before we can support hyperv as a virtualization option for podman
machine, several areas in machine will require cleanup. this is the
first pass of these changes to keep the review burden low. changes
include:
* convert artifact, format (image format) and compression to enums
with string methods
* rename Provider interface to VirtProvider
* change Provider implementation in QEMU to QEMUVirt
* change Provider implementation in WSL to WSLVirt
as mentioned earlier, there will be several more of these refactoring
PRs because assumptions were made about associations of platforms and
virt providers as well as compression and image formats.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Only enforce the passthrough log driver for Quadlet. Commit 68fbebf
introduced a regression on the `podman-kube@` template as `podman logs`
stopped working and settings from containers.conf were ignored.
Fixes: #17482
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Podman machine os apply takes a takes a OCI image with container native ostree functionality and rebases the machine os on that image.
Currently, this requires the guest os inside the vm to use rpm-ostree.
When specifying an image, any container transport may be specified. If a
container transport is not specified, OS apply will attempt to search
the local containers-storage for the image, and if it is not found, it
will then attempt to use the Docker transport to pull from a remote
registry.
The architecture of OS apply is as follows:
podman machine os apply ssh's into the machine and calls podman machine os
apply. on the secondary call to podman machine os apply, apply
recognizes that it is inside the machine and does image operations, and
finally calls rpm-ostree rebase.
Tests are written but commented out, due to the chicken-and-egg problem.
Signed-off-by: Ashley Cui <acui@redhat.com>
* add tests
* add documentation for --shm-size-systemd
* add support for both pod and standalone run
Signed-off-by: danishprakash <danish.prakash@suse.com>
Commit 2f29639bd3 added a UX improvement to cleanup/teardown when
running the specified YAML has failed. However, the teardown happens
unconditionally such that rerunning the same YAML file will teardown the
previously created workload instead of just failing with a name-conflict
error (e.g., "pod already exists"). The regression popped up testing
the Ansible system role with Podman v4.4.0.
For now, do not teardown at all on error to quickly fix this regression
for the upcoming Podman v4.4.1 release. The UX improvement is still
desired but must be conditional and only happen on newly created
resources, which probably requires moving it down to the backend.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Quadlet should not exit with failure if no files to process have been
found. Otherwise, even simple operations such as reloading systemd
will fail as it retriggers generators.
Fixes: #17374
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Just like buildkit buildah must allow cleaning the buildcache and cache generated on host by --mount=type=cache just like buildkit's prune command.
See: https://github.com/moby/buildkit#cache
Signed-off-by: Aditya R <arajan@redhat.com>
Add test to verify that updates without a pids-limit specified no longer
overwrite the previous value.
Also fixes erroneous warning generated by remote clients:
"Resource limits are not supported and ignored on cgroups V1 rootless
systems"
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
(podman push) and (podman manifest push) now support --sign-by-sigstore=param-file,
using the containers-sigstore-signing-params.yaml(5) file format.
That notably adds support for Fulcio and Rekor signing.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This is a cleaner solution and guarantees the variables
will be used before they are initialized.
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Every podman command is paying the price for this compile even when they
don't use the Regex, this will speed up start of podman by a little.
[NO NEW TESTS NEEDED] Existing tests should catch issues.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
If the run errors, cobra does not execute post runs. It is a somehow
known issue (https://github.com/spf13/cobra/issues/914) but problematic
for Podmand as the runtime is shutdown during post run.
Since some commands overwrite the post run and a general lack in cobra
of post runs on errors, move the shutting down the engines directly into
Execute. Fixing the issue may fix a number of flakes.
Note that the shutdowns are NOPs for the remote client.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add a new flag --publish
Remote - Pass PublishPorts as a string array
ABI - translate the string array to Ports and merge with the ports in the spec
Add e2e tests
Add option to man doc
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
The current code modifies a global variable which works but is bad
design since it could be uses elsewhere. Since we just exit after the df
command this is not an issue right now but it could become one in the
future.
A better fix is to implement a custom `MarshalJSON()` method on the
struct which will be called if this struct will be marshaled.
[NO NEW TESTS NEEDED]
Fixes some changes from 24b1e81c5d, the test should from there should
still pass.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Reasoning
---------
When the log-driver is passthrough, the journal socket is passed to the containers as-is which has two advantages:
1. journald can see who the actual sender of the log event is,
rather than thinking everything comes from the conmon process
2. conmon will not have to copy all the log data
Code Changes
------------
If log-driver was not set by the user and service-container is set use
passthrough as the default log-driver
Update the system tests
- explicitly set logdriver in sdnotify and play tests
- podman-kube template test: Verify the default log driver for service-container
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Added the functionality for a user to update the PIDs limit for a
container.
Fixes: #16543
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Issue #16928 rightly points out that qcow2 images are not used on all
podman architectures.
Fixes: #16928
Signed-off-by: Brent Baude <bbaude@redhat.com>
If you are running temporary containers within podman play kube
we should really be running these in read-only mode. For automotive
they plan on running all of their containers in read-only temporal
mode. Adding this option guarantees that the container image is not
being modified during the running of the container.
The containers can only write to tmpfs mounted directories.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
...make sure podman rejects being called with incompatible options
Replaces: https://github.com/containers/podman/pull/16813
Which is stuck in CI and Ed is on break.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Since we open /dev/null to set it as STDIN we can close it after the
dup2() call. Using defer is not good enough since this function will
never exit since the http server will block. This is not a problem but
it reduces the open fds from the service by one.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This allows use to use STDOUT directly without having to call open
again, also this makes the export API endpoint much more performant
since it no longer needs to copy to a temp file.
I noticed that there was no export API test so I added one.
And lastly opening /dev/stdout will not work on windows.
Fixes#16870
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Bump to buildah ca578b290144 and use new `cacheTo` and `cacheFrom` API.
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
Support .network file to create a systemd service that runs podman network create
Support networks with .network suffix in Container and Kube to link with Quadlet created networks
Add E2E Tests
Add man doc
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Normally quadlet picks up whether to behave like a user or system
instance based on the binary name, but for the tests we want the
ability to pass `--user` to modify this using a single binary.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
In the recent past, I met the frequent need to wait for a container to
exist that, at the same time, may get removed (e.g., system tests in [1]).
