`podman cp` does not allow for globbing or filtering copied data in any
form. `docker cp` does not either, so Podman remains compatible. Due
to a number of requests, highlight how users can effectively achieve
that by means of chaining with tools such as xargs(1) or find(1), or by
making use of `podman mount`.
Closes: #11346Closes: #11194
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
InfraContainer should go through the same creation process as regular containers. This change was from the cmd level
down, involving new container CLI opts and specgen creating functions. What now happens is that both container and pod
cli options are populated in cmd and used to create a podSpecgen and a containerSpecgen. The process then goes as follows
FillOutSpecGen (infra) -> MapSpec (podOpts -> infraOpts) -> PodCreate -> MakePod -> createPodOptions -> NewPod -> CompleteSpec (infra) -> MakeContainer -> NewContainer -> newContainer -> AddInfra (to pod state)
Signed-off-by: cdoern <cdoern@redhat.com>
Following feature makes sure that users can load contents of external
tarball into the podman volumes.
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
add the ability for play kube to tear down based on the yaml used to
play it. it is indicated by --down in the play kube command. volumes
are NOT deleted during the teardown. pods and their containers are
stopped and removed.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Adds support for transferring data between systems and backing up systems.
Use cases: recover from disasters or move data between machines.
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
When playing a kube YAML file, it can be desirable to be able to build
an image on the fly. This is good for development of an image and YAML
files and somewhat mocks what compose does.
Signed-off-by: Brent Baude <bbaude@redhat.com>
after the init containers pr merged, it was suggested to use `once`
instead of `oneshot` containers as it is more aligned with other
terminiology used similarily.
[NO TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
This commit adds additional until filter to podman pod ps (ls/list).
Additionally, it also adds descriptions for podman pod ps filters available
via http api.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
Add the --userns flag to podman pod create and keep
track of the userns setting that pod was created with
so that all containers created within the pod will inherit
that userns setting.
Specifically we need to be able to launch a pod with
--userns=keep-id
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Execution domains tell Linux how to map signal numbers into signal actions.
The execution domain system allows Linux to provide limited support for binaries
compiled under other UNIX-like operating systems.
Reference: https://man7.org/linux/man-pages/man2/personality.2.html
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
Add support for simple rollbacks during `podman auto-update`. Rollbacks
are enabled by default. If a systemd unit cannot be restarted after an
update, the previous image will be retagged and the unit will be
restarted a second time.
Add system tests for rollbacks. Also fix a bug in the restart sequence;
we have to use the channel to actually know whether the restart was
successful or not.
NOTE: To make rollbacks really useful, users must run their containers
with `--sdnotify=container` such that the containers send the ready
message over the (mounted) socket. This way, restarting the systemd
units during auto update will block until the message has been received
(or a timeout kicked in).
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
this is the first pass at implementing init containers for podman pods.
init containersare made popular by k8s as a way to run setup for pods
before the pods standard containers run.
unlike k8s, we support two styles of init containers: always and
oneshot. always means the container stays in the pod and starts
whenever a pod is started. this does not apply to pods restarting.
oneshot means the container runs onetime when the pod starts and then is
removed.
Signed-off-by: Brent Baude <bbaude@redhat.com>
s/Loaded images(s)/Loaded image(s)/
[NO TESTS NEEDED] (I think we should test the output at some point)
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The rootlessport forwarder requires a child IP to be set. This must be a
valid ip in the container network namespace. The problem is that after a
network disconnect and connect the eth0 ip changed. Therefore the
packages are dropped since the source ip does no longer exists in the
netns.
One solution is to set the child IP to 127.0.0.1, however this is a
security problem. [1]
To fix this we have to recreate the ports after network connect and
disconnect. To make this work the rootlessport process exposes a socket
where podman network connect/disconnect connect to and send to new child
IP to rootlessport. The rootlessport process will remove all ports and
recreate them with the new correct child IP.
Also bump rootlesskit to v0.14.3 to fix a race with RemovePort().
Fixes#10052
[1] https://nvd.nist.gov/vuln/detail/CVE-2021-20199
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
added functionality for image secure copying from local to remote.
Also moved system connection add code around a bit so functions within that file
can be used by scp.
Signed-off-by: cdoern <cdoern@redhat.com>
This adds support to checkpoint containers out of pods and restore
container into pods.
It is only possible to restore a container into a pod if it has been
checkpointed out of pod. It is also not possible to restore a non pod
container into a pod.
The main reason this does not work is the PID namespace. If a non pod
container is being restored in a pod with a shared PID namespace, at
least one process in the restored container uses PID 1 which is already
in use by the infrastructure container. If someone tries to restore
container from a pod with a shared PID namespace without a shared PID
namespace it will also fail because the resulting PID namespace will not
have a PID 1.
Signed-off-by: Adrian Reber <areber@redhat.com>
Implement container to container copy. Previously data could only be
copied from/to the host.
Fixes: #7370
Co-authored-by: Mehul Arora <aroram18@mcmaster.ca>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
podman stats polled by default in a 1 sec period.
This can put quite some load on a machine if you run many containers.
The default value is now 5 seconds.
You can change this interval with a new, optional, --interval, -i cli flag.
The api request got also a interval query parameter for the same purpose.
Additionally a unused const was removed.
Api and cli will fail the request if a 0 or negative value is passed in.
Signed-off-by: Thomas Weber <towe75@googlemail.com>
This commit follows work started in #10756. Changes made in #11015
enabled cli support for volume prune --filter until. Adding e2e test
closes#10579.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
By proxy by vendoring containers/common. Previously, a "dangling" image
was an untagged image; just a described in the Docker docs. The
definition of dangling has now been refined to an untagged image without
children to be compatible with Docker.
Further update a redundant image-prune test.
Fixes: #10998Fixes: #10832
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
compat containers/logs was missing actual usage of until query param.
This led me to implement the until param for libpod's container logs as well. Added e2e tests.
Signed-off-by: cdoern <cdoern@redhat.com>
As a conclusion of a discussion in #10861, until filter is added
by this commit to volume ls filters.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Write a description to outline the scope and mechanism of runlabel.
* Describe the variables/attributes that we want to be used.
* Do not describe the --optN or OPTN flags/variables since they are
already hidden flags and date back to the Atomic days.
* Update references to other man pages.
* Remove unsupported variables (e.g., SUDO_*) which caused confusion.
Fixes: #10799
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Require the network to be online in all (generated) systemd units to
make sure that containers and Podman run only after the network has been
fully configured.
