diff options
176 files changed, 2805 insertions, 1258 deletions
@@ -536,6 +536,7 @@ install.completions: install ${SELINUXOPT} -d -m 755 ${DESTDIR}${FISHINSTALLDIR} install ${SELINUXOPT} -m 644 completions/fish/podman.fish ${DESTDIR}${FISHINSTALLDIR} install ${SELINUXOPT} -m 644 completions/fish/podman-remote.fish ${DESTDIR}${FISHINSTALLDIR} + # There is no common location for powershell files so do not install them. Users have to source the file from their powershell profile. .PHONY: install.cni install.cni: @@ -658,7 +659,7 @@ install.libseccomp.sudo: .PHONY: completions completions: podman podman-remote # key = shell, value = completion filename - declare -A outfiles=([bash]=%s [zsh]=_%s [fish]=%s.fish);\ + declare -A outfiles=([bash]=%s [zsh]=_%s [fish]=%s.fish [powershell]=%s.ps1);\ for shell in $${!outfiles[*]}; do \ for remote in "" "-remote"; do \ podman="podman$$remote"; \ diff --git a/cmd/podman/completion/completion.go b/cmd/podman/completion/completion.go index a4ceab4b0..472068130 100644 --- a/cmd/podman/completion/completion.go +++ b/cmd/podman/completion/completion.go @@ -21,7 +21,7 @@ const ( var ( file string noDesc bool - shells = []string{"bash", "zsh", "fish"} + shells = []string{"bash", "zsh", "fish", "powershell"} completionCmd = &cobra.Command{ Use: fmt.Sprintf("completion [options] {%s}", strings.Join(shells, "|")), Short: "Generate shell autocompletions", @@ -76,6 +76,12 @@ func completion(cmd *cobra.Command, args []string) error { } case "fish": err = cmd.Root().GenFishCompletion(w, !noDesc) + case "powershell": + if noDesc { + err = cmd.Root().GenPowerShellCompletion(w) + } else { + err = cmd.Root().GenPowerShellCompletionWithDesc(w) + } } if err != nil { diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go index f757b764f..da7f5d862 100644 --- a/cmd/podman/images/build.go +++ b/cmd/podman/images/build.go @@ -8,7 +8,7 @@ import ( "strings" "time" - "github.com/containers/buildah/define" + buildahDefine "github.com/containers/buildah/define" buildahCLI "github.com/containers/buildah/pkg/cli" "github.com/containers/buildah/pkg/parse" "github.com/containers/common/pkg/completion" @@ -158,11 +158,11 @@ func buildFlags(cmd *cobra.Command) { flags.SetNormalizeFunc(buildahCLI.AliasFlags) if registry.IsRemote() { flag = flags.Lookup("isolation") - buildOpts.Isolation = define.OCI - if err := flag.Value.Set(define.OCI); err != nil { - logrus.Errorf("unable to set --isolation to %v: %v", define.OCI, err) + buildOpts.Isolation = buildahDefine.OCI + if err := flag.Value.Set(buildahDefine.OCI); err != nil { + logrus.Errorf("unable to set --isolation to %v: %v", buildahDefine.OCI, err) } - flag.DefValue = define.OCI + flag.DefValue = buildahDefine.OCI _ = flags.MarkHidden("disable-content-trust") _ = flags.MarkHidden("cache-from") _ = flags.MarkHidden("sign-by") @@ -195,7 +195,7 @@ func build(cmd *cobra.Command, args []string) error { var contextDir string if len(args) > 0 { // The context directory could be a URL. Try to handle that. - tempDir, subDir, err := define.TempDirForURL("", "buildah", args[0]) + tempDir, subDir, err := buildahDefine.TempDirForURL("", "buildah", args[0]) if err != nil { return errors.Wrapf(err, "error prepping temporary context directory") } @@ -303,16 +303,31 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil return nil, err } - pullPolicy := define.PullIfMissing + pullFlagsCount := 0 + if c.Flag("pull").Changed { + pullFlagsCount++ + } + if c.Flag("pull-always").Changed { + pullFlagsCount++ + } + if c.Flag("pull-never").Changed { + pullFlagsCount++ + } + + if pullFlagsCount > 1 { + return nil, errors.Errorf("can only set one of 'pull' or 'pull-always' or 'pull-never'") + } + + pullPolicy := buildahDefine.PullIfMissing if c.Flags().Changed("pull") && flags.Pull { - pullPolicy = define.PullAlways + pullPolicy = buildahDefine.PullAlways } if flags.PullAlways { - pullPolicy = define.PullAlways + pullPolicy = buildahDefine.PullAlways } if flags.PullNever { - pullPolicy = define.PullIfMissing + pullPolicy = buildahDefine.PullNever } args := make(map[string]string) @@ -387,9 +402,9 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil flags.Layers = false } - compression := define.Gzip + compression := buildahDefine.Gzip if flags.DisableCompression { - compression = define.Uncompressed + compression = buildahDefine.Uncompressed } isolation, err := parse.IsolationOption(flags.Isolation) @@ -411,10 +426,10 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil format := "" flags.Format = strings.ToLower(flags.Format) switch { - case strings.HasPrefix(flags.Format, define.OCI): - format = define.OCIv1ImageManifest - case strings.HasPrefix(flags.Format, define.DOCKER): - format = define.Dockerv2ImageManifest + case strings.HasPrefix(flags.Format, buildahDefine.OCI): + format = buildahDefine.OCIv1ImageManifest + case strings.HasPrefix(flags.Format, buildahDefine.DOCKER): + format = buildahDefine.Dockerv2ImageManifest default: return nil, errors.Errorf("unrecognized image type %q", flags.Format) } @@ -442,7 +457,7 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil return nil, errors.Wrapf(err, "unable to obtain decrypt config") } - opts := define.BuildOptions{ + opts := buildahDefine.BuildOptions{ AddCapabilities: flags.CapAdd, AdditionalTags: tags, Annotations: flags.Annotation, diff --git a/cmd/podman/root.go b/cmd/podman/root.go index 7722e35dd..2b77afbeb 100644 --- a/cmd/podman/root.go +++ b/cmd/podman/root.go @@ -3,7 +3,7 @@ package main import ( "fmt" "os" - "path" + "path/filepath" "runtime" "runtime/pprof" "strings" @@ -57,7 +57,7 @@ Options: var ( rootCmd = &cobra.Command{ - Use: path.Base(os.Args[0]) + " [options]", + Use: filepath.Base(os.Args[0]) + " [options]", Long: "Manage pods, containers and images", SilenceUsage: true, SilenceErrors: true, diff --git a/completions/powershell/podman-remote.ps1 b/completions/powershell/podman-remote.ps1 new file mode 100644 index 000000000..9cdbabc52 --- /dev/null +++ b/completions/powershell/podman-remote.ps1 @@ -0,0 +1,227 @@ +# powershell completion for podman-remote -*- shell-script -*- + +function __podman-remote_debug { + if ($env:BASH_COMP_DEBUG_FILE) { + "$args" | Out-File -Append -FilePath "$env:BASH_COMP_DEBUG_FILE" + } +} + +filter __podman-remote_escapeStringWithSpecialChars { + $_ -replace '\s|#|@|\$|;|,|''|\{|\}|\(|\)|"|`|\||<|>|&','`$&' +} + +Register-ArgumentCompleter -CommandName 'podman-remote' -ScriptBlock { + param( + $WordToComplete, + $CommandAst, + $CursorPosition + ) + + # Get the current command line and convert into a string + $Command = $CommandAst.CommandElements + $Command = "$Command" + + __podman-remote_debug "" + __podman-remote_debug "========= starting completion logic ==========" + __podman-remote_debug "WordToComplete: $WordToComplete Command: $Command CursorPosition: $CursorPosition" + + # The user could have moved the cursor backwards on the command-line. + # We need to trigger completion from the $CursorPosition location, so we need + # to truncate the command-line ($Command) up to the $CursorPosition location. + # Make sure the $Command is longer then the $CursorPosition before we truncate. + # This happens because the $Command does not include the last space. + if ($Command.Length -gt $CursorPosition) { + $Command=$Command.Substring(0,$CursorPosition) + } + __podman-remote_debug "Truncated command: $Command" + + $ShellCompDirectiveError=1 + $ShellCompDirectiveNoSpace=2 + $ShellCompDirectiveNoFileComp=4 + $ShellCompDirectiveFilterFileExt=8 + $ShellCompDirectiveFilterDirs=16 + + # Prepare the command to request completions for the program. + # Split the command at the first space to separate the program and arguments. + $Program,$Arguments = $Command.Split(" ",2) + $RequestComp="$Program __complete $Arguments" + __podman-remote_debug "RequestComp: $RequestComp" + + # we cannot use $WordToComplete because it + # has the wrong values if the cursor was moved + # so use the last argument + if ($WordToComplete -ne "" ) { + $WordToComplete = $Arguments.Split(" ")[-1] + } + __podman-remote_debug "New WordToComplete: $WordToComplete" + + + # Check for flag with equal sign + $IsEqualFlag = ($WordToComplete -Like "--*=*" ) + if ( $IsEqualFlag ) { + __podman-remote_debug "Completing equal sign flag" + # Remove the flag part + $Flag,$WordToComplete = $WordToComplete.Split("=",2) + } + + if ( $WordToComplete -eq "" -And ( -Not $IsEqualFlag )) { + # If the last parameter is complete (there is a space following it) + # We add an extra empty parameter so we can indicate this to the go method. + __podman-remote_debug "Adding extra empty parameter" + # We need to use `"`" to pass an empty argument a "" or '' does not work!!! + $RequestComp="$RequestComp" + ' `"`"' + } + + __podman-remote_debug "Calling $RequestComp" + #call the command store the output in $out and redirect stderr and stdout to null + # $Out is an array contains each line per element + Invoke-Expression -OutVariable out "$RequestComp" 2>&1 | Out-Null + + + # get directive from last line + [int]$Directive = $Out[-1].TrimStart(':') + if ($Directive -eq "") { + # There is no directive specified + $Directive = 0 + } + __podman-remote_debug "The completion directive is: $Directive" + + # remove directive (last element) from out + $Out = $Out | Where-Object { $_ -ne $Out[-1] } + __podman-remote_debug "The completions are: $Out" + + if (($Directive -band $ShellCompDirectiveError) -ne 0 ) { + # Error code. No completion. + __podman-remote_debug "Received error from custom completion go code" + return + } + + $Longest = 0 + $Values = $Out | ForEach-Object { + #Split the output in name and description + $Name, $Description = $_.Split("`t",2) + __podman-remote_debug "Name: $Name Description: $Description" + + # Look for the longest completion so that we can format things nicely + if ($Longest -lt $Name.Length) { + $Longest = $Name.Length + } + + # Set the description to a one space string if there is none set. + # This is needed because the CompletionResult does not accept an empty string as argument + if (-Not $Description) { + $Description = " " + } + @{Name="$Name";Description="$Description"} + } + + + $Space = " " + if (($Directive -band $ShellCompDirectiveNoSpace) -ne 0 ) { + # remove the space here + __podman-remote_debug "ShellCompDirectiveNoSpace is called" + $Space = "" + } + + if (($Directive -band $ShellCompDirectiveNoFileComp) -ne 0 ) { + __podman-remote_debug "ShellCompDirectiveNoFileComp is called" + + if ($Values.Length -eq 0) { + # Just print an empty string here so the + # shell does not start to complete paths. + # We cannot use CompletionResult here because + # it does not accept an empty string as argument. + "" + return + } + } + + if ((($Directive -band $ShellCompDirectiveFilterFileExt) -ne 0 ) -or + (($Directive -band $ShellCompDirectiveFilterDirs) -ne 0 )) { + __podman-remote_debug "ShellCompDirectiveFilterFileExt ShellCompDirectiveFilterDirs are not supported" + + # return here to prevent the completion of the extensions + return + } + + $Values = $Values | Where-Object { + # filter the result + $_.Name -like "$WordToComplete*" + + # Join the flag back if we have a equal sign flag + if ( $IsEqualFlag ) { + __podman-remote_debug "Join the equal sign flag back to the completion value" + $_.Name = $Flag + "=" + $_.Name + } + } + + # Get the current mode + $Mode = (Get-PSReadLineKeyHandler | Where-Object {$_.Key -eq "Tab" }).Function + __podman-remote_debug "Mode: $Mode" + + $Values | ForEach-Object { + + # store temporay because switch will overwrite $_ + $comp = $_ + + # PowerShell supports three different completion modes + # - TabCompleteNext (default windows style - on each key press the next option is displayed) + # - Complete (works like bash) + # - MenuComplete (works like zsh) + # You set the mode with Set-PSReadLineKeyHandler -Key Tab -Function <mode> + + # CompletionResult Arguments: + # 1) CompletionText text to be used as the auto completion result + # 2) ListItemText text to be displayed in the suggestion list + # 3) ResultType type of completion result + # 4) ToolTip text for the tooltip with details about the object + + switch ($Mode) { + + # bash like + "Complete" { + + if ($Values.Length -eq 1) { + __podman-remote_debug "Only one completion left" + + # insert space after value + [System.Management.Automation.CompletionResult]::new($($comp.Name | __podman-remote_escapeStringWithSpecialChars) + $Space, "$($comp.Name)", 'ParameterValue', "$($comp.Description)") + + } else { + # Add the proper number of spaces to align the descriptions + while($comp.Name.Length -lt $Longest) { + $comp.Name = $comp.Name + " " + } + + # Check for empty description and only add parentheses if needed + if ($($comp.Description) -eq " " ) { + $Description = "" + } else { + $Description = " ($($comp.Description))" + } + + [System.Management.Automation.CompletionResult]::new("$($comp.Name)$Description", "$($comp.Name)$Description", 'ParameterValue', "$($comp.Description)") + } + } + + # zsh like + "MenuComplete" { + # insert space after value + # MenuComplete will automatically show the ToolTip of + # the highlighted value at the bottom of the suggestions. + [System.Management.Automation.CompletionResult]::new($($comp.Name | __podman-remote_escapeStringWithSpecialChars) + $Space, "$($comp.Name)", 'ParameterValue', "$($comp.Description)") + } + + # TabCompleteNext and in case we get something unknown + Default { + # Like MenuComplete but we don't want to add a space here because + # the user need to press space anyway to get the completion. + # Description will not be shown because thats not possible with TabCompleteNext + [System.Management.Automation.CompletionResult]::new($($comp.Name | __podman-remote_escapeStringWithSpecialChars), "$($comp.Name)", 'ParameterValue', "$($comp.Description)") + } + } + + } +} + +# This file is generated with "podman-remote completion"; see: podman-completion(1) diff --git a/completions/powershell/podman.ps1 b/completions/powershell/podman.ps1 new file mode 100644 index 000000000..6b6f832d2 --- /dev/null +++ b/completions/powershell/podman.ps1 @@ -0,0 +1,227 @@ +# powershell completion for podman -*- shell-script -*- + +function __podman_debug { + if ($env:BASH_COMP_DEBUG_FILE) { + "$args" | Out-File -Append -FilePath "$env:BASH_COMP_DEBUG_FILE" + } +} + +filter __podman_escapeStringWithSpecialChars { + $_ -replace '\s|#|@|\$|;|,|''|\{|\}|\(|\)|"|`|\||<|>|&','`$&' +} + +Register-ArgumentCompleter -CommandName 'podman' -ScriptBlock { + param( + $WordToComplete, + $CommandAst, + $CursorPosition + ) + + # Get the current command line and convert into a string + $Command = $CommandAst.CommandElements + $Command = "$Command" + + __podman_debug "" + __podman_debug "========= starting completion logic ==========" + __podman_debug "WordToComplete: $WordToComplete Command: $Command CursorPosition: $CursorPosition" + + # The user could have moved the cursor backwards on the command-line. + # We need to trigger completion from the $CursorPosition location, so we need + # to truncate the command-line ($Command) up to the $CursorPosition location. + # Make sure the $Command is longer then the $CursorPosition before we truncate. + # This happens because the $Command does not include the last space. + if ($Command.Length -gt $CursorPosition) { + $Command=$Command.Substring(0,$CursorPosition) + } + __podman_debug "Truncated command: $Command" + + $ShellCompDirectiveError=1 + $ShellCompDirectiveNoSpace=2 + $ShellCompDirectiveNoFileComp=4 + $ShellCompDirectiveFilterFileExt=8 + $ShellCompDirectiveFilterDirs=16 + + # Prepare the command to request completions for the program. + # Split the command at the first space to separate the program and arguments. + $Program,$Arguments = $Command.Split(" ",2) + $RequestComp="$Program __complete $Arguments" + __podman_debug "RequestComp: $RequestComp" + + # we cannot use $WordToComplete because it + # has the wrong values if the cursor was moved + # so use the last argument + if ($WordToComplete -ne "" ) { + $WordToComplete = $Arguments.Split(" ")[-1] + } + __podman_debug "New WordToComplete: $WordToComplete" + + + # Check for flag with equal sign + $IsEqualFlag = ($WordToComplete -Like "--*=*" ) + if ( $IsEqualFlag ) { + __podman_debug "Completing equal sign flag" + # Remove the flag part + $Flag,$WordToComplete = $WordToComplete.Split("=",2) + } + + if ( $WordToComplete -eq "" -And ( -Not $IsEqualFlag )) { + # If the last parameter is complete (there is a space following it) + # We add an extra empty parameter so we can indicate this to the go method. + __podman_debug "Adding extra empty parameter" + # We need to use `"`" to pass an empty argument a "" or '' does not work!!! + $RequestComp="$RequestComp" + ' `"`"' + } + + __podman_debug "Calling $RequestComp" + #call the command store the output in $out and redirect stderr and stdout to null + # $Out is an array contains each line per element + Invoke-Expression -OutVariable out "$RequestComp" 2>&1 | Out-Null + + + # get directive from last line + [int]$Directive = $Out[-1].TrimStart(':') + if ($Directive -eq "") { + # There is no directive specified + $Directive = 0 + } + __podman_debug "The completion directive is: $Directive" + + # remove directive (last element) from out + $Out = $Out | Where-Object { $_ -ne $Out[-1] } + __podman_debug "The completions are: $Out" + + if (($Directive -band $ShellCompDirectiveError) -ne 0 ) { + # Error code. No completion. + __podman_debug "Received error from custom completion go code" + return + } + + $Longest = 0 + $Values = $Out | ForEach-Object { + #Split the output in name and description + $Name, $Description = $_.Split("`t",2) + __podman_debug "Name: $Name Description: $Description" + + # Look for the longest completion so that we can format things nicely + if ($Longest -lt $Name.Length) { + $Longest = $Name.Length + } + + # Set the description to a one space string if there is none set. + # This is needed because the CompletionResult does not accept an empty string as argument + if (-Not $Description) { + $Description = " " + } + @{Name="$Name";Description="$Description"} + } + + + $Space = " " + if (($Directive -band $ShellCompDirectiveNoSpace) -ne 0 ) { + # remove the space here + __podman_debug "ShellCompDirectiveNoSpace is called" + $Space = "" + } + + if (($Directive -band $ShellCompDirectiveNoFileComp) -ne 0 ) { + __podman_debug "ShellCompDirectiveNoFileComp is called" + + if ($Values.Length -eq 0) { + # Just print an empty string here so the + # shell does not start to complete paths. + # We cannot use CompletionResult here because + # it does not accept an empty string as argument. + "" + return + } + } + + if ((($Directive -band $ShellCompDirectiveFilterFileExt) -ne 0 ) -or + (($Directive -band $ShellCompDirectiveFilterDirs) -ne 0 )) { + __podman_debug "ShellCompDirectiveFilterFileExt ShellCompDirectiveFilterDirs are not supported" + + # return here to prevent the completion of the extensions + return + } + + $Values = $Values | Where-Object { + # filter the result + $_.Name -like "$WordToComplete*" + + # Join the flag back if we have a equal sign flag + if ( $IsEqualFlag ) { + __podman_debug "Join the equal sign flag back to the completion value" + $_.Name = $Flag + "=" + $_.Name + } + } + + # Get the current mode + $Mode = (Get-PSReadLineKeyHandler | Where-Object {$_.Key -eq "Tab" }).Function + __podman_debug "Mode: $Mode" + + $Values | ForEach-Object { + + # store temporay because switch will overwrite $_ + $comp = $_ + + # PowerShell supports three different completion modes + # - TabCompleteNext (default windows style - on each key press the next option is displayed) + # - Complete (works like bash) + # - MenuComplete (works like zsh) + # You set the mode with Set-PSReadLineKeyHandler -Key Tab -Function <mode> + + # CompletionResult Arguments: + # 1) CompletionText text to be used as the auto completion result + # 2) ListItemText text to be displayed in the suggestion list + # 3) ResultType type of completion result + # 4) ToolTip text for the tooltip with details about the object + + switch ($Mode) { + + # bash like + "Complete" { + + if ($Values.Length -eq 1) { + __podman_debug "Only one completion left" + + # insert space after value + [System.Management.Automation.CompletionResult]::new($($comp.Name | __podman_escapeStringWithSpecialChars) + $Space, "$($comp.Name)", 'ParameterValue', "$($comp.Description)") + + } else { + # Add the proper number of spaces to align the descriptions + while($comp.Name.Length -lt $Longest) { + $comp.Name = $comp.Name + " " + } + + # Check for empty description and only add parentheses if needed + if ($($comp.Description) -eq " " ) { + $Description = "" + } else { + $Description = " ($($comp.Description))" + } + + [System.Management.Automation.CompletionResult]::new("$($comp.Name)$Description", "$($comp.Name)$Description", 'ParameterValue', "$($comp.Description)") + } + } + + # zsh like + "MenuComplete" { + # insert space after value + # MenuComplete will automatically show the ToolTip of + # the highlighted value at the bottom of the suggestions. + [System.Management.Automation.CompletionResult]::new($($comp.Name | __podman_escapeStringWithSpecialChars) + $Space, "$($comp.Name)", 'ParameterValue', "$($comp.Description)") + } + + # TabCompleteNext and in case we get something unknown + Default { + # Like MenuComplete but we don't want to add a space here because + # the user need to press space anyway to get the completion. + # Description will not be shown because thats not possible with TabCompleteNext + [System.Management.Automation.CompletionResult]::new($($comp.Name | __podman_escapeStringWithSpecialChars), "$($comp.Name)", 'ParameterValue', "$($comp.Description)") + } + } + + } +} + +# This file is generated with "podman completion"; see: podman-completion(1) diff --git a/docs/source/conf.py b/docs/source/conf.py index e3715937d..883e1240e 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -29,13 +29,9 @@ author = "team" # ones. extensions = [ "sphinx_markdown_tables", + "recommonmark" ] -source_parsers = { - ".md": "recommonmark.parser.CommonMarkParser", -} - - # Add any paths that contain templates here, relative to this directory. templates_path = ["_templates"] diff --git a/docs/source/markdown/podman-attach.1.md b/docs/source/markdown/podman-attach.1.md index c4a5eec50..eb770d07d 100644 --- a/docs/source/markdown/podman-attach.1.md +++ b/docs/source/markdown/podman-attach.1.md @@ -14,24 +14,24 @@ or name, either to view its ongoing output or to control it interactively. You can detach from the container (and leave it running) using a configurable key sequence. The default sequence is `ctrl-p,ctrl-q`. -Configure the keys sequence using the **--detach-keys** option, or specifying +Configure the keys sequence using the **\-\-detach-keys** option, or specifying it in the **containers.conf** file: see **containers.conf(5)** for more information. ## OPTIONS -#### **--detach-keys**=*sequence* +#### **\-\-detach-keys**=*sequence* Specify the key sequence for detaching a container. Format is a single character `[a-Z]` or one or more `ctrl-<value>` characters where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. Specifying "" will disable this feature. The default is *ctrl-p,ctrl-q*. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) -#### **--no-stdin** +#### **\-\-no-stdin** Do not attach STDIN. The default is false. -#### **--sig-proxy**=*true*|*false* +#### **\-\-sig-proxy**=*true*|*false* Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*. diff --git a/docs/source/markdown/podman-auto-update.1.md b/docs/source/markdown/podman-auto-update.1.md index ad1e425aa..f82a1375c 100644 --- a/docs/source/markdown/podman-auto-update.1.md +++ b/docs/source/markdown/podman-auto-update.1.md @@ -34,7 +34,7 @@ Podman ships with a `podman-auto-update.service` systemd unit. This unit is tri ## OPTIONS -#### **--authfile**=*path* +#### **\-\-authfile**=*path* Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`. diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md index 8fcfe555e..1bb3c2c3a 100644 --- a/docs/source/markdown/podman-build.1.md +++ b/docs/source/markdown/podman-build.1.md @@ -45,14 +45,14 @@ command to see these containers. External containers can be removed with the ## OPTIONS -#### **--add-host**=*host* +#### **\-\-add-host**=*host* Add a custom host-to-IP mapping (host:ip) -Add a line to /etc/hosts. The format is hostname:ip. The **--add-host** option +Add a line to /etc/hosts. The format is hostname:ip. The **\-\-add-host** option can be set multiple times. -#### **--annotation**=*annotation* +#### **\-\-annotation**=*annotation* Add an image *annotation* (e.g. annotation=*value*) to the image metadata. Can be used multiple times. @@ -60,12 +60,12 @@ be used multiple times. Note: this information is not present in Docker image formats, so it is discarded when writing images in Docker formats. -#### **--arch**=*arch* +#### **\-\-arch**=*arch* Set the ARCH of the image to the provided value instead of the architecture of the host. -#### **--authfile**=*path* +#### **\-\-authfile**=*path* Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`. @@ -76,26 +76,26 @@ Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE environment variable. `export REGISTRY_AUTH_FILE=path` -#### **--build-arg**=*arg=value* +#### **\-\-build-arg**=*arg=value* Specifies a build argument and its value, which will be interpolated in instructions read from the Containerfiles in the same way that environment variables are, but which will not be added to environment variable list in the resulting image's configuration. -#### **--cache-from** +#### **\-\-cache-from** Images to utilize as potential cache sources. Podman does not currently support caching so this is a NOOP. (This option is not available with the remote Podman client) -#### **--cap-add**=*CAP\_xxx* +#### **\-\-cap-add**=*CAP\_xxx* When executing RUN instructions, run the command specified in the instruction with the specified capability added to its capability set. Certain capabilities are granted by default; this option can be used to add more. -#### **--cap-drop**=*CAP\_xxx* +#### **\-\-cap-drop**=*CAP\_xxx* When executing RUN instructions, run the command specified in the instruction with the specified capability removed from its capability set. @@ -104,40 +104,40 @@ CAP\_FSETID, CAP\_KILL, CAP\_MKNOD, CAP\_NET\_BIND\_SERVICE, CAP\_SETFCAP, CAP\_SETGID, CAP\_SETPCAP, CAP\_SETUID, and CAP\_SYS\_CHROOT capabilities are granted by default; this option can be used to remove them. -If a capability is specified to both the **--cap-add** and **--cap-drop** +If a capability is specified to both the **\-\-cap-add** and **\-\-cap-drop** options, it will be dropped, regardless of the order in which the options were given. -#### **--cert-dir**=*path* +#### **\-\-cert-dir**=*path* Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client) -#### **--cgroup-parent**=*path* +#### **\-\-cgroup-parent**=*path* Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. -#### **--compress** +#### **\-\-compress** This option is added to be aligned with other containers CLIs. Podman doesn't communicate with a daemon or a remote server. Thus, compressing the data before sending it is irrelevant to Podman. (This option is not available with the remote Podman client) -#### **--cni-config-dir**=*directory* +#### **\-\-cni-config-dir**=*directory* Location of CNI configuration files which will dictate which plugins will be used to configure network interfaces and routing for containers created for handling `RUN` instructions, if those containers will be run in their own network namespaces, and networking is not disabled. -#### **--cni-plugin-path**=*directory[:directory[:directory[...]]]* +#### **\-\-cni-plugin-path**=*directory[:directory[:directory[...]]]* List of directories in which the CNI plugins which will be used for configuring network namespaces can be found. -#### **--cpu-period**=*limit* +#### **\-\-cpu-period**=*limit* Set the CPU period for the Completely Fair Scheduler (CFS), which is a duration in microseconds. Once the container's CPU quota is used up, it will @@ -148,20 +148,20 @@ On some systems, changing the CPU limits may not be allowed for non-root users. For more details, see https://github.com/containers/podman/blob/master/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error -#### **--cpu-quota**=*limit* +#### **\-\-cpu-quota**=*limit* Limit the CPU Completely Fair Scheduler (CFS) quota. Limit the container's CPU usage. By default, containers run with the full CPU resource. The limit is a number in microseconds. If you provide a number, the container will be allowed to use that much CPU time until the CPU period -ends (controllable via **--cpu-period**). +ends (controllable via **\-\-cpu-period**). On some systems, changing the CPU limits may not be allowed for non-root users. For more details, see https://github.com/containers/podman/blob/master/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error -#### **--cpu-shares**, **-c**=*shares* +#### **\-\-cpu-shares**, **-c**=*shares* CPU shares (relative weight) @@ -169,7 +169,7 @@ By default, all containers get the same proportion of CPU cycles. This proportion can be modified by changing the container's CPU share weighting relative to the weighting of all other running containers. -To modify the proportion from the default of 1024, use the **--cpu-shares** +To modify the proportion from the default of 1024, use the **\-\-cpu-shares** flag to set the weighting to 2 or higher. The proportion will only apply when CPU-intensive processes are running. @@ -199,11 +199,11 @@ division of CPU shares: 101 {C1} 1 100% of CPU1 102 {C1} 2 100% of CPU2 -#### **--cpuset-cpus**=*num* +#### **\-\-cpuset-cpus**=*num* CPUs in which to allow execution (0-3, 0,1) -#### **--cpuset-mems**=*nodes* +#### **\-\-cpuset-mems**=*nodes* Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. @@ -212,26 +212,26 @@ If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1` then processes in your container will only use memory from the first two memory nodes. -#### **--creds**=*creds* +#### **\-\-creds**=*creds* The [username[:password]] to use to authenticate with the registry if required. If one or both values are not supplied, a command line prompt will appear and the value can be entered. The password is entered without echo. -#### **--decryption-key**=*key[:passphrase]* +#### **\-\-decryption-key**=*key[:passphrase]* The [key[:passphrase]] to be used for decryption of images. Key can point to keys and/or certificates. Decryption will be tried with all keys. If the key is protected by a passphrase, it is required to be passed in the argument and omitted otherwise. -#### **--device**=_host-device_[**:**_container-device_][**:**_permissions_] +#### **\-\-device**=_host-device_[**:**_container-device_][**:**_permissions_] Add a host device to the container. Optional *permissions* parameter can be used to specify device permissions, it is combination of **r** for read, **w** for write, and **m** for **mknod**(2). -Example: **--device=/dev/sdc:/dev/xvdc:rwm**. +Example: **\-\-device=/dev/sdc:/dev/xvdc:rwm**. Note: if _host_device_ is a symbolic link then it will be resolved first. The container will only store the major and minor numbers of the host device. @@ -239,24 +239,24 @@ The container will only store the major and minor numbers of the host device. Note: if the user only has access rights via a group, accessing the device from inside a rootless container will fail. The **crun**(1) runtime offers a workaround for this by adding the option -#### **--annotation run.oci.keep_original_groups=1**. +#### **\-\-annotation run.oci.keep_original_groups=1**. -#### **--disable-compression**, **-D** +#### **\-\-disable-compression**, **-D** Don't compress filesystem layers when building the image unless it is required by the location where the image is being written. This is the default setting, because image layers are compressed automatically when they are pushed to registries, and images being written to local storage would only need to be decompressed again to be stored. Compression can be forced in all cases by -specifying **--disable-compression=false**. +specifying **\-\-disable-compression=false**. -#### **--disable-content-trust** +#### **\-\-disable-content-trust** This is a Docker specific option to disable image verification to a Docker registry and is not supported by Podman. This flag is a NOOP and provided solely for scripting compatibility. (This option is not available with the remote Podman client) -#### **--dns**=*dns* +#### **\-\-dns**=*dns* Set custom DNS servers to be used during the build. @@ -269,15 +269,15 @@ The special value **none** can be specified to disable creation of /etc/resolv.conf in the container by Podman. The /etc/resolv.conf file in the image will be used without changes. -#### **--dns-option**=*option* +#### **\-\-dns-option**=*option* Set custom DNS options to be used during the build. -#### **--dns-search**=*domain* +#### **\-\-dns-search**=*domain* Set custom DNS search domains to be used during the build. -#### **--file**, **-f**=*Containerfile* +#### **\-\-file**, **-f**=*Containerfile* Specifies a Containerfile which contains instructions for building the image, either a local file or an **http** or **https** URL. If more than one @@ -290,12 +290,12 @@ context. If you specify `-f -`, the Containerfile contents will be read from stdin. -#### **--force-rm**=*true|false* +#### **\-\-force-rm**=*true|false* Always remove intermediate containers after a build, even if the build fails (default true). -#### **--format** +#### **\-\-format** Control the format for the built image's manifest and configuration data. Recognized formats include *oci* (OCI image-spec v1.0, the default) and @@ -304,28 +304,28 @@ Recognized formats include *oci* (OCI image-spec v1.0, the default) and Note: You can also override the default format by setting the BUILDAH\_FORMAT environment variable. `export BUILDAH_FORMAT=docker` -#### **--from** +#### **\-\-from** Overrides the first `FROM` instruction within the Containerfile. If there are multiple FROM instructions in a Containerfile, only the first is changed. -**-h**, **--help** +**-h**, **\-\-help** Print usage statement -#### **--http-proxy** +#### **\-\-http-proxy** Pass through HTTP Proxy environment variables. -#### **--iidfile**=*ImageIDfile* +#### **\-\-iidfile**=*ImageIDfile* Write the image ID to the file. -#### **--ignorefile** +#### **\-\-ignorefile** Path to an alternative .dockerignore file. -#### **--ipc**=*how* +#### **\-\-ipc**=*how* Sets the configuration for IPC namespaces when handling `RUN` instructions. The configured value can be "" (the empty string) or "container" to indicate @@ -334,7 +334,7 @@ that the IPC namespace in which `podman` itself is being run should be reused, or it can be the path to an IPC namespace which is already in use by another process. -#### **--isolation**=*type* +#### **\-\-isolation**=*type* Controls what type of isolation is used for running processes as part of `RUN` instructions. Recognized types include *oci* (OCI-compatible runtime, the @@ -348,13 +348,13 @@ chroot(1) than container technology). Note: You can also override the default isolation type by setting the BUILDAH\_ISOLATION environment variable. `export BUILDAH_ISOLATION=oci` -#### **--jobs**=*number* +#### **\-\-jobs**=*number* Run up to N concurrent stages in parallel. If the number of jobs is greater than 1, stdin will be read from /dev/null. If 0 is specified, then there is no limit in the number of jobs that run in parallel. -#### **--label**=*label* +#### **\-\-label**=*label* Add an image *label* (e.g. label=*value*) to the image metadata. Can be used multiple times. @@ -369,30 +369,30 @@ capabilities is a subset of the default list. If the specified capabilities are not in the default set, Podman will print an error message and will run the container with the default capabilities. -#### **--layers** +#### **\-\-layers** Cache intermediate images during the build process (Default is `true`). Note: You can also override the default value of layers by setting the BUILDAH\_LAYERS environment variable. `export BUILDAH_LAYERS=true` -#### **--logfile**=*filename* +#### **\-\-logfile**=*filename* Log output which would be sent to standard output and standard error to the specified file instead of to standard output and standard error. -#### **--loglevel**=*number* +#### **\-\-loglevel**=*number* Adjust the logging level up or down. Valid option values range from -2 to 3, with 3 being roughly equivalent to using the global *--debug* option, and values below 0 omitting even error messages which accompany fatal errors. -#### **--manifest** "manifest" +#### **\-\-manifest** "manifest" Name of the manifest list to which the image will be added. Creates the manifest list if it does not exist. This option is useful for building multi architecture images. -#### **--memory**, **-m**=*LIMIT* +#### **\-\-memory**, **-m**=*LIMIT* Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) @@ -403,18 +403,18 @@ not limited. The actual limit may be rounded up to a multiple of the operating system's page size (the value would be very large, that's millions of trillions). -#### **--memory-swap**=*LIMIT* +#### **\-\-memory-swap**=*LIMIT* A limit value equal to memory plus swap. Must be used with the **-m** -(**--memory**) flag. The swap `LIMIT` should always be larger than **-m** -(**--memory**) value. By default, the swap `LIMIT` will be set to double +(**\-\-memory**) flag. The swap `LIMIT` should always be larger than **-m** +(**\-\-memory**) value. By default, the swap `LIMIT` will be set to double the value of --memory. The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. -#### **--network**=*mode*, **--net** +#### **\-\-network**=*mode*, **\-\-net** Sets the configuration for network namespaces when handling `RUN` instructions. @@ -427,17 +427,17 @@ considered insecure. - **ns:**_path_: path to a network namespace to join. - **private**: create a new namespace for the container (default). -#### **--no-cache** +#### **\-\-no-cache** Do not use existing cached images for the container build. Build from the start with a new set of cached layers. -#### **--os**=*string* +#### **\-\-os**=*string* Set the OS to the provided value instead of the current operating system of the host. -#### **--pid**=*pid* +#### **\-\-pid**=*pid* Sets the configuration for PID namespaces when handling `RUN` instructions. The configured value can be "" (the empty string) or "container" to indicate @@ -446,13 +446,13 @@ that the PID namespace in which `podman` itself is being run should be reused, or it can be the path to a PID namespace which is already in use by another process. -#### **--platform**="Linux" +#### **\-\-platform**="Linux" This option has no effect on the build. Other container engines use this option to control the execution platform for the build (e.g., Windows, Linux) which is not required for Buildah as it supports only Linux. -#### **--pull** +#### **\-\-pull** When the option is specified or set to "true", pull the image. Raise an error if the image could not be pulled, even if the image is present locally. @@ -461,28 +461,28 @@ If the option is disabled (with *--pull=false*) or not specified, pull the image from the registry only if the image is not present locally. Raise an error if the image is not found in the registries and is not present locally. -#### **--pull-always** +#### **\-\-pull-always** Pull the image from the first registry it is found in as listed in registries.conf. Raise an error if not found in the registries, even if the image is present locally. -#### **--pull-never** +#### **\-\-pull-never** Do not pull the image from the registry, use only the local version. Raise an error if the image is not present locally. -#### **--quiet**, **-q** +#### **\-\-quiet**, **-q** Suppress output messages which indicate which instruction is being processed, and of progress when pulling images from a registry, and when writing the output image. -#### **--rm**=*true|false* +#### **\-\-rm**=*true|false* Remove intermediate containers after a successful build (default true). -#### **--runtime**=*path* +#### **\-\-runtime**=*path* The *path* to an alternate OCI-compatible runtime, which will be used to run commands specified by the **RUN** instruction. @@ -490,7 +490,7 @@ commands specified by the **RUN** instruction. Note: You can also override the default runtime by setting the BUILDAH\_RUNTIME environment variable. `export BUILDAH_RUNTIME=/usr/local/bin/runc` -#### **--security-opt**=*option* +#### **\-\-security-opt**=*option* Security