Add an `--ignore` option to podman-wait which will ignore errors when a
specified container is missing and mark its exit code as -1. Also
remove ID fields from the WaitReport. It is actually not used by
callers and removing it makes the code simpler and faster.
Once merged, we can go over the tests and simplify them.
[1] github.com/containers/podman/pull/16852
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Also fix a number of duplicate words. Yet disable the new `dupword`
linter as it displays too many false positives.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add --ignore flag to the command line
Add a new parameter to the NetworkCreate interface in pkg/domain for CreateOptions
Add a new API Network CreateWithOptions in pkg/bindings
Remote API - Add a query parameter to set the ignore flag
Kube - use the IgnoreIfExists flag when creating the default network instead of handling the failure
Add e2e tests
Update man page for podman-network-create
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Just like podman-remote run users should still be able to set volumes,
of course the source must be on the server machine but this is already
the case for podman machine for example.
Fixes#16694
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The remote client should be allowed to specify if the container should
be run with the proxy env vars. It will still use the proxy vars from
the server process and not the client. This makes podman-remote more
consistent with the local version and easier to use in environments
where a proxy is required.
Fixes#16520
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If an error happening while playing a kube yaml,
clean up any pods, containers, and volumes that might
have been created before the error was hit.
This improves the user experience for when they go to
re-run the same yaml with their fixes and podman doesn't
complain about any existing workloads from the previously
failed run.
Suppress the clean up output when clean up happens after an
error as the user doesn't need to see or know about that.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Move the handling of userns keys from ConvertContainer to a separate method
Adjust the method according to the different supported values
Use the new method in both ConvertContainer and ConvertKube
Pass isUser to ConvertKube as well
Add tests
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
This just calls GC on the local storage, which will remove any leftover
directories from previous containers that are not in the podman db anymore.
This is useful primarily for transient store mode, but can also help in
the case of an unclean shutdown.
Also adds some e2e test to ensure prune --external works.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This handles the transient store options from the container/storage
configuration in the runtime/engine.
Changes are:
* Print transient store status in `podman info`
* Print transient store status in runtime debug output
* Add --transient-store argument to override config option
* Propagate config state to conmon cleanup args so the callback podman
gets the same config.
Note: This doesn't really change any behaviour yet (other than the changes
in containers/storage).
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Startup healthchecks are similar to K8S startup probes, in that
they are a separate check from the regular healthcheck that runs
before it. If the startup healthcheck fails repeatedly, the
associated container is restarted.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Introduce machine os and machine os apply. Note that these are both stubs at the current moment, and do not introduce functionality. In order to build them, you must use the `experimental` build tag, or use `make podman-remote-experimental`
[NO NEW TESTS NEEDED]
as there is no actual functionality and this is a WIP.
Signed-off-by: Ashley Cui <acui@redhat.com>
Depending on the backend (CNI, netavark) we support different drivers,
the auto completion should only suggest the ones that are available.
This list is podman info so we can get the correct list for local and
remote.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Podman --noout was not suppressing output from commands that do not
create the podman engine. Now, podman --noout properly suppresses output
from every command.
Fixes: https://github.com/containers/podman/issues/16201
Signed-off-by: Ashley Cui <acui@redhat.com>
Fix a bug for special-casing "." where Podman has mistakenly been
looking for a "." suffix instead of interpreting it as a path.
Add regression tests for the host-to-container, container-to-host and
container-to-container use cases. Have separate tests for each to
verify that previous Podman versions fail each case.
Fixes: #16421
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
--connection was failing due to the servicedestinations array being empty on runtime.
Fix by making sure the cached config is used
resolves#16282
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Add quiet and no-info flags to podman machine start.
No-info suppresses helpful informational tips
Quiet suppresses machine start progress output, as well as informational
tips.
Signed-off-by: Ashley Cui <acui@redhat.com>
`--format json` should not be the same as `--format {{json .}}`, the
later should actually run through the go template and thus create one
json object per entry instead of an json array.
Includes a vendor of c/common@main since it requires a fix from there as
well.
This matches docker compat.
Fixes#16436
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Up - do not fail if volume already exists, use the existing one
Down - allow the user to remove the volume by passing --force
Add tests
Update the documentation
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Conceptually equivalent to networking by means of slirp4netns(1),
with a few practical differences:
- pasta(1) forks to background once networking is configured in the
namespace and quits on its own once the namespace is deleted:
file descriptor synchronisation and PID tracking are not needed
- port forwarding is configured via command line options at start-up,
instead of an API socket: this is taken care of right away as we're
about to start pasta
- there's no need for further selection of port forwarding modes:
pasta behaves similarly to containers-rootlessport for local binds
(splice() instead of read()/write() pairs, without L2-L4
translation), and keeps the original source address for non-local
connections like slirp4netns does
- IPv6 is not an experimental feature, and enabled by default. IPv6
port forwarding is supported
- by default, addresses and routes are copied from the host, that is,
container users will see the same IP address and routes as if they
were in the init namespace context. The interface name is also
sourced from the host upstream interface with the first default
route in the routing table. This is also configurable as documented
- sandboxing and seccomp(2) policies cannot be disabled
- only rootless mode is supported.
See https://passt.top for more details about pasta.
Also add a link to the maintained build of pasta(1) manual as valid
in the man page cross-reference checks: that's where the man page
for the latest build actually is -- it's not on Github and it doesn't
match any existing pattern, so add it explicitly.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Remove the container/pod ID file along with the container/pod. It's
primarily used in the context of systemd and are not useful nor needed
once a container/pod has ceased to exist.
Fixes: #16387
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
--insecure and --verbose flags for docker compatibility
--tls-verify for syntax compatibility and allow users to inspect
manifests at remote Container Registiries without requiring tls.
Helps fix: https://github.com/containers/podman/issues/14917
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add the abilitiy to deploy the generated kube yaml to a
kubernetes cluster with the podman kube apply command.
