealthCheck`
Now supports
```Console
podman image inspect -f "{{.Config.Healthcheck}}" imagename
```
Closes: https://github.com/containers/podman/issues/14661
Signed-off-by: Aditya R <arajan@redhat.com>
Refactor the RawInput process of the `rm` and
`start` subcommands, like the other subcommands
such as `restart, stop, etc`.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Accept a --amend flag in `podman manifest create`, and treat
`--insecure` as we would `--tls-verify=false` in `podman manifest`'s
"add", "create", and "push" subcommands.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
--cidfile : Read container ID from the specified file and restart the container.
--filter : restart the filtered container.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
"podman kube generate" creates Kubernetes YAML from Podman containers,
pods or volumes. Users will still be able to use "podman generate
kube" as an alias of "kube generate".
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
Integrate sd-notify policies into `kube play`. The policies can be
configured for all contianers via the `io.containers.sdnotify`
annotation or for indidivual containers via the
`io.containers.sdnotify/$name` annotation.
The `kube play` process will wait for all containers to be ready by
waiting for the individual `READY=1` messages which are received via
the `pkg/systemd/notifyproxy` proxy mechanism.
Also update the simple "container" sd-notify test as it did not fully
test the expected behavior which became obvious when adding the new
tests.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
implement new ssh interface into podman
this completely redesigns the entire functionality of podman image scp,
podman system connection add, and podman --remote. All references to golang.org/x/crypto/ssh
have been moved to common as have native ssh/scp execs and the new usage of the sftp package.
this PR adds a global flag, --ssh to podman which has two valid inputs `golang` and `native` where golang is the default.
Users should not notice any difference in their everyday workflows if they continue using the golang option. UNLESS they have been using an improperly verified ssh key, this will now fail. This is because podman was incorrectly using the
ssh callback method to IGNORE the ssh known hosts file which is very insecure and golang tells you not yo use this in production.
The native paths allows for immense flexibility, with a new containers.conf field `SSH_CONFIG` that specifies a specific ssh config file to be used in all operations. Else the users ~/.ssh/config file will be used.
podman --remote currently only uses the golang path, given its deep interconnection with dialing multiple clients and urls.
My goal after this PR is to go back and abstract the idea of podman --remote from golang's dialed clients, as it should not be so intrinsically connected. Overall, this is a v1 of a long process of offering native ssh, and one that covers some good ground with podman system connection add and podman image scp.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
The new apple silicon processesors (m1/m2) are capable of using a performent apple
hypervisor (included in macos). Our "virtual providers" for podman
machine are part of an interface design. This PR provides an
implementation of the interface to begin the work for supporting the
apple hypervisor. It is basically only a skeletal PR.
The actual code for using the hypervisor and launching a machine will
come as several new PRs following the inclusion of this one.
There will likely be code reuse between the applehv and qemu code; but
none of that code is being moved at this time. It will be moved "on
demand" during development.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
if an explicit mapping is specified, do not accept `--userns` since it
overriden to "private".
Closes: https://github.com/containers/podman/issues/15233
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
implement a new command `podman generate spec` which can formulate a json specgen to be consumed by both the pod
and container creation API.
supported flags are
--verbose (default true) print output to the terminal
--compact print the json output in a single line format to be piped to the API
--filename put the output in a file
--clone rename the pod/ctr in the spec so it won't conflict w/ an existing entity
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Tying filtering logic for podman stop and start to same place in getContainersAndInputByContext() to reduce code redundancy
Signed-off-by: Karthik Elango <kelango@redhat.com>
It's a NOP since Podman v2.0 (#5738).
[NO NEW TESTS NEEDED] - does not change behavior.
Fixes: #15185
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The "podman kube down" reads in a structured file of
Kubernetes YAML and removes pods based on the Kubernetes kind described in the YAML,
similiar to "podman play kube --down". Users will still be able to use
"podman play kube --down" and "podman kube play --down" to
perform the same function.
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
When podman kube play was added the endpoint for the kube play/play kube
commands was switched from the "play kube" endpoint to the new "kube play"
endpoint. This caused issues with the remote client, requiring the need
to use the "play kube" endpoint again in order to avoid these issues.
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
- Allow creating sigstore signatures via --sign-by-sigstore-private-key .
Like existing --sign-by, it does not work remote (in this case
because we would have to copy the private key to the server).
- Allow passing a passphrase (which is mandatory for sigstore private keys)
via --sign-passphrase-file; if it is not provided, prompt interactively.
- Also, use that passphrase for --sign-by as well, allowing non-interactive
GPG use. (But --sign-passphrase-file can only be used with _one of_
--sign-by and --sign-by-sigstore-private-key.)
Note that unlike the existing code, (podman build) does not yet
implement sigstore (I'm not sure why it needs to, it seems not to
push images?) because Buildah does not expose the feature yet.
Also, (podman image sign) was not extended to support sigstore.
The test for this follows existing (podman image sign) tests
and doesn't work rootless; that could be improved by exposing
a registries.d override option.
The test for push is getting large; I didn't want to
start yet another registry container, but that would be an
alternative. In the future, Ginkgo's Ordered/BeforeAll
would allow starting a registry once and using it for two
tests.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Also Fix usage of flag "--compression-format" for remote "podman image push". Fix usage of flags "--format", "--remove-signatures" in remote "podman manifest push".
Closes#15109.
Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
This Patch will cause podman COMMAND rm --force bogus not fail
This is how Docker works, so Podman should follow this to allow existing
scripts to convert from Docker to Podman.
Fixes: #14612
Oprignal version of this patch came from wufan 1991849113@qq.com
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
for podman pod create, when we are not sharing any namespaces there is no point for the infra container.