Fixes: #10655
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Adds the new --infra-name command line argument allowing users to define
the name of the infra container
Issue #10794
Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com>
added support for --pid flag. User can specify ns:file, pod, private, or host.
container returns an error since you cannot point the ns of the pods infra container
to a container outside of the pod.
Signed-off-by: cdoern <cdoern@redhat.com>
Add a --dry-run flag to `podman auto-update` which will look for new
images but won't perform any pull or restart any service or container.
The "UPDATED" column will now indicate the availability of a newer image
via "pending".
```
$ podman auto-update --dry-run
UNIT CONTAINER IMAGE POLICY UPDATED
container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false
```
Fixes: #9949
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The rather raw and scarce output of `podman auto-update` has been a
thorn in my eyes for a longer while. So far, Podman would only print
updated systemd units, one per line, without further formatting.
Motivated by issue #9949 which is asking for some more useful
information in combination with a dry-run feature, I sat down and
reflected which information may come in handy.
Running `podman auto-update` will now look as follows:
```
$ podman auto-update
Trying to pull [...]
UNIT CONTAINER IMAGE POLICY UPDATED
container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false
```
Also refactor the spaghetti code in the backend a bit to make it easier
to digest and maintain.
For easier testing and for the sake of consistency with other commands
listing output, add a `--format` flag.
The man page will get an overhaul in a follow up commit.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When optional information such as container IDs and names in pods, the
headers are not displayed. This fix restored the headers.
Documentation of this subcommand is also updated.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
The hostname `host.containers.internal` is way easier to remember and should IMHO be preferred to be used, as it is:
a) easier to remember than some random IP
b) if the IP changes some time in the future the container will continue to work
And explain hostname adding in more detail
As per @mheon's suggestion.
And explain hostname adding *reason*
Also implies an suggestion for using the hostname instead.
And port change from podman-create man page to podman-run, too
Signed-off-by: rugk <rugk+git@posteo.de>
You've renamed your branch from master to main and thus this URL here did not work anymore and caused a glitch in displaying the image in the docs.
Signed-off-by: rugk <rugk+git@posteo.de>
Remove outdated information on go bindings. Moved the tips for
debugging into the REAME and tidied up relevant links.
Fixes: #9334
[CI_DOCS]
[NO TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
First, make podman diff accept optionally a second argument. This allows
the user to specify a second image/container to compare the first with.
If it is not set the parent layer will be used as before.
Second, podman container diff should only use containers and podman
image diff should only use images. Previously, podman container diff
would use the image when both an image and container with this name
exists.
To make this work two new parameters have been added to the api. If they
are not used the previous behaviour is used. The same applies to the
bindings.
Fixes#10649
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Clarify in the man page that podman-search is not generally realiable
way of determining the presence/existence of an image. The results of
the v1 and the v2 endpoints depend on the implementation of each
registry; the semantics are not really specified. Some registries may
not support search at all as it's not part of the OCI dist spec.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1978556
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
feat: read secret config from config file if the user hasn't entered
explicit config values
feat: allow to specify `--driver-opts opt1=val1,opt2=val2` in the secret
create command to allow overriding the default values
fix: show driver options in `podman secret inspect`
Signed-off-by: Tino Rusch <tino.rusch@gmail.com>
Added logic and handling for two new Podman pod create Flags.
--cpus specifies the total number of cores on which the pod can execute, this
is a combination of the period and quota for the CPU.
--cpuset-cpus is a string value which determines of these available cores,
how many we will truly execute on.
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
The man pages of podman push/pull were incomplete in explaining all
supported transports. To keep things simple, explain the defaults,
refer to containers-transports(5) and give some examples.
Fixes: #10730
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Insisting on “DCO” imposes formalities, that serve self-purpose. One cannot
assume that the submitter has time or will to read texts about symbolism in
software contributions. If the system wants to see the text
nrEAUIEUAIe eanuitdnuae EAIUEAUIAIE »ℓ§444.3.72b)°»°ℓ§euaieauuae
in each commit, people will write this, or any other text, that the system wants to
see. All such text, which presence is mandated by the system, has the same value.
Signed-off-by: Дилян Палаузов <git-dpa@aegee.org>
MANPAGE_SYNTAX was edited.
The following manpages have been adapted to the MANPAGE_SYNTAX:
- podman-container-prune
- podman-container-restore
The following manpages have had little changes:
- podman-attach
- podman-auto-update
- podman-commit
- podman-completion
- podman-container-checkpoint
- podman-container-cleanup
- podman-container-exists
Signed-off-by: Alexander Richter <67486332+Procyhon@users.noreply.github.com>
The following manpages have been adapted to the MANPAGE_SYNTAX:
- podman-completion
- podman-container-checkpoint
- podman-container-cleanup
- podman-container-exists
The following manpages have had little changes:
- podman-attach
- podman-commit
- MANPAGE_SYNTAX
- Makefile
Signed-off-by: Alexander Richter <67486332+Procyhon@users.noreply.github.com>
Insisting on “DCO” imposes formalities, that serve self-purpose. One cannot
assume that the submitter has time or will to read texts about symbolism in
software contributions. If the system wants to see the text
nrEAUIEUAIe eanuitdnuae EAIUEAUIAIE »ℓ§444.3.72b)°»°ℓ§euaieauuae
in each commit, people will write this, or any other text, that the system wants to
see. All such text, which presence is mandated by the system, has the same value.
Signed-off-by: Дилян Палаузов <git-dpa@aegee.org>
crun 0.20.1 changed an error message that we relied on. Deal
with it by accepting the old and new message.
Also (unrelated): sneak in some doc fixes to get rid of
nasty go-md2man warnings that have crept into man pages.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This just reorders the options in the podman-container-checkpoint man
page alphabetically. No actual content changed.
Signed-off-by: Adrian Reber <areber@redhat.com>
Updated version for the MANPAGE_SYNTAX and adaption of the syntax for
the manpages of podman-commit, podman-attach, and podman-auto-update.
Signed-off-by: Alexander Richter <67486332+Procyhon@users.noreply.github.com>
This change makes secrets and machine handling match the handling of
other subcommands of Podman.
Possible fixes: https://github.com/containers/podman/issues/10513
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The code for mounts.conf including the man page lives in
containers/common, so remove it from Podman to prevent
divergence among the two repositories.