Add support to directly apply containers, pods, or volumes
by passing in their names or ids to the command.
Use the kubernetes API endpoints and http requests to connect
to the cluster and deploy the various kubernetes object kinds.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
The rest of the code has been using golang.org/x/* for the IsTerminal()
API for a long time, not github.com/mattn/go-isatty. It seems better to
stick to packages from the golang.org domain, whenever possible, and one
less dependency is always a good thing.
The modules were not cleaned up with 'make vendor' because 'go mod tidy'
was running into:
go: error loading go 1.16 module graph:
github.com/containers/image/v5@v5.23.1-0.20221015133641-1921a1993c67
requires
github.com/honeycombio/beeline-go@v1.9.0 requires
github.com/mattn/go-sqlite3@v2.0.3+incompatible: reading
github.com/mattn/go-sqlite3/go.mod at revision v2.0.3: unknown
revision v2.0.3
If reproducibility with go 1.16 is not needed:
go mod tidy -compat=1.17
Since go.mod already requires Go 1.17, the following commands were
manually run:
$ go mod tidy -compat=1.17
$ go mod vendor
$ go mod verify
Further modifications to go.sum were done manually based on the
complaints from postbuild.sh run by the CI.
[NO NEW TESTS NEEDED] as it's not a functional change.
Fixes: 85db895012 ("logging: new mode -l passthrough")
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
The binary name is not the same as in the old quadlet, and can anyway
differ in system and user runs, so use os.Args[0] to get the right name
in the comment.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Truncate the container and pod ID files instead of throwing an error.
The main motivation is to prevent redundant work when starting systemd
units. Throwing an error when the file already exists is not preventing
races or file corruptions, so let's leave that to the user which in
almost all cases are generated (and tested) systemd units.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This ignores the create request if the named volume already exists.
It is very useful when scripting stuff.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Use `Default()` instead of re-loading containers.conf.
Also rework how the containers.conf objects are handled for parsing the
CLI. Previously, we were conflating "loading the defaults" with
"storing values from the CLI" with "libpod may further change fields"
which ultimately led to various bugs and test failues.
To address the issue, separate the defaults from the values from the CLI
and properly name the fields to make the semantics less ambiguous.
[NO NEW TESTS NEEDED] as it's not a functional change.
Fixes: containers/common/issues/1200
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Fixed the issue of `--format` and `--verbose` flags being allowed in
combination with one another.
Implemented functionality for `--format json` or `--format '{{ json }}' `.
Implemented command-completion help for `--format`.
Fixes: #16204
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
Reduce the number of top-level packages in ./pkg by moving quadlet
packages under ./pkg/systemd.
[NO NEW TESTS NEEDED] - no functional change.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Fix two bugs in `system df`:
1. The total size was calculated incorrectly as it was creating the sum
of all image sizes but did not consider that a) the same image may
be listed more than once (i.e., for each repo-tag pair), and that
b) images share layers.
The total size is now calculated directly in `libimage` by taking
multi-layer use into account.
2. The reclaimable size was calculated incorrectly. This number
indicates which data we can actually remove which means the total
size minus what containers use (i.e., the "unique" size of the image
in use by containers).
NOTE: The c/storage version is pinned back to the previous commit as it
is buggy. c/common already requires the buggy version, so use a
`replace` to force/pin.
Fixes: #16135
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Based on the initial port in https://github.com/containers/quadlet/pull/41
This contains the unit tests and the testcases from the C code as well
as modification to the podman spec file based on what the quadlet
spec file looks like, producing a podman-quadlet subpackage.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Motivated to have a working `make lint` on Fedora 37 (beta).
Most changes come from the new `gofmt` standards.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The new cobra update fixed a bug which caused some options to not be
included in --help when there was already a option with the same name
on a parent command.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Fixed issue where executing the command `podman pod logs -l` would panic
because it was indexing into an empty arguments array.
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
This patch extends the podman run command with support for checkpoint
images. When `podman run` is invoked with an image that contains
a checkpoint, it would restore the container from that checkpoint.
Example:
podman run -d --name looper busybox /bin/sh -c \
'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done'
podman container checkpoint --create-image checkpoint-image-1 looper
podman run checkpoint-image-1
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
Podman allows to store a container checkpoints as an images.
This patch makes the check that is used to recognise such checkpoint
images reusable by moving it in utils. This functionality will be reused
in a subsequent patch to extend the `podman run` command with support
for checkpoint images.
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
add the key used in newly initialized machines to the user's known_hosts file. This ensures that golang will be able to ssh into the machine using
podman-remote. Also, remove the /dev/null redirection for podman machine ssh's known_hosts file.
resolves#15347
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Changes since 2022-09-09:
- man page: add --skip-unused-stages (buildah 4249)
- man page: bring in new Note for --cache-ttl (4248)
- system tests: de-stutter (4205)
- (internal): in skip() applier: escape asterisk, otherwise
the "bud with --dns* flags" sed expression never applies.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Allow overwrite of the signature-policy file
by passing signature-policy flag to podman save command
Closes: https://github.com/containers/podman/issues/15869
Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
Add --label/-l label flag to secret create, and show labels when
inspecting secrets. Also allow labeling secrets via libpod/compat API.
Signed-off-by: Ashley Cui <acui@redhat.com>
Package `io/ioutil` was deprecated in golang 1.16, preventing podman from
building under Fedora 37. Fortunately, functionality identical
replacements are provided by the packages `io` and `os`. Replace all
usage of all `io/ioutil` symbols with appropriate substitutions
according to the golang docs.
Signed-off-by: Chris Evich <cevich@redhat.com>
Alias
podman --context -> podman --connection
podman context use -> podman system connection default
podman context rm -> podman system connection rm
podman context create -> podman system connection add
podman context ls ->podman system connection ls
podman context inspect ->podman system connection ls --json (For
specified connections)
Podman context is a hidden command, but can be used for existing scripts
that assume Docker under the covers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Unlikely to happen but when there is an error printing the data to
stdout (either as json or go template) we should not just log it and
exit with 0. Instead return a proper error and exit with 125.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output, we can add a new test for the
newline bug when the common PR is vendored in.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output, we can add a new test for the
newline bug when the common PR is vendored in.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output, we can add a new test for the
newline bug when the common PR is vendored in.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output, we can add a new test for the
newline bug when the common PR is vendored in.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output, we can add a new test for the
newline bug when the common PR is vendored in.
