diff options
| -rw-r--r-- | README.md | 34 | ||||
| -rw-r--r-- | cmd/podman/common/create.go | 4 | ||||
| -rw-r--r-- | cmd/podman/images/pull.go | 1 | ||||
| -rw-r--r-- | cmd/podman/images/push.go | 1 | ||||
| -rw-r--r-- | docs/source/markdown/podman-create.1.md | 19 | ||||
| -rw-r--r-- | docs/source/markdown/podman-pull.1.md | 6 | ||||
| -rw-r--r-- | docs/source/markdown/podman-push.1.md | 6 | ||||
| -rw-r--r-- | docs/source/markdown/podman-run.1.md | 9 | ||||
| -rw-r--r-- | pkg/api/server/register_generate.go | 4 | ||||
| -rw-r--r-- | test/system/015-help.bats | 21 |
10 files changed, 70 insertions, 35 deletions
@@ -1,9 +1,9 @@  -# Library and tool for running OCI-based containers in Pods +# Podman: A tool for managing OCI containers and pods -Libpod provides a library for applications looking to use the Container Pod concept, -popularized by Kubernetes. Libpod also contains the Pod Manager tool `(Podman)`. Podman manages pods, containers, container images, and container volumes. +Podman (the POD MANager) is a tool for managing containers and images, volumes mounted into those containers, and pods made from groups of containers. +Podman is based on libpod, a library for container lifecycle management that is also contained in this repository. The libpod library provides APIs for managing containers, pods, container images, and volumes. * [Latest Version: 2.0.2](https://github.com/containers/libpod/releases/latest) * Latest Remote client for Windows @@ -15,26 +15,24 @@ popularized by Kubernetes. Libpod also contains the Pod Manager tool `(Podman)` ## Overview and scope -At a high level, the scope of libpod and Podman is the following: +At a high level, the scope of Podman and libpod is the following: -* Support multiple image formats including the OCI and Docker image formats. -* Support for multiple means to download images including trust & image verification. -* Container image management (managing image layers, overlay filesystems, etc). -* Full management of container lifecycle. -* Support for pods to manage groups of containers together. +* Support for multiple container image formats, including OCI and Docker images. +* Full management of those images, including pulling from various sources (including trust and verification), creating (built via Containerfile or Dockerfile or committed from a container), and pushing to registries and other storage backends. +* Full management of container lifecycle, including creation (both from an image and from an exploded root filesystem), running, checkpointing and restoring (via CRIU), and removal. +* Support for pods, groups of containers that share resources and are managed together. * Resource isolation of containers and pods. -* Support for a Docker-compatible CLI interface through Podman. +* Support for a Docker-compatible CLI interface. * Support for a REST API providing both a Docker-compatible interface and an improved interface exposing advanced Podman functionality. -* Integration with CRI-O to share containers and backend code. +* In the future, integration with [CRI-O](https://github.com/cri-o/cri-o) to share containers and backend code. Podman presently only supports running containers on Linux. However, we are building a remote client which can run on Windows and OS X and manage Podman containers on a Linux system via the REST API using SSH tunneling. ## Roadmap -1. Complete the Podman REST API and Podman v2, which will be able to connect to remote Podman instances via this API -1. Integrate libpod into CRI-O to replace its existing container management backend -1. Further work on the podman pod command -1. Further improvements on rootless containers +1. Further improvements to the REST API, with a focus on bugfixes and implementing missing functionality +1. Integrate libpod into [CRI-O](https://github.com/cri-o/cri-o) to replace its existing container management backend +1. Improvements on rootless containers, with a focus on improving the user experience and exposing presently-unavailable features when possible ## Communications @@ -67,10 +65,10 @@ A little configuration by an administrator is required before rootless Podman ca ## Out of scope -* Specializing in signing and pushing images to various storage backends. +* Specialized signing and pushing of images to various storage backends. See [Skopeo](https://github.com/containers/skopeo/) for those tasks. -* Container runtimes daemons for working with the Kubernetes CRI interface. - [CRI-O](https://github.com/cri-o/cri-o) specializes in that. +* Support for the Kubernetes CRI interface for container management. + The [CRI-O](https://github.com/cri-o/cri-o) daemon specializes in that. * Supporting `docker-compose`. We believe that Kubernetes is the defacto standard for composing Pods and for orchestrating containers, making Kubernetes YAML a defacto standard file format. Hence, Podman allows the diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go index a26bbf718..6ebf58204 100644 --- a/cmd/podman/common/create.go +++ b/cmd/podman/common/create.go @@ -155,6 +155,10 @@ func GetCreateFlags(cf *ContainerCLIOpts) *pflag.FlagSet { "device-write-iops", []string{}, "Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000)", ) + createFlags.Bool( + "disable-content-trust", false, + "This