Fixes: #10512
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Commit 748826fc88 fixed a bug where slow mounting of the runroot was
causing issues when the units are started at boot. The fix was to add
the container's runroot to the required mounts; the graph root has been
added as well.
Hard-coding the run- and graphroot to the required mounts, however,
breaks the portability of units generated with --now. Those units are
intended to be running on any machine as, theoreticaly, any user.
Make the mounts portable by using the `%t` macro for the run root.
Since the graphroot's location varies across root and ordinary users,
drop it from the list of required mounts. The graphroot was not causing
issues.
Fixes: #10493
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Point to containers-certs.d(5) for details on the default paths, the
lookup logic and the structure of these directories. Previously, the
man pages stated that the default path would be in `/etc/containers/...`
which is not entirely and a red herring for users (see #10116).
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Fixes: https://github.com/containers/podman/issues/10393
Currently if a user specifies a --root flag to override the location of
the container storage, we still enforce the storage-opts from
storage.conf. This causes issues with people trying to intereact with
the additional stores feature, and then forces them to use the obscure
--storage-opt="" option. I belive this should be the default and we
already do this when the user specifies the --storage-driver option.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
A conversation on the customer portal suggests that to add an extra note
about the requirement of XDG_RUNTIME_DIR to be set.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Support UID, GID, Mode options for mount type secrets. Also, change
default secret permissions to 444 so all users can read secret.
Signed-off-by: Ashley Cui <acui@redhat.com>
Fix a regression in `podman image prune` where unused images were
accidentally removed even when `--all=false`. Extend and partially
rewrite the e2e tests to make sure we're not regressing again in the
future.
Fixing the aforementioned issue revealed another issue in the default
prune filter. While prune should remove all "dangling" images (i.e.,
those without tag), it removed only "intermediate" ones; dangling images
without children. Remove the mistaken comment from the libimage
migration.
Also clarify the help message and man page.
Fixes: #10350
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Remove the word `consumption` and give a better description for the
first line of the introduction page.
Fixes: #10325
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Developers asked for a deterministic field to verify if podman is
running via API or linked directly to libpod library.
$ podman info --format '{{.Host.ServiceIsRemote}}'
false
$ podman-remote info --format '{{.Host.ServiceIsRemote}}'
true
$ podman --remote info --format '{{.Host.ServiceIsRemote}}'
true
* docs/conf.py formatted via black
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Commit 800a2e2d35 introduced a way to disable the conversion of `--`into
an en dash on docs.podman.io, so the ugly workaround of escaping the
dashes is no longer necessary.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Once we settle on the wording for short-names in podman-pull, I will
add the same section to all of the podman commands that use pull.
Also ran through all man pages with a spell checker.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In the case of generate kube the auto-update labels will be converted into kube annotations and for play kube they will be converted back to labels since that's what podman understands
Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
In the documentation source `--` is only used in long option names or
console output. Currently any unescaped `--` that's not in a code
block/inline gets converted into a single "en dash". This is confusing
to the reader because long options start with two dashes, not one.
This switches off the dash transformation in Sphinx. Quotation marks,
apostrophes and ellipses are still transformed as before.
It also switches off all smart transforms in the podman-remote windows
documentation build. This matches the Linux man page build, which
doesn't use smart transforms.
Signed-off-by: Rob Cowsill <42620235+rcowsill@users.noreply.github.com>
Env var secrets are env vars that are set inside the container but not
commited to and image. Also support reading from env var when creating a
secret.
Signed-off-by: Ashley Cui <acui@redhat.com>
We probably should put a whole bunch of other documentation in man
pages about containers.conf, but let's settle on this description
before we go add other docs.
Helps with: https://github.com/containers/podman/issues/2669
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Migrate the Podman code base over to `common/libimage` which replaces
`libpod/image` and a lot of glue code entirely.
Note that I tried to leave bread crumbs for changed tests.
Miscellaneous changes:
* Some errors yield different messages which required to alter some
tests.
* I fixed some pre-existing issues in the code. Others were marked as
`//TODO`s to prevent the PR from exploding.
* The `NamesHistory` of an image is returned as is from the storage.
Previously, we did some filtering which I think is undesirable.
Instead we should return the data as stored in the storage.
* Touched handlers use the ABI interfaces where possible.
* Local image resolution: previously Podman would match "foo" on
"myfoo". This behaviour has been changed and Podman will now
only match on repository boundaries such that "foo" would match
"my/foo" but not "myfoo". I consider the old behaviour to be a
bug, at the very least an exotic corner case.
* Futhermore, "foo:none" does *not* resolve to a local image "foo"
without tag anymore. It's a hill I am (almost) willing to die on.
* `image prune` prints the IDs of pruned images. Previously, in some
cases, the names were printed instead. The API clearly states ID,
so we should stick to it.
* Compat endpoint image removal with _force_ deletes the entire not
only the specified tag.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Want to allow users to specify --security-opt unmask=/proc/*.
This allows us to run podman within podman more securely, then
specifing umask=all, also gives the user more flexibilty.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a new --mac-address flag to podman play kube. This is used to specify
a static MAC address which should be used for the pod. This option can be
specified several times because play kube can create more than one pod.
Fixes#9731
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
changed struct to policyMapper
change "image" to "registry" in multiple locations
Updated documentation with registry alias & autoupdate local
Added relevant test
Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
Only one VM can be up at a time. If another VM is running, or the current VM is running, error out on a podman machine start
[NO TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
When building Sphinx HTML docs, preprocess markdown files and convert
pandoc-style title lines into recommonmark eval_rst blocks
This gives command HTML pages the same title as the equivalent manpage
Fixes: containers/podman.io#385
Signed-off-by: Rob Cowsill <42620235+rcowsill@users.noreply.github.com>
This option allows users to specify the maximum amount of time to run
before conmon sends the kill signal to the container.
Fixes: https://github.com/containers/podman/issues/6412
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently we have rootless users who want to leak their groups access
into containers, but this group access is only able to be pushed in by
a hard to find OCI Runtime annotation. This PR makes this option a lot
more visable and hides the complexity within the podman client.
This option is only really needed for local rootless users. It makes
no sense for remote clients, and probably makes little sense for
rootfull containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently we have only podman images list --noheading.
This PR Adds this option to volumes, containers, pods, networks,
machines, and secrets.
Fixes: https://github.com/containers/podman/issues/10065
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Introduce the concept of "intermediate UID" to explain
how --uidmap works when running rootless.
Add Markdown tables to show examples of how UIDs are mapped.