Also fixa bug since the table format is expected to print headers as
well.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output, we can add a new test for the
newline bug when the common PR is vendored in.
Also fix a bug where a invlaid template would not cause a exit code > 0,
see the added test case.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output, we can add a new test for the
newline bug when the common PR is vendored in.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently the podman command --format output code uses a mix of
report.Formatter and report.Template.
I patched report.Formatter to correctly handle newlines[1]. Since we
cannot fix this with report.Template we have to migrate all users to
report.Formatter. This ensures consistent behavior for all commands.
This change does not change the output, we can add a new test for the
newline bug when the common PR is vendored in.
[1] https://github.com/containers/common/pull/1146
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
podman --events-backend none events should return with an error since it
will never be able to actually list events.
Fixes part three of #15688
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
For systems that have extreme robustness requirements (edge devices,
particularly those in difficult to access environments), it is important
that applications continue running in all circumstances. When the
application fails, Podman must restart it automatically to provide this
robustness. Otherwise, these devices may require customer IT to
physically gain access to restart, which can be prohibitively difficult.
Add a new `--on-failure` flag that supports four actions:
- **none**: Take no action.
- **kill**: Kill the container.
- **restart**: Restart the container. Do not combine the `restart`
action with the `--restart` flag. When running inside of
a systemd unit, consider using the `kill` or `stop`
action instead to make use of systemd's restart policy.
- **stop**: Stop the container.
To remain backwards compatible, **none** is the default action.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Just like the other inspect commands `podman pod inspect p1 p2` should
return the json for both.
To correctly implement this we follow the container inspect logic, this
allows use to reuse the global inspect command.
Note: To not break the existing single pod output format for podman pod
inspect I added a pod-legacy inspect type. This is only used to make
sure we will print the pod as single json and not an array like for the
other commands. We cannot use the pod type since podman inspect --type
pod did return an array and we should not break that as well.
Fixes#15674
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
--debug should not be a global flag, you can only use this as podman
--debug never podman ps --debug. This matches docker and allows us to
add the shorthand "D" since they now no longer conflict.
Fixes changes from commit 2d30b4dee5 which claims to add -D but never
did.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
podman events --format {{.ID}} was not working since the template was
converted to a range but we only render each event individually.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
podman update allows users to change the cgroup configuration of an existing container using the already defined resource limits flags
from podman create/run. The supported flags in crun are:
this command is also now supported in the libpod api via the /libpod/containers/<CID>/update endpoint where
the resource limits are passed inthe request body and follow the OCI resource spec format
–memory
–cpus
–cpuset-cpus
–cpuset-mems
–memory-swap
–memory-reservation
–cpu-shares
–cpu-quota
–cpu-period
–blkio-weight
–cpu-rt-period
–cpu-rt-runtime
-device-read-bps
-device-write-bps
-device-read-iops
-device-write-iops
-memory-swappiness
-blkio-weight-device
resolves#15067
Signed-off-by: Charlie Doern <cdoern@redhat.com>
if we are running in a container in the root cgroup, Podman tries to
move itself to a sub-cgroup. This could be a problem in a setup where
the cgroups are not writeable, so just log a debug message and
continue, since anyway it is a best-effort operation.
Closes: https://github.com/containers/podman/issues/15498
[NO NEW TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
NOTE: This does not edit the use-sigstore-attachments value
in registries.d, similarly to how (podman image trust set) didn't
set the lookaside paths for simple signing.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
the `podman save` command was failing on windows due to the use of a
colon between the drive letter and first directory. the check was
intended for Linux and not windows.
Fixes#15247
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Allow end users to preprocess default environment variables before
injecting them into container using `--env-merge`
Usage
```
podman run -it --rm --env-merge some=${some}-edit --env-merge
some2=${some2}-edit2 myimage sh
```
Closes: https://github.com/containers/podman/issues/15288
Signed-off-by: Aditya R <arajan@redhat.com>
`podman kube play` can create pods and containers from YAML
read from a URL poiniting to a YAML file.
For example: `podman kube play https://example.com/demo.yml`.
`podman kube down` can also teardown pods and containers created
from that YAML file by also reading YAML from a URL, provided the
YAML file the URL points to has not been changed or altered since
it was used to create pods and containers
Closes#14955
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
Support inspecting image healthcheck using docker supported
`.Config.HealthCheck` by aliasing field to `.HealthCheck`
Now supports
```Console
podman image inspect -f "{{.Config.Healthcheck}}" imagename
```
Closes: https://github.com/containers/podman/issues/14661
Signed-off-by: Aditya R <arajan@redhat.com>
Refactor the RawInput process of the `rm` and
`start` subcommands, like the other subcommands
such as `restart, stop, etc`.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Accept a --amend flag in `podman manifest create`, and treat
`--insecure` as we would `--tls-verify=false` in `podman manifest`'s
"add", "create", and "push" subcommands.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
--cidfile : Read container ID from the specified file and restart the container.
--filter : restart the filtered container.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
"podman kube generate" creates Kubernetes YAML from Podman containers,
pods or volumes. Users will still be able to use "podman generate
kube" as an alias of "kube generate".
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
Integrate sd-notify policies into `kube play`. The policies can be
configured for all contianers via the `io.containers.sdnotify`
annotation or for indidivual containers via the
`io.containers.sdnotify/$name` annotation.
The `kube play` process will wait for all containers to be ready by
waiting for the individual `READY=1` messages which are received via
the `pkg/systemd/notifyproxy` proxy mechanism.