Options @@ -510,7 +510,7 @@ container - `seccomp=profile.json` : White listed syscalls seccomp Json file to be used as a seccomp filter -#### **--shm-size**=*size* +#### **\-\-shm-size**=*size* Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`. @@ -518,40 +518,40 @@ Unit is optional and can be `b` (bytes), `k` (kilobytes), `m`(megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. -#### **--sign-by**=*fingerprint* +#### **\-\-sign-by**=*fingerprint* Sign the image using a GPG key with the specified FINGERPRINT. (This option is not available with the remote Podman client) -#### **--squash** +#### **\-\-squash** Squash all of the image's new layers into a single new layer; any preexisting layers are not squashed. -#### **--squash-all** +#### **\-\-squash-all** Squash all of the new image's layers (including those inherited from a base image) into a single new layer. -#### **--stdin** +#### **\-\-stdin** Pass stdin into the RUN containers. Sometime commands being RUN within a Containerfile want to request information from the user. For example apt asking for a confirmation for install. Use --stdin to be able to interact from the terminal during the build. -#### **--tag**, **-t**=*imageName* +#### **\-\-tag**, **-t**=*imageName* Specifies the name which will be assigned to the resulting image if the build process completes successfully. If _imageName_ does not include a registry name, the registry name *localhost* will be prepended to the image name. -#### **--target**=*stageName* +#### **\-\-target**=*stageName* Set the target build stage to build. When building a Containerfile with multiple build stages, --target can be used to specify an intermediate build stage by name as the final stage for the resulting image. Commands after the target stage will be skipped. -#### **--timestamp** *seconds* +#### **\-\-timestamp** *seconds* Set the create timestamp to seconds since epoch to allow for deterministic builds (defaults to current time). By default, the created timestamp is changed @@ -562,12 +562,12 @@ specified and therefore not changed, allowing the image's sha256 hash to remain same. All files committed to the layers of the image will be created with the timestamp. -#### **--tls-verify**=*true|false* +#### **\-\-tls-verify**=*true|false* Require HTTPS and verify certificates when talking to container registries (defaults to true). (This option is not available with the remote Podman client) -#### **--ulimit**=*type*=*soft-limit*[:*hard-limit*] +#### **\-\-ulimit**=*type*=*soft-limit*[:*hard-limit*] Specifies resource limits to apply to processes launched when processing `RUN` instructions. This option can be specified multiple times. Recognized resource @@ -588,7 +588,7 @@ types include: "sigpending": maximum number of pending signals (ulimit -i) "stack": maximum stack size (ulimit -s) -#### **--userns**=*how* +#### **\-\-userns**=*how* Sets the configuration for user namespaces when handling `RUN` instructions. The configured value can be "" (the empty string) or "container" to indicate @@ -597,7 +597,7 @@ the user namespace in which `podman` itself is being run should be reused, or it can be the path to an user namespace which is already in use by another process. -#### **--userns-uid-map**=*mapping* +#### **\-\-userns-uid-map**=*mapping* Directly specifies a UID mapping which should be used to set ownership, at the filesystem level, on the working container's contents. @@ -618,7 +618,7 @@ If none of --userns-uid-map-user, --userns-gid-map-group, or --userns-uid-map are specified, but --userns-gid-map is specified, the UID map will be set to use the same numeric values as the GID map. -#### **--userns-gid-map**=*mapping* +#### **\-\-userns-gid-map**=*mapping* Directly specifies a GID mapping which should be used to set ownership, at the filesystem level, on the working container's contents. @@ -639,7 +639,7 @@ If none of --userns-uid-map-user, --userns-gid-map-group, or --userns-gid-map are specified, but --userns-uid-map is specified, the GID map will be set to use the same numeric values as the UID map. -#### **--userns-uid-map-user**=*user* +#### **\-\-userns-uid-map-user**=*user* Specifies that a UID mapping which should be used to set ownership, at the filesystem level, on the working container's contents, can be found in entries @@ -654,7 +654,7 @@ suitable user name to use as the default setting for this option. mappings are relative to the rootless usernamespace in the container, rather than being relative to the host as it would be when run rootful. -#### **--userns-gid-map-group**=*group* +#### **\-\-userns-gid-map-group**=*group* Specifies that a GID mapping which should be used to set ownership, at the filesystem level, on the working container's contents, can be found in entries @@ -669,7 +669,7 @@ suitable group name to use as the default setting for this option. mappings are relative to the rootless usernamespace in the container, rather than being relative to the host as it would be when run rootful. -#### **--uts**=*how* +#### **\-\-uts**=*how* Sets the configuration for UTS namespaces when the handling `RUN` instructions. The configured value can be "" (the empty string) or "container" to indicate @@ -678,11 +678,11 @@ that the UTS namespace in which `podman` itself is being run should be reused, or it can be the path to a UTS namespace which is already in use by another process. -#### **--variant**="" +#### **\-\-variant**="" Set the architecture variant of the image to be pulled. -#### **--volume**, **-v**[=*[HOST-DIR:CONTAINER-DIR[:OPTIONS]]*] +#### **\-\-volume**, **-v**[=*[HOST-DIR:CONTAINER-DIR[:OPTIONS]]*] Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Podman bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Podman diff --git a/docs/source/markdown/podman-commit.1.md b/docs/source/markdown/podman-commit.1.md index 7485e9bd9..35ee1d010 100644 --- a/docs/source/markdown/podman-commit.1.md +++ b/docs/source/markdown/podman-commit.1.md @@ -22,39 +22,39 @@ If *image* is not provided, the values for the `REPOSITORY` and `TAG` values of ## OPTIONS -#### **--author**, **-a**=*author* +#### **\-\-author**, **-a**=*author* Set the author for the committed image -#### **--change**, **-c**=*instruction* +#### **\-\-change**, **-c**=*instruction* Apply the following possible instructions to the created image: **CMD** | **ENTRYPOINT** | **ENV** | **EXPOSE** | **LABEL** | **ONBUILD** | **STOPSIGNAL** | **USER** | **VOLUME** | **WORKDIR** Can be set multiple times -#### **--format**, **-f**=*format* +#### **\-\-format**, **-f**=*format* Set the format of the image manifest and metadata. The currently supported formats are _oci_ and _docker_. If not specifically set, the default format used is _oci_. -#### **--iidfile**=*ImageIDfile* +#### **\-\-iidfile**=*ImageIDfile* Write the image ID to the file. -#### **--include-volumes** +#### **\-\-include-volumes** Include in the committed image any volumes added to the container by the `--volume` or `--mount` options to the `podman create` and `podman run` commands. -#### **--message**, **-m**=*message* +#### **\-\-message**, **-m**=*message* Set commit message for committed image. The message field is not supported in _oci_ format. -#### **--pause**, **-p** +#### **\-\-pause**, **-p** Pause the container when creating an image -#### **--quiet**, **-q** +#### **\-\-quiet**, **-q** Suppress output diff --git a/docs/source/markdown/podman-completion.1.md b/docs/source/markdown/podman-completion.1.md index 50b0b6145..964f3264e 100644 --- a/docs/source/markdown/podman-completion.1.md +++ b/docs/source/markdown/podman-completion.1.md @@ -4,53 +4,60 @@ podman\-completion - Generate shell completion scripts ## SYNOPSIS -**podman completion** [*options*] *bash*|*zsh*|*fish* +**podman completion** [*options*] *bash*|*zsh*|*fish*|*powershell* ## DESCRIPTION -The completion command allows you to generate shell completion scripts. Supported shells are **bash**, **zsh** and **fish**. +The completion command generates shell completion scripts for a variety of shells. Supported shells are **bash**, **zsh**, **fish** and **powershell**. These script are used by the shell to provide suggestions and complete commands when you are typing the command and press [TAB]. Usually these scripts are automatically installed via the package manager. ## OPTIONS -#### **--file**, **-f** +#### **\-\-file**, **-f** Write the generated output to file. -#### **--no-desc** +#### **\-\-no-desc** Do not provide description in the completions. ## Installation ### BASH -Make sure you have `bash-completion` installed on your system. +Make sure you have `bash-completion` installed on the system. -To load the completion script into your current session run: +To load the completion script into the current session run: `source <(podman completion bash)` -To make it available in all your bash sessions run: +To make it available for all bash sessions run: `podman completion bash -f /etc/bash_completion.d/podman` ### ZSH -If shell completion is not already enabled in your environment you will need to enable it. You can execute the following once: +If shell completion is not already enabled in the environment you will need to enable it. You can execute the following once: `echo "autoload -U compinit; compinit" >> ~/.zshrc` -To make it available in all your zsh sessions run: +To make it available for all zsh sessions run: `podman completion zsh -f "${fpath[1]}/_podman"` Once you reload the shell the autocompletion should be working. ### FISH -To load the completion script into your current session run: +To load the completion script into the current session run: `podman completion fish | source` -To make it available in all your fish sessions run: +To make it available for all fish sessions run: `podman completion fish -f ~/.config/fish/completions/podman.fish` +### POWERSHELL +To load the completion script into the current session run: +`podman.exe completion powershell | Out-String | Invoke-Expression` + +To make it available in all powershell sessions that a user has, write the +completion output to a file and source that to the user's powershell profile. +More information about profiles is available with `Get-Help about_Profiles`. ## SEE ALSO [podman(1)](podman.1.md) diff --git a/docs/source/markdown/podman-container-checkpoint.1.md b/docs/source/markdown/podman-container-checkpoint.1.md index 46b6cb646..a93464508 100644 --- a/docs/source/markdown/podman-container-checkpoint.1.md +++ b/docs/source/markdown/podman-container-checkpoint.1.md @@ -10,61 +10,61 @@ podman\-container\-checkpoint - Checkpoints one or more running containers Checkpoints all the processes in one or more containers. You may use container IDs or names as input. ## OPTIONS -#### **--keep**, **-k** +#### **\-\-keep**, **-k** Keep all temporary log and statistics files created by CRIU during checkpointing. These files are not deleted if checkpointing fails for further debugging. If checkpointing succeeds these files are theoretically not needed, but if these files are needed Podman can keep the files for further analysis. -#### **--all**, **-a** +#### **\-\-all**, **-a** Checkpoint all running containers. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, checkpoint the last created container. (This option is not available with the remote Podman client) -#### **--leave-running**, **-R** +#### **\-\-leave-running**, **-R** Leave the container running after checkpointing instead of stopping it. -#### **--tcp-established** +#### **\-\-tcp-established** Checkpoint a container with established TCP connections. If the checkpoint image contains established TCP connections, this options is required during restore. Defaults to not checkpointing containers with established TCP connections. -#### **--export**, **-e** +#### **\-\-export**, **-e** Export the checkpoint to a tar.gz file. The exported checkpoint can be used to import the container on another system and thus enabling container live migration. This checkpoint archive also includes all changes to the container's -root file-system, if not explicitly disabled using **--ignore-rootfs** +root file-system, if not explicitly disabled using **\-\-ignore-rootfs** -#### **--ignore-rootfs** +#### **\-\-ignore-rootfs** -This only works in combination with **--export, -e**. If a checkpoint is -exported to a tar.gz file it is possible with the help of **--ignore-rootfs** +This only works in combination with **\-\-export, -e**. If a checkpoint is +exported to a tar.gz file it is possible with the help of **\-\-ignore-rootfs** to explicitly disable including changes to the root file-system into the checkpoint archive file. -#### **--ignore-volumes** +#### **\-\-ignore-volumes** -This option must be used in combination with the **--export, -e** option. +This option must be used in combination with the **\-\-export, -e** option. When this option is specified, the content of volumes associated with the container will not be included into the checkpoint tar.gz file. -#### **--pre-checkpoint**, **-P** +#### **\-\-pre-checkpoint**, **-P** Dump the container's memory information only, leaving the container running. Later operations will supersede prior dumps. It only works on runc 1.0-rc3 or higher. -#### **--with-previous** +#### **\-\-with-previous** Check out the container with previous criu image files in pre-dump. It only works -without **--pre-checkpoint** or **-P**. It only works on runc 1.0-rc3 or higher. +without **\-\-pre-checkpoint** or **-P**. It only works on runc 1.0-rc3 or higher. ## EXAMPLE diff --git a/docs/source/markdown/podman-container-cleanup.1.md b/docs/source/markdown/podman-container-cleanup.1.md index 8fd267b47..bd650c6af 100644 --- a/docs/source/markdown/podman-container-cleanup.1.md +++ b/docs/source/markdown/podman-container-cleanup.1.md @@ -12,26 +12,26 @@ Sometimes container's mount points and network stacks can remain if the podman c ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Cleanup all containers. -#### **--exec**=_session_ +#### **\-\-exec**=_session_ Clean up an exec session for a single container. -Can only be specified if a single container is being cleaned up (conflicts with **--all** as such). -If **--rm** is not specified, temporary files for the exec session will be cleaned up; if it is, the exec session will be removed from the container. -Conflicts with **--rmi** as the container is not being cleaned up so the image cannot be removed. +Can only be specified if a single container is being cleaned up (conflicts with **\-\-all** as such). +If **\-\-rm** is not specified, temporary files for the exec session will be cleaned up; if it is, the exec session will be removed from the container. +Conflicts with **\-\-rmi** as the container is not being cleaned up so the image cannot be removed. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) -#### **--rm** +#### **\-\-rm** After cleanup, remove the container entirely. -#### **--rmi** +#### **\-\-rmi** After cleanup, remove the image entirely. diff --git a/docs/source/markdown/podman-container-exists.1.md b/docs/source/markdown/podman-container-exists.1.md index 381d968ab..28f1832a2 100644 --- a/docs/source/markdown/podman-container-exists.1.md +++ b/docs/source/markdown/podman-container-exists.1.md @@ -14,10 +14,10 @@ was an issue accessing the local storage. ## OPTIONS -#### **--external**=*true|false* +#### **\-\-external**=*true|false* Check for external containers as well as Podman containers. These external containers are generally created via other container technology such as Buildah or CRI-O. -**-h**, **--help** +**-h**, **\-\-help** Print usage statement ## EXAMPLES diff --git a/docs/source/markdown/podman-container-prune.1.md b/docs/source/markdown/podman-container-prune.1.md index b199f9ebb..abdf58981 100644 --- a/docs/source/markdown/podman-container-prune.1.md +++ b/docs/source/markdown/podman-container-prune.1.md @@ -11,7 +11,7 @@ podman-container-prune - Remove all stopped containers from local storage ## OPTIONS -#### **--filter**=*filters* +#### **\-\-filter**=*filters* Provide filter values. @@ -26,11 +26,11 @@ The until filter can be Unix timestamps, date formatted timestamps, or Go durati The label filter accepts two formats. One is the label=... (label=_key_ or label=_key=value_), which removes containers with the specified labels. The other format is the label!=... (label!=_key_ or label!=_key=value_), which removes containers without the specified labels. -#### **--force**, **-f** +#### **\-\-force**, **-f** Do not provide an interactive prompt for container removal. -**-h**, **--help** +**-h**, **\-\-help** Print usage statement diff --git a/docs/source/markdown/podman-container-restore.1.md b/docs/source/markdown/podman-container-restore.1.md index ef8722279..3b517fb3d 100644 --- a/docs/source/markdown/podman-container-restore.1.md +++ b/docs/source/markdown/podman-container-restore.1.md @@ -10,7 +10,7 @@ podman\-container\-restore - Restores one or more containers from a checkpoint Restores a container from a checkpoint. You may use container IDs or names as input. ## OPTIONS -#### **--keep**, **-k** +#### **\-\-keep**, **-k** Keep all temporary log and statistics files created by CRIU during checkpointing as well as restoring. These files are not deleted if restoring @@ -21,18 +21,18 @@ files created during checkpointing. The size required by the checkpoint directory is roughly the same as the amount of memory required by the processes in the checkpointed container. -Without the **-k**, **--keep** option the checkpoint will be consumed and cannot be used +Without the **-k**, **\-\-keep** option the checkpoint will be consumed and cannot be used again. -#### **--all**, **-a** +#### **\-\-all**, **-a** Restore all checkpointed containers. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, restore the last created container. (This option is not available with the remote Podman client) -#### **--tcp-established** +#### **\-\-tcp-established** Restore a container with established TCP connections. If the checkpoint image contains established TCP connections, this option is required during restore. @@ -40,58 +40,58 @@ If the checkpoint image does not contain established TCP connections this option is ignored. Defaults to not restoring containers with established TCP connections. -#### **--import**, **-i** +#### **\-\-import**, **-i** Import a checkpoint tar.gz file, which was exported by Podman. This can be used to import a checkpointed container from another host. Do not specify a *container* argument when using this option. -#### **--import-previous** +#### **\-\-import-previous** Import a pre-checkpoint tar.gz file which was exported by Podman. This option -must be used with **-i** or **--import**. It only works on runc 1.0-rc3 or higher. +must be used with **-i** or **\-\-import**. It only works on runc 1.0-rc3 or higher. -#### **--name**, **-n** +#### **\-\-name**, **-n** -This is only available in combination with **--import, -i**. If a container is restored -from a checkpoint tar.gz file it is possible to rename it with **--name, -n**. This +This is only available in combination with **\-\-import, -i**. If a container is restored +from a checkpoint tar.gz file it is possible to rename it with **\-\-name, -n**. This way it is possible to restore a container from a checkpoint multiple times with different names. -If the **--name, -n** option is used, Podman will not attempt to assign the same IP +If the **\-\-name, -n** option is used, Podman will not attempt to assign the same IP address to the container it was using before checkpointing as each IP address can only be used once and the restored container will have another IP address. This also means -that **--name, -n** cannot be used in combination with **--tcp-established**. +that **\-\-name, -n** cannot be used in combination with **\-\-tcp-established**. -#### **--ignore-rootfs** +#### **\-\-ignore-rootfs** -This is only available in combination with **--import, -i**. If a container is restored +This is only available in combination with **\-\-import, -i**. If a container is restored from a checkpoint tar.gz file it is possible that it also contains all root file-system -changes. With **--ignore-rootfs** it is possible to explicitly disable applying these +changes. With **\-\-ignore-rootfs** it is possible to explicitly disable applying these root file-system changes to the restored container. -#### **--ignore-static-ip** +#### **\-\-ignore-static-ip** -If the container was started with **--ip** the restored container also tries to use that +If the container was started with **\-\-ip** the restored container also tries to use that IP address and restore fails if that IP address is already in use. This can happen, if -a container is restored multiple times from an exported checkpoint with **--name, -n**. +a container is restored multiple times from an exported checkpoint with **\-\-name, -n**. -Using **--ignore-static-ip** tells Podman to ignore the IP address if it was configured -with **--ip** during container creation. +Using **\-\-ignore-static-ip** tells Podman to ignore the IP address if it was configured +with **\-\-ip** during container creation. -#### **--ignore-static-mac** +#### **\-\-ignore-static-mac** -If the container was started with **--mac-address** the restored container also +If the container was started with **\-\-mac-address** the restored container also tries to use that MAC address and restore fails if that MAC address is already in use. This can happen, if a container is restored multiple times from an -exported checkpoint with **--name, -n**. +exported checkpoint with **\-\-name, -n**. -Using **--ignore-static-mac** tells Podman to ignore the MAC address if it was -configured with **--mac-address** during container creation. +Using **\-\-ignore-static-mac** tells Podman to ignore the MAC address if it was +configured with **\-\-mac-address** during container creation. -#### **--ignore-volumes** +#### **\-\-ignore-volumes** -This option must be used in combination with the **--import, -i** option. +This option must be used in combination with the **\-\-import, -i** option. When restoring containers from a checkpoint tar.gz file with this option, the content of associated volumes will not be restored. diff --git a/docs/source/markdown/podman-container-runlabel.1.md b/docs/source/markdown/podman-container-runlabel.1.md index 36bcbab3d..84d283cf8 100644 --- a/docs/source/markdown/podman-container-runlabel.1.md +++ b/docs/source/markdown/podman-container-runlabel.1.md @@ -41,7 +41,7 @@ is used. Any additional arguments will be appended to the command. ## OPTIONS -#### **--authfile**=*path* +#### **\-\-authfile**=*path* Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`. @@ -49,39 +49,39 @@ If the authorization state is not found there, $HOME/.docker/config.json is chec Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE environment variable. `export REGISTRY_AUTH_FILE=path` -#### **--display** +#### **\-\-display** Display the label's value of the image having populated its environment variables. The runlabel command will not execute if --display is specified. -#### **--cert-dir**=*path* +#### **\-\-cert-dir**=*path* Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client) -#### **--creds**=*[username[:password]]* +#### **\-\-creds**=*[username[:password]]* The [username[:password]] to use to authenticate with the registry if required. If one or both values are not supplied, a command line prompt will appear and the value can be entered. The password is entered without echo. -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement -#### **--name**, **-n**=*name* +#### **\-\-name**, **-n**=*name* Use this name for creating content for the container. NAME will default to the IMAGENAME if it is not specified. -#### **--quiet**, **-q** +#### **\-\-quiet**, **-q** Suppress output information when pulling images -#### **--replace** +#### **\-\-replace** If a container exists of the default or given name, as needed it will be stopped, deleted and a new container will be created from this image. -#### **--tls-verify** +#### **\-\-tls-verify** Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 5c53f8601..9ae4ab207 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -65,22 +65,22 @@ and specified with a _tag_. $ podman create oci-archive:/tmp/fedora echo hello ## OPTIONS -#### **--add-host**=*host* +#### **\-\-add-host**=*host* Add a custom host-to-IP mapping (host:ip) -Add a line to /etc/hosts. The format is hostname:ip. The **--add-host** +Add a line to /etc/hosts. The format is hostname:ip. The **\-\-add-host** option can be set multiple times. -#### **--annotation**=*key=value* +#### **\-\-annotation**=*key=value* Add an annotation to the container. The format is key=value. -The **--annotation** option can be set multiple times. +The **\-\-annotation** option can be set multiple times. -#### **--arch**=*ARCH* +#### **\-\-arch**=*ARCH* Override the architecture, defaults to hosts, of the image to be pulled. For example, `arm`. -#### **--attach**, **-a**=*location* +#### **\-\-attach**, **-a**=*location* Attach to STDIN, STDOUT or STDERR. @@ -91,30 +91,30 @@ error. It can even pretend to be a TTY (this is what most commandline executables expect) and pass along signals. The **-a** option can be set for each of stdin, stdout, and stderr. -#### **--authfile**=*path* +#### **\-\-authfile**=*path* Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE environment variable. `export REGISTRY_AUTH_FILE=path` -#### **--blkio-weight**=*weight* +#### **\-\-blkio-weight**=*weight* Block IO weight (relative weight) accepts a weight value between 10 and 1000. -#### **--blkio-weight-device**=*weight* +#### **\-\-blkio-weight-device**=*weight* Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`). -#### **--cap-add**=*capability* +#### **\-\-cap-add**=*capability* Add Linux capabilities -#### **--cap-drop**=*capability* +#### **\-\-cap-drop**=*capability* Drop Linux capabilities -#### **--cgroupns**=*mode* +#### **\-\-cgroupns**=*mode* Set the cgroup namespace mode for the container. **`host`**: use the host's cgroup namespace inside the container. @@ -124,33 +124,33 @@ Set the cgroup namespace mode for the container. If the host uses cgroups v1, the default is set to **host**. On cgroups v2 the default is **private**. -#### **--cgroups**=*mode* +#### **\-\-cgroups**=*mode* Determines whether the container will create CGroups. Valid values are *enabled*, *disabled*, *no-conmon*, *split*, which the default being *enabled*. The *enabled* option will create a new cgroup under the cgroup-parent. -The *disabled* option will force the container to not create CGroups, and thus conflicts with CGroup options (**--cgroupns** and **--cgroup-parent**). +The *disabled* option will force the container to not create CGroups, and thus conflicts with CGroup options (**\-\-cgroupns** and **\-\-cgroup-parent**). The *no-conmon* option disables a new CGroup only for the conmon process. The *split* option splits the current cgroup in two sub-cgroups: one for conmon and one for the container payload. It is not possible to set *--cgroup-parent* with *split*. -#### **--cgroup-parent**=*path* +#### **\-\-cgroup-parent**=*path* Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. -#### **--cgroup-conf**=*KEY=VALUE* +#### **\-\-cgroup-conf**=*KEY=VALUE* -When running on cgroup v2, specify the cgroup file to write to and its value. For example **--cgroup-conf=memory.high=1073741824** sets the memory.high limit to 1GB. +When running on cgroup v2, specify the cgroup file to write to and its value. For example **\-\-cgroup-conf=memory.high=1073741824** sets the memory.high limit to 1GB. -#### **--cidfile**=*id* +#### **\-\-cidfile**=*id* Write the container ID to the file -#### **--conmon-pidfile**=*path* +#### **\-\-conmon-pidfile**=*path* Write the pid of the `conmon` process to a file. `conmon` runs in a separate process than Podman, so this is necessary when using systemd to restart Podman containers. -#### **--cpu-period**=*limit* +#### **\-\-cpu-period**=*limit* Set the CPU period for the Completely Fair Scheduler (CFS), which is a duration in microseconds. Once the container's CPU quota is used up, it will @@ -161,26 +161,26 @@ On some systems, changing the CPU limits may not be allowed for non-root users. For more details, see https://github.com/containers/podman/blob/master/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error -#### **--cpu-quota**=*limit* +#### **\-\-cpu-quota**=*limit* Limit the CPU Completely Fair Scheduler (CFS) quota. Limit the container's CPU usage. By default, containers run with the full CPU resource. The limit is a number in microseconds. If you provide a number, the container will be allowed to use that much CPU time until the CPU period -ends (controllable via **--cpu-period**). +ends (controllable via **\-\-cpu-period**). On some systems, changing the CPU limits may not be allowed for non-root users. For more details, see https://github.com/containers/podman/blob/master/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error -#### **--cpu-rt-period**=*microseconds* +#### **\-\-cpu-rt-period**=*microseconds* Limit the CPU real-time period in microseconds Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify. -#### **--cpu-rt-runtime**=*microseconds* +#### **\-\-cpu-rt-runtime**=*microseconds* Limit the CPU real-time runtime in microseconds @@ -189,7 +189,7 @@ Period of 1,000,000us and Runtime of 950,000us means that this container could c The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup. -#### **--cpu-shares**=*shares* +#### **\-\-cpu-shares**=*shares* CPU shares (relative weight) @@ -197,7 +197,7 @@ By default, all containers get the same proportion of CPU cycles. This proportio can be modified by changing the container's CPU share weighting relative to the weighting of all other running containers. -To modify the proportion from the default of 1024, use the **--cpu-shares** +To modify the proportion from the default of 1024, use the **\-\-cpu-shares** flag to set the weighting to 2 or higher. The proportion will only apply when CPU-intensive processes are running. @@ -226,21 +226,21 @@ PID container CPU CPU share 101 {C1} 1 100% of CPU1 102 {C1} 2 100% of CPU2 -#### **--cpus**=*number* +#### **\-\-cpus**=*number* Number of CPUs. The default is *0.0* which means no limit. This is shorthand -for **--cpu-period** and **--cpu-quota**, so you may only set either -#### **--cpus** or **--cpu-period** and **--cpu-quota**. +for **\-\-cpu-period** and **\-\-cpu-quota**, so you may only set either +#### **\-\-cpus** or **\-\-cpu-period** and **\-\-cpu-quota**. On some systems, changing the CPU limits may not be allowed for non-root users. For more details, see https://github.com/containers/podman/blob/master/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error -#### **--cpuset-cpus**=*cpus* +#### **\-\-cpuset-cpus**=*cpus* CPUs in which to allow execution (0-3, 0,1) -#### **--cpuset-mems**=*nodes* +#### **\-\-cpuset-mems**=*nodes* Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. @@ -248,75 +248,75 @@ If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1` then processes in your container will only use memory from the first two memory nodes. -#### **--device**=_host-device_[**:**_container-device_][**:**_permissions_] +#### **\-\-device**=_host-device_[**:**_container-device_][**:**_permissions_] Add a host device to the container. Optional *permissions* parameter can be used to specify device permissions, it is combination of **r** for read, **w** for write, and **m** for **mknod**(2). -Example: **--device=/dev/sdc:/dev/xvdc:rwm**. +Example: **\-\-device=/dev/sdc:/dev/xvdc:rwm**. Note: if _host_device_ is a symbolic link then it will be resolved first. The container will only store the major and minor numbers of the host device. Note: if the user only has access rights via a group, accessing the device from inside a rootless container will fail. The **crun**(1) runtime offers a -workaround for this by adding the option **--annotation run.oci.keep_original_groups=1**. +workaround for this by adding the option **\-\-annotation run.oci.keep_original_groups=1**. Podman may load kernel modules required for using the specified device. The devices that podman will load modules when necessary are: /dev/fuse. -#### **--device-cgroup-rule**="type major:minor mode" +#### **\-\-device-cgroup-rule**="type major:minor mode" Add a rule to the cgroup allowed devices list. The rule is expected to be in the format specified in the Linux kernel documentation (Documentation/cgroup-v1/devices.txt): - type: a (all), c (char), or b (block); - major and minor: either a number, or * for all; - mode: a composition of r (read), w (write), and m (mknod(2)). -#### **--device-read-bps**=*path* +#### **\-\-device-read-bps**=*path* Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb) -#### **--device-read-iops**=*path* +#### **\-\-device-read-iops**=*path* Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000) -#### **--device-write-bps**=*path* +#### **\-\-device-write-bps**=*path* Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb) -#### **--device-write-iops**=*path* +#### **\-\-device-write-iops**=*path* Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000) -#### **--disable-content-trust** +#### **\-\-disable-content-trust** This is a Docker specific option to disable image verification to a Docker registry and is not supported by Podman. This flag is a NOOP and provided solely for scripting compatibility. -#### **--dns**=*dns* +#### **\-\-dns**=*dns* -Set custom DNS servers. Invalid if using **--dns** and **--network** that is set to 'none' or `container:<name|id>`. +Set custom DNS servers. Invalid if using **\-\-dns** and **\-\-network** that is set to 'none' or `container:<name|id>`. This option can be used to override the DNS configuration passed to the container. Typically this is necessary when the host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this -is the case the **--dns** flags is necessary for every run. +is the case the **\-\-dns** flags is necessary for every run. The special value **none** can be specified to disable creation of **/etc/resolv.conf** in the container by Podman. The **/etc/resolv.conf** file in the image will be used without changes. -#### **--dns-opt**=*option* +#### **\-\-dns-opt**=*option* -Set custom DNS options. Invalid if using **--dns-opt** and **--network** that is set to 'none' or `container:<name|id>`. +Set custom DNS options. Invalid if using **\-\-dns-opt** and **\-\-network** that is set to 'none' or `container:<name|id>`. -#### **--dns-search**=*domain* +#### **\-\-dns-search**=*domain* -Set custom DNS search domains. Invalid if using **--dns-search** and **--network** that is set to 'none' or `container:<name|id>`. (Use --dns-search=. if you don't wish to set the search domain) +Set custom DNS search domains. Invalid if using **\-\-dns-search** and **\-\-network** that is set to 'none' or `container:<name|id>`. (Use --dns-search=. if you don't wish to set the search domain) -#### **--entrypoint**=*"command"* | *'["command", "arg1", ...]'* +#### **\-\-entrypoint**=*"command"* | *'["command", "arg1", ...]'* Overwrite the default ENTRYPOINT of the image @@ -328,12 +328,12 @@ default nature or behavior, so that when you set an ENTRYPOINT you can run the container as if it were that binary, complete with default options, and you can pass in more options via the COMMAND. But, sometimes an operator may want to run something else inside the container, so you can override the default ENTRYPOINT -at runtime by using a **--entrypoint** and a string to specify the new +at runtime by using a **\-\-entrypoint** and a string to specify the new ENTRYPOINT. You need to specify multi option commands in the form of a json string. -#### **--env**, **-e**=*env* +#### **\-\-env**, **-e**=*env* Set environment variables @@ -341,30 +341,30 @@ This option allows arbitrary environment variables that are available for the pr See [**Environment**](#environment) note below for precedence and examples. -#### **--env-host**=*true|false* +#### **\-\-env-host**=*true|false* Use host environment inside of the container. See **Environment** note below for precedence. (This option is not available with the remote Podman client) -#### **--env-file**=*file* +#### **\-\-env-file**=*file* Read in a line delimited file of environment variables. See **Environment** note below for precedence. -#### **--expose**=*port* +#### **\-\-expose**=*port* Expose a port, or a range of ports (e.g. --expose=3300-3310) to set up port redirection on the host system. -#### **--gidmap**=*container_gid:host_gid:amount* +#### **\-\-gidmap**=*container_gid:host_gid:amount* GID map for the user namespace. Using this flag will run the container with user namespace enabled. It conflicts with the `--userns` and `--subgidname` flags. The following example maps uids 0-2000 in the container to the uids 30000-31999 on the host and gids 0-2000 in the container to the gids 30000-31999 on the host. `--gidmap=0:30000:2000` -#### **--group-add**=*group* +#### **\-\-group-add**=*group* Add additional groups to run as -#### **--health-cmd**=*"command"* | *'["command", "arg1", ...]'* +#### **\-\-health-cmd**=*"command"* | *'["command", "arg1", ...]'