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Add a new --ip flag to podman play kube. This is used to specify a
static IP address which should be used for the pod. This option can be
specified several times because play kube can create more than one pod.
Fixes#8442
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
An apostrophe as the first character of the line is a formatting request
in troff, so the words "'Containerfile' or 'Dockerfile'" are not
visible when viewing 'man podman-build'.
Signed-off-by: Jonathan Wakely <jwakely@redhat.com>
Add a new --rootless-cni option to podman unshare to also join the
rootless-cni network namespace. This is useful if you want to connect
to a rootless container via IP address. This is only possible from the
rootless-cni namespace and not from the host namespace. This option also
helps to debug problems in the rootless-cni namespace.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Podman has, for a long time, had an internal concept of
dependency management, used mainly to ensure that pod infra
containers are started before any other container in the pod. We
also have the ability to recursively start these dependencies,
which we use to ensure that `podman start` on a container in a
pod will not fail because the infra container is stopped. We have
not, however, exposed these via the command line until now.
Add a `--requires` flag to `podman run` and `podman create` to
allow users to manually specify dependency containers. These
containers must be running before the container will start. Also,
make recursive starting with `podman start` default so we can
start these containers and their dependencies easily.
Fixes#9250
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
We define in the man page that this overrides the default storage
options, but the code was appending to the existing options.
This PR also makes a change to allow users to specify --storage-opt="".
This will turn off all storage options.
https://github.com/containers/podman/issues/9852
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Adjust Markdown layout for --userns.
* Make the --userns sections identical for podman-run.1.md and podman-create.1.md
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Fix typos --uidmapping and --gidmapping in podman-run.1.md
* Add the corresponding sentence in podman-create.1.md
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Initially I was missing transport information on podman manifest add.
Especially the `containers-storage` transport which references the
local image store. Had a use case where this came in quite handy and it
is not stated anywhere else in the docs. Suppose it does not make sense
for podman pull & push.
I've only added containers-storage and docker transports for
manifest add since I know those work. Maybe others work too.
I then also added the destination section to manifest push as it is done
in podman push & pull. I've added all transports here, but I don't know
if all are supported. Please review.
Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>
When initing a VM, create two add connections - one to user, one to
root.
podman machine remove removes both connections as well.
[NO TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
The --execute flag ended up serving no purpose. It was removed and
documentation was updated.
Fixed a panic when no VM name was provided.
[NO TESTS NEEDED]
Signed-off-by: baude <bbaude@redhat.com>
This pointed to the container-unmount doc page. It now points to the
expected podman-image-unmount doc page.
Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>
podman machine list lists all virtual machines & indicates the default VM
connection, if it exists. it also can take a --format flag arg as a go
template.
[NO TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
allow for the user to provide an alternate ignition-file rather than the
auto-generated one.
updated docs to describe ramifications of providing an alterate ignition
file.
[NO TESTS NEEDED]
Signed-off-by: baude <bbaude@redhat.com>
[NO TESTS NEEDED] This PR is mainly documentation and some code cleanup.
Also cleanup and consolidate handling of other hanlding of podman-remote
hidden options.
Fixes: https://github.com/containers/podman/issues/9874
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add support for generating powershell completion files. This is especially
useful for people using the podman remote client on windows.
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Escape the two dashes, otherwise they are combined into one long dash.
I tested that this change is safe and still renders correctly on github
and with the man pages.
This commit also contains a small change to make it build locally.
Assuming you have the dependencies installed you can do:
```
cd docs
make html
```
Preview the html files in docs/build/html with
`python -m http.server 8000 --directory build/html`.
Fixescontainers/podman.io#373
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
The implementation uses `io.containers.seccomp.profile` while the docs
mentioned `io.podman`. Correct the two references in the docs to
reflect the implementation.
Fixes: #9853
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Podman machine remove is now called `rm`.
Podman machine create now supports resizing the image to the value of
--disk-size as provided. The default is to 10G.
Added systemd unit file on guest via ignition that sends a Ready message
to the host over a virtio-socket so that we know when the VM is booted
and ready for use.
Podman machine commands no longer require a VM name as an argument. A
default VM name is defined and if no VM name is provided as a arg, the
default will be used.
[NO TESTS NEEDED]
Signed-off-by: baude <bbaude@redhat.com>
It is rare but possible that storage locations for the graphroot and the
runroot are not mounted at boot time, and therefore might race when
doing container operations. An example we've seen in the wild is that a
slow tmpfs mount for the runroot would suddenly mount over /run, causing
the container to lose all currently-running data, requiring a system
refresh to get it back.
This patch adds RequiresMountsFor= to the systemd.unit header to ensure
the paths for both the graphroot and runroot are mounted prior to
starting any generated unit files.
Signed-off-by: Robb Manes <rmanes@redhat.com>
Rename podman machine create to init because we're initing a VM, not
really creating it
Wire up CPUs flag
Suppress QEMU GUI from popping up when not in debug mode
[NO TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
podman machine allows podman to create, manage, and interact with a vm
running some form of linux (default is fcos). podman is then configured
to be able to interact with the vm automatically.
while this is usable on linux, the real push is to get this working on
both current apple architectures in macos.
Ashley Cui contributed to this PR and was a great help.
[NO TESTS NEEDED]
Signed-off-by: baude <bbaude@redhat.com>
Podman machine will be a mac-only command that manages the VM where
containers are run. Currently, only the CLI is written and the interface
function for the VM management is stub for future developement
The podman machine cli is only built on mac builds.
Signed-off-by: Ashley Cui <acui@redhat.com>
Add a note to the `--userns-uid-map` and `--userns-gid-map` options in
the `podman build` man page.
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1930509
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Fixes#5788
This commit adds support for named volumes in podman-generate-kube.
Named volumes are output in the YAML as PersistentVolumeClaims.
To avoid naming conflicts, the volume name is suffixed with "-pvc".
This commit adds a corresponding suffix for host path mounts.
Host path volumes are suffixed with "-host".
Signed-off-by: Jordan Williams <jordan@jwillikers.com>
Add docs explaining that it is safe to remove a secret that is in use by
a container: secrets are copied and mounted into the container at
creation
Signed-off-by: Ashley Cui <acui@redhat.com>
Ignore permission errors when copying from a rootless container.
TTY devices inside rootless containers are owned by the host's
root user which is "nobody" inside the container's user namespace
rendering us unable to even read them.