Also update the simple "container" sd-notify test as it did not fully
test the expected behavior which became obvious when adding the new
tests.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
implement new ssh interface into podman
this completely redesigns the entire functionality of podman image scp,
podman system connection add, and podman --remote. All references to golang.org/x/crypto/ssh
have been moved to common as have native ssh/scp execs and the new usage of the sftp package.
this PR adds a global flag, --ssh to podman which has two valid inputs `golang` and `native` where golang is the default.
Users should not notice any difference in their everyday workflows if they continue using the golang option. UNLESS they have been using an improperly verified ssh key, this will now fail. This is because podman was incorrectly using the
ssh callback method to IGNORE the ssh known hosts file which is very insecure and golang tells you not yo use this in production.
The native paths allows for immense flexibility, with a new containers.conf field `SSH_CONFIG` that specifies a specific ssh config file to be used in all operations. Else the users ~/.ssh/config file will be used.
podman --remote currently only uses the golang path, given its deep interconnection with dialing multiple clients and urls.
My goal after this PR is to go back and abstract the idea of podman --remote from golang's dialed clients, as it should not be so intrinsically connected. Overall, this is a v1 of a long process of offering native ssh, and one that covers some good ground with podman system connection add and podman image scp.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
The new apple silicon processesors (m1/m2) are capable of using a performent apple
hypervisor (included in macos). Our "virtual providers" for podman
machine are part of an interface design. This PR provides an
implementation of the interface to begin the work for supporting the
apple hypervisor. It is basically only a skeletal PR.
The actual code for using the hypervisor and launching a machine will
come as several new PRs following the inclusion of this one.
There will likely be code reuse between the applehv and qemu code; but
none of that code is being moved at this time. It will be moved "on
demand" during development.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
if an explicit mapping is specified, do not accept `--userns` since it
overriden to "private".
Closes: https://github.com/containers/podman/issues/15233
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
implement a new command `podman generate spec` which can formulate a json specgen to be consumed by both the pod
and container creation API.
supported flags are
--verbose (default true) print output to the terminal
--compact print the json output in a single line format to be piped to the API
--filename put the output in a file
--clone rename the pod/ctr in the spec so it won't conflict w/ an existing entity
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Tying filtering logic for podman stop and start to same place in getContainersAndInputByContext() to reduce code redundancy
Signed-off-by: Karthik Elango <kelango@redhat.com>
It's a NOP since Podman v2.0 (#5738).
[NO NEW TESTS NEEDED] - does not change behavior.
Fixes: #15185
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The "podman kube down" reads in a structured file of
Kubernetes YAML and removes pods based on the Kubernetes kind described in the YAML,
similiar to "podman play kube --down". Users will still be able to use
"podman play kube --down" and "podman kube play --down" to
perform the same function.
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
When podman kube play was added the endpoint for the kube play/play kube
commands was switched from the "play kube" endpoint to the new "kube play"
endpoint. This caused issues with the remote client, requiring the need
to use the "play kube" endpoint again in order to avoid these issues.
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
- Allow creating sigstore signatures via --sign-by-sigstore-private-key .
Like existing --sign-by, it does not work remote (in this case
because we would have to copy the private key to the server).
- Allow passing a passphrase (which is mandatory for sigstore private keys)
via --sign-passphrase-file; if it is not provided, prompt interactively.
- Also, use that passphrase for --sign-by as well, allowing non-interactive
GPG use. (But --sign-passphrase-file can only be used with _one of_
--sign-by and --sign-by-sigstore-private-key.)
Note that unlike the existing code, (podman build) does not yet
implement sigstore (I'm not sure why it needs to, it seems not to
push images?) because Buildah does not expose the feature yet.
Also, (podman image sign) was not extended to support sigstore.
The test for this follows existing (podman image sign) tests
and doesn't work rootless; that could be improved by exposing
a registries.d override option.
The test for push is getting large; I didn't want to
start yet another registry container, but that would be an
alternative. In the future, Ginkgo's Ordered/BeforeAll
would allow starting a registry once and using it for two
tests.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Also Fix usage of flag "--compression-format" for remote "podman image push". Fix usage of flags "--format", "--remove-signatures" in remote "podman manifest push".
Closes#15109.
Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
This Patch will cause podman COMMAND rm --force bogus not fail
This is how Docker works, so Podman should follow this to allow existing
scripts to convert from Docker to Podman.
Fixes: #14612
Oprignal version of this patch came from wufan 1991849113@qq.com
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
for podman pod create, when we are not sharing any namespaces there is no point for the infra container.
This is especially true since resources have also been decoupled from the container recently.
handle this on the cmd level so that we can still create infra if set explicitly
resolves#15048
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Most network commands/features work with both netavark and CNI. When
we added added netavark most docs were not vetted and thus still use CNI
network, it should just say network.
Fixes#14990
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
added the following flags and handling for podman pod create
--memory-swap
--cpuset-mems
--device-read-bps
--device-write-bps
--blkio-weight
--blkio-weight-device
--cpu-shares
given the new backend for systemd in c/common, all of these can now be exposed to pod create.
most of the heavy lifting (nearly all) is done within c/common. However, some rewiring needed to be done here
as well!
Signed-off-by: Charlie Doern <cdoern@redhat.com>
The same problem again as 4374038cc6.
Also fix the incorrect --format autocompletion struct.
It should be avoided to import cmd/podman/... packages from outside of
cmd/podman. This can lead in weird hard to debug import paths but also
can have negative consequences when imported in unit tests. In this case
it will set XDG_CONFIG_HOME and thus the machine tests this dir over the
tmp HOME env variable which is set at a later point. This caused machine
files to be leaked into the actual users home dir.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
--latest : pause/unpause the latest container.
--filter : pause/unpause the filtered container.
--cidfile : Read container ID from the specified file and pause/unpause the container.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
When we pause `rootless cgroups v1 container`, podman returns error from `libpod.(*Container).pause`.
Podman does not need to return error from `containers.pause` because of duplicate.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Docker supports -H and --host for specify the listening socket. Podman
should support them also in order to match the CLI.
These will not be documented since Podman defaults to using the
--url option.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Filter flag is added for podman stop and podman --remote stop. Filtering logic is implemented in
getContainersAndInputByContext(). Start filtering can be manipulated to use this logic as well to limit redundancy.