* Set or alter a healthcheck command for a container. The command is a command to be executed inside your container that determines your container health. The command is required for other healthcheck options @@ -373,35 +373,35 @@ to be applied. A value of `none` disables existing healthchecks. Multiple options can be passed in the form of a JSON array; otherwise, the command will be interpreted as an argument to `/bin/sh -c`. -#### **--health-interval**=*interval* +#### **\-\-health-interval**=*interval* Set an interval for the healthchecks (a value of `disable` results in no automatic timer setup) (default "30s") -#### **--health-retries**=*retries* +#### **\-\-health-retries**=*retries* The number of retries allowed before a healthcheck is considered to be unhealthy. The default value is `3`. -#### **--health-start-period**=*period* +#### **\-\-health-start-period**=*period* The initialization time needed for a container to bootstrap. The value can be expressed in time format like `2m3s`. The default value is `0s` -#### **--health-timeout**=*timeout* +#### **\-\-health-timeout**=*timeout* The maximum time allowed to complete the healthcheck before an interval is considered failed. Like start-period, the value can be expressed in a time format such as `1m22s`. The default value is `30s`. -#### **--hostname**=*name*, **-h** +#### **\-\-hostname**=*name*, **-h** Container host name Sets the container host name that is available inside the container. Can only be used with a private UTS namespace `--uts=private` (default). If `--pod` is specified and the pod shares the UTS namespace (default) the pod's hostname will be used. -#### **--help** +#### **\-\-help** Print usage statement -#### **--http-proxy**=*true|false* +#### **\-\-http-proxy**=*true|false* By default proxy environment variables are passed into the container if set for the Podman process. This can be disabled by setting the `--http-proxy` @@ -421,7 +421,7 @@ container: Defaults to `true` -#### **--image-volume**, **builtin-volume**=*bind|tmpfs|ignore* +#### **\-\-image-volume**, **builtin-volume**=*bind|tmpfs|ignore* Tells Podman how to handle the builtin image volumes. Default is **bind**. @@ -430,37 +430,37 @@ Tells Podman how to handle the builtin image volumes. Default is **bind**. content that disappears when the container is stopped. - **ignore**: All volumes are just ignored and no action is taken. -#### **--init** +#### **\-\-init** Run an init inside the container that forwards signals and reaps processes. -#### **--init-path**=*path* +#### **\-\-init-path**=*path* Path to the container-init binary. -#### **--interactive**, **-i**=*true|false* +#### **\-\-interactive**, **-i**=*true|false* Keep STDIN open even if not attached. The default is *false*. -#### **--ip6**=*ip* +#### **\-\-ip6**=*ip* Not implemented -#### **--ip**=*ip* +#### **\-\-ip**=*ip* Specify a static IP address for the container, for example **10.88.64.128**. This option can only be used if the container is joined to only a single network - i.e., `--network=_network-name_` is used at most once - and if the container is not joining another container's network namespace via `--network=container:_id_`. The address must be within the CNI network's IP address pool (default **10.88.0.0/16**). -#### **--ipc**=*ipc* +#### **\-\-ipc**=*ipc* Default is to create a private IPC namespace (POSIX SysV IPC) for the container `container:<name|id>`: reuses another container shared memory, semaphores and message queues `host`: use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. `ns:<path>` path to an IPC namespace to join. -#### **--kernel-memory**=*number[unit]* +#### **\-\-kernel-memory**=*number[unit]* Kernel memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) @@ -470,34 +470,34 @@ is not limited. If you specify a limit, it may be rounded up to a multiple of the operating system's page size and the value can be very large, millions of trillions. -#### **--label**, **-l**=*label* +#### **\-\-label**, **-l**=*label* Add metadata to a container (e.g., --label com.example.key=value) -#### **--label-file**=*file* +#### **\-\-label-file**=*file* Read in a line delimited file of labels -#### **--link-local-ip**=*ip* +#### **\-\-link-local-ip**=*ip* Not implemented -#### **--log-driver**="*k8s-file*" +#### **\-\-log-driver**="*k8s-file*" Logging driver for the container. Currently available options are *k8s-file*, *journald*, and *none*, with *json-file* aliased to *k8s-file* for scripting compatibility. -#### **--log-opt**=*name*=*value* +#### **\-\-log-opt**=*name*=*value* Set custom logging configuration. The following *name*s are supported: - **path**: specify a path to the log file -(e.g. **--log-opt path=/var/log/container/mycontainer.json**); +(e.g. **\-\-log-opt path=/var/log/container/mycontainer.json**); - **max-size**: specify a max size of the log file -(e.g. **--log-opt max-size=10mb**); +(e.g. **\-\-log-opt max-size=10mb**); - **tag**: specify a custom log tag for the container -(e.g. **--log-opt tag="{{.ImageName}}"**. +(e.g. **\-\-log-opt tag="{{.ImageName}}"**. It supports the same keys as **podman inspect --format**. @@ -509,7 +509,7 @@ It supports the same keys as `podman inspect --format`. It is currently supported only by the journald log driver. -#### **--mac-address**=*address* +#### **\-\-mac-address**=*address* Container MAC address (e.g. 92:d0:c6:0a:29:33) @@ -517,7 +517,7 @@ Remember that the MAC address in an Ethernet network must be unique. The IPv6 link-local address will be based on the device's MAC address according to RFC4862. -#### **--memory**, **-m**=*limit* +#### **\-\-memory**, **-m**=*limit* Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) @@ -527,32 +527,32 @@ RAM. If a limit of 0 is specified (not using **-m**), the container's memory is not limited. The actual limit may be rounded up to a multiple of the operating system's page size (the value would be very large, that's millions of trillions). -#### **--memory-reservation**=*limit* +#### **\-\-memory-reservation**=*limit* Memory soft limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) After setting memory reservation, when the system detects memory contention or low memory, containers are forced to restrict their consumption to their -reservation. So you should always set the value below **--memory**, otherwise the +reservation. So you should always set the value below **\-\-memory**, otherwise the hard limit will take precedence. By default, memory reservation will be the same as memory limit. -#### **--memory-swap**=*limit* +#### **\-\-memory-swap**=*limit* A limit value equal to memory plus swap. Must be used with the **-m** -(**--memory**) flag. The swap `LIMIT` should always be larger than **-m** -(**--memory**) value. By default, the swap `LIMIT` will be set to double +(**\-\-memory**) flag. The swap `LIMIT` should always be larger than **-m** +(**\-\-memory**) value. By default, the swap `LIMIT` will be set to double the value of --memory. The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. -#### **--memory-swappiness**=*number* +#### **\-\-memory-swappiness**=*number* Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. -#### **--mount**=*type=TYPE,TYPE-SPECIFIC-OPTION[,...]* +#### **\-\-mount**=*type=TYPE,TYPE-SPECIFIC-OPTION[,...]* Attach a filesystem mount to the container @@ -609,7 +609,7 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and · notmpcopyup: Disable copying files from the image to the tmpfs. -#### **--name**=*name* +#### **\-\-name**=*name* Assign a name to the container @@ -619,13 +619,13 @@ UUID short identifier (“f78375b1c487”) Name (“jonah”) podman generates a UUID for each container, and if a name is not assigned -to the container with **--name** then it will generate a random +to the container with **\-\-name** then it will generate a random string name. The name is useful any place you need to identify a container. This works for both background and foreground containers. -#### **--network**=*mode*, **--net** +#### **\-\-network**=*mode*, **\-\-net** -Set the network mode for the container. Invalid if using **--dns**, **--dns-opt**, or **--dns-search** with **--network** that is set to **none** or **container:**_id_. If used together with **--pod**, the container will not join the pod's network namespace. +Set the network mode for the container. Invalid if using **\-\-dns**, **\-\-dns-opt**, or **\-\-dns-search** with **\-\-network** that is set to **none** or **container:**_id_. If used together with **\-\-pod**, the container will not join the pod's network namespace. Valid _mode_ values are: @@ -648,33 +648,33 @@ Valid _mode_ values are: - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default. - **port_handler=slirp4netns**: Use the slirp4netns port forwarding. -#### **--network-alias**=*alias* +#### **\-\-network-alias**=*alias* Add network-scoped alias for the container -#### **--no-healthcheck**=*true|false* +#### **\-\-no-healthcheck**=*true|false* Disable any defined healthchecks for container. -#### **--no-hosts**=*true|false* +#### **\-\-no-hosts**=*true|false* Do not create /etc/hosts for the container. -By default, Podman will manage /etc/hosts, adding the container's own IP address and any hosts from **--add-host**. -#### **--no-hosts** disables this, and the image's **/etc/host** will be preserved unmodified. -This option conflicts with **--add-host**. +By default, Podman will manage /etc/hosts, adding the container's own IP address and any hosts from **\-\-add-host**. +#### **\-\-no-hosts** disables this, and the image's **/etc/host** will be preserved unmodified. +This option conflicts with **\-\-add-host**. -#### **--oom-kill-disable**=*true|false* +#### **\-\-oom-kill-disable**=*true|false* Whether to disable OOM Killer for the container or not. -#### **--oom-score-adj**=*num* +#### **\-\-oom-score-adj**=*num* Tune the host's OOM preferences for containers (accepts -1000 to 1000) -#### **--os**=*OS* +#### **\-\-os**=*OS* Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`. -#### **--pid**=*pid* +#### **\-\-pid**=*pid* Set the PID mode for the container Default is to create a private PID namespace for the container @@ -683,25 +683,25 @@ Default is to create a private PID namespace for the container - `ns`: join the specified PID namespace - `private`: create a new namespace for the container (default) -#### **--pids-limit**=*limit* +#### **\-\-pids-limit**=*limit* Tune the container's pids limit. Set `0` to have unlimited pids for the container. (default "4096" on systems that support PIDS cgroups). -#### **--platform**=*OS/ARCH* +#### **\-\-platform**=*OS/ARCH* Specify the platform for selecting the image. (Conflicts with --arch and --os) The `--platform` option can be used to override the current architecture and operating system. -#### **--pod**=*name* +#### **\-\-pod**=*name* Run container in an existing pod. If you want Podman to make the pod for you, preference the pod name with `new:`. To make a pod with more granular options, use the `podman pod create` command before creating a container. -#### **--pod-id-file**=*path* +#### **\-\-pod-id-file**=*path* Run container in an existing pod and read the pod's ID from the specified file. If a container is run within a pod, and the pod has an infra-container, the infra-container will be started before the container is. -#### **--privileged**=*true|false* +#### **\-\-privileged**=*true|false* Give extended privileges to this container. The default is *false*. @@ -717,7 +717,7 @@ container. Rootless containers cannot have more privileges than the account that launched them. -#### **--publish**, **-p**=*port* +#### **\-\-publish**, **-p**=*port* Publish a container's port, or range of ports, to the host @@ -740,7 +740,7 @@ associated ports. If one container binds to a port, no other container can use t within the pod while it is in use. Containers in the pod can also communicate over localhost by having one container bind to localhost in the pod, and another connect to that port. -#### **--publish-all**, **-P**=*true|false* +#### **\-\-publish-all**, **-P**=*true|false* Publish all exposed ports to random ports on the host interfaces. The default is *false*. @@ -752,7 +752,7 @@ port to a random port on the host within an *ephemeral port range* defined by `/proc/sys/net/ipv4/ip_local_port_range`. To find the mapping between the host ports and the exposed ports, use `podman port`. -#### **--pull**=*missing* +#### **\-\-pull**=*missing* Pull image before creating ("always"|"missing"|"never") (default "missing"). 'missing': default value, attempt to pull the latest image from the registries listed in registries.conf if a local image does not exist.Raise an error if the image is not in any listed registry and is not present locally. @@ -761,11 +761,11 @@ Pull image before creating ("always"|"missing"|"never") (default "missing"). Defaults to *missing*. -#### **--quiet**, **-q** +#### **\-\-quiet**, **-q** Suppress output information when pulling images -#### **--read-only**=*true|false* +#### **\-\-read-only**=*true|false* Mount the container's root filesystem as read only. @@ -773,15 +773,15 @@ By default a container will have its root filesystem writable allowing processes to write files anywhere. By specifying the `--read-only` flag the container will have its root filesystem mounted as read only prohibiting any writes. -#### **--read-only-tmpfs**=*true|false* +#### **\-\-read-only-tmpfs**=*true|false* If container is running in --read-only mode, then mount a read-write tmpfs on /run, /tmp, and /var/tmp. The default is *true* -#### **--replace**=**true**|**false** +#### **\-\-replace**=**true**|**false** If another container with the same name already exists, replace and remove it. The default is **false**. -#### **--restart**=*policy* +#### **\-\-restart**=*policy* Restart policy to follow when containers exit. Restart policy will not take effect if a container is stopped via the `podman kill` or `podman stop` commands. @@ -797,18 +797,18 @@ Please note that restart will not restart containers after a system reboot. If this functionality is required in your environment, you can invoke Podman from a systemd unit file, or create an init script for whichever init system is in use. To generate systemd unit files, please see *podman generate systemd* -#### **--rm**=*true|false* +#### **\-\-rm**=*true|false* Automatically remove the container when it exits. The default is *false*. -#### **--rootfs** +#### **\-\-rootfs** If specified, the first argument refers to an exploded container on the file system. This is useful to run a container without requiring any image management, the rootfs of the container is assumed to be managed externally. -#### **--sdnotify**=**container**|**conmon**|**ignore** +#### **\-\-sdnotify**=**container**|**conmon**|**ignore** Determines how to use the NOTIFY_SOCKET, as passed with systemd and Type=notify. @@ -819,13 +819,13 @@ has started. The socket is never passed to the runtime or the container. The **ignore** option removes NOTIFY_SOCKET from the environment for itself and child processes, for the case where some other process above Podman uses NOTIFY_SOCKET and Podman should not use it. -#### **--seccomp-policy**=*policy* +#### **\-\-seccomp-policy**=*policy* -Specify the policy to select the seccomp profile. If set to *image*, Podman will look for a "io.podman.seccomp.profile" label in the container-image config and use its value as a seccomp profile. Otherwise, Podman will follow the *default* policy by applying the default profile unless specified otherwise via *--security-opt seccomp* as described below. +Specify the policy to select the seccomp profile. If set to *image*, Podman will look for a "io.containers.seccomp.profile" label in the container-image config and use its value as a seccomp profile. Otherwise, Podman will follow the *default* policy by applying the default profile unless specified otherwise via *--security-opt seccomp* as described below. Note that this feature is experimental and may change in the future. -#### **--secret**=*secret* +#### **\-\-secret**=*secret* Give the container access to a secret. Can be specified multiple times. @@ -840,7 +840,7 @@ secret value will still remain. Secrets are managed using the `podman secret` command. -#### **--security-opt**=*option* +#### **\-\-security-opt**=*option* Security Options @@ -871,30 +871,30 @@ Security Options Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file. -#### **--shm-size**=*size* +#### **\-\-shm-size**=*size* Size of `/dev/shm` (format: `<number>[<unit>]`, where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. When size is `0`, there is no limit on the amount of memory used for IPC by the container. -#### **--stop-signal**=*SIGTERM* +#### **\-\-stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. -#### **--stop-timeout**=*seconds* +#### **\-\-stop-timeout**=*seconds* Timeout (in seconds) to stop a container. Default is 10. Remote connections use local containers.conf for defaults -#### **--subgidname**=*name* +#### **\-\-subgidname**=*name* Name for GID map from the `/etc/subgid` file. Using this flag will run the container with user namespace enabled. This flag conflicts with `--userns` and `--gidmap`. -#### **--subuidname**=*name* +#### **\-\-subuidname**=*name* Name for UID map from the `/etc/subuid` file. Using this flag will run the container with user namespace enabled. This flag conflicts with `--userns` and `--uidmap`. -#### **--sysctl**=*SYSCTL* +#### **\-\-sysctl**=*SYSCTL* Configure namespaced kernel parameters at runtime @@ -910,7 +910,7 @@ Network Namespace - current sysctls allowed: Note: if you use the --network=host option these sysctls will not be allowed. -#### **--systemd**=*true|false|always* +#### **\-\-systemd**=*true|false|always* Run container in systemd mode. The default is *true*. @@ -934,7 +934,7 @@ The `container_manage_cgroup` boolean must be enabled for this to be allowed on `setsebool -P container_manage_cgroup true` -#### **--tmpfs**=*fs* +#### **\-\-tmpfs**=*fs* Create a tmpfs mount @@ -947,7 +947,7 @@ options are the same as the Linux default `mount` flags. If you do not specify any options, the systems uses the following options: `rw,noexec,nosuid,nodev`. -#### **--tty**, **-t**=*true|false* +#### **\-\-tty**, **-t**=*true|false* Allocate a pseudo-TTY. The default is *false*. @@ -958,29 +958,29 @@ interactive shell. The default is false. Note: The **-t** option is incompatible with a redirection of the Podman client standard input. -#### **--tz**=*timezone* +#### **\-\-tz**=*timezone* Set timezone in container. This flag takes area-based timezones, GMT time, as well as `local`, which sets the timezone in the container to match the host machine. See `/usr/share/zoneinfo/` for valid timezones. Remote connections use local containers.conf for defaults -#### **--umask**=*umask* +#### **\-\-umask**=*umask* Set the umask inside the container. Defaults to `0022`. Remote connections use local containers.conf for defaults -#### **--uidmap**=*container_uid:host_uid:amount* +#### **\-\-uidmap**=*container_uid:host_uid:amount* UID map for the user namespace. Using this flag will run the container with user namespace enabled. It conflicts with the `--userns` and `--subuidname` flags. The following example maps uids 0-2000 in the container to the uids 30000-31999 on the host and gids 0-2000 in the container to the gids 30000-31999 on the host. `--uidmap=0:30000:2000` -#### **--ulimit**=*option* +#### **\-\-ulimit**=*option* Ulimit options You can pass `host` to copy the current configuration from the host. -#### **--user**, **-u**=*user* +#### **\-\-user**, **-u**=*user* Sets the username or UID used and optionally the groupname or GID for the specified command. @@ -989,12 +989,12 @@ The following examples are all valid: Without this argument the command will be run as root in the container. -#### **--userns**=*auto*[:OPTIONS] -#### **--userns**=*host* -#### **--userns**=*keep-id* -#### **--userns**=container:container -#### **--userns**=private -#### **--userns**=*ns:my_namespace* +#### **\-\-userns**=*auto*[:OPTIONS] +#### **\-\-userns**=*host* +#### **\-\-userns**=*keep-id* +#### **\-\-userns**=container:container +#### **\-\-userns**=private +#### **\-\-userns**=*ns:my_namespace* Set the user namespace mode for the container. It defaults to the **PODMAN_USERNS** environment variable. An empty value means user namespaces are disabled. @@ -1009,9 +1009,9 @@ Set the user namespace mode for the container. It defaults to the **PODMAN_USERN - `ns`: run the container in the given existing user namespace. - `private`: create a new namespace for the container (default) -This option is incompatible with **--gidmap**, **--uidmap**, **--subuidname** and **--subgidname**. +This option is incompatible with **\-\-gidmap**, **\-\-uidmap**, **\-\-subuidname** and **\-\-subgidname**. -#### **--uts**=*mode* +#### **\-\-uts**=*mode* Set the UTS namespace mode for the container. The following values are supported: @@ -1020,10 +1020,10 @@ Set the UTS namespace mode for the container. The following values are supported - **ns:[path]**: run the container in the given existing UTS namespace. - **container:[container]**: join the UTS namespace of the specified container. -#### **--variant**=*VARIANT* +#### **\-\-variant**=*VARIANT* Use _VARIANT_ instead of the default architecture variant of the container image. Some images can use multiple variants of the arm architectures, such as arm/v5 and arm/v7. -#### **--volume**, **-v**[=*[[SOURCE-VOLUME|HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*] +#### **\-\-volume**, **-v**[=*[[SOURCE-VOLUME|HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*] Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Podman bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Podman @@ -1176,7 +1176,7 @@ will convert /foo into a `shared` mount point. Alternatively one can directly change propagation properties of source mount. Say `/` is source mount for `/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount. -#### **--volumes-from**[=*CONTAINER*[:*OPTIONS*]] +#### **\-\-volumes-from**[=*CONTAINER*[:*OPTIONS*]] Mount volumes from the specified container(s). Used to share volumes between containers. The *options* is a comma delimited list with the following available elements: @@ -1209,7 +1209,7 @@ If the location of the volume from the source container overlaps with data residing on a target container, then the volume hides that data on the target. -#### **--workdir**, **-w**=*dir* +#### **\-\-workdir**, **-w**=*dir* Working directory inside the container @@ -1274,11 +1274,11 @@ Environment variables within containers can be set using multiple different opti Precedence order (later entries override earlier entries): -- **--env-host** : Host environment of the process executing Podman is added. -- **--http-proxy**: By default, several environment variables will be passed in from the host, such as **http_proxy** and **no_proxy**. See **--http-proxy** for details. +- **\-\-env-host** : Host environment of the process executing Podman is added. +- **\-\-http-proxy**: By default, several environment variables will be passed in from the host, such as **http_proxy** and **no_proxy**. See **\-\-http-proxy** for details. - Container image : Any environment variables specified in the container image. -- **--env-file** : Any environment variables specified via env-files. If multiple files specified, then they override each other in order of entry. -- **--env** : Any environment variables specified will override previous settings. +- **\-\-env-file** : Any environment variables specified via env-files. If multiple files specified, then they override each other in order of entry. +- **\-\-env** : Any environment variables specified will override previous settings. Create containers and set the environment ending with a __*__ and a ***** diff --git a/docs/source/markdown/podman-diff.1.md b/docs/source/markdown/podman-diff.1.md index dbab2d4db..5a4132783 100644 --- a/docs/source/markdown/podman-diff.1.md +++ b/docs/source/markdown/podman-diff.1.md @@ -13,11 +13,11 @@ Displays changes on a container or image's filesystem. The container or image w ## OPTIONS -#### **--format** +#### **\-\-format** Alter the output into a different format. The only valid format for diff is `json`. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) diff --git a/docs/source/markdown/podman-events.1.md b/docs/source/markdown/podman-events.1.md index 4f9e9418f..0a73712b3 100644 --- a/docs/source/markdown/podman-events.1.md +++ b/docs/source/markdown/podman-events.1.md @@ -70,16 +70,16 @@ The *volume* type will report the following statuses: ## OPTIONS -#### **--help** +#### **\-\-help** Print usage statement. -#### **--format** +#### **\-\-format** Format the output to JSON Lines or using the given Go template. -#### **--filter**=*filter* +#### **\-\-filter**=*filter* Filter events that are displayed. They must be in the format of "filter=value". The following filters are supported: @@ -93,12 +93,12 @@ filters are supported: In the case where an ID is used, the ID may be in its full or shortened form. -#### **--since**=*timestamp* +#### **\-\-since**=*timestamp* Show all events created since the given timestamp -#### **--until**=*timestamp* +#### **\-\-until**=*timestamp* Show all events created until the given timestamp diff --git a/docs/source/markdown/podman-exec.1.md b/docs/source/markdown/podman-exec.1.md index 524ee50f0..f412cadd8 100644 --- a/docs/source/markdown/podman-exec.1.md +++ b/docs/source/markdown/podman-exec.1.md @@ -13,37 +13,37 @@ podman\-exec - Execute a command in a running container ## OPTIONS -#### **--detach**, **-d** +#### **\-\-detach**, **-d** Start the exec session, but do not attach to it. The command will run in the background and the exec session will be automatically removed when it completes. The **podman exec** command will print the ID of the exec session and exit immediately after it starts. -#### **--detach-keys**=*sequence* +#### **\-\-detach-keys**=*sequence* Specify the key sequence for detaching a container. Format is a single character `[a-Z]` or one or more `ctrl-<value>` characters where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. Specifying "" will disable this feature. The default is *ctrl-p,ctrl-q*. -#### **--env**, **-e** +#### **\-\-env**, **-e** You may specify arbitrary environment variables that are available for the command to be executed. -#### **--env-file**=*file* +#### **\-\-env-file**=*file* Read in a line delimited file of environment variables. -#### **--interactive**, **-i**=*true|false* +#### **\-\-interactive**, **-i**=*true|false* When set to true, keep stdin open even if not attached. The default is *false*. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) -#### **--preserve-fds**=*N* +#### **\-\-preserve-fds**=*N* Pass down to the process N additional file descriptors (in addition to 0, 1, 2). The total FDs will be 3+N. -#### **--privileged** +#### **\-\-privileged** Give extended privileges to this container. The default is *false*. @@ -59,17 +59,17 @@ points, Apparmor/SELinux separation, and Seccomp filters are all disabled. Rootless containers cannot have more privileges than the account that launched them. -#### **--tty**, **-t** +#### **\-\-tty**, **-t** Allocate a pseudo-TTY. -#### **--user**, **-u** +#### **\-\-user**, **-u** Sets the username or UID used and optionally the groupname or GID for the specified command. The following examples are all valid: --user [user | user:group | uid | uid:gid | user:gid | uid:group ] -#### **--workdir**, **-w**=*path* +#### **\-\-workdir**, **-w**=*path* Working directory inside the container diff --git a/docs/source/markdown/podman-export.1.md b/docs/source/markdown/podman-export.1.md index 63989a4db..172be035e 100644 --- a/docs/source/markdown/podman-export.1.md +++ b/docs/source/markdown/podman-export.1.md @@ -24,11 +24,11 @@ Note: `:` is a restricted character and cannot be part of the file name. ## OPTIONS -#### **--output**, **-o** +#### **\-\-output**, **-o** Write to a file, default is STDOUT -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement diff --git a/docs/source/markdown/podman-generate-kube.1.md b/docs/source/markdown/podman-generate-kube.1.md index 0e5a31ae6..90b4c59fb 100644 --- a/docs/source/markdown/podman-generate-kube.1.md +++ b/docs/source/markdown/podman-generate-kube.1.md @@ -18,11 +18,11 @@ Note that the generated Kubernetes YAML file can be used to re-run the deploymen ## OPTIONS -#### **--filename**, **-f**=**filename** +#### **\-\-filename**, **-f**=**filename** Output to the given file, instead of STDOUT. If the file already exists, `generate kube` will refuse to replace it and return an error. -#### **--service**, **-s** +#### **\-\-service**, **-s** Generate a Kubernetes service object in addition to the Pods. Used to generate a Service specification for the corresponding Pod output. In particular, if the object has portmap bindings, the service specification will include a NodePort declaration to expose the service. A random port is assigned by Podman in the specification. diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md index 43cb30f59..431163d56 100644 --- a/docs/source/markdown/podman-generate-systemd.1.md +++ b/docs/source/markdown/podman-generate-systemd.1.md @@ -14,46 +14,46 @@ _Note: If you use this command with the remote client, you would still have to p ## OPTIONS -#### **--files**, **-f** +#### **\-\-files**, **-f** Generate files instead of printing to stdout. The generated files are named {container,pod}-{ID,name}.service and will be placed in the current working directory. Note: On a system with SELinux enabled, the generated files will inherit contexts from the current working directory. Depending on the SELinux setup, changes to the generated files using `restorecon`, `chcon`, or `semanage` may be required to allow systemd to access these files. Alternatively, use the `-Z` option when running `mv` or `cp`. -#### **--format**=*format* +#### **\-\-format**=*format* Print the created units in specified format (json). If `--files` is specified the paths to the created files will be printed instead of the unit content. -#### **--name**, **-n** +#### **\-\-name**, **-n** Use the name of the container for the start, stop, and description in the unit file -#### **--new** +#### **\-\-new** Using this flag will yield unit files that do not expect containers and pods to exist. Instead, new containers and pods are created based on their configuration files. The unit files are created best effort and may need to be further edited; please review the generated files carefully before using them in production. -#### **--no-header** +#### **\-\-no-header** Do not generate the header including meta data such as the Podman version and the timestamp. -#### **--time**, **-t**=*value* +#### **\-\-time**, **-t**=*value* Override the default stop timeout for the container with the given value. -#### **--restart-policy**=*policy* +#### **\-\-restart-policy**=*policy* Set the systemd restart policy. The restart-policy must be one of: "no", "on-success", "on-failure", "on-abnormal", "on-watchdog", "on-abort", or "always". The default policy is *on-failure*. -#### **--container-prefix**=*prefix* +#### **\-\-container-prefix**=*prefix* Set the systemd unit name prefix for containers. The default is *container*. -#### **--pod-prefix**=*prefix* +#### **\-\-pod-prefix**=*prefix* Set the systemd unit name prefix for pods. The default is *pod*. -#### **--separator**=*separator* +#### **\-\-separator**=*separator* Set the systemd unit name separator between the name/id of a container/pod and the prefix. The default is *-*. diff --git a/docs/source/markdown/podman-healthcheck-run.1.md b/docs/source/markdown/podman-healthcheck-run.1.md index fa10d5dca..41abef204 100644 --- a/docs/source/markdown/podman-healthcheck-run.1.md +++ b/docs/source/markdown/podman-healthcheck-run.1.md @@ -21,7 +21,7 @@ Possible errors that can occur during the healthcheck are: * container is not running ## OPTIONS -#### **--help** +#### **\-\-help** Print usage statement diff --git a/docs/source/markdown/podman-history.1.md b/docs/source/markdown/podman-history.1.md index 2dd41e9f5..cebb45054 100644 --- a/docs/source/markdown/podman-history.1.md +++ b/docs/source/markdown/podman-history.1.md @@ -12,9 +12,9 @@ podman\-history - Show the history of an image **podman history** displays the history of an image by printing out information about each layer used in the image. The information printed out for each layer include Created (time and date), Created By, Size, and Comment. The output can -be truncated or not using the **--no-trunc** flag. If the **--human** flag is +be truncated or not using the **\-\-no-trunc** flag. If the **\-\-human** flag is set, the time of creation and size are printed out in a human readable format. -The **--quiet** flag displays the ID of the image only when set and the **--format** +The **\-\-quiet** flag displays the ID of the image only when set and the **\-\-format** flag is used to print the information using the Go template provided by the user. Valid placeholders for the Go template are listed below: @@ -29,26 +29,26 @@ Valid placeholders for the Go template are listed below: ## OPTIONS -#### **--human**, **-H**=*true|false* +#### **\-\-human**, **-H**=*true|false* Display sizes and dates in human readable format (default *true*). -#### **--no-trunc**=*true|false* +#### **\-\-no-trunc**=*true|false* Do not truncate the output (default *false*). -#### **--notruncate** +#### **\-\-notruncate** Do not truncate the output -#### **--quiet**, **-q**=*true|false* +#### **\-\-quiet**, **-q**=*true|false* Print the numeric IDs only (default *false*). -#### **--format**=*format* +#### **\-\-format**=*format* Alter the output for a format like 'json' or a Go template. -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement diff --git a/docs/source/markdown/podman-image-diff.1.md b/docs/source/markdown/podman-image-diff.1.md index 9b1dfa45a..4c03fcd09 100644 --- a/docs/source/markdown/podman-image-diff.1.md +++ b/docs/source/markdown/podman-image-diff.1.md @@ -11,7 +11,7 @@ Displays changes on a container or image's filesystem. The container or image w ## OPTIONS -#### **--format** +#### **\-\-format** Alter the output into a different format. The only valid format for diff is `json`. diff --git a/docs/source/markdown/podman-image-exists.1.md b/docs/source/markdown/podman-image-exists.1.md index 5d5cb1647..370d28daa 100644 --- a/docs/source/markdown/podman-image-exists.1.md +++ b/docs/source/markdown/podman-image-exists.1.md @@ -14,7 +14,7 @@ was an issue accessing the local storage. ## OPTIONS -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement diff --git a/docs/source/markdown/podman-image-mount.1.md b/docs/source/markdown/podman-image-mount.1.md index 8cb9684a7..766f337ad 100644 --- a/docs/source/markdown/podman-image-mount.1.md +++ b/docs/source/markdown/podman-image-mount.1.md @@ -22,11 +22,11 @@ returned. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Mount all images. -#### **--format**=*format* +#### **\-\-format**=*format* Print the mounted images in specified format (json). diff --git a/docs/source/markdown/podman-image-prune.1.md b/docs/source/markdown/podman-image-prune.1.md index 73024ffb8..16e6c9b03 100644 --- a/docs/source/markdown/podman-image-prune.1.md +++ b/docs/source/markdown/podman-image-prune.1.md @@ -14,11 +14,11 @@ does not have any containers based on it. The image prune command does not prune cache images that only use layers that are necessary for other images. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Remove dangling images and images that have no associated containers. -#### **--filter**=*filters* +#### **\-\-filter**=*filters* Provide filter values. @@ -33,11 +33,11 @@ The until filter can be Unix timestamps, date formatted timestamps, or Go durati The label filter accepts two formats. One is the label=... (label=_key_ or label=_key=value_), which removes images with the specified labels. The other format is the label!=... (label!=_key_ or label!=_key=value_), which removes images without the specified labels. -#### **--force**, **-f** +#### **\-\-force**, **-f** Do not provide an interactive prompt for container removal. -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement diff --git a/docs/source/markdown/podman-image-sign.1.md b/docs/source/markdown/podman-image-sign.1.md index b9addc062..994578530 100644 --- a/docs/source/markdown/podman-image-sign.1.md +++ b/docs/source/markdown/podman-image-sign.1.md @@ -15,24 +15,24 @@ By default, the signature will be written into `/var/lib/containers/sigstore` fo ## OPTIONS -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement. -#### **--all**, **-a** +#### **\-\-all**, **-a** Sign all the manifests of the multi-architecture image (default false). -#### **--cert-dir**=*path* +#### **\-\-cert-dir**=*path* Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client) -#### **--directory**, **-d**=*dir* +#### **\-\-directory**, **-d**=*dir* Store the signatures in the specified directory. Default: /var/lib/containers/sigstore -#### **--sign-by**=*identity* +#### **\-\-sign-by**=*identity* Override the default identity of the signature. diff --git a/docs/source/markdown/podman-image-tree.1.md b/docs/source/markdown/podman-image-tree.1.md index fe36929cc..5f5473f28 100644 --- a/docs/source/markdown/podman-image-tree.1.md +++ b/docs/source/markdown/podman-image-tree.1.md @@ -13,11 +13,11 @@ If you do not provide a *tag*, Podman will default to `latest` for the *image*. Layers are indicated with image tags as `Top Layer of`, when the tag is known locally. ## OPTIONS -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement -#### **--whatrequires** +#### **\-\-whatrequires** Show all child images and layers of the specified image diff --git a/docs/source/markdown/podman-image-trust.1.md b/docs/source/markdown/podman-image-trust.1.md index 6e2c2287a..63280c4d7 100644 --- a/docs/source/markdown/podman-image-trust.1.md +++ b/docs/source/markdown/podman-image-trust.1.md @@ -37,15 +37,15 @@ Require signature (“signedBy”). Trust may be updated using the command **podman image trust set** for an existing trust scope. ## OPTIONS -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement. -#### **--pubkeysfile**=*KEY1*, **-f** +#### **\-\-pubkeysfile**=*KEY1*, **-f** A path to an exported public key on the local system. Key paths will be referenced in policy.json. Any path to a file may be used but locating the file in **/etc/pki/containers** is recommended. Options may be used multiple times to - require an image be signed by multiple keys. The **--pubkeysfile** option is required for the **signedBy** type. + require an image be signed by multiple keys. The **\-\-pubkeysfile** option is required for the **signedBy** type. -#### **--type**=*value*, **-t** +#### **\-\-type**=*value*, **-t** The trust type for this policy entry. Accepted values: **signedBy** (default): Require signatures with corresponding list of @@ -56,10 +56,10 @@ Trust may be updated using the command **podman image trust set** for an existin ## show OPTIONS -#### **--raw** +#### **\-\-raw** Output trust policy file as raw JSON -#### **--json**, **-j** +#### **\-\-json**, **-j** Output trust as JSON for machine parsing ## EXAMPLES diff --git a/docs/source/markdown/podman-image-unmount.1.md b/docs/source/markdown/podman-image-unmount.1.md index 62e879fa1..075ae5968 100644 --- a/docs/source/markdown/podman-image-unmount.1.md +++ b/docs/source/markdown/podman-image-unmount.1.md @@ -19,11 +19,11 @@ counter reaches zero indicating no other processes are using the mount. An unmount can be forced with the --force flag. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** All of the currently mounted images will be unmounted. -#### **--force**, **-f** +#### **\-\-force**, **-f** Force the unmounting of specified images' root file system, even if other processes have mounted it. diff --git a/docs/source/markdown/podman-images.1.md b/docs/source/markdown/podman-images.1.md index 23cce450a..4aac40a61 100644 --- a/docs/source/markdown/podman-images.1.md +++ b/docs/source/markdown/podman-images.1.md @@ -15,15 +15,15 @@ Displays locally stored images, their names, and their IDs. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Show all images (by default filter out the intermediate image layers). The default is false. -#### **--digests** +#### **\-\-digests** Show image digests -#### **--filter**=*filter*, **-f** +#### **\-\-filter**=*filter*, **-f** Filter output based on conditions provided @@ -47,7 +47,7 @@ Filter output based on conditions provided **reference=** Filter by image name, specified as regular expressions. -#### **--format**=*format* +#### **\-\-format**=*format* Change the default output format. This can be of a supported type like 'json' or a Go template. @@ -64,23 +64,23 @@ Valid placeholders for the Go template are listed below: | .Size | Size of layer on disk | | .History | History of the image layer | -#### **--history** +#### **\-\-history** Display the history of image names. If an image gets re-tagged or untagged, then the image name history gets prepended (latest image first). This is especially useful when undoing a tag operation or an image does not contain any name because it has been untagged. -#### **--noheading**, **-n** +#### **\-\-noheading**, **-n** Omit the table headings from the listing of images. -#### **--no-trunc** +#### **\-\-no-trunc** Do not truncate output. -#### **--quiet**, **-q** +#### **\-\-quiet**, **-q** Lists only the image IDs. -#### **--sort**=*sort* +#### **\-\-sort**=*sort* Sort by created, id, repository, size or tag (default: created) diff --git a/docs/source/markdown/podman-import.1.md b/docs/source/markdown/podman-import.1.md index 427c67da4..38c2ab680 100644 --- a/docs/source/markdown/podman-import.1.md +++ b/docs/source/markdown/podman-import.1.md @@ -11,26 +11,26 @@ podman\-import - Import a tarball and save it as a filesystem image ## DESCRIPTION **podman import** imports a tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) and saves it as a filesystem image. Remote tarballs can be specified using a URL. -Various image instructions can be configured with the **--change** flag and -a commit message can be set using the **--message** flag. +Various image instructions can be configured with the **\-\-change** flag and +a commit message can be set using the **\-\-message** flag. **reference**, if present, is a tag to assign to the image. **podman import** is used for importing from the archive generated by **podman export**, that includes the container's filesystem. To import the archive of image layers created by **podman save**, use **podman load**. Note: `:` is a restricted character and cannot be part of the file name. ## OPTIONS -#### **--change**=*instruction*, **-c** +#### **\-\-change**=*instruction*, **-c** Apply the following possible instructions to the created image: **CMD** | **ENTRYPOINT** | **ENV** | **EXPOSE** | **LABEL** | **STOPSIGNAL** | **USER** | **VOLUME** | **WORKDIR** Can be set multiple times -#### **--message**, **-m**=*message* +#### **\-\-message**, **-m**=*message* Set commit message for imported image -#### **--quiet**, **-q** +#### **\-\-quiet**, **-q** Shows progress on the import @@ -38,7 +38,7 @@ Shows progress on the import Print additional debugging information -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement diff --git a/docs/source/markdown/podman-info.1.md b/docs/source/markdown/podman-info.1.md index 4af51d3eb..ee7961be0 100644 --- a/docs/source/markdown/podman-info.1.md +++ b/docs/source/markdown/podman-info.1.md @@ -15,11 +15,11 @@ Displays information pertinent to the host, current storage stats, configured co ## OPTIONS -#### **--debug**, **-D** +#### **\-\-debug**, **-D** Show additional information -#### **--format**=*format*, **-f** +#### **\-\-format**=*format*, **-f** Change output format to "json" or a Go template. diff --git a/docs/source/markdown/podman-init.1.md b/docs/source/markdown/podman-init.1.md index 5f3636686..4fd552e65 100644 --- a/docs/source/markdown/podman-init.1.md +++ b/docs/source/markdown/podman-init.1.md @@ -18,11 +18,11 @@ This can be used to inspect the container before it runs, or debug why a contain ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Initialize all containers. Containers that have already initialized (including containers that have been started and are running) are ignored. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) diff --git a/docs/source/markdown/podman-inspect.1.md b/docs/source/markdown/podman-inspect.1.md index bfd0cea3d..7feb36de1 100644 --- a/docs/source/markdown/podman-inspect.1.md +++ b/docs/source/markdown/podman-inspect.1.md @@ -24,24 +24,24 @@ For more inspection options, see: ## OPTIONS -#### **--type**, **-t**=*type* +#### **\-\-type**, **-t**=*type* Return JSON for the specified type. Type can be 'container', 'image', 'volume', 'network', 'pod', or 'all' (default: all) (Only meaningful when invoked as *podman inspect*) -#### **--format**, **-f**=*format* +#### **\-\-format**, **-f**=*format* Format the output using the given Go template. The keys of the returned JSON can be used as the values for the --format flag (see examples below). -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. This option can be used to inspect the latest pod created when used with --type pod. (This option is not available with the remote Podman client or when invoked as *podman image inspect*.) -#### **--size**, **-s** +#### **\-\-size**, **-s** In addition to normal output, display the total file size if the type is a container. diff --git a/docs/source/markdown/podman-kill.1.md b/docs/source/markdown/podman-kill.1.md index e5f1d4bbe..e4e984836 100644 --- a/docs/source/markdown/podman-kill.1.md +++ b/docs/source/markdown/podman-kill.1.md @@ -12,20 +12,20 @@ podman\-kill - Kill the main process in one or more containers The main process inside each container specified will be sent SIGKILL, or any signal specified with option --signal. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Signal all running containers. This does not include paused containers. -#### **--cidfile** +#### **\-\-cidfile** Read container ID from the specified file and remove the container. Can be specified multiple times. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) -#### **--signal**, **-s** +#### **\-\-signal**, **-s** Signal to send to the container. For more information on Linux signals, refer to *man signal(7)*. diff --git a/docs/source/markdown/podman-load.1.md b/docs/source/markdown/podman-load.1.md index 3ff03e9e7..4f3208377 100644 --- a/docs/source/markdown/podman-load.1.md +++ b/docs/source/markdown/podman-load.1.md @@ -26,7 +26,7 @@ Note: `:` is a restricted character and cannot be part of the file name. ## OPTIONS -#### **--input**, **-i**=*input* +#### **\-\-input**, **-i**=*input* Read from archive file, default is STDIN. @@ -34,11 +34,11 @@ The remote client requires the use of this option. NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of container images. Podman defaults to use `/var/tmp`. -#### **--quiet**, **-q** +#### **\-\-quiet**, **-q** Suppress the progress output -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement diff --git a/docs/source/markdown/podman-login.1.md b/docs/source/markdown/podman-login.1.md index 274869042..c7779788f 100644 --- a/docs/source/markdown/podman-login.1.md +++ b/docs/source/markdown/podman-login.1.md @@ -28,41 +28,41 @@ For more details about format and configurations of the auth.json file, please r ## OPTIONS -#### **--password**, **-p**=*password* +#### **\-\-password**, **-p**=*password* Password for registry -#### **--password-stdin** +#### **\-\-password-stdin** Take the password from stdin -#### **--username**, **-u**=*username* +#### **\-\-username**, **-u**=*username* Username for registry -#### **--authfile**=*path* +#### **\-\-authfile**=*path* Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json. Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE environment variable. `export REGISTRY_AUTH_FILE=path` -#### **--get-login** +#### **\-\-get-login** Return the logged-in user for the registry. Return error if no login is found. -#### **--cert-dir**=*path* +#### **\-\-cert-dir**=*path* Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client) -#### **--tls-verify**=*true|false* +#### **\-\-tls-verify**=*true|false* Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement diff --git a/docs/source/markdown/podman-logout.1.md b/docs/source/markdown/podman-logout.1.md index c35c4856b..caa8c9021 100644 --- a/docs/source/markdown/podman-logout.1.md +++ b/docs/source/markdown/podman-logout.1.md @@ -21,18 +21,18 @@ All the cached credentials can be removed by setting the **all** flag. ## OPTIONS -#### **--authfile**=*path* +#### **\-\-authfile**=*path* Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json. Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE environment variable. `export REGISTRY_AUTH_FILE=path` -#### **--all**, **-a** +#### **\-\-all**, **-a** Remove the cached credentials for all registries in the auth file -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement diff --git a/docs/source/markdown/podman-logs.1.md b/docs/source/markdown/podman-logs.1.md index 8f1301102..863e8278a 100644 --- a/docs/source/markdown/podman-logs.1.md +++ b/docs/source/markdown/podman-logs.1.md @@ -15,7 +15,7 @@ any logs at the time you execute podman logs). ## OPTIONS -#### **--follow**, **-f** +#### **\-\-follow**, **-f** Follow log output. Default is false. @@ -23,28 +23,28 @@ Note: If you are following a container which is removed `podman container rm` or removed on exit `podman run --rm ...`, then there is a chance the the log file will be removed before `podman logs` reads the final content. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) -#### **--names**, **-n** +#### **\-\-names**, **-n** Output the container name in the log -#### **--since**=*TIMESTAMP* +#### **\-\-since**=*TIMESTAMP* Show logs since TIMESTAMP. The --since option can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00, and 2006-01-02. -#### **--tail**=*LINES* +#### **\-\-tail**=*LINES* Output the specified number of LINES at the end of the logs. LINES must be an integer. Defaults to -1, which prints all lines -#### **--timestamps**, **-t** +#### **\-\-timestamps**, **-t** Show timestamps in the log outputs. The default is false diff --git a/docs/source/markdown/podman-machine-init.1.md b/docs/source/markdown/podman-machine-init.1.md index be07a7bd5..e2ed1eb10 100644 --- a/docs/source/markdown/podman-machine-init.1.md +++ b/docs/source/markdown/podman-machine-init.1.md @@ -18,27 +18,27 @@ tied to the Linux kernel. ## OPTIONS -#### **--cpus**=*number* +#### **\-\-cpus**=*number* Number of CPUs. -#### **--disk-size**=*number* +#### **\-\-disk-size**=*number* Size of the disk for the guest VM in GB. -#### **--ignition-path** +#### **\-\-ignition-path** Fully qualified path of the ignition file -#### **--image-path** +#### **\-\-image-path** Fully qualified path of the uncompressed image file -#### **--memory**, **-m**=*number* +#### **\-\-memory**, **-m**=*number* Memory (in MB). -#### **--help** +#### **\-\-help** Print usage statement. diff --git a/docs/source/markdown/podman-machine-rm.1.md b/docs/source/markdown/podman-machine-rm.1.md index 4da17fdcb..e80f26d6d 100644 --- a/docs/source/markdown/podman-machine-rm.1.md +++ b/docs/source/markdown/podman-machine-rm.1.md @@ -19,23 +19,23 @@ is used. ## OPTIONS -#### **--help** +#### **\-\-help** Print usage statement. -#### **--force** +#### **\-\-force** Delete without confirmation -#### **--save-ignition** +#### **\-\-save-ignition** Do not delete the generated ignition file -#### **--save-image** +#### **\-\-save-image** Do not delete the VM image -#### **--save-keys** +#### **\-\-save-keys** Do not delete the SSH keys for the VM. The system connection is always deleted. diff --git a/docs/source/markdown/podman-machine-ssh.1.md b/docs/source/markdown/podman-machine-ssh.1.md index 01cec1f57..fa78f876a 100644 --- a/docs/source/markdown/podman-machine-ssh.1.md +++ b/docs/source/markdown/podman-machine-ssh.1.md @@ -16,11 +16,11 @@ tied to the Linux kernel. ## OPTIONS -#### **--execute**, **-e** +#### **\-\-execute**, **-e** Execute the given command on the VM -#### **--help** +#### **\-\-help** Print usage statement. diff --git a/docs/source/markdown/podman-machine-start.1.md b/docs/source/markdown/podman-machine-start.1.md index 7f3a9f592..22942767a 100644 --- a/docs/source/markdown/podman-machine-start.1.md +++ b/docs/source/markdown/podman-machine-start.1.md @@ -18,7 +18,7 @@ tied to the Linux kernel. ## OPTIONS -#### **--help** +#### **\-\-help** Print usage statement. diff --git a/docs/source/markdown/podman-machine-stop.1.md b/docs/source/markdown/podman-machine-stop.1.md index f4be54511..33c67f70b 100644 --- a/docs/source/markdown/podman-machine-stop.1.md +++ b/docs/source/markdown/podman-machine-stop.1.md @@ -18,7 +18,7 @@ tied to the Linux kernel. ## OPTIONS -#### **--help** +#### **\-\-help** Print usage statement. diff --git a/docs/source/markdown/podman-manifest-add.1.md b/docs/source/markdown/podman-manifest-add.1.md index f2d188766..c3c1ea1cf 100644 --- a/docs/source/markdown/podman-manifest-add.1.md +++ b/docs/source/markdown/podman-manifest-add.1.md @@ -15,25 +15,25 @@ The list image's ID. ## OPTIONS -#### **--all** +#### **\-\-all** If the image which should be added to the list or index is itself a list or index, add all of the contents to the local list. By default, only one image from such a list or index will be added to the list or index. Combining *--all* with any of the other options described below is NOT recommended. -#### **--annotation** *annotation=value* +#### **\-\-annotation** *annotation=value* Set an annotation on the entry for the newly-added image. -#### **--arch** +#### **\-\-arch** Override the architecture which the list or index records as a requirement for the image. If *imageName* refers to a manifest list or image index, the architecture information will be retrieved from it. Otherwise, it will be retrieved from the image's configuration information. -#### **--authfile**=*path* +#### **\-\-authfile**=*path* Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`. @@ -41,39 +41,39 @@ If the authorization state is not found there, $HOME/.docker/config.json is chec Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE environment variable. `export REGISTRY_AUTH_FILE=path` -#### **--cert-dir**=*path* +#### **\-\-cert-dir**=*path* Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client) -#### **--creds**=*creds* +#### **\-\-creds**=*creds* The [username[:password]] to use to authenticate with the registry if required. If one or both values are not supplied, a command line prompt will appear and the value can be entered. The password is entered without echo. -#### **--features** +#### **\-\-features** Specify the features list which the list or index records as requirements for the image. This option is rarely used. -#### **--os** +#### **\-\-os** Override the OS which the list or index records as a requirement for the image. If *imagename* refers to a manifest list or image index, the OS information will be retrieved from it. Otherwise, it will be retrieved from the image's configuration information. -#### **--os-version** +#### **\-\-os-version** Specify the OS version which the list or index records as a requirement for the image. This option is rarely used. -#### **--tls-verify** +#### **\-\-tls-verify** Require HTTPS and verify certificates when talking to container registries (defaults to true). -#### **--variant** +#### **\-\-variant** Specify the variant which the list or index records for the image. This option is typically used to distinguish between multiple entries which share the same diff --git a/docs/source/markdown/podman-manifest-annotate.1.md b/docs/source/markdown/podman-manifest-annotate.1.md index 2126b71ec..70b077e5b 100644 --- a/docs/source/markdown/podman-manifest-annotate.1.md +++ b/docs/source/markdown/podman-manifest-annotate.1.md @@ -12,39 +12,39 @@ Adds or updates information about an image included in a manifest list or image ## OPTIONS -#### **--annotation** *annotation=value* +#### **\-\-annotation** *annotation=value* Set an annotation on the entry for the specified image. -#### **--arch** +#### **\-\-arch** Override the architecture which the list or index records as a requirement for the image. This is usually automatically retrieved from the image's configuration information, so it is rarely necessary to use this option. -#### **--features** +#### **\-\-features** Specify the features list which the list or index records as requirements for the image. This option is rarely used. -#### **--os** +#### **\-\-os** Override the OS which the list or index records as a requirement for the image. This is usually automatically retrieved from the image's configuration information, so it is rarely necessary to use this option. -#### **--os-features** +#### **\-\-os-features** Specify the OS features list which the list or index records as requirements for the image. This option is rarely used. -#### **--os-version** +#### **\-\-os-version** Specify the OS version which the list or index records as a requirement for the image. This option is rarely used. -#### **--variant** +#### **\-\-variant** Specify the variant which the list or index records for the image. This option is typically used to distinguish between multiple entries which share the same diff --git a/docs/source/markdown/podman-manifest-create.1.md b/docs/source/markdown/podman-manifest-create.1.md index 3a3d5e4b0..3017fb515 100644 --- a/docs/source/markdown/podman-manifest-create.1.md +++ b/docs/source/markdown/podman-manifest-create.1.md @@ -16,7 +16,7 @@ index. ## OPTIONS -#### **--all** +#### **\-\-all** If any of the images which should be added to the new list or index are themselves lists or indexes, add all of their contents. By default, only one diff --git a/docs/source/markdown/podman-manifest-exists.1.md b/docs/source/markdown/podman-manifest-exists.1.md index e15110126..944cc04c8 100644 --- a/docs/source/markdown/podman-manifest-exists.1.md +++ b/docs/source/markdown/podman-manifest-exists.1.md @@ -14,7 +14,7 @@ An exit code of `125` indicates there was another issue. ## OPTIONS -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement. diff --git a/docs/source/markdown/podman-manifest-push.1.md b/docs/source/markdown/podman-manifest-push.1.md index a8169cb56..4e7118dad 100644 --- a/docs/source/markdown/podman-manifest-push.1.md +++ b/docs/source/markdown/podman-manifest-push.1.md @@ -14,12 +14,12 @@ The list image's ID and the digest of the image's manifest. ## OPTIONS -#### **--all** +#### **\-\-all** Push the images mentioned in the manifest list or image index, in addition to the list or index itself. (Default true) -#### **--authfile**=*path* +#### **\-\-authfile**=*path* Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`. @@ -27,42 +27,42 @@ If the authorization state is not found there, $HOME/.docker/config.json is chec Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE environment variable. `export REGISTRY_AUTH_FILE=path` -#### **--cert-dir**=*path* +#### **\-\-cert-dir**=*path* Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client) -#### **--creds**=*creds* +#### **\-\-creds**=*creds* The [username[:password]] to use to authenticate with the registry if required. If one or both values are not supplied, a command line prompt will appear and the value can be entered. The password is entered without echo. -#### **--digestfile**=*Digestfile* +#### **\-\-digestfile**=*Digestfile* After copying the image, write the digest of the resulting image to the file. -#### **--format**, **-f**=*format* +#### **\-\-format**, **-f**=*format* Manifest list type (oci or v2s2) to use when pushing the list (default is oci). -#### **--quiet**, **-q** +#### **\-\-quiet**, **-q** When writing the manifest, suppress progress output -#### **--rm** +#### **\-\-rm** Delete the manifest list or image index from local storage if pushing succeeds. -#### **--remove-signatures** +#### **\-\-remove-signatures** Don't copy signatures when pushing images. -#### **--sign-by**=*fingerprint* +#### **\-\-sign-by**=*fingerprint* Sign the pushed images using the GPG key that matches the specified fingerprint. -#### **--tls-verify** +#### **\-\-tls-verify** Require HTTPS and verify certificates when talking to container registries. (defaults to true) diff --git a/docs/source/markdown/podman-mount.1.md b/docs/source/markdown/podman-mount.1.md index 1b1b09120..780437a9c 100644 --- a/docs/source/markdown/podman-mount.1.md +++ b/docs/source/markdown/podman-mount.1.md @@ -26,21 +26,21 @@ returned. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Mount all podman containers. (External containers will not be mounted) -#### **--format**=*format* +#### **\-\-format**=*format* Print the mounted containers in specified format (json). -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) -#### **--notruncate** +#### **\-\-notruncate** Do not truncate IDs in output. diff --git a/docs/source/markdown/podman-network-connect.1.md b/docs/source/markdown/podman-network-connect.1.md index cff4336d6..bb765a677 100644 --- a/docs/source/markdown/podman-network-connect.1.md +++ b/docs/source/markdown/podman-network-connect.1.md @@ -13,7 +13,7 @@ Once connected, the container can communicate with other containers in the same This command is not available for rootless users. ## OPTIONS -#### **--alias** +#### **\-\-alias** Add network-scoped alias for the container. If the network is using the `dnsname` CNI plugin, these aliases can be used for name resolution on the given network. Multiple *--alias* options may be specified as input. diff --git a/docs/source/markdown/podman-network-create.1.md b/docs/source/markdown/podman-network-create.1.md index 3d5d98055..9a8c4f72d 100644 --- a/docs/source/markdown/podman-network-create.1.md +++ b/docs/source/markdown/podman-network-create.1.md @@ -18,16 +18,16 @@ If no options are provided, Podman will assign a free subnet and name for your n Upon completion of creating the network, Podman will display the path to the newly added network file. ## OPTIONS -#### **--disable-dns** +#### **\-\-disable-dns** Disables the DNS plugin for this network which if enabled, can perform container to container name resolution. -#### **--driver**, **-d** +#### **\-\-driver**, **-d** Driver to manage the network (default "bridge"). Currently only `bridge` is supported. -#### **--opt**=*option*, **-o** +#### **\-\-opt**=*option*, **-o** Set driver specific options. @@ -35,37 +35,37 @@ For the `bridge` driver the following options are supported: `mtu` and `vlan`. The `mtu` option sets the Maximum Transmission Unit (MTU) and takes an integer value. The `vlan` option assign VLAN tag and enables vlan\_filtering. Defaults to none. -#### **--gateway** +#### **\-\-gateway** Define a gateway for the subnet. If you want to provide a gateway address, you must also provide a *subnet* option. -#### **--internal** +#### **\-\-internal** Restrict external access of this network. Note when using this option, the dnsname plugin will be automatically disabled. -#### **--ip-range** +#### **\-\-ip-range** Allocate container IP from a range. The range must be a complete subnet and in CIDR notation. The *ip-range* option must be used with a *subnet* option. -#### **--label** +#### **\-\-label** Set metadata for a network (e.g., --label mykey=value). -#### **--macvlan** +#### **\-\-macvlan** *This option is being deprecated* Create a *Macvlan* based connection rather than a classic bridge. You must pass an interface name from the host for the Macvlan connection. -#### **--subnet** +#### **\-\-subnet** The subnet in CIDR notation. -#### **--ipv6** +#### **\-\-ipv6** Enable IPv6 (Dual Stack) networking. You must pass a IPv6 subnet. The *subnet* option must be used with the *ipv6* option. diff --git a/docs/source/markdown/podman-network-disconnect.1.md b/docs/source/markdown/podman-network-disconnect.1.md index 8b7125282..ed5a5637a 100644 --- a/docs/source/markdown/podman-network-disconnect.1.md +++ b/docs/source/markdown/podman-network-disconnect.1.md @@ -12,7 +12,7 @@ Disconnects a container from a network. This command is not available for rootless users. ## OPTIONS -#### **--force**, **-f** +#### **\-\-force**, **-f** Force the container to disconnect from a network diff --git a/docs/source/markdown/podman-network-exists.1.md b/docs/source/markdown/podman-network-exists.1.md index 3ad3ccedb..bc3c88014 100644 --- a/docs/source/markdown/podman-network-exists.1.md +++ b/docs/source/markdown/podman-network-exists.1.md @@ -15,7 +15,7 @@ of `0` when the network is found. A `1` will be returned otherwise. An exit cod ## OPTIONS -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement diff --git a/docs/source/markdown/podman-network-inspect.1.md b/docs/source/markdown/podman-network-inspect.1.md index 56515d0c1..af6907906 100644 --- a/docs/source/markdown/podman-network-inspect.1.md +++ b/docs/source/markdown/podman-network-inspect.1.md @@ -10,7 +10,7 @@ podman\-network\-inspect - Displays the raw CNI network configuration for one or Display the raw (JSON format) network configuration. ## OPTIONS -#### **--format**, **-f** +#### **\-\-format**, **-f** Pretty-print networks to JSON or using a Go template. diff --git a/docs/source/markdown/podman-network-ls.1.md b/docs/source/markdown/podman-network-ls.1.md index 9d2dd52a8..12dbb01d3 100644 --- a/docs/source/markdown/podman-network-ls.1.md +++ b/docs/source/markdown/podman-network-ls.1.md @@ -10,7 +10,7 @@ podman\-network\-ls - Display a summary of CNI networks Displays a list of existing podman networks. ## OPTIONS -#### **--filter**, **-f** +#### **\-\-filter**, **-f** Filter output based on conditions given. Multiple filters can be given with multiple uses of the --filter flag. @@ -27,7 +27,7 @@ Valid filters are listed below: | plugin | [Plugin] CNI plugins included in a network (e.g `bridge`,`portmap`,`firewall`,`tuning`,`dnsname`,`macvlan`) | | driver | [Driver] Only `bridge` is supported | -#### **--format** +#### **\-\-format** Change the default output format. This can be of a supported type like 'json' or a Go template. @@ -41,11 +41,11 @@ Valid placeholders for the Go template are listed below: | .Labels | Network labels | | .Version | CNI Version of the config file | -#### **--no-trunc** +#### **\-\-no-trunc** -Do not truncate the network ID. The network ID is not displayed by default and must be specified with **--format**. +Do not truncate the network ID. The network ID is not displayed by default and must be specified with **\-\-format**. -#### **--quiet**, **-q** +#### **\-\-quiet**, **-q** The `quiet` option will restrict the output to only the network names. diff --git a/docs/source/markdown/podman-network-prune.1.md b/docs/source/markdown/podman-network-prune.1.md index af0a7295d..909db462c 100644 --- a/docs/source/markdown/podman-network-prune.1.md +++ b/docs/source/markdown/podman-network-prune.1.md @@ -12,7 +12,7 @@ has no containers connected or configured to connect to it. It will not remove the so-called default network which goes by the name of *podman*. ## OPTIONS -#### **--force**, **-f** +#### **\-\-force**, **-f** Do not prompt for confirmation diff --git a/docs/source/markdown/podman-network-reload.1.md b/docs/source/markdown/podman-network-reload.1.md index 011640c86..a4204a397 100644 --- a/docs/source/markdown/podman-network-reload.1.md +++ b/docs/source/markdown/podman-network-reload.1.md @@ -16,11 +16,11 @@ the network connectivity. This command is not available for rootless users since rootless containers are not affected by such connectivity problems. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Reload network configuration of all containers. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) diff --git a/docs/source/markdown/podman-network-rm.1.md b/docs/source/markdown/podman-network-rm.1.md index ad4bc11e2..9777975df 100644 --- a/docs/source/markdown/podman-network-rm.1.md +++ b/docs/source/markdown/podman-network-rm.1.md @@ -10,7 +10,7 @@ podman\-network\-rm - Remove one or more CNI networks Delete one or more Podman networks. ## OPTIONS -#### **--force**, **-f** +#### **\-\-force**, **-f** The `force` option will remove all containers that use the named network. If the container is running, the container will be stopped and removed. diff --git a/docs/source/markdown/podman-pause.1.md b/docs/source/markdown/podman-pause.1.md index 123362822..98948739c 100644 --- a/docs/source/markdown/podman-pause.1.md +++ b/docs/source/markdown/podman-pause.1.md @@ -13,7 +13,7 @@ Pauses all the processes in one or more containers. You may use container IDs o ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Pause all running containers. diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md index 1be597b94..6206a2ea9 100644 --- a/docs/source/markdown/podman-play-kube.1.md +++ b/docs/source/markdown/podman-play-kube.1.md @@ -19,7 +19,7 @@ Note: If the `:latest` tag is used, Podman will attempt to pull the image from a ## OPTIONS -#### **--authfile**=*path* +#### **\-\-authfile**=*path* Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`. @@ -27,50 +27,50 @@ If the authorization state is not found there, $HOME/.docker/config.json is chec Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE environment variable. `export REGISTRY_AUTH_FILE=path` -#### **--cert-dir**=*path* +#### **\-\-cert-dir**=*path* Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client) -#### **--configmap**=*path* +#### **\-\-configmap**=*path* Use Kubernetes configmap YAML at path to provide a source for environment variable values within the containers of the pod. Note: The *--configmap* option can be used multiple times or a comma-separated list of paths can be used to pass multiple Kubernetes configmap YAMLs. -#### **--creds** +#### **\-\-creds** The [username[:password]] to use to authenticate with the registry if required. If one or both values are not supplied, a command line prompt will appear and the value can be entered. The password is entered without echo. -#### **--log-driver**=driver +#### **\-\-log-driver**=driver Set logging driver for all created containers. -#### **--network**=*networks*, **--net** +#### **\-\-network**=*networks*, **\-\-net** A comma-separated list of the names of CNI networks the pod should join. -#### **--quiet**, **-q** +#### **\-\-quiet**, **-q** Suppress output information when pulling images -#### **--seccomp-profile-root**=*path* +#### **\-\-seccomp-profile-root**=*path* Directory path for seccomp profiles (default: "/var/lib/kubelet/seccomp"). (This option is not available with the remote Podman client) -#### **--start**=*true|false* +#### **\-\-start**=*true|false* Start the pod after creating it, set to false to only create it. -#### **--tls-verify**=*true|false* +#### **\-\-tls-verify**=*true|false* Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markdown/podman-pod-create.1.md index 22eb07bf3..9ecde1ca3 100644 --- a/docs/source/markdown/podman-pod-create.1.md +++ b/docs/source/markdown/podman-pod-create.1.md @@ -15,71 +15,71 @@ containers added to it. The pod id is printed to STDOUT. You can then use ## OPTIONS -#### **--add-host**=_host_:_ip_ +#### **\-\-add-host**=_host_:_ip_ Add a host to the /etc/hosts file shared between all containers in the pod. -#### **--cgroup-parent**=*path* +#### **\-\-cgroup-parent**=*path* Path to cgroups under which the cgroup for the pod will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. -#### **--dns**=*ipaddr* +#### **\-\-dns**=*ipaddr* Set custom DNS servers in the /etc/resolv.conf file that will be shared between all containers in the pod. A special option, "none" is allowed which disables creation of /etc/resolv.conf for the pod. -#### **--dns-opt**=*option* +#### **\-\-dns-opt**=*option* Set custom DNS options in the /etc/resolv.conf file that will be shared between all containers in the pod. -#### **--dns-search**=*domain* +#### **\-\-dns-search**=*domain* Set custom DNS search domains in the /etc/resolv.conf file that will be shared between all containers in the pod. -#### **--help** +#### **\-\-help** Print usage statement. -#### **--hostname**=name +#### **\-\-hostname**=name Set a hostname to the pod -#### **--infra**=**true**|**false** +#### **\-\-infra**=**true**|**false** Create an infra container and associate it with the pod. An infra container is a lightweight container used to coordinate the shared kernel namespace of a pod. Default: true. -#### **--infra-conmon-pidfile**=*file* +#### **\-\-infra-conmon-pidfile**=*file* Write the pid of the infra container's **conmon** process to a file. As **conmon** runs in a separate process than Podman, this is necessary when using systemd to manage Podman containers and pods. -#### **--infra-command**=*command* +#### **\-\-infra-command**=*command* The command that will be run to start the infra container. Default: "/pause". -#### **--infra-image**=*image* +#### **\-\-infra-image**=*image* The image that will be created for the infra container. Default: "k8s.gcr.io/pause:3.1". -#### **--ip**=*ipaddr* +#### **\-\-ip**=*ipaddr* Set a static IP for the pod's shared network. -#### **--label**=*label*, **-l** +#### **\-\-label**=*label*, **-l** Add metadata to a pod (e.g., --label com.example.key=value). -#### **--label-file**=*label* +#### **\-\-label-file**=*label* Read in a line delimited file of labels. -#### **--mac-address**=*address* +#### **\-\-mac-address**=*address* Set a static MAC address for the pod's shared network. -#### **--name**=*name*, **-n** +#### **\-\-name**=*name*, **-n** Assign a name to the pod. -#### **--network**=*mode*, **--net** +#### **\-\-network**=*mode*, **\-\-net** Set network mode for the pod. Supported values are - **bridge**: Create a network stack on the default bridge. This is the default for rootful containers. @@ -96,19 +96,19 @@ Set network mode for the pod. Supported values are - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default. - **port_handler=slirp4netns**: Use the slirp4netns port forwarding. -#### **--network-alias**=strings +#### **\-\-network-alias**=strings Add a DNS alias for the container. When the container is joined to a CNI network with support for the dnsname plugin, the container will be accessible through this name from other containers in the network. -#### **--no-hosts**=**true**|**false** +#### **\-\-no-hosts**=**true**|**false** Disable creation of /etc/hosts for the pod. -#### **--pod-id-file**=*path* +#### **\-\-pod-id-file**=*path* Write the pod ID to the file. -#### **--publish**=*port*, **-p** +#### **\-\-publish**=*port*, **-p** Publish a port or range of ports from the pod to the host. @@ -119,11 +119,11 @@ Use `podman port` to see the actual mapping: `podman port CONTAINER $CONTAINERPO NOTE: This cannot be modified once the pod is created. -#### **--replace**=**true**|**false** +#### **\-\-replace**=**true**|**false** If another pod with the same name already exists, replace and remove it. The default is **false**. -#### **--share**=*namespace* +#### **\-\-share**=*namespace* A comma delimited list of kernel namespaces to share. If none or "" is specified, no namespaces will be shared. The namespaces to choose from are ipc, net, pid, uts. @@ -133,7 +133,7 @@ UUID short identifier (“f78375b1c487”) Name (“jonah”) podman generates a UUID for each pod, and if a name is not assigned -to the container with **--name** then a random string name will be generated +to the container with **\-\-name** then a random string name will be generated for it. The name is useful any place you need to identify a pod. ## EXAMPLES diff --git a/docs/source/markdown/podman-pod-inspect.1.md b/docs/source/markdown/podman-pod-inspect.1.md index 1f4e6cb06..9265b824c 100644 --- a/docs/source/markdown/podman-pod-inspect.1.md +++ b/docs/source/markdown/podman-pod-inspect.1.md @@ -11,12 +11,12 @@ Displays configuration and state information about a given pod. It also display that belong to the pod. ## OPTIONS -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the pod name or ID, use the last created pod. If you use methods other than Podman to run pods such as CRI-O, the last started pod could be from either of those methods. (This option is not available with the remote Podman client) -#### **--format**=*format*, **-f** +#### **\-\-format**=*format*, **-f** Change the default output format. This can be of a supported type like 'json' or a Go template. diff --git a/docs/source/markdown/podman-pod-kill.1.md b/docs/source/markdown/podman-pod-kill.1.md index d4eef2307..38bcaab17 100644 --- a/docs/source/markdown/podman-pod-kill.1.md +++ b/docs/source/markdown/podman-pod-kill.1.md @@ -10,16 +10,16 @@ podman\-pod\-kill - Kill the main process of each container in one or more pods The main process of each container inside the pods specified will be sent SIGKILL, or any signal specified with option --signal. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Sends signal to all containers associated with a pod. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the pod name or ID, use the last created pod. If you use methods other than Podman to run pods such as CRI-O, the last started pod could be from either of those methods. (This option is not available with the remote Podman client) -#### **--signal**, **-s** +#### **\-\-signal**, **-s** Signal to send to the containers in the pod. For more information on Linux signals, refer to *man signal(7)*. diff --git a/docs/source/markdown/podman-pod-pause.1.md b/docs/source/markdown/podman-pod-pause.1.md index 2c849a932..51dee5939 100644 --- a/docs/source/markdown/podman-pod-pause.1.md +++ b/docs/source/markdown/podman-pod-pause.1.md @@ -11,11 +11,11 @@ Pauses all the running processes in the containers of one or more pods. You may ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Pause all pods. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the pod name or ID, pause the last created pod. (This option is not available with the remote Podman client) diff --git a/docs/source/markdown/podman-pod-prune.1.md b/docs/source/markdown/podman-pod-prune.1.md index e90164c15..7b7137186 100644 --- a/docs/source/markdown/podman-pod-prune.1.md +++ b/docs/source/markdown/podman-pod-prune.1.md @@ -11,7 +11,7 @@ podman-pod-prune - Remove all stopped pods and their containers ## OPTIONS -#### **--force**, **-f** +#### **\-\-force**, **-f** Force removal of all running pods and their containers. The default is false. ## EXAMPLES diff --git a/docs/source/markdown/podman-pod-ps.1.md b/docs/source/markdown/podman-pod-ps.1.md index 7c1c4a0b4..0be22c2b1 100644 --- a/docs/source/markdown/podman-pod-ps.1.md +++ b/docs/source/markdown/podman-pod-ps.1.md @@ -26,35 +26,35 @@ By default it lists: ## OPTIONS -#### **--ctr-names** +#### **\-\-ctr-names** Includes the container names in the container info field -#### **--ctr-ids** +#### **\-\-ctr-ids** Includes the container IDs in the container info field -#### **--ctr-status** +#### **\-\-ctr-status** Includes the container statuses in the container info field -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Show the latest pod created (all states) (This option is not available with the remote Podman client) -#### **--no-trunc** +#### **\-\-no-trunc** Display the extended information -#### **--ns** +#### **\-\-ns** Display namespace information of the pod -#### **--quiet**, **-q** +#### **\-\-quiet**, **-q** Print the numeric IDs of the pods only -#### **--format**=*format* +#### **\-\-format**=*format* Pretty-print containers to JSON or using a Go template @@ -72,13 +72,13 @@ Valid placeholders for the Go template are listed below: | .InfraID | Pod infra container ID | | .Networks | Show all networks connected to the infra container | -#### **--sort** +#### **\-\-sort** Sort by created, ID, name, status, or number of containers Default: created -#### **--filter**, **-f**=*filter* +#### **\-\-filter**, **-f**=*filter* Filter output based on conditions given. Multiple filters can be given with multiple uses of the --filter flag. @@ -99,7 +99,7 @@ Valid filters are listed below: | ctr-status | Container status within the pod | | ctr-number | Number of containers in the pod | -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement diff --git a/docs/source/markdown/podman-pod-restart.1.md b/docs/source/markdown/podman-pod-restart.1.md index 65d05f977..15261d5aa 100644 --- a/docs/source/markdown/podman-pod-restart.1.md +++ b/docs/source/markdown/podman-pod-restart.1.md @@ -14,11 +14,11 @@ When restarting multiple pods, an error from restarting one pod will not effect ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Restarts all pods -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the pod name or ID, restart the last created pod. (This option is not available with the remote Podman client) diff --git a/docs/source/markdown/podman-pod-rm.1.md b/docs/source/markdown/podman-pod-rm.1.md index d185385b6..025bedc61 100644 --- a/docs/source/markdown/podman-pod-rm.1.md +++ b/docs/source/markdown/podman-pod-rm.1.md @@ -11,25 +11,25 @@ podman\-pod\-rm - Remove one or more stopped pods and containers ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Remove all pods. Can be used in conjunction with \-f as well. -#### **--ignore**, **-i** +#### **\-\-ignore**, **-i** Ignore errors when specified pods are not in the container store. A user might have decided to manually remove a pod which would lead to a failure during the ExecStop directive of a systemd service referencing that pod. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the pod name or ID, remove the last created pod. (This option is not available with the remote Podman client) -#### **--force**, **-f** +#### **\-\-force**, **-f** Stop running containers and delete all stopped containers before removal of pod. -#### **--pod-id-file** +#### **\-\-pod-id-file** Read pod ID from the specified file and remove the pod. Can be specified multiple times. diff --git a/docs/source/markdown/podman-pod-start.1.md b/docs/source/markdown/podman-pod-start.1.md index 40a71d879..78656b954 100644 --- a/docs/source/markdown/podman-pod-start.1.md +++ b/docs/source/markdown/podman-pod-start.1.md @@ -12,15 +12,15 @@ to be started. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Starts all pods -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the pod name or ID, start the last created pod. (This option is not available with the remote Podman client) -#### **--pod-id-file** +#### **\-\-pod-id-file** Read pod ID from the specified file and start the pod. Can be specified multiple times. diff --git a/docs/source/markdown/podman-pod-stats.1.md b/docs/source/markdown/podman-pod-stats.1.md index 3158ffc1c..6d67295d8 100644 --- a/docs/source/markdown/podman-pod-stats.1.md +++ b/docs/source/markdown/podman-pod-stats.1.md @@ -11,23 +11,23 @@ Display a live stream of containers in one or more pods resource usage statistic ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Show all containers. Only running containers are shown by default -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the pod name or ID, use the last created pod. (This option is not available with the remote Podman client) -#### **--no-reset** +#### **\-\-no-reset** Do not clear the terminal/screen in between reporting intervals -#### **--no-stream** +#### **\-\-no-stream** Disable streaming pod stats and only pull the first result, default setting is false -#### **--format**=*template* +#### **\-\-format**=*template* Pretty-print container statistics to JSON or using a Go template diff --git a/docs/source/markdown/podman-pod-stop.1.md b/docs/source/markdown/podman-pod-stop.1.md index 77f6af433..b68ee2377 100644 --- a/docs/source/markdown/podman-pod-stop.1.md +++ b/docs/source/markdown/podman-pod-stop.1.md @@ -11,25 +11,25 @@ Stop containers in one or more pods. You may use pod IDs or names as input. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Stops all pods -#### **--ignore**, **-i** +#### **\-\-ignore**, **-i** Ignore errors when specified pods are not in the container store. A user might have decided to manually remove a pod which would lead to a failure during the ExecStop directive of a systemd service referencing that pod. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the pod name or ID, stop the last created pod. (This option is not available with the remote Podman client) -#### **--time**, **-t**=*time* +#### **\-\-time**, **-t**=*time* Timeout to wait before forcibly stopping the containers in the pod. -#### **--pod-id-file** +#### **\-\-pod-id-file** Read pod ID from the specified file and stop the pod. Can be specified multiple times. diff --git a/docs/source/markdown/podman-pod-top.1.md b/docs/source/markdown/podman-pod-top.1.md index d374a0dca..ea86c3999 100644 --- a/docs/source/markdown/podman-pod-top.1.md +++ b/docs/source/markdown/podman-pod-top.1.md @@ -11,11 +11,11 @@ Display the running processes of containers in a pod. The *format-descriptors* a ## OPTIONS -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the pod name or ID, use the last created pod. (This option is not available with the remote Podman client) diff --git a/docs/source/markdown/podman-pod-unpause.1.md b/docs/source/markdown/podman-pod-unpause.1.md index 98022a50b..75230113f 100644 --- a/docs/source/markdown/podman-pod-unpause.1.md +++ b/docs/source/markdown/podman-pod-unpause.1.md @@ -11,11 +11,11 @@ Unpauses all the paused processes in the containers of one or more pods. You ma ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Unpause all pods. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the pod name or ID, unpause the last created pod. (This option is not available with the remote Podman client) diff --git a/docs/source/markdown/podman-port.1.md b/docs/source/markdown/podman-port.1.md index 7a84d181a..1db174e7d 100644 --- a/docs/source/markdown/podman-port.1.md +++ b/docs/source/markdown/podman-port.1.md @@ -13,12 +13,12 @@ List port mappings for the *container* or lookup the public-facing port that is ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** List all known port mappings for running containers. When using this option, you cannot pass any container names or private ports/protocols as filters. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) diff --git a/docs/source/markdown/podman-ps.1.md b/docs/source/markdown/podman-ps.1.md index 75eede527..b950fede4 100644 --- a/docs/source/markdown/podman-ps.1.md +++ b/docs/source/markdown/podman-ps.1.md @@ -13,7 +13,7 @@ podman\-ps - Prints out information about containers **podman container ls** [*options*] ## DESCRIPTION -**podman ps** lists the running containers on the system. Use the **--all** flag to view +**podman ps** lists the running containers on the system. Use the **\-\-all** flag to view all the containers information. By default it lists: * container id @@ -26,17 +26,17 @@ all the containers information. By default it lists: ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Show all the containers created by Podman, default is only running containers. Note: Podman shares containers storage with other tools such as Buildah and CRI-O. In some cases these `external` containers might also exist in the same storage. Use the `--external` option to see these external containers. External containers show the 'storage' status. -#### **--external** +#### **\-\-external** Display external containers that are not controlled by Podman but are stored in containers storage. These external containers are generally created via other container technology such as Buildah or CRI-O and may depend on the same container images that Podman is also using. External containers are denoted with either a 'buildah' or 'storage' in the COMMAND and STATUS column of the ps output. Only used with the --all option. -#### **--filter**, **-f** +#### **\-\-filter**, **-f** Filter what containers are shown in the output. Multiple filters can be given with multiple uses of the --filter flag. @@ -61,7 +61,7 @@ Valid filters are listed below: | network | [Network] name or full ID of network | -#### **--format**=*format* +#### **\-\-format**=*format* Pretty-print containers to JSON or using a Go template @@ -84,52 +84,52 @@ Valid placeholders for the Go template are listed below: | .Labels | All the labels assigned to the container | | .Mounts | Volumes mounted in the container | -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement -#### **--last**, **-n** +#### **\-\-last**, **-n** Print the n last created containers (all states) -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Show the latest container created (all states) (This option is not available with the remote Podman client) -#### **--namespace**, **--ns** +#### **\-\-namespace**, **\-\-ns** Display namespace information -#### **--no-trunc** +#### **\-\-no-trunc** Display the extended information -#### **--pod**, **-p** +#### **\-\-pod**, **-p** Display the pods the containers are associated with -#### **--quiet**, **-q** +#### **\-\-quiet**, **-q** Print the numeric IDs of the containers only -#### **--sort** +#### **\-\-sort** Sort by command, created, id, image, names, runningfor, size, or status", Note: Choosing size will sort by size of rootFs, not alphabetically like the rest of the options Default: created -#### **--size**, **-s** +#### **\-\-size**, **-s** Display the total file size -#### **--sync** +#### **\-\-sync** Force a sync of container state with the OCI runtime. In some cases, a container's state in the runtime can become out of sync with Podman's state. This will update Podman's state based on what the OCI runtime reports. Forcibly syncing is much slower, but can resolve inconsistent state issues. -#### **--watch**, **-w** +#### **\-\-watch**, **-w** Refresh the output with current containers on an interval in seconds. diff --git a/docs/source/markdown/podman-pull.1.md b/docs/source/markdown/podman-pull.1.md index 02ba736f2..79563fb57 100644 --- a/docs/source/markdown/podman-pull.1.md +++ b/docs/source/markdown/podman-pull.1.md @@ -65,16 +65,16 @@ Images are stored in local image storage. ## OPTIONS -#### **--all-tags**, **a** +#### **\-\-all-tags**, **a** All tagged images in the repository will be pulled. Note: When using the all-tags flag, Podman will not iterate over the search registries in the containers-registries.conf(5) but will always use docker.io for unqualified image names. -#### **--arch**=*ARCH* +#### **\-\-arch**=*ARCH* Override the architecture, defaults to hosts, of the image to be pulled. For example, `arm`. -#### **--authfile**=*path* +#### **\-\-authfile**=*path* Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`. @@ -82,46 +82,46 @@ If the authorization state is not found there, $HOME/.docker/config.json is chec Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE environment variable. `export REGISTRY_AUTH_FILE=path` -#### **--cert-dir**=*path* +#### **\-\-cert-dir**=*path* Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client) -#### **--creds**=*[username[:password]]* +#### **\-\-creds**=*[username[:password]]* The [username[:password]] to use to authenticate with the registry if required. If one or both values are not supplied, a command line prompt will appear and the value can be entered. The password is entered without echo. -#### **--disable-content-trust** +#### **\-\-disable-content-trust** This is a Docker specific option to disable image verification to a Docker registry and is not supported by Podman. This flag is a NOOP and provided solely for scripting compatibility. -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement -#### **--os**=*OS* +#### **\-\-os**=*OS* Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`. -#### **--platform**=*OS/ARCH* +#### **\-\-platform**=*OS/ARCH* Specify the platform for selecting the image. (Conflicts with --arch and --os) The `--platform` option can be used to override the current architecture and operating system. -#### **--quiet**, **-q** +#### **\-\-quiet**, **-q** Suppress output information when pulling images -#### **--tls-verify**=*true|false* +#### **\-\-tls-verify**=*true|false* Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. -#### **--variant**=*VARIANT* +#### **\-\-variant**=*VARIANT* Use _VARIANT_ instead of the default architecture variant of the container image. Some images can use multiple variants of the arm architectures, such as arm/v5 and arm/v7. diff --git a/docs/source/markdown/podman-push.1.md b/docs/source/markdown/podman-push.1.md index f42ee1020..1bef7ebdb 100644 --- a/docs/source/markdown/podman-push.1.md +++ b/docs/source/markdown/podman-push.1.md @@ -54,7 +54,7 @@ Images are pushed from those stored in local image storage. ## OPTIONS -#### **--authfile**=*path* +#### **\-\-authfile**=*path* Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`. @@ -62,49 +62,49 @@ If the authorization state is not found there, $HOME/.docker/config.json is chec Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE environment variable. `export REGISTRY_AUTH_FILE=path` -#### **--creds**=*[username[:password]]* +#### **\-\-creds**=*[username[:password]]* The [username[:password]] to use to authenticate with the registry if required. If one or both values are not supplied, a command line prompt will appear and the value can be entered. The password is entered without echo. -#### **--cert-dir**=*path* +#### **\-\-cert-dir**=*path* Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client) -#### **--compress** +#### **\-\-compress** Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type, compressed or uncompressed, as source) Note: This flag can only be set when using the **dir** transport -#### **--digestfile** *Digestfile* +#### **\-\-digestfile** *Digestfile* After copying the image, write the digest of the resulting image to the file. (This option is not available with the remote Podman client) -#### **--disable-content-trust** +#### **\-\-disable-content-trust** This is a Docker specific option to disable image verification to a Docker registry and is not supported by Podman. This flag is a NOOP and provided solely for scripting compatibility. -#### **--format**, **-f**=*format* +#### **\-\-format**, **-f**=*format* Manifest Type (oci, v2s2, or v2s1) to use when pushing an image. -#### **--quiet**, **-q** +#### **\-\-quiet**, **-q** When writing the output image, suppress progress output -#### **--remove-signatures** +#### **\-\-remove-signatures** Discard any pre-existing signatures in the image. (This option is not available with the remote Podman client) -#### **--sign-by**=*key* +#### **\-\-sign-by**=*key* Add a signature at the destination using the specified key. (This option is not available with the remote Podman client) -#### **--tls-verify**=*true|false* +#### **\-\-tls-verify**=*true|false* Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, diff --git a/docs/source/markdown/podman-remote.1.md b/docs/source/markdown/podman-remote.1.md index 1a6c7d3cc..3e20e1ded 100644 --- a/docs/source/markdown/podman-remote.1.md +++ b/docs/source/markdown/podman-remote.1.md @@ -25,15 +25,15 @@ The `containers.conf` file should be placed under `$HOME/.config/containers/cont ## GLOBAL OPTIONS -#### **--connection**=*name*, **-c** +#### **\-\-connection**=*name*, **-c** Remote connection name -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement -#### **--identity**=*path* +#### **\-\-identity**=*path* Path to ssh identity file. If the identity file has been encrypted, Podman prompts the user for the passphrase. If no identity file is provided and no user is given, Podman defaults to the user running the podman command. @@ -44,11 +44,11 @@ Identity value resolution precedence: - environment variable `CONTAINER_SSHKEY`, if `CONTAINER_HOST` is found - `containers.conf` -#### **--log-level**=*level* +#### **\-\-log-level**=*level* Log messages above specified level: debug, info, warn, error (default), fatal or panic -#### **--url**=*value* +#### **\-\-url**=*value* URL to access Podman service (default from `containers.conf`, rootless "unix://run/user/$UID/podman/podman.sock" or as root "unix://run/podman/podman.sock). @@ -67,7 +67,7 @@ URL value resolution precedence: - `containers.conf` - `unix://run/podman/podman.sock` -#### **--version** +#### **\-\-version** Print the version diff --git a/docs/source/markdown/podman-restart.1.md b/docs/source/markdown/podman-restart.1.md index 2b37e2ea4..0d6d3b595 100644 --- a/docs/source/markdown/podman-restart.1.md +++ b/docs/source/markdown/podman-restart.1.md @@ -14,17 +14,17 @@ Containers will be stopped if they are running and then restarted. Stopped containers will not be stopped and will only be started. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Restart all containers regardless of their current state. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) -#### **--running** +#### **\-\-running** Restart all containers that are already in the *running* state. -#### **--time**=*time*, **-t** +#### **\-\-time**=*time*, **-t** Timeout to wait before forcibly stopping the container. diff --git a/docs/source/markdown/podman-rm.1.md b/docs/source/markdown/podman-rm.1.md index 0abf2768c..1fce9d2f3 100644 --- a/docs/source/markdown/podman-rm.1.md +++ b/docs/source/markdown/podman-rm.1.md @@ -14,15 +14,15 @@ Running or unusable containers will not be removed without the **-f** option. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Remove all containers. Can be used in conjunction with **-f** as well. -#### **--cidfile** +#### **\-\-cidfile** Read container ID from the specified file and remove the container. Can be specified multiple times. -#### **--force**, **-f** +#### **\-\-force**, **-f** Force the removal of running and paused containers. Forcing a container removal also removes containers from container storage even if the container is not known to podman. @@ -30,21 +30,21 @@ Containers could have been created by a different container engine. In addition, forcing can be used to remove unusable containers, e.g. containers whose OCI runtime has become unavailable. -#### **--ignore**, **-i** +#### **\-\-ignore**, **-i** Ignore errors when specified containers are not in the container store. A user might have decided to manually remove a container which would lead to a failure during the ExecStop directive of a systemd service referencing that container. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) -#### **--volumes**, **-v** +#### **\-\-volumes**, **-v** Remove anonymous volumes associated with the container. This does not include named volumes -created with **podman volume create**, or the **--volume** option of **podman run** and **podman create**. +created with **podman volume create**, or the **\-\-volume** option of **podman run** and **podman create**. ## EXAMPLE Remove a container by its name *mywebserver* diff --git a/docs/source/markdown/podman-rmi.1.md b/docs/source/markdown/podman-rmi.1.md index 765c1bd6d..037a0a170 100644 --- a/docs/source/markdown/podman-rmi.1.md +++ b/docs/source/markdown/podman-rmi.1.md @@ -13,11 +13,11 @@ Removes one or more locally stored images. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Remove all images in the local storage. -#### **--force**, **-f** +#### **\-\-force**, **-f** This option will cause podman to remove all containers that are using the image before removing the image from the system. diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index f61344099..6d9d5ba28 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -25,7 +25,7 @@ pull** _image_ , before it starts the container from that image. Several files will be automatically created within the container. These include _/etc/hosts_, _/etc/hostname_, and _/etc/resolv.conf_ to manage networking. These will be based on the host's version of the files, though they can be -customized with options (for example, **--dns** will override the host's DNS +customized with options (for example, **\-\-dns** will override the host's DNS servers in the created _resolv.conf_). Additionally, a container environment file is created in each container to indicate to programs they are running in a container. This file is located at _/run/.containerenv_. When using the @@ -83,20 +83,20 @@ and specified with a _tag_. $ podman run oci-archive:/tmp/fedora echo hello ## OPTIONS -#### **--add-host**=_host_:_ip_ +#### **\-\-add-host**=_host_:_ip_ Add a line to container's _/etc/hosts_ for custom host-to-IP mapping. This option can be set multiple times. -#### **--annotation**=_key_=_value_ +#### **\-\-annotation**=_key_=_value_ Add an annotation to the container. This option can be set multiple times. -#### **--arch**=*ARCH* +#### **\-\-arch**=*ARCH* Override the architecture, defaults to hosts, of the image to be pulled. For example, `arm`. -#### **--attach**, **-a**=**stdin**|**stdout**|**stderr** +#### **\-\-attach**, **-a**=**stdin**|**stdout**|**stderr** Attach to STDIN, STDOUT or STDERR. @@ -107,30 +107,30 @@ error. It can even pretend to be a TTY (this is what most commandline executables expect) and pass along signals. The **-a** option can be set for each of **stdin**, **stdout**, and **stderr**. -#### **--authfile**[=*path*] +#### **\-\-authfile**[=*path*] Path to the authentication file. Default is *${XDG_RUNTIME_DIR}/containers/auth.json*. Note: You can also override the default path of the authentication file by setting the **REGISTRY_AUTH_FILE** environment variable. -#### **--blkio-weight**=*weight* +#### **\-\-blkio-weight**=*weight* Block IO relative weight. The _weight_ is a value between **10** and **1000**. -#### **--blkio-weight-device**=*device*:*weight* +#### **\-\-blkio-weight-device**=*device*:*weight* Block IO relative device weight. -#### **--cap-add**=*capability* +#### **\-\-cap-add**=*capability* Add Linux capabilities. -#### **--cap-drop**=*capability* +#### **\-\-cap-drop**=*capability* Drop Linux capabilities. -#### **--cgroupns**=*mode* +#### **\-\-cgroupns**=*mode* Set the cgroup namespace mode for the container. @@ -141,34 +141,34 @@ Set the cgroup namespace mode for the container. If the host uses cgroups v1, the default is set to **host**. On cgroups v2, the default is **private**. -#### **--cgroups**=**enabled**|**disabled**|**no-conmon**|**split** +#### **\-\-cgroups**=**enabled**|**disabled**|**no-conmon**|**split** Determines whether the container will create CGroups. Default is **enabled**. The **enabled** option will create a new cgroup under the cgroup-parent. -The **disabled** option will force the container to not create CGroups, and thus conflicts with CGroup options (**--cgroupns** and **--cgroup-parent**). +The **disabled** option will force the container to not create CGroups, and thus conflicts with CGroup options (**\-\-cgroupns** and **\-\-cgroup-parent**). The **no-conmon** option disables a new CGroup only for the **conmon** process. -The **split** option splits the current cgroup in two sub-cgroups: one for conmon and one for the container payload. It is not possible to set **--cgroup-parent** with **split**. +The **split** option splits the current cgroup in two sub-cgroups: one for conmon and one for the container payload. It is not possible to set **\-\-cgroup-parent** with **split**. -#### **--cgroup-parent**=*path* +#### **\-\-cgroup-parent**=*path* Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. -#### **--cgroup-conf**=*KEY=VALUE* +#### **\-\-cgroup-conf**=*KEY=VALUE* -When running on cgroup v2, specify the cgroup file to write to and its value. For example **--cgroup-conf=memory.high=1073741824** sets the memory.high limit to 1GB. +When running on cgroup v2, specify the cgroup file to write to and its value. For example **\-\-cgroup-conf=memory.high=1073741824** sets the memory.high limit to 1GB. -#### **--cidfile**=*file* +#### **\-\-cidfile**=*file* Write the container ID to *file*. -#### **--conmon-pidfile**=*file* +#### **\-\-conmon-pidfile**=*file* Write the pid of the **conmon** process to a file. As **conmon** runs in a separate process than Podman, this is necessary when using systemd to restart Podman containers. -#### **--cpu-period**=*limit* +#### **\-\-cpu-period**=*limit* Set the CPU period for the Completely Fair Scheduler (CFS), which is a duration in microseconds. Once the container's CPU quota is used up, it will @@ -179,26 +179,26 @@ On some systems, changing the CPU limits may not be allowed for non-root users. For more details, see https://github.com/containers/podman/blob/master/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error -#### **--cpu-quota**=*limit* +#### **\-\-cpu-quota**=*limit* Limit the CPU Completely Fair Scheduler (CFS) quota. Limit the container's CPU usage. By default, containers run with the full CPU resource. The limit is a number in microseconds. If you provide a number, the container will be allowed to use that much CPU time until the CPU period -ends (controllable via **--cpu-period**). +ends (controllable via **\-\-cpu-period**). On some systems, changing the CPU limits may not be allowed for non-root users. For more details, see https://github.com/containers/podman/blob/master/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error -#### **--cpu-rt-period**=*microseconds* +#### **\-\-cpu-rt-period**=*microseconds* Limit the CPU real-time period in microseconds. Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify. -#### **--cpu-rt-runtime**=*microseconds* +#### **\-\-cpu-rt-runtime**=*microseconds* Limit the CPU real-time runtime in microseconds. @@ -207,7 +207,7 @@ Period of 1,000,000us and Runtime of 950,000us means that this container could c The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup. -#### **--cpu-shares**=*shares* +#### **\-\-cpu-shares**=*shares* CPU shares (relative weight). @@ -232,8 +232,8 @@ cores. Even if a container is limited to less than 100% of CPU time, it can use 100% of each individual CPU core. For example, consider a system with more than three cores. If you start one -container **{C0}** with **--cpu-shares=512** running one process, and another container -**{C1}** with **--cpu-shares=1024** running two processes, this can result in the following +container **{C0}** with **\-\-cpu-shares=512** running one process, and another container +**{C1}** with **\-\-cpu-shares=1024** running two processes, this can result in the following division of CPU shares: | PID | container | CPU | CPU share | @@ -242,30 +242,30 @@ division of CPU shares: | 101 | {C1} | 1 | 100% of CPU1 | | 102 | {C1} | 2 | 100% of CPU2 | -#### **--cpus**=*number* +#### **\-\-cpus**=*number* Number of CPUs. The default is *0.0* which means no limit. This is shorthand -for **--cpu-period** and **--cpu-quota**, so you may only set either -#### **--cpus** or **--cpu-period** and **--cpu-quota**. +for **\-\-cpu-period** and **\-\-cpu-quota**, so you may only set either +#### **\-\-cpus** or **\-\-cpu-period** and **\-\-cpu-quota**. On some systems, changing the CPU limits may not be allowed for non-root users. For more details, see https://github.com/containers/podman/blob/master/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error -#### **--cpuset-cpus**=*number* +#### **\-\-cpuset-cpus**=*number* CPUs in which to allow execution. Can be specified as a comma-separated list (e.g. **0,1**), as a range (e.g. **0-3**), or any combination thereof (e.g. **0-3,7,11-15**). -#### **--cpuset-mems**=*nodes* +#### **\-\-cpuset-mems**=*nodes* Memory nodes (MEMs) in which to allow execution. Only effective on NUMA systems. -For example, if you have four memory nodes (0-3) on your system, use **--cpuset-mems=0,1** +For example, if you have four memory nodes (0-3) on your system, use **\-\-cpuset-mems=0,1** to only use memory from the first two memory nodes. -#### **--detach**, **-d**=**true**|**false** +#### **\-\-detach**, **-d**=**true**|**false** Detached mode: run the container in the background and print the new container ID. The default is *false*. @@ -275,10 +275,10 @@ detached container with **podman attach**. When attached in the tty mode, you can detach from the container (and leave it running) using a configurable key sequence. The default sequence is `ctrl-p,ctrl-q`. -Configure the keys sequence using the **--detach-keys** option, or specifying +Configure the keys sequence using the **\-\-detach-keys** option, or specifying it in the **containers.conf** file: see **containers.conf(5)** for more information. -#### **--detach-keys**=*sequence* +#### **\-\-detach-keys**=*sequence* Specify the key sequence for detaching a container. Format is a single character `[a-Z]` or one or more `ctrl-<value>` characters where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. Specifying "" will disable this feature. The default is *ctrl-p,ctrl-q*. @@ -286,73 +286,73 @@ This option can also be set in **containers.conf**(5) file. Specifying "" will disable this feature. The default is **ctrl-p,ctrl-q**. -#### **--device**=_host-device_[**:**_container-device_][**:**_permissions_] +#### **\-\-device**=_host-device_[**:**_container-device_][**:**_permissions_] Add a host device to the container. Optional *permissions* parameter can be used to specify device permissions, it is combination of **r** for read, **w** for write, and **m** for **mknod**(2). -Example: **--device=/dev/sdc:/dev/xvdc:rwm**. +Example: **\-\-device=/dev/sdc:/dev/xvdc:rwm**. Note: if _host_device_ is a symbolic link then it will be resolved first. The container will only store the major and minor numbers of the host device. Note: if the user only has access rights via a group, accessing the device from inside a rootless container will fail. The **crun**(1) runtime offers a -workaround for this by adding the option **--annotation run.oci.keep_original_groups=1**. +workaround for this by adding the option **\-\-annotation run.oci.keep_original_groups=1**. Podman may load kernel modules required for using the specified device. The devices that Podman will load modules when necessary are: /dev/fuse. -#### **--device-cgroup-rule**=rule +#### **\-\-device-cgroup-rule**=rule Add a rule to the cgroup allowed devices list -#### **--device-read-bps**=_path_:_rate_ +#### **\-\-device-read-bps**=_path_:_rate_ -Limit read rate (in bytes per second) from a device (e.g. **--device-read-bps=/dev/sda:1mb**). +Limit read rate (in bytes per second) from a device (e.g. **\-\-device-read-bps=/dev/sda:1mb**). -#### **--device-read-iops**=_path_:_rate_ +#### **\-\-device-read-iops**=_path_:_rate_ -Limit read rate (in IO operations per second) from a device (e.g. **--device-read-iops=/dev/sda:1000**). +Limit read rate (in IO operations per second) from a device (e.g. **\-\-device-read-iops=/dev/sda:1000**). -#### **--device-write-bps**=_path_:_rate_ +#### **\-\-device-write-bps**=_path_:_rate_ -Limit write rate (in bytes per second) to a device (e.g. **--device-write-bps=/dev/sda:1mb**). +Limit write rate (in bytes per second) to a device (e.g. **\-\-device-write-bps=/dev/sda:1mb**). -#### **--device-write-iops**=_path_:_rate_ +#### **\-\-device-write-iops**=_path_:_rate_ -Limit write rate (in IO operations per second) to a device (e.g. **--device-write-iops=/dev/sda:1000**). +Limit write rate (in IO operations per second) to a device (e.g. **\-\-device-write-iops=/dev/sda:1000**). -#### **--disable-content-trust** +#### **\-\-disable-content-trust** This is a Docker specific option to disable image verification to a Docker registry and is not supported by Podman. This flag is a NOOP and provided solely for scripting compatibility. -#### **--dns**=*ipaddr* +#### **\-\-dns**=*ipaddr* -Set custom DNS servers. Invalid if using **--dns** with **--network** that is set to **none** or **container:**_id_. +Set custom DNS servers. Invalid if using **\-\-dns** with **\-\-network** that is set to **none** or **container:**_id_. This option can be used to override the DNS configuration passed to the container. Typically this is necessary when the host DNS configuration is invalid for the container (e.g., **127.0.0.1**). When this -is the case the **--dns** flags is necessary for every run. +is the case the **\-\-dns** flags is necessary for every run. The special value **none** can be specified to disable creation of _/etc/resolv.conf_ in the container by Podman. The _/etc/resolv.conf_ file in the image will be used without changes. -#### **--dns-opt**=*option* +#### **\-\-dns-opt**=*option* -Set custom DNS options. Invalid if using **--dns-opt** with **--network** that is set to **none** or **container:**_id_. +Set custom DNS options. Invalid if using **\-\-dns-opt** with **\-\-network** that is set to **none** or **container:**_id_. -#### **--dns-search**=*domain* +#### **\-\-dns-search**=*domain* -Set custom DNS search domains. Invalid if using **--dns-search** and **--network** that is set to **none** or **container:**_id_. -Use **--dns-search=.** if you don't wish to set the search domain. +Set custom DNS search domains. Invalid if using **\-\-dns-search** and **\-\-network** that is set to **none** or **container:**_id_. +Use **\-\-dns-search=.** if you don't wish to set the search domain. -#### **--entrypoint**=*"command"* | *'["command", "arg1", ...]'* +#### **\-\-entrypoint**=*"command"* | *'["command", "arg1", ...]'* Overwrite the default ENTRYPOINT of the image. @@ -365,12 +365,12 @@ default nature or behavior, so that when you set an ENTRYPOINT you can run the container as if it were that binary, complete with default options, and you can pass in more options via the COMMAND. But, sometimes an operator may want to run something else inside the container, so you can override the default ENTRYPOINT -at runtime by using a **--entrypoint** and a string to specify the new +at runtime by using a **\-\-entrypoint** and a string to specify the new ENTRYPOINT. You need to specify multi option commands in the form of a json string. -#### **--env**, **-e**=*env* +#### **\-\-env**, **-e**=*env* Set environment variables. @@ -378,37 +378,37 @@ This option allows arbitrary environment variables that are available for the pr See [**Environment**](#environment) note below for precedence and examples. -#### **--env-host**=**true**|**false** +#### **\-\-env-host**=**true**|**false** Use host environment inside of the container. See **Environment** note below for precedence. (This option is not available with the remote Podman client) -#### **--env-file**=*file* +#### **\-\-env-file**=*file* Read in a line delimited file of environment variables. See **Environment** note below for precedence. -#### **--expose**=*port* +#### **\-\-expose**=*port* -Expose a port, or a range of ports (e.g. **--expose=3300-3310**) to set up port redirection +Expose a port, or a range of ports (e.g. **\-\-expose=3300-3310**) to set up port redirection on the host system. -#### **--gidmap**=*container_gid*:*host_gid*:*amount* +#### **\-\-gidmap**=*container_gid*:*host_gid*:*amount* -Run the container in a new user namespace using the supplied mapping. This option conflicts with the **--userns** and **--subgidname** flags. +Run the container in a new user namespace using the supplied mapping. This option conflicts with the **\-\-userns** and **\-\-subgidname** flags. This option can be passed several times to map different ranges. If calling **podman run** as an unprivileged user, the user needs to have the right to use the mapping. See **subuid**(5). -The example maps gids **0-1999** in the container to the gids **30000-31999** on the host: **--gidmap=0:30000:2000**. +The example maps gids **0-1999** in the container to the gids **30000-31999** on the host: **\-\-gidmap=0:30000:2000**. -**Important note:** The new user namespace mapping based on **--gidmap** is based on the initial mapping made in the _/etc/subgid_ file. +**Important note:** The new user namespace mapping based on **\-\-gidmap** is based on the initial mapping made in the _/etc/subgid_ file. Assuming there is a _/etc/subgid_ mapping **groupname:100000:65536**, then **groupname** is initially mapped to a namespace starting with -gid **100000** for **65536** ids. From here the **--gidmap** mapping to the new namespace starts from **0** again, but is based on the initial mapping. -Meaning **groupname** is initially mapped to gid **100000** which is referenced as **0** in the following **--gidmap** mapping. In terms of the example +gid **100000** for **65536** ids. From here the **\-\-gidmap** mapping to the new namespace starts from **0** again, but is based on the initial mapping. +Meaning **groupname** is initially mapped to gid **100000** which is referenced as **0** in the following **\-\-gidmap** mapping. In terms of the example above: The group **groupname** is mapped to group **100000** of the initial namespace then the **30000**st id of this namespace (which is gid 130000 in this namespace) is mapped to container namespace group id **0**. (groupname -> 100000 / 30000 -> 0) -#### **--group-add**=*group* +#### **\-\-group-add**=*group* Add additional groups to run as -#### **--health-cmd**=*"command"* | *'["command", "arg1", ...]'* +#### **\-\-health-cmd**=*"command"* | *'["command", "arg1", ...]'* Set or alter a healthcheck command for a container. The command is a command to be executed inside your container that determines your container health. The command is required for other healthcheck options @@ -417,35 +417,35 @@ to be applied. A value of **none** disables existing healthchecks. Multiple options can be passed in the form of a JSON array; otherwise, the command will be interpreted as an argument to **/bin/sh -c**. -#### **--health-interval**=*interval* +#### **\-\-health-interval**=*interval* Set an interval for the healthchecks. An _interval_ of **disable** results in no automatic timer setup. The default is **30s**. -#### **--health-retries**=*retries* +#### **\-\-health-retries**=*retries* The number of retries allowed before a healthcheck is considered to be unhealthy. The default value is **3**. -#### **--health-start-period**=*period* +#### **\-\-health-start-period**=*period* The initialization time needed for a container to bootstrap. The value can be expressed in time format like **2m3s**. The default value is **0s**. -#### **--health-timeout**=*timeout* +#### **\-\-health-timeout**=*timeout* The maximum time allowed to complete the healthcheck before an interval is considered failed. Like start-period, the value can be expressed in a time format such as **1m22s**. The default value is **30s**. -#### **--help** +#### **\-\-help** Print usage statement -#### **--hostname**=*name*, **-h** +#### **\-\-hostname**=*name*, **-h** Container host name Sets the container host name that is available inside the container. Can only be used with a private UTS namespace `--uts=private` (default). If `--pod` is specified and the pod shares the UTS namespace (default) the pod's hostname will be used. -#### **--http-proxy**=**true**|**false** +#### **\-\-http-proxy**=**true**|**false** By default proxy environment variables are passed into the container if set for the Podman process. This can be disabled by setting the value to **false**. @@ -455,12 +455,12 @@ those. This option is only needed when the host system must use a proxy but the container should not use any proxy. Proxy environment variables specified for the container in any other way will override the values that would have been passed through from the host. (Other ways to specify the proxy for the -container include passing the values with the **--env** flag, or hard coding the +container include passing the values with the **\-\-env** flag, or hard coding the proxy environment at container build time.) (This option is not available with the remote Podman client) Defaults to **true**. -#### **--image-volume**, **builtin-volume**=**bind**|**tmpfs**|**ignore** +#### **\-\-image-volume**, **builtin-volume**=**bind**|**tmpfs**|**ignore** Tells Podman how to handle the builtin image volumes. Default is **bind**. @@ -469,30 +469,30 @@ Tells Podman how to handle the builtin image volumes. Default is **bind**. content that disappears when the container is stopped. - **ignore**: All volumes are just ignored and no action is taken. -#### **--init** +#### **\-\-init** Run an init inside the container that forwards signals and reaps processes. -#### **--init-path**=*path* +#### **\-\-init-path**=*path* Path to the container-init binary. -#### **--interactive**, **-i**=**true**|**false** +#### **\-\-interactive**, **-i**=**true**|**false** When set to **true**, keep stdin open even if not attached. The default is **false**. -#### **--ip6**=*ip* +#### **\-\-ip6**=*ip* Not implemented. -#### **--ip**=*ip* +#### **\-\-ip**=*ip* Specify a static IP address for the container, for example **10.88.64.128**. This option can only be used if the container is joined to only a single network - i.e., `--network=_network-name_` is used at most once and if the container is not joining another container's network namespace via `--network=container:_id_`. The address must be within the CNI network's IP address pool (default **10.88.0.0/16**). -#### **--ipc**=*mode* +#### **\-\-ipc**=*mode* Set the IPC namespace mode for a container. The default is to create a private IPC namespace. @@ -501,7 +501,7 @@ a private IPC namespace. - **host**: use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. - **ns:**_path_: path to an IPC namespace to join. -#### **--kernel-memory**=_number_[_unit_] +#### **\-\-kernel-memory**=_number_[_unit_] Kernel memory limit. A _unit_ can be **b** (bytes), **k** (kilobytes), **m** (megabytes), or **g** (gigabytes). @@ -511,40 +511,40 @@ is not limited. If you specify a limit, it may be rounded up to a multiple of the operating system's page size and the value can be very large, millions of trillions. -#### **--label**, **-l**=*key*=*value* +#### **\-\-label**, **-l**=*key*=*value* Add metadata to a container. -#### **--label-file**=*file* +#### **\-\-label-file**=*file* Read in a line-delimited file of labels. -#### **--link-local-ip**=*ip* +#### **\-\-link-local-ip**=*ip* Not implemented. -#### **--log-driver**="*driver*" +#### **\-\-log-driver**="*driver*" Logging driver for the container. Currently available options are **k8s-file**, **journald**, and **none**, with **json-file** aliased to **k8s-file** for scripting compatibility. -#### **--log-opt**=*name*=*value* +#### **\-\-log-opt**=*name*=*value* Logging driver specific options. Set custom logging configuration. The following *name*s are supported: **path**: specify a path to the log file - (e.g. **--log-opt path=/var/log/container/mycontainer.json**); + (e.g. **\-\-log-opt path=/var/log/container/mycontainer.json**); **max-size**: specify a max size of the log file - (e.g. **--log-opt max-size=10mb**); + (e.g. **\-\-log-opt max-size=10mb**); **tag**: specify a custom log tag for the container - (e.g. **--log-opt tag="{{.ImageName}}"**. + (e.g. **\-\-log-opt tag="{{.ImageName}}"**. This option is currently supported only by the **journald** log driver. -#### **--mac-address**=*address* +#### **\-\-mac-address**=*address* Container MAC address (e.g. **92:d0:c6:0a:29:33**). @@ -552,7 +552,7 @@ Remember that the MAC address in an Ethernet network must be unique. The IPv6 link-local address will be based on the device's MAC address according to RFC4862. -#### **--memory**, **-m**=_number_[_unit_] +#### **\-\-memory**, **-m**=_number_[_unit_] Memory limit. A _unit_ can be **b** (bytes), **k** (kilobytes), **m** (megabytes), or **g** (gigabytes). @@ -562,33 +562,33 @@ RAM. If a limit of 0 is specified (not using **-m**), the container's memory is not limited. The actual limit may be rounded up to a multiple of the operating system's page size (the value would be very large, that's millions of trillions). -#### **--memory-reservation**=_number_[_unit_] +#### **\-\-memory-reservation**=_number_[_unit_] Memory soft limit. A _unit_ can be **b** (bytes), **k** (kilobytes), **m** (megabytes), or **g** (gigabytes). After setting memory reservation, when the system detects memory contention or low memory, containers are forced to restrict their consumption to their -reservation. So you should always set the value below **--memory**, otherwise the +reservation. So you should always set the value below **\-\-memory**, otherwise the hard limit will take precedence. By default, memory reservation will be the same as memory limit. -#### **--memory-swap**=_number_[_unit_] +#### **\-\-memory-swap**=_number_[_unit_] A limit value equal to memory plus swap. A _unit_ can be **b** (bytes), **k** (kilobytes), **m** (megabytes), or **g** (gigabytes). -Must be used with the **-m** (**--memory**) flag. +Must be used with the **-m** (**\-\-memory**) flag. The argument value should always be larger than that of - **-m** (**--memory**) By default, it is set to double -the value of **--memory**. + **-m** (**\-\-memory**) By default, it is set to double +the value of **\-\-memory**. Set _number_ to **-1** to enable unlimited swap. -#### **--memory-swappiness**=*number* +#### **\-\-memory-swappiness**=*number* Tune a container's memory swappiness behavior. Accepts an integer between *0* and *100*. -#### **--mount**=*type=TYPE,TYPE-SPECIFIC-OPTION[,...]