Enable the integration test which was temporarily disabled for rootless
users.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Remove --volume option from podman-remote since it is
not supported, also add information to podman-build man page
indicating options not supported over remote connections.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The rest of this document claims that the argument is called '--time',
not '--timeout', and that the value is expressed in seconds. As
currently written, the example (which ostensibly runs the API service
for 5 seconds) uses the '--timeout' spelling (which actually does work,
as an undocumented alias) and passes a value of '5000', which is more
than an hour. Fix both.
[NO TESTS NEEDED] as this is a simple documentation change.
Signed-off-by: Will Thompson <wjt@endlessos.org>
Implement podman secret create, inspect, ls, rm
Implement podman run/create --secret
Secrets are blobs of data that are sensitive.
Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file.
After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname]
This secret will not be commited to an image on a podman commit
Signed-off-by: Ashley Cui <acui@redhat.com>
add the ability to prune unused cni networks. filters are not implemented
but included both compat and podman api endpoints.
Fixes :#8673
Signed-off-by: baude <bbaude@redhat.com>
Backstory: every time you run 'make podman' or even
just 'make', you get a full recompile. This is sub-ideal.
Cause: I don't really know. It looks complicated. #5017
introduced a .PHONY for bin/podman, for reasons not
explained in the PR. Then, much later, #5880 well-
intentionedly but improperly tweaked the 'find'
command used in defining SOURCES, adding a -prune
but without the corresponding and required -print.
Let's just say, it was an unfortunate cascade of events.
This PR fixes the SOURCES definition and removes the
highly-undesired .PHONY from podman & podman-remote,
making it so you can type 'make' and, oh joy, not
build anything if it's current. The way 'make' is
supposed to work.
Why fix this now? Because my PR (#9209) was failing in CI,
in the Validate step:
Can't exec "./bin/podman": No such file or directory at hack/xref-helpmsgs-manpages line 223.
It failed even on Re-run, and only passed once I force-pushed
the PR (with no changes, just a new commit SHA). I have no idea
why bin/podman wasn't built, and I have zero interest in pursuing
that right now, but the proper solution is to add bin/podman as
a Makefile dependency for that particular test. So done.
While I'm at it, fix what is pretty clearly a typo in a .PHONY
And, finally, fix a go-md2man warning introduced in #9189
[NO TESTS NEEDED]
Signed-off-by: Ed Santiago <santiago@redhat.com>
The mtu default value is currently forced to 65520.
This let the user control it using the config key network_cmd_options,
i.e.: network_cmd_options=["mtu=9000"]
Signed-off-by: bitstrings <pino.silvaggio@gmail.com>
instead of using the --macvlan to indicate that you want to make a
macvlan network, podman network create now honors the driver name of
*macvlan*. Any options to macvlan, like the parent device, should be
specified as a -o option. For example, -o parent=eth0.
the --macvlan option was marked as deprecated in the man page but is
still supported for the duration of 3.0.
Signed-off-by: baude <bbaude@redhat.com>
Fix man page to document podman push --format fully.
Also found that push was not handling the tlsverify so fixed this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Change API Handlers to use the same functions that the
local podman uses.
At the same time:
Cleanup and pass proper bindings. Remove cli options from
podman-remote push. Cleanup manifest push.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
we have not updated the state of the restful service. it is no longer
considered under development. additionally, clarified our support of
remote clients.
Fixes: #9104
Signed-off-by: baude <bbaude@redhat.com>
Currently podman implements --override-arch and --overide-os
But Podman has made these aliases for --arch and --os. No
reason to have to specify --override, since it is clear what
the user intends.
Currently if the user specifies an --override-arch field but the
image was previously pulled for a different Arch, podman run uses
the different arch. This PR also fixes this issue.
Fixes: https://github.com/containers/podman/issues/8001
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
when doing a network creation, the dnsname plugin should be disabled
when the --internal bool is set. a warning is displayed if this
happens and docs are updated.
Signed-off-by: baude <bbaude@redhat.com>
The podman documentation site uses javascript to display
API documentation at:
http://docs.podman.io/en/latest/Reference.html
As input, the javascript sources from a CORS-enabled Google Cloud
Storage object. This commit ensures the storage object is present and
updated for every Cirrus-CI execution context: Tags, Branches, and PRs.
As of this commit, the documentation site only utilizes the object
uploaded by the Cirrus-CI run on the `master` branch:
`swagger-master.yaml`. The file produced and uploaded due to a PR is
intended for testing purposes: Confirm it's generation and uploading are
both functional.
Signed-off-by: Chris Evich <cevich@redhat.com>
I'm tired of seeing these every time I run 'make':
WARNING: go-md2man does not handle node type HTMLSpan
Cause: left-angle-brackets ( < ) in document source
Solution:
1) backquote-escape those that need to be shown, usually
ones referring to an argument or email address; or
2) Actual HTML ( <sup> and <a> ) which are meant to be
shown in generated HTML docs but can't be shown in
man pages, we filter out via a sed expression.
Signed-off-by: Ed Santiago <santiago@redhat.com>
When doing a podman images, manifests lists look just like images, so
it is logical that users would assume that they can just podman push them
to a registry. The problem is we throw out weird errors when this happens
and users need to somehow figure out this is a manifest list rather then
an image, and frankly the user will not understand the difference.
This PR will make podman push just do the right thing, by failing over and
attempting to push the manifest if it fails to push the image.
Fix up handling of manifest push
Protocol should bring back a digest string, which can either be
printed or stored in a file.
We should not reimplement the manifest push setup code in the tunnel
code but take advantage of the api path, to make sure remote and local
work the same way.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Basic theory: We remove the container, but *only from the DB*.
We leave it in c/storage, we leave the lock allocated, we leave
it running (if it is). Then we create an identical container with
an altered name, and add that back to the database. Theoretically
we now have a renamed container.
The advantage of this approach is that it doesn't just apply to
rename - we can use this to make *any* configuration change to a
container that does not alter its container ID.
Potential problems are numerous. This process is *THOROUGHLY*
non-atomic at present - if you `kill -9` Podman mid-rename things
will be in a bad place, for example. Also, we can't rename
containers that can't be removed normally - IE, containers with
dependencies (pod infra containers, for example).
The largest potential improvement will be to move the majority of
the work into the DB, with a `RecreateContainer()` method - that
will add atomicity, and let us remove the container without
worrying about depencies and similar issues.