Signed-off-by: Karthik Elango <kelango@redhat.com>
I added the shorthand option for `podman pull --all-tags`. Like Docker,
Podman can now do `podman pull -a`.
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
The "podman kube play" command is designed to be a replacement for the
"podman play kube" command.
It performs the same function as "play kube" while also still working with the same flags and options.
The "podman play kube" command is still functional as an alias of "kube play".
Closes#12475
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Make sure that the docs for pull policies is consistent with Buildah and
reflects the implementation.
Further improve the help messages and auto completions.
[NO NEW TESTS NEEDED]
Fixes: #14846
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Podman wait should not be defaulting to just stopped. By default
wait API waits for stopped and exited. We should not override this on
the client side.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Refactored the networkPrune function to improve readability.
This commit changes the `networkPrune` function to
use the `PrintNetworkPruneResults` function.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
It should be avoided to import cmd/podman/... packages from outside of
cmd/podman. This can lead in weird hard to debug import paths but also
can have negative consequences when imported in unit tests. In this case
it will set XDG_CONFIG_HOME and thus the machine tests this dir over the
tmp HOME env variable which is set at a later point. This caused machine
files to be leaked into the actual users home dir.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Update the podman pod unpause to only show the paused
containers with autocomplete.
Fix a typo in the help command.
Update the unpause function to only attempt an unpause
on pasued pods instead of all the pods.
Update the tests accordingly.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
add support for the --uts flag in pod create, allowing users to avoid
issues with default values in containers.conf.
uts follows the same format as other namespace flags:
--uts=private (default), --uts=host, --uts=ns:PATH
resolves#13714
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Previously, `podman system df --format "{{json .}}"` would not output
`Size` and `Reclaimable` like `podman system df` would.
```
{"Type":"Images","Total":5,"Active":0,"Size":39972240,"Reclaimable":39972240}
{"Type":"Containers","Total":0,"Active":0,"Size":0,"Reclaimable":0}
{"Type":"Local Volumes","Total":0,"Active":0,"Size":0,"Reclaimable":0}
```
Closes: #14769
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
Following PR adds support for running containers from a manifest list
present on localstorage. Before this PR podman only supports running
containers from valid images but not from manifest list.
So `podman run -it --platform <some> <manifest-list> command` should
become functional now and users should be able to resolve images on the
bases of provided `--platform` string.
Example
```
podman manifest create test
podman build --platform linux/amd64,linux/arm64 --manifest test .
podman run --rm --platform linux/arm64/v8 test uname -a
```
Closes: https://github.com/containers/podman/issues/14773
Signed-off-by: Aditya R <arajan@redhat.com>
using the new resource backend, implement podman pod create --memory which enables
users to modify memory.max inside of the parent cgroup (the pod), implicitly impacting all
children unless overriden
Signed-off-by: Charlie Doern <cdoern@redhat.com>
at startup, when running on a cgroup v2 system, check if the current
process is running in the root cgroup and move it to a sub-cgroup,
otherwise Podman is not able to create cgroups and move processes
there.
Closes: https://github.com/containers/podman/issues/14573
[NO NEW TESTS NEEDED] it needs nested podman
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Podman Machine crashes if run as root. When creating the machine, we write the ignition so that the UID of the core user matches the UID of the user on the host. We by default, create the root user on the machine with UID 0. If the user on the host is root, the core UID and the Root UID collide, causing a the VM not to boot.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
cfg.RuntimePath was set to default runtime, so the empty string
check fails. Instead we could check if the flag was changed.
Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
add support for podman-remote image scp as well as direct access via the API. This entailed
a full rework of the layering of image scp functions as well as the usual API plugging and type creation
also, implemented podman image scp tagging. which makes the syntax much more readable and allows users t tag the new image
they are loading to the local/remote machine:
allow users to pass a "new name" for the image they are transferring
`podman tag` as implemented creates a new image im `image list` when tagging, so this does the same
meaning that when transferring images with tags, podman on the remote machine/user will load two images
ex: `podman image scp computer1::alpine computer2::foobar` creates alpine:latest and localhost/foobar on the remote host
implementing tags means removal of the flexible syntax. In the currently released podman image scp, the user can either specify
`podman image scp source::img dest::` or `podman image scp dest:: source::img`. However, with tags this task becomes really hard to check
which is the image (src) and which is the new tag (dst). Removal of that streamlines the arg parsing process
Signed-off-by: Charlie Doern <cdoern@redhat.com>
It seems like previously if --format was changed then listFlag.noHeading is changed accordingly
however printHeader is used to determine whether to print header or not.
This patch fixes that problem.
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
Libpod requires that all volumes are stored in the libpod db. Because
volume plugins can be created outside of podman, it will not show all
available plugins. This podman volume reload command allows users to
sync the libpod db with their external volume plugins. All new volumes
from the plugin are also created in the libpod db and when a volume from
the db no longer exists it will be removed if possible.
There are some problems:
- naming conflicts, in this case we only use the first volume we found.
This is not deterministic.
- race conditions, we have no control over the volume plugins. It is
possible that the volumes changed while we run this command.
Fixes#14207
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Replace "setup", "lookup", "cleanup", "backup" with
"set up", "look up", "clean up", "back up"
when used as verbs. Replace also variations of those.
* Improve language in a few places.
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
'podman system prune' command always outputs "Deleted Images" message,
even though there is no dangling or unused image to remove.
This message should be output only if dangling or unused image exists.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Update cobra to latest version. Remove workaround for podman -h.
Also regenerate the completion scripts.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
expose the --shm-size flag to podman pod create and add proper handling and inheritance
for the option.
resolves#14609
Signed-off-by: Charlie Doern <cdoern@redhat.com>
podman machine start contains more logic than just the simple vm.Start()
call. Instead of duplicating this into inti we just call start().
[NO NEW TESTS NEEDED] I have no way to test this right now.
Fixes#14640
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
`podman -h` currently returns an error:
`Error: pflag: help requested`
This bug was introduced in 44d037898e, the problem is that we wrap the
error and cobra lib checks with `==` for this one and not errors.Is().