is a Docker specific option and is a NOOP", + ) createFlags.String("entrypoint", "", "Overwrite the default ENTRYPOINT of the image", ) diff --git a/cmd/podman/images/pull.go b/cmd/podman/images/pull.go index 83bb186df..c10a351d8 100644 --- a/cmd/podman/images/pull.go +++ b/cmd/podman/images/pull.go @@ -82,6 +82,7 @@ func pullFlags(flags *pflag.FlagSet) { flags.StringVar(&pullOptions.CredentialsCLI, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry") flags.StringVar(&pullOptions.OverrideArch, "override-arch", "", "Use `ARCH` instead of the architecture of the machine for choosing images") flags.StringVar(&pullOptions.OverrideOS, "override-os", "", "Use `OS` instead of the running OS for choosing images") + flags.Bool("disable-content-trust", false, "This is a Docker specific option and is a NOOP") flags.BoolVarP(&pullOptions.Quiet, "quiet", "q", false, "Suppress output information when pulling images") flags.StringVar(&pullOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)") flags.BoolVar(&pullOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries") diff --git a/cmd/podman/images/push.go b/cmd/podman/images/push.go index 4eeed13d4..480b5e0f0 100644 --- a/cmd/podman/images/push.go +++ b/cmd/podman/images/push.go @@ -79,6 +79,7 @@ func pushFlags(flags *pflag.FlagSet) { flags.BoolVar(&pushOptions.Compress, "compress", false, "Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type as source)") flags.StringVar(&pushOptions.CredentialsCLI, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry") flags.StringVar(&pushOptions.DigestFile, "digestfile", "", "Write the digest of the pushed image to the specified file") + flags.Bool("disable-content-trust", false, "This is a Docker specific option and is a NOOP") flags.StringVarP(&pushOptions.Format, "format", "f", "", "Manifest type (oci, v2s1, or v2s2) to use when pushing an image using the 'dir' transport (default is manifest type of source)") flags.BoolVarP(&pushOptions.Quiet, "quiet", "q", false, "Suppress output information when pushing images") flags.BoolVar(&pushOptions.RemoveSignatures, "remove-signatures", false, "Discard any pre-existing signatures in the image") diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index a422dd184..03f23aec0 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -234,6 +234,12 @@ Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sd Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000) +**--disable-content-trust** + +This is a Docker specific option to disable image verification to a Docker +registry and is not supported by Podman. This flag is a NOOP and provided +solely for scripting compatibility. + **--dns**=*dns* Set custom DNS servers. Invalid if using **--dns** and **--network** that is set to 'none' or 'container:<name|id>'. @@ -1120,14 +1126,13 @@ required for VPN, without it containers need to be run with the --network=host f Environment variables within containers can be set using multiple different options: This section describes the precedence. -Precedence Order: - **--env-host** : Host environment of the process executing Podman is added. - - Container image : Any environment variables specified in the container image. - - **--env-file** : Any environment variables specified via env-files. If multiple files specified, then they override each other in order of entry. +Precedence order (later entries override earlier entries): - **--env** : Any environment variables specified will override previous settings. +- **--env-host** : Host environment of the process executing Podman is added. +- **--http-proxy**: By default, several environment variables will be passed in from the host, such as **http_proxy** and **no_proxy**. See **--http-proxy** for details. +- Container image : Any environment variables specified in the container image. +- **--env-file** : Any environment variables specified via env-files. If multiple files specified, then they override each other in order of entry. +- **--env** : Any environment variables specified will override previous settings. Create containers and set the environment ending with a __*__ and a ***** diff --git a/docs/source/markdown/podman-pull.1.md b/docs/source/markdown/podman-pull.1.md index 5d941219a..201b10aa6 100644 --- a/docs/source/markdown/podman-pull.1.md +++ b/docs/source/markdown/podman-pull.1.md @@ -73,6 +73,12 @@ The [username[:password]] to use to authenticate with the registry if required. If one or both values are not supplied, a command line prompt will appear and the value can be entered. The password is entered without echo. +**--disable-content-trust** + +This is a Docker specific option to disable image verification to a Docker +registry and is not supported by Podman. This flag is a NOOP and provided +solely for scripting compatibility. + **--override-os**=*OS* Use OS instead of the running OS for choosing images diff --git a/docs/source/markdown/podman-push.1.md b/docs/source/markdown/podman-push.1.md index f029c8db1..fffd76801 100644 --- a/docs/source/markdown/podman-push.1.md +++ b/docs/source/markdown/podman-push.1.md @@ -71,6 +71,12 @@ Note: This flag can only be set when using the **dir** transport After copying