Potential problems: long-running processes that edit the DB and
may have an older version of the configuration around. Most
notable example is `podman run --rm` - the removal command needed
to be manually edited to avoid this one. This begins to get at
the heart of me not wanting to do this in the first place...
This provides CLI and API implementations for frontend, but no
tunnel implementation. It will be added in a future release (just
held back for time now - we need this in 3.0 and are running low
on time).
This is honestly kind of horrifying, but I think it will work.
Signed-off-by: Matthew Heon <mheon@redhat.com>
This implements support for mounting and unmounting volumes
backed by volume plugins. Support for actually retrieving
plugins requires a pull request to land in containers.conf and
then that to be vendored, and as such is not yet ready. Given
this, this code is only compile tested. However, the code for
everything past retrieving the plugin has been written - there is
support for creating, removing, mounting, and unmounting volumes,
which should allow full functionality once the c/common PR is
merged.
A major change is the signature of the MountPoint function for
volumes, which now, by necessity, returns an error. Named volumes
managed by a plugin do not have a mountpoint we control; instead,
it is managed entirely by the plugin. As such, we need to cache
the path in the DB, and calls to retrieve it now need to access
the DB (and may fail as such).
Notably absent is support for SELinux relabelling and chowning
these volumes. Given that we don't manage the mountpoint for
these volumes, I am extremely reluctant to try and modify it - we
could easily break the plugin trying to chown or relabel it.
Also, we had no less than *5* separate implementations of
inspecting a volume floating around in pkg/infra/abi and
pkg/api/handlers/libpod. And none of them used volume.Inspect(),
the only correct way of inspecting volumes. Remove them all and
consolidate to using the correct way. Compat API is likely still
doing things the wrong way, but that is an issue for another day.
Fixes#4304
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Improve the documentation to help users to know proper way to
use podman within a pipe.
Helps Prevent: https://github.com/containers/podman/issues/8916
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Although storage is more human-readable when expressed in SI units,
IEC/JEDEC (Bytes) units are more pertinent for memory-related values
(and match the format of the --memory* command-line options).
(To prevent possible compatibility issues, the default SI display is
left unchanged)
See https://github.com/containers/podman/issues/8945
Signed-off-by: Stuart Shelton <stuart@shelton.me>
Docker does not support this, and it is confusing what to do if
the image has more then one tag. We are dropping support for this
in podman 3.0
Fixes: https://github.com/containers/podman/issues/7387
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
`podman ps --format {{.Networks}}` will show all connected networks for
this container. For `pod ps` it will show the infra container networks.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Allow to filter on the network name or full id.
For pod ps it will filter on the infra container networks.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Systemd is now complaining or mentioning /var/run as a legacy directory.
It has been many years where /var/run is a symlink to /run on all
most distributions, make the change to the default.
Partial fix for https://github.com/containers/podman/issues/8369
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When migrating a container with associated volumes, the content of
these volumes should be made available on the destination machine.
This patch enables container checkpoint/restore with named volumes
by including the content of volumes in checkpoint file. On restore,
volumes associated with container are created and their content is
restored.
The --ignore-volumes option is introduced to disable this feature.
Example:
# podman container checkpoint --export checkpoint.tar.gz <container>
The content of all volumes associated with the container are included
in `checkpoint.tar.gz`
# podman container checkpoint --export checkpoint.tar.gz --ignore-volumes <container>
The content of volumes is not included in `checkpoint.tar.gz`. This is
useful, for example, when the checkpoint/restore is performed on the
same machine.
# podman container restore --import checkpoint.tar.gz
The associated volumes will be created and their content will be
restored. Podman will exit with an error if volumes with the same
name already exist on the system or the content of volumes is not
included in checkpoint.tar.gz
# podman container restore --ignore-volumes --import checkpoint.tar.gz
Volumes associated with container must already exist. Podman will not
create them or restore their content.
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
users would like api endpoints to be sorted in documentation. this
should assist in this. i do not expect that thisd will be the entire
fix. it looks like ci is not building and pushing docs rn.
Signed-off-by: baude <bbaude@redhat.com>
adds the ability to filter containers based on the filter "pod". the
value can be a pod name or its full or partial id.
Fixes: #8512
Signed-off-by: baude <bbaude@redhat.com>
When debugging issues, it would be helpful to know the
security settings of the system running into the problem.
Adding security info to `podman info` is also useful to users.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Implement `podman-remote cp` and break out the logic from the previously
added `pkg/copy` into it's basic building blocks and move them up into
the `ContainerEngine` interface and `cmd/podman`.
The `--pause` and `--extract` flags are now deprecated and turned into
nops.
Note that this commit is vendoring a non-release version of Buildah to
pull in updates to the copier package.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This change adds support for the `--filter` / `?filters` arguments on
the `podman volume prune` subcommand.
* Adds ParseFilterArgumentsIntoFilters helper for consistent
Filter string slice handling
* Adds `--filter` support to podman volume prune cli
* Adds `?filters...` support to podman volume prune api
* Updates apiv2 / e2e tests
Closes#8672
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
podman image sign handles muti-arch images.
--all option to create signature for each manifest from the image manifest list.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Also document the allowable filters in podman system prune, podman image prune
and podman container prune.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
we must honor systempaths=unconfined also for read-only paths, as
Docker does:
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add the systempaths=unconfined option to --security-opt
to match the docker options for unmasking all the paths
that are masked by default.
Add the mask and unmask options to the podman create doc.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
With podman play kube, podman would always attempt to
pull if the image has the :latest tag. But this would
fail if the image was built locally and given latest
as the tag. Images build with podman and buildah have
localhost as the domain, so check if the domain is localhost.
If that is the case, then don't attempt a pull.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
This adds a new command, 'podman network reload', to reload the
networks of existing containers, forcing recreation of firewall
rules after e.g. `firewall-cmd --reload` wipes them out.
Under the hood, this works by calling CNI to tear down the
existing network, then recreate it using identical settings. We
request that CNI preserve the old IP and MAC address in most
cases (where the container only had 1 IP/MAC), but there will be
some downtime inherent to the teardown/bring-up approach. The
architecture of CNI doesn't really make doing this without
downtime easy (or maybe even possible...).
At present, this only works for root Podman, and only locally.
I don't think there is much of a point to adding remote support
(this is very much a local debugging command), but I think adding
rootless support (to kill/recreate slirp4netns) could be
valuable.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
add the ability to add multiple containers into a single k8s pod
instead of just one.
also fixed some bugs in the resulting yaml where an empty service
description was being added on error causing the k8s validation to fail.