I have a PR upstream to fix this but for now this also works.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Commit 5fa6f686db added a regression which was fixed in eb71712626.
Apply the same fix again to prevent a panic and return a proper error
instead.
To not regress again I added a e2e test which makes sure we do not panic.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The nolintlint linter does not deny the use of `//nolint`
Instead it allows us to enforce a common nolint style:
- force that a linter name must be specified
- do not add a space between `//` and `nolint`
- make sure nolint is only used when there is actually a problem
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This is an enhancement for the podman system prune feature.
In this issue, it is mentioned that 'network prune' should be
wired into 'podman system prune'
https://github.com/containers/podman/issues/8673
Therefore, I add the function to remove unused networks.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Changes since 2022-05-31:
- add --omit-history option (buildah PR 4028)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
command
Previously, if a container was not running, and the user ran the `podman
stats` command, an error would be reported: `Error: container state
improper`.
Podman now reports stats as the fields' default values for their
respective type if the container is not running:
```
$ podman stats --no-stream demo
ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS CPU TIME AVG CPU %
4b4bf8ce84ed demo 0.00% 0B / 0B 0.00% 0B / 0B 0B / 0B 0 0s 0.00%
```
Closes: #14498
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
implement podman pod clone, a command to create an exact copy of a pod while changing
certain config elements
current supported flags are:
--name change the pod name
--destroy remove the original pod
--start run the new pod on creation
and all infra-container related flags from podman pod create (namespaces etc)
resolves#12843
Signed-off-by: cdoern <cdoern@redhat.com>
I don't see a reason why we don't support --remove-signatures
from remote push, so adding support.
Fixes: https://github.com/containers/podman/issues/14558
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a new `--overwrite` flag to `podman cp` to allow for overwriting in
case existing users depend on the behavior; they will have a workaround.
By default, the flag is turned off to be compatible with Docker and to
have a more sane behavior.
Fixes: #14420
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Note that the bud-logfile-with-split-logfile-by-platform test is skipped
on the remote client (see #14544).
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
add an option to configure the driver timeout when creating a volume.
The default is 5 seconds but this value is too small for some custom drivers.
Signed-off-by: cdoern <cdoern@redhat.com>
- The State() function now returns machine.Starting status instead of an
empty string if the VM is in the process of starting.
- The `CheckExclusiveActiveVM()` function returns `true` to prevent
starting a VM while another is in the process of starting.
- `podman machine ls` displays "Currently starting" under "Last Up" for
the starting VM
- `podman machine ls` supports `{{.Starting}}` boolean field in the format
- `podman machine inspect` displays "starting" in the "State" field for
the starting VM
Signed-off-by: Shane Smith <shane.smith@shopify.com>
For some reason commit 5b79cf15a0 moved the container create options
parsing from cmd/podman/common to pkg/api/handlers. However it did not
remove the old code. Unfortunately it moved the code from an outdated
version and did not update it before this commit was merged.
Therefore a couple of regressions were introduced. I manually compared
both versions and found three missing bugfixes.
I fixed the network test again that was changed in bce97a3b5d. We
want bridge as default even as rootless. Sine the test is not run as
rootless in CI the regression was not caught.
Also the no hosts test never worked since it was missing the import
check if the hosts file exists.
I don't think we can check for the volume parsing change since this only
works on windows/wsl.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When you try to complete a path which exists and it is a file the
completion logic did not check the parent dir for other matching file
names. To fix that we have to check if the current completion is not a
dir and use the parent dir in this case.
See the updated test for an example why this is required.
Also make sure directories are correctly completed, the shell always
adds the "/" as suffix to signal the user that this path is a directory.
In this case we do not want to automatically add a space. When the path
is a regular file we want the space after the suggestion since there is
nothing more to complete.
This better matches the normal default shell completion.
The test were changed to not assume any particular ordering since this
is irrelevant for the shell completion script and there is no guarantee
about the ordering.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Firstly, reset is now managed by the runtime itself as a part of
initialization. This ensures that it can be used even with
runtimes that would otherwise fail to be created - most notably,
when the user has changed a core path
(runroot/root/tmpdir/staticdir).
Secondly, we now attempt a best-effort removal even if the store
completely fails to be configured.
Third, we now hold the alive lock for the entire reset operation.
This ensures that no other Podman process can start while we are
running a system reset, and removes any possibility of a race
where a user tries to create containers or pull images while we
are trying to perform a reset.
[NO NEW TESTS NEEDED] we do not test reset last I checked.
Fixes#9075
Signed-off-by: Matthew Heon <mheon@redhat.com>
In podman run --help, the message said megabyte, gigabyte, etc. In reality podman takes mebibytes, gibibytes, etc.
[CI:DOCS]
Signed-off-by: Karthik Elango <kelango@redhat.com>
The comma-separated podman load output isn't conducive for using the
subsequent images. For tarballs with multiple images, the comma
separator must be manually identified and a suitable range identified.
Docker CLI on the other hand, has one image identifier per line:
Loaded image: repo1/name1:latest
Loaded image: repo1/name1:tag1
Loaded image: repo2/name2:tag1
(as of Docker version 20.10.16, build aa7e414).
Switch `podman load` to this format for consistency and usability.
[NO NEW TESTS NEEDED]
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Add shell completion for paths inside the container or image. Currently
podman run IMAGE [TAB] only uses the default shell completion which
suggests paths on the host. This is fine for some cases but often the
user wants a path which only exists in the image/container.
This commits adds support for that. Both podman create/run can now
complete the paths from the image, podman cp ctr:... now completes paths
from the actual container.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When the volume does not exist we should output an error stating so and
not some generic one.
Fixes#14411
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Forward the ssh exit code to the podman caller. This is useful for
scripts. Use the same logic as podman unshare.
Fixes#14401
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Libpod or packages under /pkg should never import from /cmd/...
This will quickly result in import cycles and weird code paths.