This is especially true since resources have also been decoupled from the container recently.
handle this on the cmd level so that we can still create infra if set explicitly
resolves#15048
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Most network commands/features work with both netavark and CNI. When
we added added netavark most docs were not vetted and thus still use CNI
network, it should just say network.
Fixes#14990
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
added the following flags and handling for podman pod create
--memory-swap
--cpuset-mems
--device-read-bps
--device-write-bps
--blkio-weight
--blkio-weight-device
--cpu-shares
given the new backend for systemd in c/common, all of these can now be exposed to pod create.
most of the heavy lifting (nearly all) is done within c/common. However, some rewiring needed to be done here
as well!
Signed-off-by: Charlie Doern <cdoern@redhat.com>
The same problem again as 4374038cc6.
Also fix the incorrect --format autocompletion struct.
It should be avoided to import cmd/podman/... packages from outside of
cmd/podman. This can lead in weird hard to debug import paths but also
can have negative consequences when imported in unit tests. In this case
it will set XDG_CONFIG_HOME and thus the machine tests this dir over the
tmp HOME env variable which is set at a later point. This caused machine
files to be leaked into the actual users home dir.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
--latest : pause/unpause the latest container.
--filter : pause/unpause the filtered container.
--cidfile : Read container ID from the specified file and pause/unpause the container.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
When we pause `rootless cgroups v1 container`, podman returns error from `libpod.(*Container).pause`.
Podman does not need to return error from `containers.pause` because of duplicate.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Docker supports -H and --host for specify the listening socket. Podman
should support them also in order to match the CLI.
These will not be documented since Podman defaults to using the
--url option.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Filter flag is added for podman stop and podman --remote stop. Filtering logic is implemented in
getContainersAndInputByContext(). Start filtering can be manipulated to use this logic as well to limit redundancy.
Signed-off-by: Karthik Elango <kelango@redhat.com>
I added the shorthand option for `podman pull --all-tags`. Like Docker,
Podman can now do `podman pull -a`.
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
The "podman kube play" command is designed to be a replacement for the
"podman play kube" command.
It performs the same function as "play kube" while also still working with the same flags and options.
The "podman play kube" command is still functional as an alias of "kube play".
Closes#12475
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Make sure that the docs for pull policies is consistent with Buildah and
reflects the implementation.
Further improve the help messages and auto completions.
[NO NEW TESTS NEEDED]
Fixes: #14846
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Podman wait should not be defaulting to just stopped. By default
wait API waits for stopped and exited. We should not override this on
the client side.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Refactored the networkPrune function to improve readability.
This commit changes the `networkPrune` function to
use the `PrintNetworkPruneResults` function.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
It should be avoided to import cmd/podman/... packages from outside of
cmd/podman. This can lead in weird hard to debug import paths but also
can have negative consequences when imported in unit tests. In this case
it will set XDG_CONFIG_HOME and thus the machine tests this dir over the
tmp HOME env variable which is set at a later point. This caused machine
files to be leaked into the actual users home dir.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Update the podman pod unpause to only show the paused
containers with autocomplete.
Fix a typo in the help command.
Update the unpause function to only attempt an unpause
on pasued pods instead of all the pods.
Update the tests accordingly.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
add support for the --uts flag in pod create, allowing users to avoid
issues with default values in containers.conf.
uts follows the same format as other namespace flags:
--uts=private (default), --uts=host, --uts=ns:PATH
resolves#13714
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Previously, `podman system df --format "{{json .}}"` would not output
`Size` and `Reclaimable` like `podman system df` would.
```
{"Type":"Images","Total":5,"Active":0,"Size":39972240,"Reclaimable":39972240}
{"Type":"Containers","Total":0,"Active":0,"Size":0,"Reclaimable":0}
{"Type":"Local Volumes","Total":0,"Active":0,"Size":0,"Reclaimable":0}
```
Closes: #14769
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
Following PR adds support for running containers from a manifest list
present on localstorage. Before this PR podman only supports running
containers from valid images but not from manifest list.
So `podman run -it --platform <some> <manifest-list> command` should
become functional now and users should be able to resolve images on the
bases of provided `--platform` string.
Example
```
podman manifest create test
podman build --platform linux/amd64,linux/arm64 --manifest test .
podman run --rm --platform linux/arm64/v8 test uname -a
```
Closes: https://github.com/containers/podman/issues/14773
Signed-off-by: Aditya R <arajan@redhat.com>
using the new resource backend, implement podman pod create --memory which enables
users to modify memory.max inside of the parent cgroup (the pod), implicitly impacting all
children unless overriden
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Leo Ochoa
OpenShift Merge Robot
Paul Holzinger
huangyanfeng
Jason T. Greene
Carlo Teubner
Tobias Klauser
openshift-ci[bot]
Valentin Rothberg
rbagd
Park Jaeon
Ali Rizvi-Santiago
Urvashi Mohnani
Aditya R
Eng Zer Jun
Ygal Blum
Daniel J Walsh
Brent Baude
Toshiki Sonoda
Giuseppe Scrivano
vyasgun
Matt Heon
danishprakash
Ashley Cui
Erik Sjölund
Miloslav Trmač
Daniel Lublin
Trevor Benson
Jason T. Greene
Leonardo Rossetti
Jake Correnti
Ed Santiago
Alexander Larsson
Matthew Heon
gupttaru
Charlie Doern
Chris Evich
Stefano Brivio
Debarshi Ray
Jake Correnti
dependabot[bot]
Boaz Shuster
Radostin Stoyanov
😎Mostafa Emami
Chris Evich
Barnabé BALP
Arthur Sengileyev
Doug Rabson
Niall Crowe
Vladimir Kochnev
Hoang Thanh VO
Nalin Dahyabhai
Tom Sweeney
Karthik Elango
Romain Geissler