Signed-off-by: baude <bbaude@redhat.com>
* Add a new `pkg/copy` to centralize all container-copy related code.
* The new code is based on Buildah's `copier` package.
* The compat `/archive` endpoints use the new `copy` package.
* Update docs and an several new tests.
* Includes many fixes, most notably, the look-up of volumes and mounts.
Breaking changes:
* Podman is now expecting that container-destination paths exist.
Before, Podman created the paths if needed. Docker does not do
that and I believe Podman should not either as it's a recipe for
masking errors. These errors may be user induced (e.g., a path
typo), or internal typos (e.g., when the destination may be a
mistakenly unmounted volume). Let's keep the magic low for such
a security sensitive feature.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
We have been asked to leak some information into the container
to indicate:
* The name and id of the container
* The version of podman used to launch the container
* The image name and ID the container is based on.
* Whether the container engine is running in rootless mode.
Fixes: https://github.com/containers/podman/issues/6192
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add the mask and unmask option to the --security-opt flag
to allow users to specify paths to mask and unmask in the
container. If unmask=ALL, this will unmask all the paths we
mask by default.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Not pass the name argument to Load API. Specify in the document the usage of the optional argument is tagging an additional image.
Close#7337
Signed-off-by: Qi Wang <qiwan@redhat.com>
The network ID is not stored. It is just the sha256 hash from
the network name. There is a risk of a potential hash collision.
However it's very unlikely and even if we hit this it will
complain that more than network with this ID exists.
The main benefit is that the compat api can have proper
network ID support. Also this adds the support for
`podman network ls --format "{{.ID}}"` and `--filter id=<ID>`.
It also ensures that we can do network rm <ID> and network
inspect <ID>.
Since we use a hash this commit is backwards compatible even for
already existing networks.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
We differ from Docker, in that we do not create the source directory
in a --volume mount if it does not exists. We return an error.
We do not believe that a `typo` from the user should cause a directory
to be created and silently ignored by Podman.
Fixes: https://github.com/containers/podman/issues/8513
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
As described in issue #8507 this commit contains a breaking
change which is not wanted in v2.2.
We can discuss later if we want this in 3.0 or not.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
The goal is to improve errors when users use the wrong transport
in certain cases we stutter, in other cases we don't give enough
information.
Remove stutters when failing to pull remote images, because of
lack of support.
Fix errors returned by reference.Parse to wrap in image that was being
checked.
Fixes: https://github.com/containers/podman/issues/7116
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add label support for podman network create. Use the `args`
field in the cni config file to store the podman labels.
Use `podman_labels` as key name and store the labels as
map[string]string.
For reference: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md#args-in-network-confighttps://github.com/containernetworking/cni/blob/spec-v0.4.0/SPEC.md#network-configuration
Example snippet:
```
...
"args": {
"podman_labels": {
"key1":"value1",
"key2":"value2"
}
}
...
```
Make podman network list support several filters. Supported filters are name,
plugin, driver and label. Filters with different keys work exclusive. Several label
filters work exclusive and the other filter keys are working inclusive.
Also adjust the compat api to support labels in network create and list.
Breaking changes:
- podman network ls -f shortform is used for --filter instead --format
This matches docker and other podman commands (container ps, volume ps)
- libpod network list endpoint filter parameter is removed. Instead the
filters paramter should be used as json encoded map[string][]string.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
The buildah/pkg/secrts package was move to
containers/common/pkg/subscriptions.
Switch to using this by default.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
For docker compatibility we need to support --platform
flag.
podman create --platform
podman run --platform
podman pull --platform
Since we have --override-os and --override-arch already
this can be done just by modifying the client to split
the --platform call into os and arch and then pass those
options to the server side.
Fixes: https://github.com/containers/podman/issues/6244
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Fix the container archive description in podman save/load docs that may lead to misusing the save/load instead of import/export for containers.
Signed-off-by: Qi Wang <qiwan@redhat.com>
This command exists in docker and is also in our documentation.
Also remove mentions of `podman ls` or `podman list`. These
commands do not exists in podman or docker.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Podman top falls back to executing ps(1) inside the container in the
presence of ps-specific flags. Clarify that a bit more to help users
resolve issues when, for instance, ps(1) isn't installed in the
container.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
We allow a container to be connected to several cni networks
but only if they are listed comma sperated. This is not intuitive
for users especially since the flag parsing allows multiple string
flags but only would take the last value. see: spf13/pflag#72
Also get rid of the extra parsing logic for pods. The invalid options
are already handled by `pkg/specgen`.
A test is added to prevent a future regression.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Currently we don't document which end of the podman-remote client server
operations uses the containers.conf. This PR begins documenting this
and then testing to make sure the defaults follow the rules.
Fixes: https://github.com/containers/podman/issues/7657
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
this enables the ability to connect and disconnect a container from a
given network. it is only for the compatibility layer. some code had to
be refactored to avoid circular imports.
additionally, tests are being deferred temporarily due to some
incompatibility/bug in either docker-py or our stack.
Signed-off-by: baude <bbaude@redhat.com>
Filters with the same key work inclusive with the only exception being
`label` which is exclusive. Filters with different keys always work exclusive.
Also update the documentation with the new behavior.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Having play kube start the pod is not always appropriate, one might
for example like to have the pod running as a set of systemd services.
Add a `start` option to the command line and API to control if the pod
should be started or not; it defaults to true for backward
compatibility.
Signed-off-by: Alban Bedel <albeu@free.fr>
Supposed to be able to search for labels with a given value.
Previously it meant searching for label key and label value:
--filter label=key --filter label=value
Add some documentation and integration tests for it as well.
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
The title for the Podman man page on the commands menu was a little
light, adding a few more words to it.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Sphinx with recommonmark cannot render markdown tables at all.
There is a python package called `sphinx-markdown-tables` which
adds the markdown table support to recommonmark.
https://pypi.org/project/sphinx-markdown-tables/
By utilising this package we don't have to change our doc format.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
One last tweak to the man page for 'build --pull' and after
further testing against Docker, one slight change to the
pull policy. First I changed `--pull=false` from PullNever
to PullIfMissing. This matches Docker and will pull the
image if it's not present rather than erroring. We've
the `--pull-never` option if someone wants the pull to
not do an actual pull and to error if the image isn't
local.
Then for the man page, I'd a much bigger change, in the
initial PR, I've backed most of that out and just
added a tweak.