Also there is no reason to use this special code we can just use
syscall.SIGHUB as SIGNAL.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Allowing custom flags to provider has the potential to break all the
hand-crafted commands currently in use. This could become a support
nightmare.
```release-note
NONE
```
[NO NEW TESTS NEEDED]
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Buildah already supports using `--layers` with `--squash` after https://github.com/containers/buildah/pull/3674
if user wants to do so hence podman must honor similar configuration
in `--squash-all` behaviour if user wants to using cache.
PS: We cannot alter behaviour of `podman build --squash` for
docker-compat reasons hence this feature can be easily supported by
`--squash-all`.
Closes: https://github.com/containers/buildah/issues/4011
Signed-off-by: Aditya R <arajan@redhat.com>
These two functions were doing the exact same thing just
with cidfile and pod-id-file separately. Combine the functionality
to one function to remove repetative code.
Fix the TODO in cmd/podman/validate/args.go
[NO NEW TESTS NEEDED]
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Fix up the parseEnv function to differentiate
between a label and env when parsing.
Don't do a system lookup when parsing labels.
[NO NEW TESTS NEEDED]
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Same block contains similar lines above this is not needed as this looks
redundant.
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
Refactor test for deadlock by comparing error text vs. actual
ErrWillDeadlock constant. When running with --remote the error
constant will always be not equal to the error returned by the API.
```release-note
NONE
```
[NO NEW TESTS NEEDED]
Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Option left in images/diff.go CLI as comment implies it is needed for
backwards compatibility.
```release-note
NONE
```
[NO NEW TESTS NEEDED]
Signed-off-by: Jhon Honce <jhonce@redhat.com>
I am constantly attempting to add the podname to the last
argument to podman pod create. Allowing this makes it match
podman volume create and podman network create.
It does not match podman container create, since podman container create
arguments specify the arguments to run with the container.
Still need to support the --name option for backwards compatibility.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
There is no good way to recommend labels for podman container runlabel.
Add the missing max-size log option. These are the only documented
options so the completion should not suggest something different.
Add proper --stop-signal completion. It will now complete all supported
signal names both upper and lowercase depending on the user input. Also
it work with and without the SIG prefix.
Fixing the TODOs in this file are more complicated since they describe
bigger features.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently this list is not exported from c/storage and the group
decided this will not be changed.
```release-note
NONE
```
Signed-off-by: Jhon Honce <jhonce@redhat.com>
- Look for and prevent lower-case arg descriptions:
podman cmd [arg]
- Look for and prevent optional-mandatory misordering:
podman cmd [ARG] ARG
- Tighter whitespace checks (and fix podman pod ps)
- simplify a no-longer-necessary mess! #8635 fixed the
horrible "CONTAINER | IMAGE" strings (with spaces),
so there's no longer a need to special-case those.
The one-extra-arg check is now much cleaner.
Minor refactoring.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Make sure that `podman image mount` prints a pretty table unless there
is only argument passed and without a custom format. Fixing a TODO item
brought me to the specific code location and revealed the fart in the
logic.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
It is better to just reuse the existing constants instead of duplicating
the strings.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
docker-archive was missing from the completions. To prevent duplication
use the same format list as podman save.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add all option that are supported by the podman inspect --type flag to
the completions. Also use the same constants instead of duplicating the
strings. In order to do this I had to move the definitions into the
common package to prevent an import cycle.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The completion suggested incorrect values for `podman events --filter
type=` . It should only list types not the event status. Also make sure
to use the constants instead of duplicating the strings.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
From a template users POV it is not importent when they use a struct field or
method. They only notice the difference when the function requires arguments.
So lets be nice and let the user know that this method requires arguments
via the help text.
This is how it now looks like when the completion descriptions are enabled
on bash:
```
$ bin/podman ps --format {{.Created.A
{{.Created.AddDate (This is a function and requires 3 arguments) {{.Created.After (This is a function and requires 1 argument)
{{.Created.Add (This is a function and requires 1 argument) {{.Created.AppendFormat (This is a function and requires 2 arguments)
```
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently we only support structs in a template string like this:
`{{.var1.test.` -> this meams that test must be a struct field on var1.
Now with this var1 and test could also be either a map or function which
returns a struct.
A actual example:
`podman container inspect --format {{.NetworkSettings.Networks.netname.`
Now we can complete the struct fileds after netname. Note that this
cannot complete map keys since they are empty by default, so it is
impossible to get them in the completion logic.
Also this fixes a panic with embeeded nil structs
Fixes#14223
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When a struct is embeeded it is possible that we end up with same names
but different types, this results in incorrect completions. The go
template logic always preferes the actual field/method name before the
one from the embedded one. Thefore the completion logic should do the
same. First get all method/fields names from the struct and then only
add the field names from the embedded struct when they are not already
present in the list.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In a template you cann call function that are defined on a type, however
this is only useful if they return one value. If it returns more than
one the template cannot know what value it has to display.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
go templates only support exported fields, so the completion logic must
filter the private fields out.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
OpenShift Merge Robot
Matt Heon
Brent Baude
danishprakash
Valentin Rothberg
Ashley Cui
Daniel J Walsh
Erik Sjölund
Aditya R
Jason T. Greene
Miloslav Trmač
Daniel Lublin
Trevor Benson
Ygal Blum
Jason T. Greene
Paul Holzinger
Leonardo Rossetti
Jake Correnti
Ed Santiago
Alexander Larsson
Urvashi Mohnani
Matthew Heon
gupttaru
Toshiki Sonoda
Charlie Doern
Chris Evich
Stefano Brivio
Debarshi Ray
Jake Correnti
dependabot[bot]
Boaz Shuster
Radostin Stoyanov
😎Mostafa Emami
Chris Evich
Barnabé BALP
Arthur Sengileyev
Giuseppe Scrivano
Doug Rabson
Niall Crowe
Vladimir Kochnev
Hoang Thanh VO
Nalin Dahyabhai
Tom Sweeney
openshift-ci[bot]
Karthik Elango
Romain Geissler
Sascha Grunert
Zeyad Yasser
cdoern
Shane Smith
Alexander Scheel
Jhon Honce