the image, write the digest of the resulting image to the file. (Not available for remote commands) +**--disable-content-trust** + +This is a Docker specific option to disable image verification to a Docker +registry and is not supported by Podman. This flag is a NOOP and provided +solely for scripting compatibility. + **--format**, **-f**=*format* Manifest Type (oci, v2s1, or v2s2) to use when pushing an image to a directory using the 'dir:' transport (default is manifest type of source) diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index a7fd5a7eb..88f457bdf 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -247,6 +247,12 @@ Limit write rate (in bytes per second) to a device (e.g. **--device-write-bps=/d Limit write rate (in IO operations per second) to a device (e.g. **--device-write-iops=/dev/sda:1000**). +**--disable-content-trust** + +This is a Docker specific option to disable image verification to a Docker +registry and is not supported by Podman. This flag is a NOOP and provided +solely for scripting compatibility. + **--dns**=*ipaddr* Set custom DNS servers. Invalid if using **--dns** with **--network** that is set to **none** or **container:**_id_. @@ -1399,9 +1405,10 @@ required for VPN, without it containers need to be run with the **--network=host ## ENVIRONMENT Environment variables within containers can be set using multiple different options, -in the following order of precedence: +in the following order of precedence (later entries override earlier entries): - **--env-host**: Host environment of the process executing Podman is added. +- **--http-proxy**: By default, several environment variables will be passed in from the host, such as **http_proxy** and **no_proxy**. See **--http-proxy** for details. - Container image: Any environment variables specified in the container image. - **--env-file**: Any environment variables specified via env-files. If multiple files specified, then they override each other in order of entry. - **--env**: Any environment variables specified will override previous settings. diff --git a/pkg/api/server/register_generate.go b/pkg/api/server/register_generate.go index 82f1dc680..a1ab3f727 100644 --- a/pkg/api/server/register_generate.go +++ b/pkg/api/server/register_generate.go @@ -13,8 +13,8 @@ func (s *APIServer) registerGenerateHandlers(r *mux.Router) error { // tags: // - containers // - pods - // summary: Play a Kubernetes YAML file. - // description: Create and run pods based on a Kubernetes YAML file (pod or service kind). + // summary: Generate a Kubernetes YAML file. + // description: Generate Kubernetes YAML based on a pod or container. // parameters: // - in: path // name: name:.* diff --git a/test/system/015-help.bats b/test/system/015-help.bats index 3d05b44fe..76d29d22c 100644 --- a/test/system/015-help.bats +++ b/test/system/015-help.bats @@ -78,7 +78,8 @@ function check_help() { if ! expr "$usage" : '.*[A-Z]' >/dev/null; then if [ "$cmd" != "help" ]; then dprint "$command_string invalid-arg" - run_podman 125 "$@" $cmd invalid-arg + run_podman '?' "$@" $cmd invalid-arg + is "$status" 125 "'$command_string invalid-arg' - exit status" is "$output" "Error: .* takes no arguments" \ "'$command_string' with extra (invalid) arguments" fi @@ -104,7 +105,8 @@ function check_help() { # The </dev/null protects us from 'podman login' which will # try to read username/password from stdin. dprint "$command_string (without required args)" - run_podman 125 "$@" $cmd </dev/null + run_podman '?' "$@" $cmd </dev/null + is "$status" 125 "'$command_string' with no arguments - exit status" is "$output" "Error:.* \(require\|specif\|must\|provide\|need\|choose\|accepts\)" \ "'$command_string' without required arg" @@ -126,7 +128,8 @@ function check_help() { local rhs=$(sed -e 's/^[^A-Z]\+[A-Z]/X/' -e 's/ | /-or-/g' <<<"$usage") local n_args=$(wc -w <<<"$rhs") - run_podman 125 "$@" $cmd $(seq --format='x%g' 0 $n_args) + run_podman '?' "$@" $cmd $(seq --format='x%g' 0 $n_args) + is "$status" 125 "'$command_string' with >$n_args arguments - exit status" is "$output" "Error:.* \(takes no arguments\|requires exactly $n_args arg\|accepts at most\|too many arguments\|accepts $n_args arg(s), received\|accepts between .* and .* arg(s), received \)" \ "'$command_string' with >$n_args arguments" @@ -140,13 +143,17 @@ function check_help() { # Any command that takes subcommands, must throw error if called # without one. dprint "podman $@" - run_podman 125 "$@" - is "$output" "Error: missing command .*$@ COMMAND" + run_podman '?' "$@" + is "$status" 125 "'podman $*' without any subcommand - exit status" + is "$output" "Error: missing command .*$@ COMMAND" \ + "'podman $*' without any subcommand - expected error message" # Assume that 'NoSuchCommand' is not a command dprint "podman $@ NoSuchCommand" - run_podman 125 "$@" NoSuchCommand - is "$output" "Error: unrecognized command .*$@ NoSuchCommand" + run_podman '?' "$@" NoSuchCommand + is "$status" 125 "'podman $* NoSuchCommand' - exit status" + is "$output" "Error: unrecognized command .*$@ NoSuchCommand" \ + "'podman $* NoSuchCommand' - expected error message" # This can happen if the output of --help changes, such as between # the old command parser and cobra. |