Hopefully this puts this portion of the pull work behind
us for a while.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Make the order of short and long flag names in the documentation
consistent. Also adjust the man page validaten script to only allow
the `**--long**, **-s**` syntax.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Add a new make target (completion) to generate the shell
completion scripts. This will generate the scripts for bash,
zsh and fish for both podman and podman-remote with `podman completion`.
The scripts are put into the completions directory and can be
installed system wide with `sudo make install.completions`.
This commit replaces the current handwritten scripts for bash and zsh.
The `validate.completion` target has been adjusted to make sure nobody
edits these scripts directly.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Allow automatic generation for shell completion scripts
with the internal cobra functions (requires v1.0.0+).
This should replace the handwritten completion scripts
and even adds support for fish. With this approach it is
less likley that completions and code are out of sync.
We can now create the scripts with
- podman completion bash
- podman completion zsh
- podman completion fish
To test the completion run:
source <(podman completion bash)
The same works for podman-remote and podman --remote and
it will complete your remote containers/images with
the correct endpoints values from --url/--connection.
The completion logic is written in go and provided by the
cobra library. The completion functions lives in
`cmd/podman/completion/completion.go`.
The unit test at cmd/podman/shell_completion_test.go checks
if each command and flag has an autocompletion function set.
This prevents that commands and flags have no shell completion set.
This commit does not replace the current autocompletion scripts.
Closes#6440
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Somewhere in the CIv2 migration we lost the man page vs --help
cross-checker. Add it back, by adding it into the man-page-check
Makefile target; this is part of 'make validate', which is run
in CI even on CI:DOCS PRs.
As happens when CI doesn't run, things broke. Man pages got out
of sync with --help. This PR:
1) Fixes hack/xref-helpmsgs-manpages to deal with the new
"Options" (instead of "Flags") form of podman help. #8034
did part of that, but one of my review comments was
accidentally left out.
2) Fixes hack/xref-helpmsgs-manpages to deal with the new
option syntax in man pages, post- #8292, in which each
option is preceded by four hashes so as to make them
HTML <h4> elements with named anchors.
3) Fixes man pages that #8292 accidentally missed.
4) Adds man page entries for two flags that got added
to podman but not documented (pod create --network-alias,
play kube --log-driver)
Fixes: #8296
Signed-off-by: Ed Santiago <santiago@redhat.com>
Change the docs markdown so that flag names will be h4 headers.
Sphinx will automatically add anchors to headers. Add css to
make sure the flag names are not to big compared to the text.
The man pages also still renders fine but it looks a bit different.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
A fairly common mistake users are hitting is running rootless podman without
installing fuse-overlay. Then they want to reset storage. Sometimes they
modify storage.conf first and `podman system reset` fails.
This PR attempts to explain how to convert properly.
Fixes: https://github.com/containers/podman/issues/7446
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
enable the ipv6 flag in podman network to be able to create
dual-stack networks for containers.
This is required to be compatible with docker, where --ipv6
really means dual stack.
podman, unlike docker, support IPv6 only containers since
07e3f1bba9.
Signed-off-by: Antonio Ojea <aojea@redhat.com>
podman can now support adding network aliases when running containers
(--network-alias). It requires an updated dnsname plugin as well as an
updated ocicni to work properly.
Signed-off-by: baude <bbaude@redhat.com>
Continue progress on use of external containers.
This PR adds the ability to mount, umount and list the
storage containers whether they are in libpod or not.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Allow users to specify unbindable on volume command line
Switch internal mounts to rprivate to help prevent leaks.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This is a continuation of #8189 and #8085.
When doing a `docker build` command, if the `--pull` command is not specified
or set to `false` the pullOption used is `PullifMissing`. This causes the
build to pull the image only if it is not present in local storage. It also will
raise an error if the image is not found in the registry (or the registry is down),
even if the image is present in local storage.
If the `--pull` command IS specified or specified with an argument of `true`, the
build will always pull the image from the registries. This uses the pullOption
`PullAlways`. It also will raise an error if the image is not found in the registry,
even if the image is present in local storage.
These changes now brings the pull functionality for `podman build` into line
with `docker build`.
However, I consider this to be a breaking change. Previously if you did
`podman build --pull`, `podman build` or `podman build --pull = true`, then
the image would be pulled from the registry if there was not an image in
local storage or if the image in the registry was newer than the one in
local storage. An error would *NOT* be raised if there was not an image in
the registry or the registry was down as long as there was a copy in the local
storage. An error would be raised if the image could not be retrieved from
both the registry and local storage. This is the PullOption `PullIfNewer`.
I believe this also differs from what Buildah does at this time but I'm too
beat to chase that down at the moment.
Personally I'd like to use the `PullIfNewer` for at least `--pull` and
`--pull=true` so that you don't get an error if the registry has a network
hiccup and the image is already stored locally. But this differs from Docker.
I'd like to post scrum about this at our next stand up to make sure we're
all on the same page about the ramifications of this change.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Remove the search limit check since the c/image v5.6.0 supports pagination and can give result over 100 entries.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Valentin Rothberg
Giuseppe Scrivano
cdoern
OpenShift Merge Robot
Jakub Guzik
flouthoc
Brent Baude
Ashley Cui
Shivkumar13
Daniel J Walsh
openshift-ci[bot]
Paul Holzinger
Mehul Arora
Adrian Reber
Thomas Weber
Hironori Shiina
David Ward
José Guilherme Vanz
rugk
Matej Vasek
Jhon Honce
Tino Rusch
Alexander Richter
cdoern
Дилян Палаузов
Kye Shi
Ed Santiago
Boaz Shuster
Paul Holzinger
TomSweeneyRedHat
Eduardo Vega
Rob Cowsill
Parker Van Roy
Erik Sjölund
Nick Piper
chenkang
wuhua.ck
Pablo Correa Gómez
Anatoli Babenia
Jonathan Wakely
Matthew Heon
Alexander Wellbrock
Robb Manes
Jordan Williams
xcffl
Will Thompson
Steve Phillips
Kier Davis
paranlee
bitstrings
TeeVenDick
Chris Evich
Yohan Belléguic
Matthew Heon
Stuart Shelton
unknown
Radostin Stoyanov
Tobias Boesch
Josh Soref
Baron Lenardson
Qi Wang
Urvashi Mohnani
Anders F Björklund
Luap99
jortkoopmans
Alban Bedel
Antonio Ojea
Marc Nuri
Ralf Haferkamp