* +#### **\-\-mount**=*type=TYPE,TYPE-SPECIFIC-OPTION[,...]* Attach a filesystem mount to the container @@ -644,7 +644,7 @@ Current supported mount TYPEs are **bind**, **volume**, **image**, **tmpfs** and · notmpcopyup: Disable copying files from the image to the tmpfs. -#### **--name**=*name* +#### **\-\-name**=*name* Assign a name to the container. @@ -655,13 +655,13 @@ The operator can identify a container in three ways: - Name (“jonah”). Podman generates a UUID for each container, and if a name is not assigned -to the container with **--name** then it will generate a random +to the container with **\-\-name** then it will generate a random string name. The name is useful any place you need to identify a container. This works for both background and foreground containers. -#### **--network**=*mode*, **--net** +#### **\-\-network**=*mode*, **\-\-net** -Set the network mode for the container. Invalid if using **--dns**, **--dns-opt**, or **--dns-search** with **--network** that is set to **none** or **container:**_id_. If used together with **--pod**, the container will not join the pods network namespace. +Set the network mode for the container. Invalid if using **\-\-dns**, **\-\-dns-opt**, or **\-\-dns-search** with **\-\-network** that is set to **none** or **container:**_id_. If used together with **\-\-pod**, the container will not join the pods network namespace. Valid _mode_ values are: @@ -684,34 +684,34 @@ Valid _mode_ values are: - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default. - **port_handler=slirp4netns**: Use the slirp4netns port forwarding. -#### **--network-alias**=*alias* +#### **\-\-network-alias**=*alias* Add network-scoped alias for the container -#### **--no-healthcheck**=*true|false* +#### **\-\-no-healthcheck**=*true|false* Disable any defined healthchecks for container. -#### **--no-hosts**=**true**|**false** +#### **\-\-no-hosts**=**true**|**false** Do not create _/etc/hosts_ for the container. -By default, Podman will manage _/etc/hosts_, adding the container's own IP address and any hosts from **--add-host**. -#### **--no-hosts** disables this, and the image's _/etc/hosts_ will be preserved unmodified. -This option conflicts with **--add-host**. +By default, Podman will manage _/etc/hosts_, adding the container's own IP address and any hosts from **\-\-add-host**. +#### **\-\-no-hosts** disables this, and the image's _/etc/hosts_ will be preserved unmodified. +This option conflicts with **\-\-add-host**. -#### **--oom-kill-disable**=**true**|**false** +#### **\-\-oom-kill-disable**=**true**|**false** Whether to disable OOM Killer for the container or not. -#### **--oom-score-adj**=*num* +#### **\-\-oom-score-adj**=*num* Tune the host's OOM preferences for containers (accepts values from **-1000** to **1000**). -#### **--os**=*OS* +#### **\-\-os**=*OS* Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`. -#### **--pid**=*mode* +#### **\-\-pid**=*mode* Set the PID namespace mode for the container. The default is to create a private PID namespace for the container. @@ -721,32 +721,32 @@ The default is to create a private PID namespace for the container. - **private**: create a new namespace for the container (default) - **ns:**_path_: join the specified PID namespace. -#### **--pids-limit**=*limit* +#### **\-\-pids-limit**=*limit* Tune the container's pids limit. Set to **0** to have unlimited pids for the container. The default is **4096** on systems that support "pids" cgroup controller. -#### **--platform**=*OS/ARCH* +#### **\-\-platform**=*OS/ARCH* Specify the platform for selecting the image. (Conflicts with --arch and --os) The `--platform` option can be used to override the current architecture and operating system. -#### **--pod**=*name* +#### **\-\-pod**=*name* Run container in an existing pod. If you want Podman to make the pod for you, prefix the pod name with **new:**. To make a pod with more granular options, use the **podman pod create** command before creating a container. If a container is run with a pod, and the pod has an infra-container, the infra-container will be started before the container is. -#### **--pod-id-file**=*path* +#### **\-\-pod-id-file**=*path* Run container in an existing pod and read the pod's ID from the specified file. If a container is run within a pod, and the pod has an infra-container, the infra-container will be started before the container is. -#### **--preserve-fds**=*N* +#### **\-\-preserve-fds**=*N* Pass down to the process N additional file descriptors (in addition to 0, 1, 2). The total FDs will be 3+N. -#### **--privileged**=**true**|**false** +#### **\-\-privileged**=**true**|**false** Give extended privileges to this container. The default is **false**. @@ -761,7 +761,7 @@ points, Apparmor/SELinux separation, and Seccomp filters are all disabled. Rootless containers cannot have more privileges than the account that launched them. -#### **--publish**, **-p**=_ip_:_hostPort_:_containerPort_ | _ip_::_containerPort_ | _hostPort_:_containerPort_ | _containerPort_ +#### **\-\-publish**, **-p**=_ip_:_hostPort_:_containerPort_ | _ip_::_containerPort_ | _hostPort_:_containerPort_ | _containerPort_ Publish a container's port, or range of ports, to the host. @@ -784,7 +784,7 @@ associated ports. If one container binds to a port, no other container can use t within the pod while it is in use. Containers in the pod can also communicate over localhost by having one container bind to localhost in the pod, and another connect to that port. -#### **--publish-all**, **-P**=**true**|**false** +#### **\-\-publish-all**, **-P**=**true**|**false** Publish all exposed ports to random ports on the host interfaces. The default is **false**. @@ -797,7 +797,7 @@ When using this option, Podman will bind any exposed port to a random port on th within an ephemeral port range defined by */proc/sys/net/ipv4/ip_local_port_range*. To find the mapping between the host ports and the exposed ports, use **podman port**. -#### **--pull**=**always**|**missing**|**never** +#### **\-\-pull**=**always**|**missing**|**never** Pull image before running. The default is **missing**. @@ -805,27 +805,27 @@ Pull image before running. The default is **missing**. - **always**: Pull the image from the first registry it is found in as listed in registries.conf. Raise an error if not found in the registries, even if the image is present locally. - **never**: do not pull the image from the registry, use only the local version. Raise an error if the image is not present locally. -#### **--quiet**, **-q** +#### **\-\-quiet**, **-q** Suppress output information when pulling images -#### **--read-only**=**true**|**false** +#### **\-\-read-only**=**true**|**false** Mount the container's root filesystem as read only. By default a container will have its root filesystem writable allowing processes -to write files anywhere. By specifying the **--read-only** flag, the container will have +to write files anywhere. By specifying the **\-\-read-only** flag, the container will have its root filesystem mounted as read only prohibiting any writes. -#### **--read-only-tmpfs**=**true**|**false** +#### **\-\-read-only-tmpfs**=**true**|**false** -If container is running in **--read-only** mode, then mount a read-write tmpfs on _/run_, _/tmp_, and _/var/tmp_. The default is **true**. +If container is running in **\-\-read-only** mode, then mount a read-write tmpfs on _/run_, _/tmp_, and _/var/tmp_. The default is **true**. -#### **--replace**=**true**|**false** +#### **\-\-replace**=**true**|**false** If another container with the same name already exists, replace and remove it. The default is **false**. -#### **--restart**=*policy* +#### **\-\-restart**=*policy* Restart policy to follow when containers exit. Restart policy will not take effect if a container is stopped via the **podman kill** or **podman stop** commands. @@ -841,16 +841,16 @@ Please note that restart will not restart containers after a system reboot. If this functionality is required in your environment, you can invoke Podman from a **systemd.unit**(5) file, or create an init script for whichever init system is in use. To generate systemd unit files, please see **podman generate systemd**. -#### **--rm**=**true**|**false** +#### **\-\-rm**=**true**|**false** Automatically remove the container when it exits. The default is **false**. -#### **--rmi**=*true|false* +#### **\-\-rmi**=*true|false* After exit of the container, remove the image unless another container is using it. The default is *false*. -#### **--rootfs** +#### **\-\-rootfs** If specified, the first argument refers to an exploded container on the file system. @@ -860,7 +860,7 @@ of the container is assumed to be managed externally. Note: On **SELinux** systems, the rootfs needs the correct label, which is by default **unconfined_u:object_r:container_file_t**. -#### **--sdnotify**=**container**|**conmon**|**ignore** +#### **\-\-sdnotify**=**container**|**conmon**|**ignore** Determines how to use the NOTIFY_SOCKET, as passed with systemd and Type=notify. @@ -871,13 +871,13 @@ has started. The socket is never passed to the runtime or the container. The **ignore** option removes NOTIFY_SOCKET from the environment for itself and child processes, for the case where some other process above Podman uses NOTIFY_SOCKET and Podman should not use it. -#### **--seccomp-policy**=*policy* +#### **\-\-seccomp-policy**=*policy* -Specify the policy to select the seccomp profile. If set to *image*, Podman will look for a "io.podman.seccomp.profile" label in the container-image config and use its value as a seccomp profile. Otherwise, Podman will follow the *default* policy by applying the default profile unless specified otherwise via *--security-opt seccomp* as described below. +Specify the policy to select the seccomp profile. If set to *image*, Podman will look for a "io.containers.seccomp.profile" label in the container-image config and use its value as a seccomp profile. Otherwise, Podman will follow the *default* policy by applying the default profile unless specified otherwise via *--security-opt seccomp* as described below. Note that this feature is experimental and may change in the future. -#### **--secret**=*secret* +#### **\-\-secret**=*secret* Give the container access to a secret. Can be specified multiple times. @@ -892,7 +892,7 @@ secret value will still remain. Secrets are managed using the `podman secret` command -#### **--security-opt**=*option* +#### **\-\-security-opt**=*option* Security Options @@ -917,38 +917,38 @@ Security Options Note: Labeling can be disabled for all containers by setting **label=false** in the **containers.conf**(5) file. -#### **--shm-size**=_number_[_unit_] +#### **\-\-shm-size**=_number_[_unit_] Size of _/dev/shm_. A _unit_ can be **b** (bytes), **k** (kilobytes), **m** (megabytes), or **g** (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the default is **64m**. When _size_ is **0**, there is no limit on the amount of memory used for IPC by the container. -#### **--sig-proxy**=**true**|**false** +#### **\-\-sig-proxy**=**true**|**false** Sets whether the signals sent to the **podman run** command are proxied to the container process. SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is **true**. -#### **--stop-signal**=*signal* +#### **\-\-stop-signal**=*signal* Signal to stop a container. Default is **SIGTERM**. -#### **--stop-timeout**=*seconds* +#### **\-\-stop-timeout**=*seconds* Timeout to stop a container. Default is **10**. Remote connections use local containers.conf for defaults -#### **--subgidname**=*name* +#### **\-\-subgidname**=*name* Run the container in a new user namespace using the map with _name_ in the _/etc/subgid_ file. If calling **podman run** as an unprivileged user, the user needs to have the right to use the mapping. See **subgid**(5). -This flag conflicts with **--userns** and **--gidmap**. +This flag conflicts with **\-\-userns** and **\-\-gidmap**. -#### **--subuidname**=*name* +#### **\-\-subuidname**=*name* Run the container in a new user namespace using the map with _name_ in the _/etc/subuid_ file. If calling **podman run** as an unprivileged user, the user needs to have the right to use the mapping. See **subuid**(5). -This flag conflicts with **--userns** and **--uidmap**. +This flag conflicts with **\-\-userns** and **\-\-uidmap**. -#### **--sysctl**=_name_=_value_ +#### **\-\-sysctl**=_name_=_value_ Configure namespaced kernel parameters at runtime. @@ -964,15 +964,15 @@ For the IPC namespace, the following sysctls are allowed: - kernel.shm_rmid_forced - Sysctls beginning with fs.mqueue.\* -Note: if you use the **--ipc=host** option, the above sysctls will not be allowed. +Note: if you use the **\-\-ipc=host** option, the above sysctls will not be allowed. For the network namespace, the following sysctls are allowed: - Sysctls beginning with net.\* -Note: if you use the **--network=host** option, these sysctls will not be allowed. +Note: if you use the **\-\-network=host** option, these sysctls will not be allowed. -#### **--systemd**=**true**|**false**|**always** +#### **\-\-systemd**=**true**|**false**|**always** Run container in systemd mode. The default is **true**. @@ -1001,7 +1001,7 @@ The **container_manage_cgroup** boolean must be enabled for this to be allowed o setsebool -P container_manage_cgroup true ``` -#### **--tmpfs**=*fs* +#### **\-\-tmpfs**=*fs* Create a tmpfs mount. @@ -1016,7 +1016,7 @@ options are the same as the Linux default mount flags. If you do not specify any options, the systems uses the following options: **rw,noexec,nosuid,nodev**. -#### **--tty**, **-t**=**true**|**false** +#### **\-\-tty**, **-t**=**true**|**false** Allocate a pseudo-TTY. The default is **false**. @@ -1030,39 +1030,39 @@ interactive shell. The default is **false**. echo "asdf" | podman run --rm -i someimage /bin/cat ``` -#### **--tz**=*timezone* +#### **\-\-tz**=*timezone* Set timezone in container. This flag takes area-based timezones, GMT time, as well as `local`, which sets the timezone in the container to match the host machine. See `/usr/share/zoneinfo/` for valid timezones. Remote connections use local containers.conf for defaults -#### **--umask**=*umask* +#### **\-\-umask**=*umask* Set the umask inside the container. Defaults to `0022`. Remote connections use local containers.conf for defaults -#### **--uidmap**=*container_uid*:*host_uid*:*amount* +#### **\-\-uidmap**=*container_uid*:*host_uid*:*amount* Run the container in a new user namespace using the supplied mapping. This option conflicts -with the **--userns** and **--subuidname** flags. +with the **\-\-userns** and **\-\-subuidname** flags. This option can be passed several times to map different ranges. If calling **podman run** as an unprivileged user, the user needs to have the right to use the mapping. See **subuid**(5). -The following example maps uids 0-1999 in the container to the uids 30000-31999 on the host: **--uidmap=0:30000:2000**. +The following example maps uids 0-1999 in the container to the uids 30000-31999 on the host: **\-\-uidmap=0:30000:2000**. -**Important note:** The new user namespace mapping based on **--uidmap** is based on the initial mapping made in the _/etc/subuid_ file. +**Important note:** The new user namespace mapping based on **\-\-uidmap** is based on the initial mapping made in the _/etc/subuid_ file. Assuming there is a _/etc/subuid_ mapping **username:100000:65536**, then **username** is initially mapped to a namespace starting with -uid **100000** for **65536** ids. From here the **--uidmap** mapping to the new namespace starts from **0** again, but is based on the initial mapping. -Meaning **username** is initially mapped to uid **100000** which is referenced as **0** in the following **--uidmap** mapping. In terms of the example +uid **100000** for **65536** ids. From here the **\-\-uidmap** mapping to the new namespace starts from **0** again, but is based on the initial mapping. +Meaning **username** is initially mapped to uid **100000** which is referenced as **0** in the following **\-\-uidmap** mapping. In terms of the example above: The user **username** is mapped to user **100000** of the initial namespace then the **30000**st id of this namespace (which is uid 130000 in this namespace) is mapped to container namespace user id **0**. (username -> 100000 / 30000 -> 0) _Note_: A minimal mapping has to have at least container uid **0** mapped to the parent user namespace. -#### **--ulimit**=*option* +#### **\-\-ulimit**=*option* Ulimit options. You can use **host** to copy the current configuration from the host. -#### **--user**, **-u**=[_user_ | _user_:_group_ | _uid_ | _uid_:_gid_ | _user_:_gid_ | _uid_:_group_ ] +#### **\-\-user**, **-u**=[_user_ | _user_:_group_ | _uid_ | _uid_:_gid_ | _user_:_gid_ | _uid_:_group_ ] Sets the username or UID used and optionally the groupname or GID for the specified command. @@ -1070,7 +1070,7 @@ Without this argument, the command will run as the user specified in the contain When a user namespace is not in use, the UID and GID used within the container and on the host will match. When user namespaces are in use, however, the UID and GID in the container may correspond to another UID and GID on the host. In rootless containers, for example, a user namespace is always used, and root in the container will by default correspond to the UID and GID of the user invoking Podman. -#### **--userns**=**auto**|**host**|**keep-id**|**container:**_id_|**ns:**_namespace_ +#### **\-\-userns**=**auto**|**host**|**keep-id**|**container:**_id_|**ns:**_namespace_ Set the user namespace mode for the container. It defaults to the **PODMAN_USERNS** environment variable. An empty value ("") means user namespaces are disabled unless an explicit mapping is set with they `--uidmapping` and `--gidmapping` options. @@ -1084,9 +1084,9 @@ Set the user namespace mode for the container. It defaults to the **PODMAN_USERN - **private**: create a new namespace for the container. - **container**: join the user namespace of the specified container. -This option is incompatible with **--gidmap**, **--uidmap**, **--subuidname** and **--subgidname**. +This option is incompatible with **\-\-gidmap**, **\-\-uidmap**, **\-\-subuidname** and **\-\-subgidname**. -#### **--uts**=*mode* +#### **\-\-uts**=*mode* Set the UTS namespace mode for the container. The following values are supported: @@ -1095,10 +1095,10 @@ Set the UTS namespace mode for the container. The following values are supported - **ns:[path]**: run the container in the given existing UTS namespace. - **container:[container]**: join the UTS namespace of the specified container. -#### **--variant**=*VARIANT* +#### **\-\-variant**=*VARIANT* Use _VARIANT_ instead of the default architecture variant of the container image. Some images can use multiple variants of the arm architectures, such as arm/v5 and arm/v7. -#### **--volume**, **-v**[=*[[SOURCE-VOLUME|HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*] +#### **\-\-volume**, **-v**[=*[[SOURCE-VOLUME|HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*] Create a bind mount. If you specify _/HOST-DIR_:_/CONTAINER-DIR_, Podman bind mounts _host-dir_ in the host to _CONTAINER-DIR_ in the Podman @@ -1251,7 +1251,7 @@ will convert /foo into a shared mount point. Alternatively, one can directly change propagation properties of source mount. Say, if _/_ is source mount for _/foo_, then use **mount --make-shared /** to convert _/_ into a shared mount. -#### **--volumes-from**[=*CONTAINER*[:*OPTIONS*]] +#### **\-\-volumes-from**[=*CONTAINER*[:*OPTIONS*]] Mount volumes from the specified container(s). Used to share volumes between containers. The *options* is a comma delimited list with the following available elements: @@ -1284,7 +1284,7 @@ If the location of the volume from the source container overlaps with data residing on a target container, then the volume hides that data on the target. -#### **--workdir**, **-w**=*dir* +#### **\-\-workdir**, **-w**=*dir* Working directory inside the container. @@ -1329,7 +1329,7 @@ During container image development, containers often need to write to the image content. Installing packages into _/usr_, for example. In production, applications seldom need to write to the image. Container applications write to volumes if they need to write to file systems at all. Applications can be -made more secure by running them in read-only mode using the **--read-only** switch. +made more secure by running them in read-only mode using the **\-\-read-only** switch. This protects the containers image from modification. Read only containers may still need to write temporary data. The best way to handle this is to mount tmpfs directories on _/run_ and _/tmp_. @@ -1379,7 +1379,7 @@ $ podman run -a stdin -a stdout -i -t fedora /bin/bash Using **shm_server.c** available here: https://www.cs.cf.ac.uk/Dave/C/node27.html -Testing **--ipc=host** mode: +Testing **\-\-ipc=host** mode: Host shows a shared memory segment with 7 pids attached, happens to be from httpd: @@ -1400,7 +1400,7 @@ $ podman run -it shm ipcs -m key shmid owner perms bytes nattch status ``` -Run a container with the new **--ipc=host** option, and it now sees the shared memory segment from the host httpd: +Run a container with the new **\-\-ipc=host** option, and it now sees the shared memory segment from the host httpd: ``` $ podman run -it --ipc=host shm ipcs -m @@ -1409,7 +1409,7 @@ $ podman run -it --ipc=host shm ipcs -m key shmid owner perms bytes nattch status 0x01128e25 0 root 600 1000 7 ``` -Testing **--ipc=container:**_id_ mode: +Testing **\-\-ipc=container:**_id_ mode: Start a container with a program to create a shared memory segment: ``` @@ -1429,7 +1429,7 @@ $ podman run shm ipcs -m key shmid owner perms bytes nattch status ``` -Create a 3rd container using the **--ipc=container:**_id_ option, now it shows the shared memory segment from the first: +Create a 3rd container using the **\-\-ipc=container:**_id_ option, now it shows the shared memory segment from the first: ``` $ podman run -it --ipc=container:ed735b2264ac shm ipcs -m @@ -1468,7 +1468,7 @@ $ podman run -v /var/cache/dnf:/var/cache/dnf:O -ti fedora dnf -y update $ podman run -d -e MYSQL_ROOT_PASSWORD=root --user mysql --userns=keep-id -v ~/data:/var/lib/mysql:z,U mariadb ``` -Using **--mount** flags to mount a host directory as a container folder, specify +Using **\-\-mount** flags to mount a host directory as a container folder, specify the absolute path to the directory or the volume name, and the absolute path within the container directory: @@ -1497,7 +1497,7 @@ changes will also be reflected on the host in _/var/db_. ### Using alternative security labeling You can override the default labeling scheme for each container by specifying -the **--security-opt** flag. For example, you can specify the MCS/MLS level, a +the **\-\-security-opt** flag. For example, you can specify the MCS/MLS level, a requirement for MLS systems. Specifying the level in the following command allows you to share the same content between containers. @@ -1512,7 +1512,7 @@ $ podman run --security-opt label=level:TopSecret -i -t rhel7 bash ``` To disable the security labeling for this container versus running with the -#### **--permissive** flag, use the following command: +#### **\-\-permissive** flag, use the following command: ``` $ podman run --security-opt label=disable -i -t fedora bash @@ -1530,7 +1530,7 @@ $ podman run --security-opt label=type:svirt_apache_t -i -t centos bash Note you would have to write policy defining a **svirt_apache_t** type. To mask additional specific paths in the container, specify the paths -separated by a colon using the **mask** option with the **--security-opt** +separated by a colon using the **mask** option with the **\-\-security-opt** flag. ``` @@ -1552,7 +1552,7 @@ $ podman run --security-opt unmask=/foo/bar:/sys/firmware fedora bash ### Setting device weight If you want to set _/dev/sda_ device weight to **200**, you can specify the device -weight by **--blkio-weight-device** flag. Use the following command: +weight by **\-\-blkio-weight-device** flag. Use the following command: ``` $ podman run -it --blkio-weight-device "/dev/sda:200" ubuntu @@ -1567,7 +1567,7 @@ asdf ### Setting Namespaced Kernel Parameters (Sysctls) -The **--sysctl** sets namespaced kernel parameters (sysctls) in the +The **\-\-sysctl** sets namespaced kernel parameters (sysctls) in the container. For example, to turn on IP forwarding in the containers network namespace, run this command: @@ -1579,7 +1579,7 @@ Note that not all sysctls are namespaced. Podman does not support changing sysct inside of a container that also modify the host system. As the kernel evolves we expect to see more sysctls become namespaced. -See the definition of the **--sysctl** option above for the current list of +See the definition of the **\-\-sysctl** option above for the current list of supported sysctls. ### Set UID/GID mapping in a new user namespace @@ -1622,7 +1622,7 @@ In order for users to run rootless, there must be an entry for their username in Rootless Podman works better if the fuse-overlayfs and slirp4netns packages are installed. The **fuse-overlay** package provides a userspace overlay storage driver, otherwise users need to use the **vfs** storage driver, which is diskspace expensive and does not perform well. slirp4netns is -required for VPN, without it containers need to be run with the **--network=host** flag. +required for VPN, without it containers need to be run with the **\-\-network=host** flag. ## ENVIRONMENT @@ -1630,10 +1630,10 @@ Environment variables within containers can be set using multiple different opti in the following order of precedence (later entries override earlier entries): - Container image: Any environment variables specified in the container image. -- **--http-proxy**: By default, several environment variables will be passed in from the host, such as **http_proxy** and **no_proxy**. See **--http-proxy** for details. -- **--env-host**: Host environment of the process executing Podman is added. -- **--env-file**: Any environment variables specified via env-files. If multiple files specified, then they override each other in order of entry. -- **--env**: Any environment variables specified will override previous settings. +- **\-\-http-proxy**: By default, several environment variables will be passed in from the host, such as **http_proxy** and **no_proxy**. See **\-\-http-proxy** for details. +- **\-\-env-host**: Host environment of the process executing Podman is added. +- **\-\-env-file**: Any environment variables specified via env-files. If multiple files specified, then they override each other in order of entry. +- **\-\-env**: Any environment variables specified will override previous settings. Run containers and set the environment ending with a __*__ and a __*****__: diff --git a/docs/source/markdown/podman-save.1.md b/docs/source/markdown/podman-save.1.md index fb79cfd2a..e6f6e993b 100644 --- a/docs/source/markdown/podman-save.1.md +++ b/docs/source/markdown/podman-save.1.md @@ -24,16 +24,16 @@ Note: `:` is a restricted character and cannot be part of the file name. ## OPTIONS -#### **--compress** +#### **\-\-compress** Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type, compressed or uncompressed, as source) Note: This flag can only be set when using the **dir** transport i.e --format=oci-dir or --format-docker-dir -#### **--output**, **-o**=*file* +#### **\-\-output**, **-o**=*file* Write to a file, default is STDOUT -#### **--format**=*format* +#### **\-\-format**=*format* Save image to **oci-archive, oci-dir** (directory with oci manifest type), or **docker-dir** (directory with v2s2 manifest type) ``` @@ -42,15 +42,15 @@ Save image to **oci-archive, oci-dir** (directory with oci manifest type), or ** --format docker-dir ``` -#### **--multi-image-archive**, **-m** +#### **\-\-multi-image-archive**, **-m** Allow for creating archives with more than one image. Additional names will be interpreted as images instead of tags. Only supported for **docker-archive**. -#### **--quiet**, **-q** +#### **\-\-quiet**, **-q** Suppress the output -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement diff --git a/docs/source/markdown/podman-search.1.md b/docs/source/markdown/podman-search.1.md index ec610d3ba..23aa6acd1 100644 --- a/docs/source/markdown/podman-search.1.md +++ b/docs/source/markdown/podman-search.1.md @@ -11,9 +11,9 @@ podman\-search - Search a registry for an image The user can specify which registry to search by prefixing the registry in the search term (example **registry.fedoraproject.org/fedora**), default is the registries in the **registries.search** table in the config file - **/etc/containers/registries.conf**. -The default number of results is 25. The number of results can be limited using the **--limit** flag. +The default number of results is 25. The number of results can be limited using the **\-\-limit** flag. If more than one registry is being searched, the limit will be applied to each registry. The output can be filtered -using the **--filter** flag. To get all available images in a registry without a specific +using the **\-\-filter** flag. To get all available images in a registry without a specific search term, the user can just enter the registry name with a trailing "/" (example **registry.fedoraproject.org/**). Note, searching without a search term will only work for registries that implement the v2 API. @@ -25,14 +25,14 @@ Note, searching without a search term will only work for registries that impleme ## OPTIONS -#### **--authfile**=*path* +#### **\-\-authfile**=*path* Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE environment variable. `export REGISTRY_AUTH_FILE=path` -#### **--filter**, **-f**=*filter* +#### **\-\-filter**, **-f**=*filter* Filter output based on conditions provided (default []) @@ -42,7 +42,7 @@ Supported filters are: * is-automated (boolean - true | false) - is the image automated or not * is-official (boolean - true | false) - is the image official or not -#### **--format**=*format* +#### **\-\-format**=*format* Change the output format to a Go template @@ -60,7 +60,7 @@ Valid placeholders for the Go template are listed below: Note: use .Tag only if the --list-tags is set. -#### **--limit**=*limit* +#### **\-\-limit**=*limit* Limit the number of results (default 25). Note: The results from each registry will be limited to this value. @@ -68,24 +68,24 @@ Example if limit is 10 and two registries are being searched, the total number of results will be 20, 10 from each (if there are at least 10 matches in each). The order of the search results is the order in which the API endpoint returns the results. -#### **--list-tags** +#### **\-\-list-tags** List the available tags in the repository for the specified image. **Note:** --list-tags requires the search term to be a fully specified image name. The result contains the Image name and its tag, one line for every tag associated with the image. -#### **--no-trunc** +#### **\-\-no-trunc** Do not truncate the output -#### **--tls-verify**=*true|false* +#### **\-\-tls-verify**=*true|false* Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used if needed. If not specified, default registries will be searched through (in /etc/containers/registries.conf), and TLS will be skipped if a default registry is listed in the insecure registries. -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement diff --git a/docs/source/markdown/podman-secret-create.1.md b/docs/source/markdown/podman-secret-create.1.md index af4dc1d97..ca92dd38e 100644 --- a/docs/source/markdown/podman-secret-create.1.md +++ b/docs/source/markdown/podman-secret-create.1.md @@ -20,11 +20,11 @@ Secrets will not be commited to an image with `podman commit`, and will not be i ## OPTIONS -#### **--driver**=*driver* +#### **\-\-driver**=*driver* Specify the secret driver (default **file**, which is unencrypted). -#### **--help** +#### **\-\-help** Print usage statement. diff --git a/docs/source/markdown/podman-secret-inspect.1.md b/docs/source/markdown/podman-secret-inspect.1.md index 383db8375..042cc25d9 100644 --- a/docs/source/markdown/podman-secret-inspect.1.md +++ b/docs/source/markdown/podman-secret-inspect.1.md @@ -15,11 +15,11 @@ Secrets can be queried individually by providing their full name or a unique par ## OPTIONS -#### **--format**=*format* +#### **\-\-format**=*format* Format secret output using Go template. -#### **--help** +#### **\-\-help** Print usage statement. diff --git a/docs/source/markdown/podman-secret-ls.1.md b/docs/source/markdown/podman-secret-ls.1.md index 688784e05..57a606738 100644 --- a/docs/source/markdown/podman-secret-ls.1.md +++ b/docs/source/markdown/podman-secret-ls.1.md @@ -8,11 +8,11 @@ podman\-secret\-ls - List all available secrets ## DESCRIPTION -Lists all the secrets that exist. The output can be formatted to a Go template using the **--format** option. +Lists all the secrets that exist. The output can be formatted to a Go template using the **\-\-format** option. ## OPTIONS -#### **--format**=*format* +#### **\-\-format**=*format* Format secret output using Go template. diff --git a/docs/source/markdown/podman-secret-rm.1.md b/docs/source/markdown/podman-secret-rm.1.md index c6f5079ba..72d6a1af4 100644 --- a/docs/source/markdown/podman-secret-rm.1.md +++ b/docs/source/markdown/podman-secret-rm.1.md @@ -18,11 +18,11 @@ the old secret value will still remain. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Remove all existing secrets. -#### **--help** +#### **\-\-help** Print usage statement. diff --git a/docs/source/markdown/podman-start.1.md b/docs/source/markdown/podman-start.1.md index 600d3859a..1822eab34 100644 --- a/docs/source/markdown/podman-start.1.md +++ b/docs/source/markdown/podman-start.1.md @@ -16,25 +16,25 @@ attach to the container. ## OPTIONS -#### **--attach**, **-a** +#### **\-\-attach**, **-a** Attach container's STDOUT and STDERR. The default is false. This option cannot be used when starting multiple containers. -#### **--detach-keys**=*sequence* +#### **\-\-detach-keys**=*sequence* Specify the key sequence for detaching a container. Format is a single character `[a-Z]` or one or more `ctrl-<value>` characters where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. Specifying "" will disable this feature. The default is *ctrl-p,ctrl-q*. -#### **--interactive**, **-i** +#### **\-\-interactive**, **-i** Attach container's STDIN. The default is false. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) -#### **--sig-proxy**=*true|false* +#### **\-\-sig-proxy**=*true|false* Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true* when attaching, *false* otherwise. diff --git a/docs/source/markdown/podman-stats.1.md b/docs/source/markdown/podman-stats.1.md index 300106796..a4f4f68a3 100644 --- a/docs/source/markdown/podman-stats.1.md +++ b/docs/source/markdown/podman-stats.1.md @@ -20,24 +20,24 @@ about their networking usage. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Show all containers. Only running containers are shown by default -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) -#### **--no-reset** +#### **\-\-no-reset** Do not clear the terminal/screen in between reporting intervals -#### **--no-stream** +#### **\-\-no-stream** Disable streaming stats and only pull the first result, default setting is false -#### **--format**=*template* +#### **\-\-format**=*template* Pretty-print container statistics to JSON or using a Go template diff --git a/docs/source/markdown/podman-stop.1.md b/docs/source/markdown/podman-stop.1.md index a1e9675c1..bcb928e57 100644 --- a/docs/source/markdown/podman-stop.1.md +++ b/docs/source/markdown/podman-stop.1.md @@ -9,7 +9,7 @@ podman\-stop - Stop one or more running containers **podman container stop** [*options*] *container* ... ## DESCRIPTION -Stops one or more containers. You may use container IDs or names as input. The **--time** switch +Stops one or more containers. You may use container IDs or names as input. The **\-\-time** switch allows you to specify the number of seconds to wait before forcibly stopping the container after the stop command is issued to the container. The default is 10 seconds. By default, containers are stopped with SIGTERM and then SIGKILL after the timeout. The SIGTERM default can be overridden by the image used to create the @@ -17,26 +17,26 @@ container and also via command line when creating the container. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Stop all running containers. This does not include paused containers. -#### **--cidfile** +#### **\-\-cidfile** Read container ID from the specified file and remove the container. Can be specified multiple times. -#### **--ignore**, **-i** +#### **\-\-ignore**, **-i** Ignore errors when specified containers are not in the container store. A user might have decided to manually remove a container which would lead to a failure during the ExecStop directive of a systemd service referencing that container. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) -#### **--time**, **-t**=*time* +#### **\-\-time**, **-t**=*time* Time to wait before forcibly stopping the container diff --git a/docs/source/markdown/podman-system-connection-add.1.md b/docs/source/markdown/podman-system-connection-add.1.md index 32c16d6a1..5f5d2bc7d 100644 --- a/docs/source/markdown/podman-system-connection-add.1.md +++ b/docs/source/markdown/podman-system-connection-add.1.md @@ -15,21 +15,21 @@ The user will be prompted for the remote ssh login password or key file pass phr ## OPTIONS -#### **--default**=*false*, **-d** +#### **\-\-default**=*false*, **-d** Make the new destination the default for this user. -#### **--identity**=*path* +#### **\-\-identity**=*path* Path to ssh identity file. If the identity file has been encrypted, Podman prompts the user for the passphrase. If no identity file is provided and no user is given, Podman defaults to the user running the podman command. Podman prompts for the login password on the remote server. -#### **--port**=*port*, **-p** +#### **\-\-port**=*port*, **-p** Port for ssh destination. The default value is `22`. -#### **--socket-path**=*path* +#### **\-\-socket-path**=*path* Path to the Podman service unix domain socket on the ssh destination host diff --git a/docs/source/markdown/podman-system-df.1.md b/docs/source/markdown/podman-system-df.1.md index f3db2d020..98c8ad3ad 100644 --- a/docs/source/markdown/podman-system-df.1.md +++ b/docs/source/markdown/podman-system-df.1.md @@ -10,11 +10,11 @@ podman\-system\-df - Show podman disk usage Show podman disk usage ## OPTIONS -#### **--format**=*format* +#### **\-\-format**=*format* Pretty-print images using a Go template -#### **--verbose**, **-v** +#### **\-\-verbose**, **-v** Show detailed information on space usage ## EXAMPLE diff --git a/docs/source/markdown/podman-system-migrate.1.md b/docs/source/markdown/podman-system-migrate.1.md index 913f119b0..45f2ce547 100644 --- a/docs/source/markdown/podman-system-migrate.1.md +++ b/docs/source/markdown/podman-system-migrate.1.md @@ -26,7 +26,7 @@ newly configured mappings. ## OPTIONS -#### **--new-runtime**=*runtime* +#### **\-\-new-runtime**=*runtime* Set a new OCI runtime for all containers. This can be used after a system upgrade which changes the default OCI runtime to move all containers to the new runtime. diff --git a/docs/source/markdown/podman-system-prune.1.md b/docs/source/markdown/podman-system-prune.1.md index 791503a2c..50a25bf6d 100644 --- a/docs/source/markdown/podman-system-prune.1.md +++ b/docs/source/markdown/podman-system-prune.1.md @@ -9,16 +9,16 @@ podman\-system\-prune - Remove all unused pod, container, image and volume data ## DESCRIPTION **podman system prune** removes all unused containers (both dangling and unreferenced), pods and optionally, volumes from local storage. -With the **--all** option, you can delete all unused images. Unused images are dangling images as well as any image that does not have any containers based on it. +With the **\-\-all** option, you can delete all unused images. Unused images are dangling images as well as any image that does not have any containers based on it. -By default, volumes are not removed to prevent important data from being deleted if there is currently no container using the volume. Use the **--volumes** flag when running the command to prune volumes as well. +By default, volumes are not removed to prevent important data from being deleted if there is currently no container using the volume. Use the **\-\-volumes** flag when running the command to prune volumes as well. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Recursively remove all unused pod, container, image and volume data (Maximum 50 iterations.) -#### **--filter**=*filters* +#### **\-\-filter**=*filters* Provide filter values. @@ -33,15 +33,15 @@ The until filter can be Unix timestamps, date formatted timestamps, or Go durati The label filter accepts two formats. One is the label=... (label=_key_ or label=_key=value_), which removes containers and images with the specified labels. The other format is the label!=... (label!=_key_ or label!=_key=value_), which removes containers and images without the specified labels. -#### **--force**, **-f** +#### **\-\-force**, **-f** Do not prompt for confirmation -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement -#### **--volumes** +#### **\-\-volumes** Prune volumes currently unused by any container diff --git a/docs/source/markdown/podman-system-reset.1.md b/docs/source/markdown/podman-system-reset.1.md index 744f917df..9644d8d90 100644 --- a/docs/source/markdown/podman-system-reset.1.md +++ b/docs/source/markdown/podman-system-reset.1.md @@ -18,11 +18,11 @@ of the relevant configurations. If the administrator modified the configuration `podman system reset` might not be able to clean up the previous storage. ## OPTIONS -#### **--force**, **-f** +#### **\-\-force**, **-f** Do not prompt for confirmation -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement diff --git a/docs/source/markdown/podman-system-service.1.md b/docs/source/markdown/podman-system-service.1.md index 93f18adf1..83ede074c 100644 --- a/docs/source/markdown/podman-system-service.1.md +++ b/docs/source/markdown/podman-system-service.1.md @@ -25,12 +25,12 @@ Note: The default systemd unit files (system and user) change the log-level opti ## OPTIONS -#### **--time**, **-t** +#### **\-\-time**, **-t** The time until the session expires in _seconds_. The default is 5 seconds. A value of `0` means no timeout, therefore the session will not expire. -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement. diff --git a/docs/source/markdown/podman-tag.1.md b/docs/source/markdown/podman-tag.1.md index 7eab62028..70a09fc3c 100644 --- a/docs/source/markdown/podman-tag.1.md +++ b/docs/source/markdown/podman-tag.1.md @@ -16,7 +16,7 @@ provided, then podman will default to `latest` for both the *image* and the ## OPTIONS -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement diff --git a/docs/source/markdown/podman-top.1.md b/docs/source/markdown/podman-top.1.md index 09e8f7423..1bfe0dccb 100644 --- a/docs/source/markdown/podman-top.1.md +++ b/docs/source/markdown/podman-top.1.md @@ -13,11 +13,11 @@ Display the running processes of the container. The *format-descriptors* are ps ## OPTIONS -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods.(This option is not available with the remote Podman client) diff --git a/docs/source/markdown/podman-unmount.1.md b/docs/source/markdown/podman-unmount.1.md index 2832e5fdb..d09762d46 100644 --- a/docs/source/markdown/podman-unmount.1.md +++ b/docs/source/markdown/podman-unmount.1.md @@ -27,11 +27,11 @@ External containers are containers created in container/storage by other tools l Buildah and CRI-O. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** All of the currently mounted containers will be unmounted. -#### **--force**, **-f** +#### **\-\-force**, **-f** Force the unmounting of specified containers' root file system, even if other processes have mounted it. @@ -39,7 +39,7 @@ processes have mounted it. Note: This could cause other processes that are using the file system to fail, as the mount point could be removed without their knowledge. -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last diff --git a/docs/source/markdown/podman-unpause.1.md b/docs/source/markdown/podman-unpause.1.md index ae178647a..2c344236f 100644 --- a/docs/source/markdown/podman-unpause.1.md +++ b/docs/source/markdown/podman-unpause.1.md @@ -13,7 +13,7 @@ Unpauses the processes in one or more containers. You may use container IDs or ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Unpause all paused containers. diff --git a/docs/source/markdown/podman-untag.1.md b/docs/source/markdown/podman-untag.1.md index 70053c940..351faadbb 100644 --- a/docs/source/markdown/podman-untag.1.md +++ b/docs/source/markdown/podman-untag.1.md @@ -13,7 +13,7 @@ Remove one or more names from an image in the local storage. The image can be r ## OPTIONS -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement diff --git a/docs/source/markdown/podman-version.1.md b/docs/source/markdown/podman-version.1.md index a54e66372..ba03c4809 100644 --- a/docs/source/markdown/podman-version.1.md +++ b/docs/source/markdown/podman-version.1.md @@ -12,11 +12,11 @@ OS, and Architecture. ## OPTIONS -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement -#### **--format**, **-f**=*format* +#### **\-\-format**, **-f**=*format* Change output format to "json" or a Go template. diff --git a/docs/source/markdown/podman-volume-create.1.md b/docs/source/markdown/podman-volume-create.1.md index a06411000..093b978a7 100644 --- a/docs/source/markdown/podman-volume-create.1.md +++ b/docs/source/markdown/podman-volume-create.1.md @@ -10,24 +10,24 @@ podman\-volume\-create - Create a new volume Creates an empty volume and prepares it to be used by containers. The volume can be created with a specific name, if a name is not given a random name is -generated. You can add metadata to the volume by using the **--label** flag and -driver options can be set using the **--opt** flag. +generated. You can add metadata to the volume by using the **\-\-label** flag and +driver options can be set using the **\-\-opt** flag. ## OPTIONS -#### **--driver**=*driver* +#### **\-\-driver**=*driver* Specify the volume driver name (default **local**). Setting this to a value other than **local** Podman will attempt to create the volume using a volume plugin with the given name. Such plugins must be defined in the **volume_plugins** section of the **containers.conf**(5) configuration file. -#### **--help** +#### **\-\-help** Print usage statement -#### **--label**=*label*, **-l** +#### **\-\-label**=*label*, **-l** Set metadata for a volume (e.g., --label mykey=value). -#### **--opt**=*option*, **-o** +#### **\-\-opt**=*option*, **-o** Set driver specific options. For the default driver, **local**, this allows a volume to be configured to mount a filesystem on the host. diff --git a/docs/source/markdown/podman-volume-exists.1.md b/docs/source/markdown/podman-volume-exists.1.md index ead806bd9..e75159d56 100644 --- a/docs/source/markdown/podman-volume-exists.1.md +++ b/docs/source/markdown/podman-volume-exists.1.md @@ -14,7 +14,7 @@ of `0` when the volume is found. A `1` will be returned otherwise. An exit code ## OPTIONS -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement diff --git a/docs/source/markdown/podman-volume-inspect.1.md b/docs/source/markdown/podman-volume-inspect.1.md index ea0ee91b4..7273b817a 100644 --- a/docs/source/markdown/podman-volume-inspect.1.md +++ b/docs/source/markdown/podman-volume-inspect.1.md @@ -9,22 +9,22 @@ podman\-volume\-inspect - Get detailed information on one or more volumes ## DESCRIPTION Display detailed information on one or more volumes. The output can be formatted using -the **--format** flag and a Go template. To get detailed information about all the -existing volumes, use the **--all** flag. +the **\-\-format** flag and a Go template. To get detailed information about all the +existing volumes, use the **\-\-all** flag. Volumes can be queried individually by providing their full name or a unique partial name. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Inspect all volumes. -#### **--format**=*format*, **-f** +#### **\-\-format**=*format*, **-f** Format volume output using Go template -#### **--help** +#### **\-\-help** Print usage statement diff --git a/docs/source/markdown/podman-volume-ls.1.md b/docs/source/markdown/podman-volume-ls.1.md index 48853bdfd..5214980a3 100644 --- a/docs/source/markdown/podman-volume-ls.1.md +++ b/docs/source/markdown/podman-volume-ls.1.md @@ -8,25 +8,25 @@ podman\-volume\-ls - List all the available volumes ## DESCRIPTION -Lists all the volumes that exist. The output can be filtered using the **--filter** -flag and can be formatted to either JSON or a Go template using the **--format** -flag. Use the **--quiet** flag to print only the volume names. +Lists all the volumes that exist. The output can be filtered using the **\-\-filter** +flag and can be formatted to either JSON or a Go template using the **\-\-format** +flag. Use the **\-\-quiet** flag to print only the volume names. ## OPTIONS -#### **--filter**=*filter*, **-f** +#### **\-\-filter**=*filter*, **-f** Filter volume output. -#### **--format**=*format* +#### **\-\-format**=*format* Format volume output using Go template. -#### **--help** +#### **\-\-help** Print usage statement. -#### **--quiet**, **-q** +#### **\-\-quiet**, **-q** Print volume output in quiet mode. Only print the volume names. diff --git a/docs/source/markdown/podman-volume-prune.1.md b/docs/source/markdown/podman-volume-prune.1.md index 9477cb5d5..b1ca72623 100644 --- a/docs/source/markdown/podman-volume-prune.1.md +++ b/docs/source/markdown/podman-volume-prune.1.md @@ -8,18 +8,18 @@ podman\-volume\-prune - Remove all unused volumes ## DESCRIPTION -Removes unused volumes. By default all unused volumes will be removed, the **--filter** flag can +Removes unused volumes. By default all unused volumes will be removed, the **\-\-filter** flag can be used to filter specific volumes. You will be prompted to confirm the removal of all the -unused volumes. To bypass the confirmation, use the **--force** flag. +unused volumes. To bypass the confirmation, use the **\-\-force** flag. ## OPTIONS -#### **--force**, **-f** +#### **\-\-force**, **-f** Do not prompt for confirmation. -#### **--filter** +#### **\-\-filter** Filter volumes to be pruned. Volumes can be filtered by the following attributes: @@ -30,7 +30,7 @@ Filter volumes to be pruned. Volumes can be filtered by the following attributes - opt - scope -#### **--help** +#### **\-\-help** Print usage statement diff --git a/docs/source/markdown/podman-volume-rm.1.md b/docs/source/markdown/podman-volume-rm.1.md index c066d1c6e..2727ea640 100644 --- a/docs/source/markdown/podman-volume-rm.1.md +++ b/docs/source/markdown/podman-volume-rm.1.md @@ -9,22 +9,22 @@ podman\-volume\-rm - Remove one or more volumes ## DESCRIPTION Removes one or more volumes. Only volumes that are not being used will be removed. -If a volume is being used by a container, an error will be returned unless the **--force** -flag is being used. To remove all volumes, use the **--all** flag. +If a volume is being used by a container, an error will be returned unless the **\-\-force** +flag is being used. To remove all volumes, use the **\-\-all** flag. Volumes can be removed individually by providing their full name or a unique partial name. ## OPTIONS -#### **--all**, **-a** +#### **\-\-all**, **-a** Remove all volumes. -#### **--force**, **-f** +#### **\-\-force**, **-f** Remove a volume by force. If it is being used by containers, the containers will be removed first. -#### **--help** +#### **\-\-help** Print usage statement diff --git a/docs/source/markdown/podman-wait.1.md b/docs/source/markdown/podman-wait.1.md index fac017fe6..3697cc94a 100644 --- a/docs/source/markdown/podman-wait.1.md +++ b/docs/source/markdown/podman-wait.1.md @@ -16,17 +16,17 @@ separated by newline in the same order as they were given to the command. ## OPTIONS -#### **--condition**=*state* +#### **\-\-condition**=*state* Condition to wait on (default "stopped") -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement -#### **--interval**, **-i**=*duration* +#### **\-\-interval**, **-i**=*duration* Time interval to wait before polling for completion. A duration string is a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms", "-1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Time unit defaults to "ms". -#### **--latest**, **-l** +#### **\-\-latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md index 7bf7aa210..7a6a51c39 100644 --- a/docs/source/markdown/podman.1.md +++ b/docs/source/markdown/podman.1.md @@ -25,34 +25,34 @@ man pages. ## GLOBAL OPTIONS -#### **--cgroup-manager**=*manager* +#### **\-\-cgroup-manager**=*manager* The CGroup manager to use for container cgroups. Supported values are cgroupfs or systemd. Default is systemd unless overridden in the containers.conf file. Note: Setting this flag can cause certain commands to break when called on containers previously created by the other CGroup manager type. Note: CGroup manager is not supported in rootless mode when using CGroups Version V1. -#### **--cni-config-dir** +#### **\-\-cni-config-dir** Path of the configuration directory for CNI networks. (Default: `/etc/cni/net.d`) -#### **--connection**, **-c** +#### **\-\-connection**, **-c** Connection to use for remote podman (Default connection is configured in `containers.conf`) Remote connections use local containers.conf for default. -#### **--conmon** +#### **\-\-conmon** Path of the conmon binary (Default path is configured in `containers.conf`) -#### **--events-backend**=*type* +#### **\-\-events-backend**=*type* Backend to use for storing events. Allowed values are **file**, **journald**, and **none**. When *file* is specified, the events are stored under a subdirectory -of the *tmpdir* location (see **--tmpdir** below). +of the *tmpdir* location (see **\-\-tmpdir** below). -#### **--help**, **-h** +#### **\-\-help**, **-h** Print usage statement -#### **--hooks-dir**=*path* +#### **\-\-hooks-dir**=*path* Each `*.json` file in the path configures a hook for Podman containers. For more details on the syntax of the JSON files and the semantics of hook injection, see `oci-hooks(5)`. Podman and libpod currently support both the 1.0.0 and 0.1.0 hook schemas, although the 0.1.0 schema is deprecated. @@ -68,7 +68,7 @@ Podman and libpod currently support an additional `precreate` state which is cal **WARNING**: the `precreate` hook lets you do powerful things, such as adding additional mounts to the runtime configuration. That power also makes it easy to break things. Before reporting libpod errors, try running your container with `precreate` hooks disabled to see if the problem is due to one of your hooks. -#### **--identity**=*path* +#### **\-\-identity**=*path* Path to ssh identity file. If the identity file has been encrypted, podman prompts the user for the passphrase. If no identity file is provided and no user is given, podman defaults to the user running the podman command. @@ -80,23 +80,23 @@ Identity value resolution precedence: - `containers.conf` Remote connections use local containers.conf for default. -#### **--log-level**=*level* +#### **\-\-log-level**=*level* Log messages above specified level: debug, info, warn, error (default), fatal or panic (default: "error") -#### **--namespace**=*namespace* +#### **\-\-namespace**=*namespace* Set libpod namespace. Namespaces are used to separate groups of containers and pods in libpod's state. When namespace is set, created containers and pods will join the given namespace, and only containers and pods in the given namespace will be visible to Podman. -#### **--network-cmd-path**=*path* +#### **\-\-network-cmd-path**=*path* Path to the command binary to use for setting up a network. It is currently only used for setting up a slirp4netns network. If "" is used then the binary is looked up using the $PATH environment variable. -#### **--remote**, **-r** +#### **\-\-remote**, **-r** Access Podman service will be remote Remote connections use local containers.conf for default. -#### **--url**=*value* +#### **\-\-url**=*value* URL to access Podman service (default from `containers.conf`, rootless `unix://run/user/$UID/podman/podman.sock` or as root `unix://run/podman/podman.sock`). - `CONTAINER_HOST` is of the format `<schema>://[<user[:<password>]@]<host>[:<port>][<path>]` @@ -115,21 +115,21 @@ URL value resolution precedence: - `unix://run/podman/podman.sock` Remote connections use local containers.conf for default. -#### **--root**=*value* +#### **\-\-root**=*value* Storage root dir in which data, including images, is stored (default: "/var/lib/containers/storage" for UID 0, "$HOME/.local/share/containers/storage" for other users). Default root dir configured in `/etc/containers/storage.conf`. -#### **--runroot**=*value* +#### **\-\-runroot**=*value* Storage state directory where all state information is stored (default: "/run/containers/storage" for UID 0, "/run/user/$UID/run" for other users). Default state dir configured in `/etc/containers/storage.conf`. -#### **--runtime**=*value* +#### **\-\-runtime**=*value* Name of the OCI runtime as specified in containers.conf or absolute path to the OCI compatible binary used to run containers. -#### **--runtime-flag**=*flag* +#### **\-\-runtime-flag**=*flag* Adds global flags for the container runtime. To list the supported flags, please consult the manpages of the selected container runtime (`runc` is the default @@ -139,30 +139,30 @@ for cgroup V2, the default runtime is `crun`, the manpage to consult is `crun(8) Note: Do not pass the leading `--` to the flag. To pass the runc flag `--log-format json` to podman build, the option given would be `--runtime-flag log-format=json`. -#### **--storage-driver**=*value* +#### **\-\-storage-driver**=*value* Storage driver. The default storage driver for UID 0 is configured in /etc/containers/storage.conf (`$HOME/.config/containers/storage.conf` in rootless mode), and is *vfs* for non-root users when *fuse-overlayfs* is not available. The `STORAGE_DRIVER` environment variable overrides the default. The --storage-driver specified driver overrides all. Overriding this option will cause the *storage-opt* settings in /etc/containers/storage.conf to be ignored. The user must specify additional options via the `--storage-opt` flag. -#### **--storage-opt**=*value* +#### **\-\-storage-opt**=*value* Storage driver option, Default storage driver options are configured in /etc/containers/storage.conf (`$HOME/.config/containers/storage.conf` in rootless mode). The `STORAGE_OPTS` environment variable overrides the default. The --storage-opt specified options overrides all. -#### **--syslog**=*true|false* +#### **\-\-syslog**=*true|false* Output logging information to syslog as well as the console (default *false*). On remote clients, logging is directed to the file $HOME/.config/containers/podman.log. -#### **--tmpdir** +#### **\-\-tmpdir** Path to the tmp directory, for libpod runtime content. NOTE --tmpdir is not used for the temporary storage of downloaded images. Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`. -#### **--version**, **-v** +#### **\-\-version**, **-v** Print the version diff --git a/hack/xref-helpmsgs-manpages b/hack/xref-helpmsgs-manpages index 08e56c77e..42dd3634f 100755 --- a/hack/xref-helpmsgs-manpages +++ b/hack/xref-helpmsgs-manpages @@ -320,7 +320,7 @@ sub podman_man { } } - # Options should always be of the form '**-f**' or '**--flag**', + # Options should always be of the form '**-f**' or '**\-\-flag**', # possibly separated by comma-space. elsif ($section eq 'flags') { # e.g. 'podman run --ip6', documented in man page, but nonexistent @@ -334,9 +334,11 @@ sub podman_man { # If option has long and short form, long must come first. # This is a while-loop because there may be multiple long # option names, e.g. --net/--network - while ($line =~ s/^\*\*(--[a-z0-9-]+)\*\*(=\*[a-zA-Z0-9-]+\*)?(,\s+)?//g) { - $man{$1} = 1; - push @most_recent_flags, $1; + while ($line =~ s/^\*\*\\-\\-([a-z0-9-]+)\*\*(=\*[a-zA-Z0-9-]+\*)?(,\s+)?//g) { + # add -- to the flag name + my $flag = "--".$1; + $man{$flag} = 1; + push @most_recent_flags, $flag; } # Short form if ($line =~ s/^\*\*(-[a-zA-Z0-9])\*\*(=\*[a-zA-Z0-9-]+\*)?//g) { diff --git a/libpod/events/logfile.go b/libpod/events/logfile.go index 7a32ea311..0f00525e8 100644 --- a/libpod/events/logfile.go +++ b/libpod/events/logfile.go @@ -7,7 +7,7 @@ import ( "time" "github.com/containers/podman/v3/pkg/util" - "github.com/containers/storage" + "github.com/containers/storage/pkg/lockfile" "github.com/pkg/errors" ) @@ -20,7 +20,7 @@ type EventLogFile struct { // Writes to the log file func (e EventLogFile) Write(ee Event) error { // We need to lock events file - lock, err := storage.GetLockfile(e.options.LogFilePath + ".lock") + lock, err := lockfile.GetLockfile(e.options.LogFilePath + ".lock") if err != nil { return err } diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go index 13ac42e7d..b427125db 100644 --- a/libpod/runtime_img.go +++ b/libpod/runtime_img.go @@ -9,6 +9,7 @@ import ( "net/url" "os" + buildahDefine "github.com/containers/buildah/define" "github.com/containers/buildah/imagebuildah" "github.com/containers/image/v5/directory" "github.com/containers/image/v5/docker/reference" @@ -165,7 +166,7 @@ func (r *Runtime) newImageBuildCompleteEvent(idOrName string) { } // Build adds the runtime to the imagebuildah call -func (r *Runtime) Build(ctx context.Context, options imagebuildah.BuildOptions, dockerfiles ...string) (string, reference.Canonical, error) { +func (r *Runtime) Build(ctx context.Context, options buildahDefine.BuildOptions, dockerfiles ...string) (string, reference.Canonical, error) { if options.Runtime == "" { // Make sure that build containers use the same runtime as Podman (see #9365). conf := util.DefaultContainerConfig() diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index 15ba5c685..fd310711f 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -13,7 +13,7 @@ import ( "time" "github.com/containers/buildah" - "github.com/containers/buildah/imagebuildah" + buildahDefine "github.com/containers/buildah/define" "github.com/containers/buildah/util" "github.com/containers/image/v5/types" "github.com/containers/podman/v3/libpod" @@ -98,6 +98,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { OutputFormat string `schema:"outputformat"` Platform string `schema:"platform"` Pull bool `schema:"pull"` + PullPolicy string `schema:"pullpolicy"` Quiet bool `schema:"q"` Registry string `schema:"registry"` Rm bool `schema:"rm"` @@ -275,10 +276,14 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { jobs = query.Jobs } - pullPolicy := buildah.PullIfMissing - if _, found := r.URL.Query()["pull"]; found { - if query.Pull { - pullPolicy = buildah.PullAlways + pullPolicy := buildahDefine.PullIfMissing + if utils.IsLibpodRequest(r) { + pullPolicy = buildahDefine.PolicyMap[query.PullPolicy] + } else { + if _, found := r.URL.Query()["pull"]; found { + if query.Pull { + pullPolicy = buildahDefine.PullAlways + } } } @@ -309,7 +314,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "Decode()")) return } - buildOptions := imagebuildah.BuildOptions{ + buildOptions := buildahDefine.BuildOptions{ AddCapabilities: addCaps, AdditionalTags: additionalTags, Annotations: annotations, diff --git a/pkg/api/handlers/compat/version.go b/pkg/api/handlers/compat/version.go index fae147440..f1cd77a9a 100644 --- a/pkg/api/handlers/compat/version.go +++ b/pkg/api/handlers/compat/version.go @@ -10,8 +10,8 @@ import ( "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/pkg/api/handlers/utils" "github.com/containers/podman/v3/pkg/domain/entities" + "github.com/containers/podman/v3/pkg/domain/entities/types" "github.com/containers/podman/v3/version" - docker "github.com/docker/docker/api/types" "github.com/pkg/errors" ) @@ -32,7 +32,7 @@ func VersionHandler(w http.ResponseWriter, r *http.Request) { return } - components := []docker.ComponentVersion{{ + components := []types.ComponentVersion{{ Name: "Podman Engine", Version: versionInfo.Version, Details: map[string]string{ @@ -52,7 +52,7 @@ func VersionHandler(w http.ResponseWriter, r *http.Request) { minVersion := version.APIVersion[version.Compat][version.MinimalAPI] utils.WriteResponse(w, http.StatusOK, entities.ComponentVersion{ - Version: docker.Version{ + Version: types.Version{ Platform: struct { Name string }{ diff --git a/pkg/api/handlers/types.go b/pkg/api/handlers/types.go index f5eaf6f6d..736203171 100644 --- a/pkg/api/handlers/types.go +++ b/pkg/api/handlers/types.go @@ -28,10 +28,6 @@ type ContainerConfig struct { dockerContainer.Config } -type LibpodImagesLoadReport struct { - ID string `json:"id"` -} - type LibpodImagesPullReport struct { entities.ImagePullReport } diff --git a/pkg/api/handlers/types/types.go b/pkg/api/handlers/types/types.go new file mode 100644 index 000000000..71165364f --- /dev/null +++ b/pkg/api/handlers/types/types.go @@ -0,0 +1,23 @@ +package types + +import ( + "github.com/containers/podman/v3/pkg/domain/entities" +) + +// LibpodImagesRemoveReport is the return type for image removal via the rest +// api. +type LibpodImagesRemoveReport struct { + entities.ImageRemoveReport + // Image removal requires is to return data and an error. + Errors []string +} + +// HistoryResponse provides details on image layers +type HistoryResponse struct { + ID string `json:"Id"` + Created int64 + CreatedBy string + Tags []string + Size int64 + Comment string +} diff --git a/pkg/api/server/swagger.go b/pkg/api/server/swagger.go index 12fd083bb..d282edf23 100644 --- a/pkg/api/server/swagger.go +++ b/pkg/api/server/swagger.go @@ -205,7 +205,7 @@ type swagHealthCheckRunResponse struct { type swagVersion struct { // in:body Body struct { - entities.SystemVersionReport + entities.ComponentVersion } } diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go index 9d77883f9..c79d79136 100644 --- a/pkg/bindings/images/build.go +++ b/pkg/bindings/images/build.go @@ -15,7 +15,6 @@ import ( "strconv" "strings" - "github.com/containers/buildah" "github.com/containers/podman/v3/pkg/auth" "github.com/containers/podman/v3/pkg/bindings" "github.com/containers/podman/v3/pkg/domain/entities" @@ -175,9 +174,8 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO if len(platform) > 0 { params.Set("platform", platform) } - if options.PullPolicy == buildah.PullAlways { - params.Set("pull", "1") - } + params.Set("pullpolicy", options.PullPolicy.String()) + if options.Quiet { params.Set("q", "1") } diff --git a/pkg/bindings/images/images.go b/pkg/bindings/images/images.go index 1be2bdfdd..8680d6baa 100644 --- a/pkg/bindings/images/images.go +++ b/pkg/bindings/images/images.go @@ -8,7 +8,7 @@ import ( "net/url" "strconv" - "github.com/containers/podman/v3/pkg/api/handlers" + "github.com/containers/podman/v3/pkg/api/handlers/types" "github.com/containers/podman/v3/pkg/auth" "github.com/containers/podman/v3/pkg/bindings" "github.com/containers/podman/v3/pkg/domain/entities" @@ -96,12 +96,12 @@ func Tree(ctx context.Context, nameOrID string, options *TreeOptions) (*entities } // History returns the parent layers of an image. -func History(ctx context.Context, nameOrID string, options *HistoryOptions) ([]*handlers.HistoryResponse, error) { +func History(ctx context.Context, nameOrID string, options *HistoryOptions) ([]*types.HistoryResponse, error) { if options == nil { options = new(HistoryOptions) } _ = options - var history []*handlers.HistoryResponse + var history []*types.HistoryResponse conn, err := bindings.GetClient(ctx) if err != nil { return nil, err diff --git a/pkg/bindings/images/rm.go b/pkg/bindings/images/rm.go index beecce7bf..e45e583f4 100644 --- a/pkg/bindings/images/rm.go +++ b/pkg/bindings/images/rm.go @@ -4,7 +4,7 @@ import ( "context" "net/http" - "github.com/containers/podman/v3/pkg/api/handlers" + "github.com/containers/podman/v3/pkg/api/handlers/types" "github.com/containers/podman/v3/pkg/bindings" "github.com/containers/podman/v3/pkg/domain/entities" "github.com/containers/podman/v3/pkg/errorhandling" @@ -19,7 +19,7 @@ func Remove(ctx context.Context, images []string, options *RemoveOptions) (*enti // FIXME - bindings tests are missing for this endpoint. Once the CI is // re-enabled for bindings, we need to add them. At the time of writing, // the tests don't compile. - var report handlers.LibpodImagesRemoveReport + var report types.LibpodImagesRemoveReport conn, err := bindings.GetClient(ctx) if err != nil { return nil, []error{err} diff --git a/pkg/bindings/images/types.go b/pkg/bindings/images/types.go index 7bf70c82b..1f3e46729 100644 --- a/pkg/bindings/images/types.go +++ b/pkg/bindings/images/types.go @@ -1,7 +1,7 @@ package images import ( - "github.com/containers/buildah/imagebuildah" + buildahDefine "github.com/containers/buildah/define" ) //go:generate go run ../generator/generator.go RemoveOptions @@ -162,7 +162,7 @@ type PullOptions struct { //BuildOptions are optional options for building images type BuildOptions struct { - imagebuildah.BuildOptions + buildahDefine.BuildOptions } //go:generate go run ../generator/generator.go ExistsOptions diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go index 7999d8209..3cc46ed0a 100644 --- a/pkg/domain/entities/images.go +++ b/pkg/domain/entities/images.go @@ -8,33 +8,32 @@ import ( "github.com/containers/image/v5/types" "github.com/containers/podman/v3/pkg/inspect" "github.com/containers/podman/v3/pkg/trust" - docker "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/container" "github.com/opencontainers/go-digest" v1 "github.com/opencontainers/image-spec/specs-go/v1" ) type Image struct { - ID string `json:"Id"` - RepoTags []string `json:",omitempty"` - RepoDigests []string `json:",omitempty"` - Parent string `json:",omitempty"` - Comment string `json:",omitempty"` - Created string `json:",omitempty"` - Container string `json:",omitempty"` - ContainerConfig *container.Config `json:",omitempty"` - DockerVersion string `json:",omitempty"` - Author string `json:",omitempty"` - Config *container.Config `json:",omitempty"` - Architecture string `json:",omitempty"` - Variant string `json:",omitempty"` - Os string `json:",omitempty"` - OsVersion string `json:",omitempty"` - Size int64 `json:",omitempty"` - VirtualSize int64 `json:",omitempty"` - GraphDriver docker.GraphDriverData `json:",omitempty"` - RootFS docker.RootFS `json:",omitempty"` - Metadata docker.ImageMetadata `json:",omitempty"` + ID string `json:"Id"` + RepoTags []string `json:",omitempty"` + RepoDigests []string `json:",omitempty"` + Parent string `json:",omitempty"` + Comment string `json:",omitempty"` + Created string `json:",omitempty"` + Container string `json:",omitempty"` + ContainerConfig *container.Config `json:",omitempty"` + DockerVersion string `json:",omitempty"` + Author string `json:",omitempty"` + Config *container.Config `json:",omitempty"` + Architecture string `json:",omitempty"` + Variant string `json:",omitempty"` + Os string `json:",omitempty"` + OsVersion string `json:",omitempty"` + Size int64 `json:",omitempty"` + VirtualSize int64 `json:",omitempty"` + GraphDriver string `json:",omitempty"` + RootFS string `json:",omitempty"` + Metadata string `json:",omitempty"` // Podman extensions Digest digest.Digest `json:",omitempty"` diff --git a/pkg/domain/entities/system.go b/pkg/domain/entities/system.go index 4b8383613..1a671d59e 100644 --- a/pkg/domain/entities/system.go +++ b/pkg/domain/entities/system.go @@ -5,7 +5,7 @@ import ( "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/pkg/domain/entities/reports" - "github.com/docker/docker/api/types" + "github.com/containers/podman/v3/pkg/domain/entities/types" "github.com/spf13/cobra" ) diff --git a/pkg/domain/entities/types.go b/pkg/domain/entities/types.go index 9efc64c93..02e374111 100644 --- a/pkg/domain/entities/types.go +++ b/pkg/domain/entities/types.go @@ -3,7 +3,7 @@ package entities import ( "net" - "github.com/containers/buildah/imagebuildah" + buildahDefine "github.com/containers/buildah/define" "github.com/containers/podman/v3/libpod/events" "github.com/containers/podman/v3/pkg/specgen" "github.com/containers/storage/pkg/archive" @@ -91,7 +91,7 @@ type ContainerCreateResponse struct { // BuildOptions describe the options for building container images. type BuildOptions struct { - imagebuildah.BuildOptions + buildahDefine.BuildOptions } // BuildReport is the image-build report. diff --git a/pkg/domain/entities/types/auth.go b/pkg/domain/entities/types/auth.go new file mode 100644 index 000000000..ddf15bb18 --- /dev/null +++ b/pkg/domain/entities/types/auth.go @@ -0,0 +1,22 @@ +package types // import "github.com/docker/docker/api/types" + +// AuthConfig contains authorization information for connecting to a Registry +type AuthConfig struct { + Username string `json:"username,omitempty"` + Password string `json:"password,omitempty"` + Auth string `json:"auth,omitempty"` + + // Email is an optional value associated with the username. + // This field is deprecated and will be removed in a later + // version of docker. + Email string `json:"email,omitempty"` + + ServerAddress string `json:"serveraddress,omitempty"` + + // IdentityToken is used to authenticate the user and get + // an access token for the registry. + IdentityToken string `json:"identitytoken,omitempty"` + + // RegistryToken is a bearer token to be sent to a registry + RegistryToken string `json:"registrytoken,omitempty"` +} diff --git a/pkg/domain/entities/types/types.go b/pkg/domain/entities/types/types.go new file mode 100644 index 000000000..77834c0cb --- /dev/null +++ b/pkg/domain/entities/types/types.go @@ -0,0 +1,28 @@ +package types // import "github.com/docker/docker/api/types" + +// ComponentVersion describes the version information for a specific component. +type ComponentVersion struct { + Name string + Version string + Details map[string]string `json:",omitempty"` +} + +// Version contains response of Engine API: +// GET "/version" +type Version struct { + Platform struct{ Name string } `json:",omitempty"` + Components []ComponentVersion `json:",omitempty"` + + // The following fields are deprecated, they relate to the Engine component and are kept for backwards compatibility + + Version string + APIVersion string `json:"ApiVersion"` + MinAPIVersion string `json:"MinAPIVersion,omitempty"` + GitCommit string + GoVersion string + Os string + Arch string + KernelVersion string `json:",omitempty"` + Experimental bool `json:",omitempty"` + BuildTime string `json:",omitempty"` +} diff --git a/pkg/domain/entities/volumes.go b/pkg/domain/entities/volumes.go index beb2a75ac..55a6a1b14 100644 --- a/pkg/domain/entities/volumes.go +++ b/pkg/domain/entities/volumes.go @@ -4,10 +4,72 @@ import ( "net/url" "github.com/containers/podman/v3/libpod/define" - docker_api_types "github.com/docker/docker/api/types" - docker_api_types_volume "github.com/docker/docker/api/types/volume" ) +// Volume volume +// swagger:model Volume +type volume struct { + + // Date/Time the volume was created. + CreatedAt string `json:"CreatedAt,omitempty"` + + // Name of the volume driver used by the volume. + // Required: true + Driver string `json:"Driver"` + + // User-defined key/value metadata. + // Required: true + Labels map[string]string `json:"Labels"` + + // Mount path of the volume on the host. + // Required: true + Mountpoint string `json:"Mountpoint"` + + // Name of the volume. + // Required: true + Name string `json:"Name"` + + // The driver specific options used when creating the volume. + // + // Required: true + Options map[string]string `json:"Options"` + + // The level at which the volume exists. Either `global` for cluster-wide, + // or `local` for machine level. + // + // Required: true + Scope string `json:"Scope"` + + // Low-level details about the volume, provided by the volume driver. + // Details are returned as a map with key/value pairs: + // `{"key":"value","key2":"value2"}`. + // + // The `Status` field is optional, and is omitted if the volume driver + // does not support this feature. + // + Status map[string]interface{} `json:"Status,omitempty"` + + // usage data + UsageData *VolumeUsageData `json:"UsageData,omitempty"` +} + +type VolumeUsageData struct { + + // The number of containers referencing this volume. This field + // is set to `-1` if the reference-count is not available. + // + // Required: true + RefCount int64 `json:"RefCount"` + + // Amount of disk space used by the volume (in bytes). This information + // is only available for volumes created with the `"local"` volume + // driver. For volumes created with other volume drivers, this field + // is set to `-1` ("not available") + // + // Required: true + Size int64 `json:"Size"` +} + // swagger:model VolumeCreate type VolumeCreateOptions struct { // New volume's name. Can be left blank @@ -113,14 +175,14 @@ type SwagVolumeListResponse struct { */ // swagger:model DockerVolumeCreate -type DockerVolumeCreate docker_api_types_volume.VolumeCreateBody +type DockerVolumeCreate VolumeCreateBody // This response definition is used for both the create and inspect endpoints // swagger:response DockerVolumeInfoResponse type SwagDockerVolumeInfoResponse struct { // in:body Body struct { - docker_api_types.Volume + volume } } @@ -129,6 +191,30 @@ type SwagDockerVolumeInfoResponse struct { type SwagDockerVolumePruneResponse struct { // in:body Body struct { - docker_api_types.VolumesPruneReport + // docker_api_types.VolumesPruneReport } } + +// VolumeCreateBody Volume configuration +// swagger:model VolumeCreateBody +type VolumeCreateBody struct { + + // Name of the volume driver to use. + // Required: true + Driver string `json:"Driver"` + + // A mapping of driver options and values. These options are + // passed directly to the driver and are driver specific. + // + // Required: true + DriverOpts map[string]string `json:"DriverOpts"` + + // User-defined key/value metadata. + // Required: true + Labels map[string]string `json:"Labels"` + + // The new volume's name. If not specified, Docker generates a name. + // + // Required: true + Name string `json:"Name"` +} diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index 7d87fc83a..3b5c141d7 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -9,6 +9,7 @@ import ( "os" "strings" + "github.com/containers/common/pkg/secrets" "github.com/containers/image/v5/types" "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/libpod/define" @@ -135,6 +136,12 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY report entities.PlayKubeReport ) + // Create the secret manager before hand + secretsManager, err := secrets.NewManager(ic.Libpod.GetSecretsStorageDir()) + if err != nil { + return nil, err + } + // check for name collision between pod and container if podName == "" { return nil, errors.Errorf("pod does not have a name") @@ -261,16 +268,17 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY } specgenOpts := kube.CtrSpecGenOptions{ - Container: container, - Image: newImage, - Volumes: volumes, - PodID: pod.ID(), - PodName: podName, - PodInfraID: podInfraID, - ConfigMaps: configMaps, - SeccompPaths: seccompPaths, - RestartPolicy: ctrRestartPolicy, - NetNSIsHost: p.NetNS.IsHost(), + Container: container, + Image: newImage, + Volumes: volumes, + PodID: pod.ID(), + PodName: podName, + PodInfraID: podInfraID, + ConfigMaps: configMaps, + SeccompPaths: seccompPaths, + RestartPolicy: ctrRestartPolicy, + NetNSIsHost: p.NetNS.IsHost(), + SecretsManager: secretsManager, } specGen, err := kube.ToSpecGen(ctx, &specgenOpts) if err != nil { diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go index 9f7c8919b..a3e753384 100644 --- a/pkg/domain/infra/abi/system.go +++ b/pkg/domain/infra/abi/system.go @@ -67,7 +67,7 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, cmd *cobra.Command) if os.Geteuid() == 0 { ownsCgroup, err := cgroups.UserOwnsCurrentSystemdCgroup() if err != nil { - logrus.Warnf("Failed to detect the owner for the current cgroup: %v", err) + logrus.Infof("Failed to detect the owner for the current cgroup: %v", err) } if !ownsCgroup { conf, err := ic.Config(context.Background()) diff --git a/pkg/domain/infra/runtime_libpod.go b/pkg/domain/infra/runtime_libpod.go index 8b6581c7b..b0d9dc797 100644 --- a/pkg/domain/infra/runtime_libpod.go +++ b/pkg/domain/infra/runtime_libpod.go @@ -15,8 +15,8 @@ import ( "github.com/containers/podman/v3/pkg/domain/entities" "github.com/containers/podman/v3/pkg/namespaces" "github.com/containers/podman/v3/pkg/rootless" - "github.com/containers/storage" "github.com/containers/storage/pkg/idtools" + "github.com/containers/storage/types" "github.com/pkg/errors" "github.com/sirupsen/logrus" flag "github.com/spf13/pflag" @@ -100,7 +100,7 @@ func GetRuntimeNoStore(ctx context.Context, fs *flag.FlagSet, cfg *entities.Podm func getRuntime(ctx context.Context, fs *flag.FlagSet, opts *engineOpts) (*libpod.Runtime, error) { options := []libpod.RuntimeOption{} - storageOpts := storage.StoreOptions{} + storageOpts := types.StoreOptions{} cfg := opts.config storageSet := false @@ -237,8 +237,8 @@ func getRuntime(ctx context.Context, fs *flag.FlagSet, opts *engineOpts) (*libpo } // ParseIDMapping takes idmappings and subuid and subgid maps and returns a storage mapping -func ParseIDMapping(mode namespaces.UsernsMode, uidMapSlice, gidMapSlice []string, subUIDMap, subGIDMap string) (*storage.IDMappingOptions, error) { - options := storage.IDMappingOptions{ +func ParseIDMapping(mode namespaces.UsernsMode, uidMapSlice, gidMapSlice []string, subUIDMap, subGIDMap string) (*types.IDMappingOptions, error) { + options := types.IDMappingOptions{ HostUIDMapping: true, HostGIDMapping: true, } diff --git a/pkg/machine/qemu/options_linux_amd64.go b/pkg/machine/qemu/options_linux_amd64.go index cc0a4bab2..3edd97ea1 100644 --- a/pkg/machine/qemu/options_linux_amd64.go +++ b/pkg/machine/qemu/options_linux_amd64.go @@ -1,11 +1,14 @@ package qemu var ( - QemuCommand = "qemu-kvm" + QemuCommand = "qemu-system-x86_64" ) func (v *MachineVM) addArchOptions() []string { - opts := []string{"-cpu", "host"} + opts := []string{ + "-accel", "kvm", + "-cpu", "host", + } return opts } diff --git a/pkg/namespaces/namespaces.go b/pkg/namespaces/namespaces.go index c35f68e02..a7736aee0 100644 --- a/pkg/namespaces/namespaces.go +++ b/pkg/namespaces/namespaces.go @@ -5,7 +5,7 @@ import ( "strconv" "strings" - "github.com/containers/storage" + "github.com/containers/storage/types" ) const ( @@ -109,12 +109,12 @@ func (n UsernsMode) IsDefaultValue() bool { // GetAutoOptions returns a AutoUserNsOptions with the settings to setup automatically // a user namespace. -func (n UsernsMode) GetAutoOptions() (*storage.AutoUserNsOptions, error) { +func (n UsernsMode) GetAutoOptions() (*types.AutoUserNsOptions, error) { parts := strings.SplitN(string(n), ":", 2) if parts[0] != "auto" { return nil, fmt.Errorf("wrong user namespace mode") } - options := storage.AutoUserNsOptions{} + options := types.AutoUserNsOptions{} if len(parts) == 1 { return &options, nil } @@ -131,13 +131,13 @@ func (n UsernsMode) GetAutoOptions() (*storage.AutoUserNsOptions, error) { } options.Size = uint32(s) case "uidmapping": - mapping, err := storage.ParseIDMapping([]string{v[1]}, nil, "", "") + mapping, err := types.ParseIDMapping([]string{v[1]}, nil, "", "") if err != nil { return nil, err } options.AdditionalUIDMappings = append(options.AdditionalUIDMappings, mapping.UIDMap...) case "gidmapping": - mapping, err := storage.ParseIDMapping(nil, []string{v[1]}, "", "") + mapping, err := types.ParseIDMapping(nil, []string{v[1]}, "", "") if err != nil { return nil, err } diff --git a/pkg/rootless/rootless.go b/pkg/rootless/rootless.go index b5538efc3..0b9d719a9 100644 --- a/pkg/rootless/rootless.go +++ b/pkg/rootless/rootless.go @@ -5,7 +5,7 @@ import ( "sort" "sync" - "github.com/containers/storage" + "github.com/containers/storage/pkg/lockfile" "github.com/opencontainers/runc/libcontainer/user" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" @@ -25,7 +25,7 @@ func TryJoinPauseProcess(pausePidPath string) (bool, int, error) { } // It could not join the pause process, let's lock the file before trying to delete it. - pidFileLock, err := storage.GetLockfile(pausePidPath) + pidFileLock, err := lockfile.GetLockfile(pausePidPath) if err != nil { // The file was deleted by another process. if os.IsNotExist(err) { diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index 03697b353..1d724ffb0 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -11,7 +11,7 @@ import ( "github.com/containers/podman/v3/libpod/image" "github.com/containers/podman/v3/pkg/specgen" "github.com/containers/podman/v3/pkg/util" - "github.com/containers/storage" + "github.com/containers/storage/types" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -367,7 +367,7 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen. return options, nil } -func CreateExitCommandArgs(storageConfig storage.StoreOptions, config *config.Config, syslog, rm, exec bool) ([]string, error) { +func CreateExitCommandArgs(storageConfig types.StoreOptions, config *config.Config, syslog, rm, exec bool) ([]string, error) { // We need a cleanup process for containers in the current model. // But we can't assume that the caller is Podman - it could be another // user of the API. diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index d61c8bd19..31ed3fd7c 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -2,11 +2,13 @@ package kube import ( "context" + "encoding/json" "fmt" "net" "strings" "github.com/containers/common/pkg/parse" + "github.com/containers/common/pkg/secrets" "github.com/containers/podman/v3/libpod/image" ann "github.com/containers/podman/v3/pkg/annotations" "github.com/containers/podman/v3/pkg/specgen" @@ -94,6 +96,8 @@ type CtrSpecGenOptions struct { RestartPolicy string // NetNSIsHost tells the container to use the host netns NetNSIsHost bool + // SecretManager to access the secrets + SecretsManager *secrets.SecretsManager } func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGenerator, error) { @@ -210,12 +214,18 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener } for _, env := range opts.Container.Env { - value := envVarValue(env, opts.ConfigMaps) + value, err := envVarValue(env, opts) + if err != nil { + return nil, err + } envs[env.Name] = value } for _, envFrom := range opts.Container.EnvFrom { - cmEnvs := envVarsFromConfigMap(envFrom, opts.ConfigMaps) + cmEnvs, err := envVarsFrom(envFrom, opts) + if err != nil { + return nil, err + } for k, v := range cmEnvs { envs[k] = v @@ -325,40 +335,96 @@ func quantityToInt64(quantity *resource.Quantity) (int64, error) { return 0, errors.Errorf("Quantity cannot be represented as int64: %v", quantity) } -// envVarsFromConfigMap returns all key-value pairs as env vars from a configMap that matches the envFrom setting of a container -func envVarsFromConfigMap(envFrom v1.EnvFromSource, configMaps []v1.ConfigMap) map[string]string { +// read a k8s secret in JSON format from the secret manager +func k8sSecretFromSecretManager(name string, secretsManager *secrets.SecretsManager) (map[string][]byte, error) { + _, jsonSecret, err := secretsManager.LookupSecretData(name) + if err != nil { + return nil, err + } + + var secrets map[string][]byte + if err := json.Unmarshal(jsonSecret, &secrets); err != nil { + return nil, errors.Errorf("Secret %v is not valid JSON: %v", name, err) + } + return secrets, nil +} + +// envVarsFrom returns all key-value pairs as env vars from a configMap or secret that matches the envFrom setting of a container +func envVarsFrom(envFrom v1.EnvFromSource, opts *CtrSpecGenOptions) (map[string]string, error) { envs := map[string]string{} if envFrom.ConfigMapRef != nil { - cmName := envFrom.ConfigMapRef.Name + cmRef := envFrom.ConfigMapRef + err := errors.Errorf("Configmap %v not found", cmRef.Name) - for _, c := range configMaps { - if cmName == c.Name { + for _, c := range opts.ConfigMaps { + if cmRef.Name == c.Name { envs = c.Data + err = nil break } } + + if err != nil && (cmRef.Optional == nil || !*cmRef.Optional) { + return nil, err + } } - return envs + if envFrom.SecretRef != nil { + secRef := envFrom.SecretRef + secret, err := k8sSecretFromSecretManager(secRef.Name, opts.SecretsManager) + if err == nil { + for k, v := range secret { + envs[k] = string(v) + } + } else if secRef.Optional == nil || !*secRef.Optional { + return nil, err + } + } + + return envs, nil } // envVarValue returns the environment variable value configured within the container's env setting. -// It gets the value from a configMap if specified, otherwise returns env.Value -func envVarValue(env v1.EnvVar, configMaps []v1.ConfigMap) string { - for _, c := range configMaps { - if env.ValueFrom != nil { - if env.ValueFrom.ConfigMapKeyRef != nil { - if env.ValueFrom.ConfigMapKeyRef.Name == c.Name { - if value, ok := c.Data[env.ValueFrom.ConfigMapKeyRef.Key]; ok { - return value +// It gets the value from a configMap or secret if specified, otherwise returns env.Value +func envVarValue(env v1.EnvVar, opts *CtrSpecGenOptions) (string, error) { + if env.ValueFrom != nil { + if env.ValueFrom.ConfigMapKeyRef != nil { + cmKeyRef := env.ValueFrom.ConfigMapKeyRef + err := errors.Errorf("Cannot set env %v: configmap %v not found", env.Name, cmKeyRef.Name) + + for _, c := range opts.ConfigMaps { + if cmKeyRef.Name == c.Name { + if value, ok := c.Data[cmKeyRef.Key]; ok { + return value, nil } + err = errors.Errorf("Cannot set env %v: key %s not found in configmap %v", env.Name, cmKeyRef.Key, cmKeyRef.Name) + break + } + } + if cmKeyRef.Optional == nil || !*cmKeyRef.Optional { + return "", err + } + return "", nil + } + + if env.ValueFrom.SecretKeyRef != nil { + secKeyRef := env.ValueFrom.SecretKeyRef + secret, err := k8sSecretFromSecretManager(secKeyRef.Name, opts.SecretsManager) + if err == nil { + if val, ok := secret[secKeyRef.Key]; ok { + return string(val), nil } + err = errors.Errorf("Secret %v has not %v key", secKeyRef.Name, secKeyRef.Key) + } + if secKeyRef.Optional == nil || !*secKeyRef.Optional { + return "", errors.Errorf("Cannot set env %v: %v", env.Name, err) } + return "", nil } } - return env.Value + return env.Value, nil } // getPodPorts converts a slice of kube container descriptions to an diff --git a/pkg/specgen/generate/kube/play_test.go b/pkg/specgen/generate/kube/play_test.go index 148540e9f..f714826f0 100644 --- a/pkg/specgen/generate/kube/play_test.go +++ b/pkg/specgen/generate/kube/play_test.go @@ -1,19 +1,49 @@ package kube import ( + "encoding/json" + "io/ioutil" + "os" "testing" + "github.com/containers/common/pkg/secrets" "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" v12 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -func TestEnvVarsFromConfigMap(t *testing.T) { +func createSecrets(t *testing.T, d string) *secrets.SecretsManager { + secretsManager, err := secrets.NewManager(d) + assert.NoError(t, err) + + driver := "file" + driverOpts := map[string]string{ + "path": d, + } + + for _, s := range k8sSecrets { + data, err := json.Marshal(s.Data) + assert.NoError(t, err) + + _, err = secretsManager.Store(s.ObjectMeta.Name, data, driver, driverOpts) + assert.NoError(t, err) + } + + return secretsManager +} + +func TestEnvVarsFrom(t *testing.T) { + d, err := ioutil.TempDir("", "secrets") + assert.NoError(t, err) + defer os.RemoveAll(d) + secretsManager := createSecrets(t, d) + tests := []struct { - name string - envFrom v1.EnvFromSource - configMapList []v1.ConfigMap - expected map[string]string + name string + envFrom v1.EnvFromSource + options CtrSpecGenOptions + succeed bool + expected map[string]string }{ { "ConfigMapExists", @@ -24,7 +54,10 @@ func TestEnvVarsFromConfigMap(t *testing.T) { }, }, }, - configMapList, + CtrSpecGenOptions{ + ConfigMaps: configMapList, + }, + true, map[string]string{ "myvar": "foo", }, @@ -38,7 +71,26 @@ func TestEnvVarsFromConfigMap(t *testing.T) { }, }, }, - configMapList, + CtrSpecGenOptions{ + ConfigMaps: configMapList, + }, + false, + nil, + }, + { + "OptionalConfigMapDoesNotExist", + v1.EnvFromSource{ + ConfigMapRef: &v1.ConfigMapEnvSource{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "doesnotexist", + }, + Optional: &optional, + }, + }, + CtrSpecGenOptions{ + ConfigMaps: configMapList, + }, + true, map[string]string{}, }, { @@ -50,7 +102,74 @@ func TestEnvVarsFromConfigMap(t *testing.T) { }, }, }, - []v1.ConfigMap{}, + CtrSpecGenOptions{ + ConfigMaps: []v1.ConfigMap{}, + }, + false, + nil, + }, + { + "OptionalEmptyConfigMapList", + v1.EnvFromSource{ + ConfigMapRef: &v1.ConfigMapEnvSource{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "foo", + }, + Optional: &optional, + }, + }, + CtrSpecGenOptions{ + ConfigMaps: []v1.ConfigMap{}, + }, + true, + map[string]string{}, + }, + { + "SecretExists", + v1.EnvFromSource{ + SecretRef: &v1.SecretEnvSource{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "foo", + }, + }, + }, + CtrSpecGenOptions{ + SecretsManager: secretsManager, + }, + true, + map[string]string{ + "myvar": "foo", + }, + }, + { + "SecretDoesNotExist", + v1.EnvFromSource{ + SecretRef: &v1.SecretEnvSource{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "doesnotexist", + }, + }, + }, + CtrSpecGenOptions{ + SecretsManager: secretsManager, + }, + false, + nil, + }, + { + "OptionalSecretDoesNotExist", + v1.EnvFromSource{ + SecretRef: &v1.SecretEnvSource{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "doesnotexist", + }, + Optional: &optional, + }, + }, + CtrSpecGenOptions{ + SecretsManager: secretsManager, + }, + true, map[string]string{}, }, } @@ -58,18 +177,25 @@ func TestEnvVarsFromConfigMap(t *testing.T) { for _, test := range tests { test := test t.Run(test.name, func(t *testing.T) { - result := envVarsFromConfigMap(test.envFrom, test.configMapList) + result, err := envVarsFrom(test.envFrom, &test.options) + assert.Equal(t, err == nil, test.succeed) assert.Equal(t, test.expected, result) }) } } func TestEnvVarValue(t *testing.T) { + d, err := ioutil.TempDir("", "secrets") + assert.NoError(t, err) + defer os.RemoveAll(d) + secretsManager := createSecrets(t, d) + tests := []struct { - name string - envVar v1.EnvVar - configMapList []v1.ConfigMap - expected string + name string + envVar v1.EnvVar + options CtrSpecGenOptions + succeed bool + expected string }{ { "ConfigMapExists", @@ -84,7 +210,10 @@ func TestEnvVarValue(t *testing.T) { }, }, }, - configMapList, + CtrSpecGenOptions{ + ConfigMaps: configMapList, + }, + true, "foo", }, { @@ -100,7 +229,30 @@ func TestEnvVarValue(t *testing.T) { }, }, }, - configMapList, + CtrSpecGenOptions{ + ConfigMaps: configMapList, + }, + false, + "", + }, + { + "OptionalContainerKeyDoesNotExistInConfigMap", + v1.EnvVar{ + Name: "FOO", + ValueFrom: &v1.EnvVarSource{ + ConfigMapKeyRef: &v1.ConfigMapKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "foo", + }, + Key: "doesnotexist", + Optional: &optional, + }, + }, + }, + CtrSpecGenOptions{ + ConfigMaps: configMapList, + }, + true, "", }, { @@ -116,7 +268,30 @@ func TestEnvVarValue(t *testing.T) { }, }, }, - configMapList, + CtrSpecGenOptions{ + ConfigMaps: configMapList, + }, + false, + "", + }, + { + "OptionalConfigMapDoesNotExist", + v1.EnvVar{ + Name: "FOO", + ValueFrom: &v1.EnvVarSource{ + ConfigMapKeyRef: &v1.ConfigMapKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "doesnotexist", + }, + Key: "myvar", + Optional: &optional, + }, + }, + }, + CtrSpecGenOptions{ + ConfigMaps: configMapList, + }, + true, "", }, { @@ -132,7 +307,127 @@ func TestEnvVarValue(t *testing.T) { }, }, }, - []v1.ConfigMap{}, + CtrSpecGenOptions{ + ConfigMaps: []v1.ConfigMap{}, + }, + false, + "", + }, + { + "OptionalEmptyConfigMapList", + v1.EnvVar{ + Name: "FOO", + ValueFrom: &v1.EnvVarSource{ + ConfigMapKeyRef: &v1.ConfigMapKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "foo", + }, + Key: "myvar", + Optional: &optional, + }, + }, + }, + CtrSpecGenOptions{ + ConfigMaps: []v1.ConfigMap{}, + }, + true, + "", + }, + { + "SecretExists", + v1.EnvVar{ + Name: "FOO", + ValueFrom: &v1.EnvVarSource{ + SecretKeyRef: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "foo", + }, + Key: "myvar", + }, + }, + }, + CtrSpecGenOptions{ + SecretsManager: secretsManager, + }, + true, + "foo", + }, + { + "ContainerKeyDoesNotExistInSecret", + v1.EnvVar{ + Name: "FOO", + ValueFrom: &v1.EnvVarSource{ + SecretKeyRef: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "foo", + }, + Key: "doesnotexist", + }, + }, + }, + CtrSpecGenOptions{ + SecretsManager: secretsManager, + }, + false, + "", + }, + { + "OptionalContainerKeyDoesNotExistInSecret", + v1.EnvVar{ + Name: "FOO", + ValueFrom: &v1.EnvVarSource{ + SecretKeyRef: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "foo", + }, + Key: "doesnotexist", + Optional: &optional, + }, + }, + }, + CtrSpecGenOptions{ + SecretsManager: secretsManager, + }, + true, + "", + }, + { + "SecretDoesNotExist", + v1.EnvVar{ + Name: "FOO", + ValueFrom: &v1.EnvVarSource{ + SecretKeyRef: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "doesnotexist", + }, + Key: "myvar", + }, + }, + }, + CtrSpecGenOptions{ + SecretsManager: secretsManager, + }, + false, + "", + }, + { + "OptionalSecretDoesNotExist", + v1.EnvVar{ + Name: "FOO", + ValueFrom: &v1.EnvVarSource{ + SecretKeyRef: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "doesnotexist", + }, + Key: "myvar", + Optional: &optional, + }, + }, + }, + CtrSpecGenOptions{ + SecretsManager: secretsManager, + }, + true, "", }, } @@ -140,7 +435,8 @@ func TestEnvVarValue(t *testing.T) { for _, test := range tests { test := test t.Run(test.name, func(t *testing.T) { - result := envVarValue(test.envVar, test.configMapList) + result, err := envVarValue(test.envVar, &test.options) + assert.Equal(t, err == nil, test.succeed) assert.Equal(t, test.expected, result) }) } @@ -170,3 +466,30 @@ var configMapList = []v1.ConfigMap{ }, }, } + +var optional = true + +var k8sSecrets = []v1.Secret{ + { + TypeMeta: v12.TypeMeta{ + Kind: "Secret", + }, + ObjectMeta: v12.ObjectMeta{ + Name: "bar", + }, + Data: map[string][]byte{ + "myvar": []byte("bar"), + }, + }, + { + TypeMeta: v12.TypeMeta{ + Kind: "Secret", + }, + ObjectMeta: v12.ObjectMeta{ + Name: "foo", + }, + Data: map[string][]byte{ + "myvar": []byte("foo"), + }, + }, +} diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go index 732579bf0..c10dc5ef5 100644 --- a/pkg/specgen/specgen.go +++ b/pkg/specgen/specgen.go @@ -5,7 +5,7 @@ import ( "syscall" "github.com/containers/image/v5/manifest" - "github.com/containers/storage" + "github.com/containers/storage/types" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" ) @@ -302,7 +302,7 @@ type ContainerSecurityConfig struct { // IDMappings are UID and GID mappings that will be used by user // namespaces. // Required if UserNS is private. - IDMappings *storage.IDMappingOptions `json:"idmappings,omitempty"` + IDMappings *types.IDMappingOptions `json:"idmappings,omitempty"` // ReadOnlyFilesystem indicates that everything will be mounted // as read-only ReadOnlyFilesystem bool `json:"read_only_filesystem,omitempty"` diff --git a/pkg/systemd/generate/common.go b/pkg/systemd/generate/common.go index 19d468403..eafd45528 100644 --- a/pkg/systemd/generate/common.go +++ b/pkg/systemd/generate/common.go @@ -39,20 +39,46 @@ After=network-online.target RequiresMountsFor={{{{.GraphRoot}}}} {{{{.RunRoot}}}} ` -// filterPodFlags removes --pod and --pod-id-file from the specified command. -func filterPodFlags(command []string) []string { +// filterPodFlags removes --pod, --pod-id-file and --infra-conmon-pidfile from the specified command. +// argCount is the number of last arguments which should not be filtered, e.g. the container entrypoint. +func filterPodFlags(command []string, argCount int) []string { processed := []string{} - for i := 0; i < len(command); i++ { + for i := 0; i < len(command)-argCount; i++ { s := command[i] - if s == "--pod" || s == "--pod-id-file" { + if s == "--pod" || s == "--pod-id-file" || s == "--infra-conmon-pidfile" { i++ continue } - if strings.HasPrefix(s, "--pod=") || strings.HasPrefix(s, "--pod-id-file=") { + if strings.HasPrefix(s, "--pod=") || + strings.HasPrefix(s, "--pod-id-file=") || + strings.HasPrefix(s, "--infra-conmon-pidfile=") { continue } processed = append(processed, s) } + processed = append(processed, command[len(command)-argCount:]...) + return processed +} + +// filterCommonContainerFlags removes --conmon-pidfile, --cidfile and --cgroups from the specified command. +// argCount is the number of last arguments which should not be filtered, e.g. the container entrypoint. +func filterCommonContainerFlags(command []string, argCount int) []string { + processed := []string{} + for i := 0; i < len(command)-argCount; i++ { + s := command[i] + + switch { + case s == "--conmon-pidfile", s == "--cidfile", s == "--cgroups": + i++ + continue + case strings.HasPrefix(s, "--conmon-pidfile="), + strings.HasPrefix(s, "--cidfile="), + strings.HasPrefix(s, "--cgroups="): + continue + } + processed = append(processed, s) + } + processed = append(processed, command[len(command)-argCount:]...) return processed } diff --git a/pkg/systemd/generate/common_test.go b/pkg/systemd/generate/common_test.go index 3787e461e..30e758127 100644 --- a/pkg/systemd/generate/common_test.go +++ b/pkg/systemd/generate/common_test.go @@ -1,7 +1,6 @@ package generate import ( - "strings" "testing" "github.com/stretchr/testify/assert" @@ -9,22 +8,144 @@ import ( func TestFilterPodFlags(t *testing.T) { tests := []struct { - input []string + input []string + output []string + argCount int }{ - {[]string{"podman", "pod", "create"}}, - {[]string{"podman", "pod", "create", "--name", "foo"}}, - {[]string{"podman", "pod", "create", "--pod-id-file", "foo"}}, - {[]string{"podman", "pod", "create", "--pod-id-file=foo"}}, - {[]string{"podman", "run", "--pod", "foo"}}, - {[]string{"podman", "run", "--pod=foo"}}, + { + []string{"podman", "pod", "create"}, + []string{"podman", "pod", "create"}, + 0, + }, + { + []string{"podman", "pod", "create", "--name", "foo"}, + []string{"podman", "pod", "create", "--name", "foo"}, + 0, + }, + { + []string{"podman", "pod", "create", "--pod-id-file", "foo"}, + []string{"podman", "pod", "create"}, + 0, + }, + { + []string{"podman", "pod", "create", "--pod-id-file=foo"}, + []string{"podman", "pod", "create"}, + 0, + }, + { + []string{"podman", "pod", "create", "--pod-id-file", "foo", "--infra-conmon-pidfile", "foo"}, + []string{"podman", "pod", "create"}, + 0, + }, + { + []string{"podman", "pod", "create", "--pod-id-file", "foo", "--infra-conmon-pidfile=foo"}, + []string{"podman", "pod", "create"}, + 0, + }, + { + []string{"podman", "run", "--pod", "foo"}, + []string{"podman", "run"}, + 0, + }, + { + []string{"podman", "run", "--pod=foo"}, + []string{"podman", "run"}, + 0, + }, + { + []string{"podman", "run", "--pod=foo", "fedora", "podman", "run", "--pod=test", "alpine"}, + []string{"podman", "run", "fedora", "podman", "run", "--pod=test", "alpine"}, + 5, + }, + { + []string{"podman", "run", "--pod", "foo", "fedora", "podman", "run", "--pod", "test", "alpine"}, + []string{"podman", "run", "fedora", "podman", "run", "--pod", "test", "alpine"}, + 6, + }, + { + []string{"podman", "run", "--pod-id-file=foo", "fedora", "podman", "run", "--pod-id-file=test", "alpine"}, + []string{"podman", "run", "fedora", "podman", "run", "--pod-id-file=test", "alpine"}, + 5, + }, + { + []string{"podman", "run", "--pod-id-file", "foo", "fedora", "podman", "run", "--pod-id-file", "test", "alpine"}, + []string{"podman", "run", "fedora", "podman", "run", "--pod-id-file", "test", "alpine"}, + 6, + }, + } + + for _, test := range tests { + processed := filterPodFlags(test.input, test.argCount) + assert.Equal(t, test.output, processed) + } +} + +func TestFilterCommonContainerFlags(t *testing.T) { + tests := []struct { + input []string + output []string + argCount int + }{ + { + []string{"podman", "run", "alpine"}, + []string{"podman", "run", "alpine"}, + 1, + }, + { + []string{"podman", "run", "--conmon-pidfile", "foo", "alpine"}, + []string{"podman", "run", "alpine"}, + 1, + }, + { + []string{"podman", "run", "--conmon-pidfile=foo", "alpine"}, + []string{"podman", "run", "alpine"}, + 1, + }, + { + []string{"podman", "run", "--cidfile", "foo", "alpine"}, + []string{"podman", "run", "alpine"}, + 1, + }, + { + []string{"podman", "run", "--cidfile=foo", "alpine"}, + []string{"podman", "run", "alpine"}, + 1, + }, + { + []string{"podman", "run", "--cgroups", "foo", "alpine"}, + []string{"podman", "run", "alpine"}, + 1, + }, + { + []string{"podman", "run", "--cgroups=foo", "alpine"}, + []string{"podman", "run", "alpine"}, + 1, + }, + { + []string{"podman", "run", "--cgroups", "foo", "--conmon-pidfile", "foo", "--cidfile", "foo", "alpine"}, + []string{"podman", "run", "alpine"}, + 1, + }, + { + []string{"podman", "run", "--cgroups=foo", "--conmon-pidfile=foo", "--cidfile=foo", "alpine"}, + []string{"podman", "run", "alpine"}, + 1, + }, + { + []string{"podman", "run", "--cgroups", "foo", "--conmon-pidfile", "foo", "--cidfile", "foo", "alpine", "--cgroups", "foo", "--conmon-pidfile", "foo", "--cidfile", "foo"}, + []string{"podman", "run", "alpine", "--cgroups", "foo", "--conmon-pidfile", "foo", "--cidfile", "foo"}, + 7, + }, + { + []string{"podman", "run", "--cgroups=foo", "--conmon-pidfile=foo", "--cidfile=foo", "alpine", "--cgroups=foo", "--conmon-pidfile=foo", "--cidfile=foo"}, + []string{"podman", "run", "alpine", "--cgroups=foo", "--conmon-pidfile=foo", "--cidfile=foo"}, + 4, + }, } for _, test := range tests { - processed := filterPodFlags(test.input) - for _, s := range processed { - assert.False(t, strings.HasPrefix(s, "--pod-id-file")) - assert.False(t, strings.HasPrefix(s, "--pod")) - } + processed := filterCommonContainerFlags(test.input, test.argCount) + assert.Equal(t, test.output, processed) } } diff --git a/pkg/systemd/generate/containers.go b/pkg/systemd/generate/containers.go index bc13a6116..e06655a8d 100644 --- a/pkg/systemd/generate/containers.go +++ b/pkg/systemd/generate/containers.go @@ -238,13 +238,7 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst "--cidfile", "{{{{.ContainerIDFile}}}}", "--cgroups=no-conmon", ) - // If the container is in a pod, make sure that the - // --pod-id-file is set correctly. - if info.Pod != nil { - podFlags := []string{"--pod-id-file", "{{{{.Pod.PodIDFile}}}}"} - startCommand = append(startCommand, podFlags...) - info.CreateCommand = filterPodFlags(info.CreateCommand) - } + remainingCmd := info.CreateCommand[index:] // Presence check for certain flags/options. fs := pflag.NewFlagSet("args", pflag.ContinueOnError) @@ -254,7 +248,16 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst fs.BoolP("detach", "d", false, "") fs.String("name", "", "") fs.Bool("replace", false, "") - fs.Parse(info.CreateCommand[index:]) + fs.Parse(remainingCmd) + + remainingCmd = filterCommonContainerFlags(remainingCmd, fs.NArg()) + // If the container is in a pod, make sure that the + // --pod-id-file is set correctly. + if info.Pod != nil { + podFlags := []string{"--pod-id-file", "{{{{.Pod.PodIDFile}}}}"} + startCommand = append(startCommand, podFlags...) + remainingCmd = filterPodFlags(remainingCmd, fs.NArg()) + } hasDetachParam, err := fs.GetBool("detach") if err != nil { @@ -266,8 +269,6 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst return "", err } - remainingCmd := info.CreateCommand[index:] - if !hasDetachParam { // Enforce detaching // diff --git a/pkg/systemd/generate/containers_test.go b/pkg/systemd/generate/containers_test.go index 1359c1a37..899ba6bfa 100644 --- a/pkg/systemd/generate/containers_test.go +++ b/pkg/systemd/generate/containers_test.go @@ -395,6 +395,56 @@ Type=forking [Install] WantedBy=multi-user.target default.target ` + + goodNewWithIDFiles := `# jadda-jadda.service +# autogenerated by Podman CI + +[Unit] +Description=Podman jadda-jadda.service +Documentation=man:podman-generate-systemd(1) +Wants=network.target +After=network-online.target +RequiresMountsFor=/var/lib/containers/storage /var/run/containers/storage + +[Service] +Environment=PODMAN_SYSTEMD_UNIT=%n +Restart=always +TimeoutStopSec=70 +ExecStartPre=/bin/rm -f %t/jadda-jadda.pid %t/jadda-jadda.ctr-id +ExecStart=/usr/bin/podman run --conmon-pidfile %t/jadda-jadda.pid --cidfile %t/jadda-jadda.ctr-id --cgroups=no-conmon -d awesome-image:latest podman run --cgroups=foo --conmon-pidfile=foo --cidfile=foo alpine +ExecStop=/usr/bin/podman stop --ignore --cidfile %t/jadda-jadda.ctr-id -t 10 +ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/jadda-jadda.ctr-id +PIDFile=%t/jadda-jadda.pid +Type=forking + +[Install] +WantedBy=multi-user.target default.target +` + + goodNewWithPodIDFiles := `# jadda-jadda.service +# autogenerated by Podman CI + +[Unit] +Description=Podman jadda-jadda.service +Documentation=man:podman-generate-systemd(1) +Wants=network.target +After=network-online.target +RequiresMountsFor=/var/lib/containers/storage /var/run/containers/storage + +[Service] +Environment=PODMAN_SYSTEMD_UNIT=%n +Restart=always +TimeoutStopSec=70 +ExecStartPre=/bin/rm -f %t/jadda-jadda.pid %t/jadda-jadda.ctr-id +ExecStart=/usr/bin/podman run --conmon-pidfile %t/jadda-jadda.pid --cidfile %t/jadda-jadda.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-foobar.pod-id-file -d awesome-image:latest podman run --cgroups=foo --conmon-pidfile=foo --cidfile=foo --pod-id-file /tmp/pod-foobar.pod-id-file alpine +ExecStop=/usr/bin/podman stop --ignore --cidfile %t/jadda-jadda.ctr-id -t 10 +ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/jadda-jadda.ctr-id +PIDFile=%t/jadda-jadda.pid +Type=forking + +[Install] +WantedBy=multi-user.target default.target +` tests := []struct { name string info containerInfo @@ -782,6 +832,47 @@ WantedBy=multi-user.target default.target false, false, }, + {"good with ID files", + containerInfo{ + Executable: "/usr/bin/podman", + ServiceName: "jadda-jadda", + ContainerNameOrID: "jadda-jadda", + RestartPolicy: "always", + PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", + StopTimeout: 10, + PodmanVersion: "CI", + GraphRoot: "/var/lib/containers/storage", + RunRoot: "/var/run/containers/storage", + CreateCommand: []string{"I'll get stripped", "create", "--cgroups=foo", "--conmon-pidfile=foo", "--cidfile=foo", "awesome-image:latest", "podman", "run", "--cgroups=foo", "--conmon-pidfile=foo", "--cidfile=foo", "alpine"}, + EnvVariable: define.EnvVariable, + }, + goodNewWithIDFiles, + true, + false, + false, + }, + {"good with pod ID files", + containerInfo{ + Executable: "/usr/bin/podman", + ServiceName: "jadda-jadda", + ContainerNameOrID: "jadda-jadda", + RestartPolicy: "always", + PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", + StopTimeout: 10, + PodmanVersion: "CI", + GraphRoot: "/var/lib/containers/storage", + RunRoot: "/var/run/containers/storage", + CreateCommand: []string{"I'll get stripped", "create", "--cgroups=foo", "--conmon-pidfile=foo", "--cidfile=foo", "--pod", "test", "awesome-image:latest", "podman", "run", "--cgroups=foo", "--conmon-pidfile=foo", "--cidfile=foo", "--pod-id-file", "/tmp/pod-foobar.pod-id-file", "alpine"}, + EnvVariable: define.EnvVariable, + Pod: &podInfo{ + PodIDFile: "%t/pod-foobar.pod-id-file", + }, + }, + goodNewWithPodIDFiles, + true, + false, + false, + }, } for _, tt := range tests { test := tt diff --git a/pkg/systemd/generate/pods.go b/pkg/systemd/generate/pods.go index a76979ecf..1b92649e8 100644 --- a/pkg/systemd/generate/pods.go +++ b/pkg/systemd/generate/pods.go @@ -279,16 +279,16 @@ func executePodTemplate(info *podInfo, options entities.GenerateSystemdOptions) } podRootArgs = info.CreateCommand[1 : podCreateIndex-1] info.RootFlags = strings.Join(escapeSystemdArguments(podRootArgs), " ") - podCreateArgs = filterPodFlags(info.CreateCommand[podCreateIndex+1:]) + podCreateArgs = filterPodFlags(info.CreateCommand[podCreateIndex+1:], 0) } // We're hard-coding the first five arguments and append the // CreateCommand with a stripped command and subcommand. startCommand := []string{info.Executable} startCommand = append(startCommand, podRootArgs...) startCommand = append(startCommand, - []string{"pod", "create", - "--infra-conmon-pidfile", "{{{{.PIDFile}}}}", - "--pod-id-file", "{{{{.PodIDFile}}}}"}...) + "pod", "create", + "--infra-conmon-pidfile", "{{{{.PIDFile}}}}", + "--pod-id-file", "{{{{.PodIDFile}}}}") // Presence check for certain flags/options. fs := pflag.NewFlagSet("args", pflag.ContinueOnError) diff --git a/pkg/systemd/generate/pods_test.go b/pkg/systemd/generate/pods_test.go index 559f7365f..0e4d92c50 100644 --- a/pkg/systemd/generate/pods_test.go +++ b/pkg/systemd/generate/pods_test.go @@ -320,6 +320,25 @@ WantedBy=multi-user.target default.target false, false, }, + {"pod --new with ID files", + podInfo{ + Executable: "/usr/bin/podman", + ServiceName: "pod-123abc", + InfraNameOrID: "jadda-jadda-infra", + RestartPolicy: "on-failure", + PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", + StopTimeout: 10, + PodmanVersion: "CI", + GraphRoot: "/var/lib/containers/storage", + RunRoot: "/var/run/containers/storage", + RequiredServices: []string{"container-1", "container-2"}, + CreateCommand: []string{"podman", "pod", "create", "--infra-conmon-pidfile", "/tmp/pod-123abc.pid", "--pod-id-file", "/tmp/pod-123abc.pod-id", "--name", "foo", "bar=arg with space"}, + }, + podGoodNamedNew, + true, + false, + false, + }, } for _, tt := range tests { diff --git a/pkg/util/utils.go b/pkg/util/utils.go index a4c8f3a64..bbaf72981 100644 --- a/pkg/util/utils.go +++ b/pkg/util/utils.go @@ -20,8 +20,8 @@ import ( "github.com/containers/podman/v3/pkg/namespaces" "github.com/containers/podman/v3/pkg/rootless" "github.com/containers/podman/v3/pkg/signal" - "github.com/containers/storage" "github.com/containers/storage/pkg/idtools" + stypes "github.com/containers/storage/types" v1 "github.com/opencontainers/image-spec/specs-go/v1" "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" @@ -344,8 +344,8 @@ func ParseSignal(rawSignal string) (syscall.Signal, error) { } // GetKeepIDMapping returns the mappings and the user to use when keep-id is used -func GetKeepIDMapping() (*storage.IDMappingOptions, int, int, error) { - options := storage.IDMappingOptions{ +func GetKeepIDMapping() (*stypes.IDMappingOptions, int, int, error) { + options := stypes.IDMappingOptions{ HostUIDMapping: true, HostGIDMapping: true, } @@ -395,8 +395,8 @@ func GetKeepIDMapping() (*storage.IDMappingOptions, int, int, error) { } // ParseIDMapping takes idmappings and subuid and subgid maps and returns a storage mapping -func ParseIDMapping(mode namespaces.UsernsMode, uidMapSlice, gidMapSlice []string, subUIDMap, subGIDMap string) (*storage.IDMappingOptions, error) { - options := storage.IDMappingOptions{ +func ParseIDMapping(mode namespaces.UsernsMode, uidMapSlice, gidMapSlice []string, subUIDMap, subGIDMap string) (*stypes.IDMappingOptions, error) { + options := stypes.IDMappingOptions{ HostUIDMapping: true, HostGIDMapping: true, } @@ -479,7 +479,7 @@ type tomlConfig struct { } `toml:"storage"` } -func getTomlStorage(storeOptions *storage.StoreOptions) *tomlConfig { +func getTomlStorage(storeOptions *stypes.StoreOptions) *tomlConfig { config := new(tomlConfig) config.Storage.Driver = storeOptions.GraphDriverName @@ -496,7 +496,7 @@ func getTomlStorage(storeOptions *storage.StoreOptions) *tomlConfig { } // WriteStorageConfigFile writes the configuration to a file -func WriteStorageConfigFile(storageOpts *storage.StoreOptions, storageConf string) error { +func WriteStorageConfigFile(storageOpts *stypes.StoreOptions, storageConf string) error { if err := os.MkdirAll(filepath.Dir(storageConf), 0755); err != nil { return err } diff --git a/test/buildah-bud/buildah-tests.diff b/test/buildah-bud/buildah-tests.diff index 1d14f2a6a..ad35e5926 100644 --- a/test/buildah-bud/buildah-tests.diff +++ b/test/buildah-bud/buildah-tests.diff @@ -1,16 +1,16 @@ -From 6f8e097d8b46190df60e830adce1185532a939d0 Mon Sep 17 00:00:00 2001 +From a49a2e48421c6f3bb1a56ae372de1f3d1a45d1f1 Mon Sep 17 00:00:00 2001 From: Ed Santiago <santiago@redhat.com> Date: Tue, 9 Feb 2021 17:28:05 -0700 Subject: [PATCH] tweaks for running buildah tests under podman Signed-off-by: Ed Santiago <santiago@redhat.com> --- - tests/bud.bats | 27 +++++++++++++++++---------- + tests/bud.bats | 26 ++++++++++++++++---------- tests/helpers.bash | 28 ++++++++++++++++++++++++---- - 2 files changed, 41 insertions(+), 14 deletions(-) + 2 files changed, 40 insertions(+), 14 deletions(-) diff --git a/tests/bud.bats b/tests/bud.bats -index cf55d9a4..e55b05b5 100644 +index cf55d9a4..60cb6f96 100644 --- a/tests/bud.bats +++ b/tests/bud.bats @@ -4,7 +4,7 @@ load helpers @@ -103,15 +103,7 @@ index cf55d9a4..e55b05b5 100644 } @test "bud with additional directory of devices" { -@@ -2115,6 +2120,7 @@ _EOF - } - - @test "bud pull never" { -+ skip "FIXME: podman issue #9573" - target=pull - run_buildah 125 bud --signature-policy ${TESTSDIR}/policy.json -t ${target} --pull-never ${TESTSDIR}/bud/pull - expect_output --substring "pull policy is \"never\" but \"" -@@ -2134,6 +2140,7 @@ _EOF +@@ -2134,6 +2139,7 @@ _EOF } @test "bud with Containerfile should fail with nonexistent authfile" { @@ -119,7 +111,7 @@ index cf55d9a4..e55b05b5 100644 target=alpine-image run_buildah 125 bud --authfile /tmp/nonexistent --signature-policy ${TESTSDIR}/policy.json -t ${target} ${TESTSDIR}/bud/containerfile } -@@ -2261,6 +2268,7 @@ EOM +@@ -2261,6 +2267,7 @@ EOM } @test "bud with encrypted FROM image" { @@ -127,7 +119,7 @@ index cf55d9a4..e55b05b5 100644 _prefetch busybox mkdir ${TESTDIR}/tmp openssl genrsa -out ${TESTDIR}/tmp/mykey.pem 1024 -@@ -2333,8 +2341,6 @@ EOM +@@ -2333,8 +2340,6 @@ EOM _prefetch alpine run_buildah bud --timestamp=0 --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json -t timestamp -f Dockerfile.1 ${TESTSDIR}/bud/cache-stages cid=$output @@ -136,7 +128,7 @@ index cf55d9a4..e55b05b5 100644 run_buildah inspect --format '{{ .OCIv1.Created }}' timestamp expect_output --substring "1970-01-01" run_buildah inspect --format '{{ .History }}' timestamp -@@ -2594,6 +2600,7 @@ _EOF +@@ -2594,6 +2599,7 @@ _EOF } @test "bud with --arch flag" { diff --git a/test/e2e/build/basicalpine/Containerfile b/test/e2e/build/basicalpine/Containerfile index 67fd37901..f6e07066c 100644 --- a/test/e2e/build/basicalpine/Containerfile +++ b/test/e2e/build/basicalpine/Containerfile @@ -1 +1 @@ -FROM alpine +FROM quay.io/libpod/alpine:latest diff --git a/test/e2e/build/basicalpine/Containerfile.path b/test/e2e/build/basicalpine/Containerfile.path index d2b03a6b8..a1349eb05 100644 --- a/test/e2e/build/basicalpine/Containerfile.path +++ b/test/e2e/build/basicalpine/Containerfile.path @@ -1,2 +1,2 @@ -FROM alpine +FROM quay.io/libpod/alpine:latest ENV PATH=/tmp:/bin:/usr/bin:/usr/sbin diff --git a/test/e2e/build/basicalpine/Containerfile.volume b/test/e2e/build/basicalpine/Containerfile.volume index 6a4fc8242..283d6376e 100644 --- a/test/e2e/build/basicalpine/Containerfile.volume +++ b/test/e2e/build/basicalpine/Containerfile.volume @@ -1,2 +1,2 @@ -FROM alpine +FROM quay.io/libpod/alpine:latest VOLUME "/volume0" diff --git a/test/e2e/build/squash/Dockerfile.squash-a b/test/e2e/build/squash/Dockerfile.squash-a index f084e093d..ade3eafce 100644 --- a/test/e2e/build/squash/Dockerfile.squash-a +++ b/test/e2e/build/squash/Dockerfile.squash-a @@ -1,2 +1,2 @@ -FROM busybox:latest +FROM quay.io/libpod/busybox:latest ADD alpinetest.tgz /data diff --git a/test/e2e/build/squash/Dockerfile.squash-c b/test/e2e/build/squash/Dockerfile.squash-c index df9c90388..63bf84e69 100644 --- a/test/e2e/build/squash/Dockerfile.squash-c +++ b/test/e2e/build/squash/Dockerfile.squash-c @@ -1,3 +1,3 @@ -FROM busybox:latest +FROM quay.io/libpod/busybox:latest ADD alpinetest.tgz /data RUN rm -rf /data diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go index e061a2154..95ed23313 100644 --- a/test/e2e/build_test.go +++ b/test/e2e/build_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "io/ioutil" "os" "path/filepath" @@ -150,7 +151,7 @@ var _ = Describe("Podman build", func() { } fakeFile := filepath.Join(os.TempDir(), "Containerfile") - Expect(ioutil.WriteFile(fakeFile, []byte("FROM alpine"), 0755)).To(BeNil()) + Expect(ioutil.WriteFile(fakeFile, []byte(fmt.Sprintf("FROM %s", ALPINE)), 0755)).To(BeNil()) targetFile := filepath.Join(targetPath, "Containerfile") Expect(ioutil.WriteFile(targetFile, []byte("FROM scratch"), 0755)).To(BeNil()) @@ -219,8 +220,8 @@ var _ = Describe("Podman build", func() { podmanTest.StartRemoteService() } podmanTest.AddImageToRWStore(ALPINE) - dockerfile := `FROM quay.io/libpod/alpine:latest -RUN printenv http_proxy` + dockerfile := fmt.Sprintf(`FROM %s +RUN printenv http_proxy`, ALPINE) dockerfilePath := filepath.Join(podmanTest.TempDir, "Dockerfile") err := ioutil.WriteFile(dockerfilePath, []byte(dockerfile), 0755) @@ -263,9 +264,9 @@ RUN printenv http_proxy` err = ioutil.WriteFile(dummyFile, []byte("dummy"), 0644) Expect(err).To(BeNil()) - containerfile := `FROM quay.io/libpod/alpine:latest + containerfile := fmt.Sprintf(`FROM %s ADD . /test -RUN find /test` +RUN find /test`, ALPINE) containerfilePath := filepath.Join(targetPath, "Containerfile") err = ioutil.WriteFile(containerfilePath, []byte(containerfile), 0644) @@ -307,7 +308,7 @@ RUN find /test` err = os.Mkdir(targetSubPath, 0755) Expect(err).To(BeNil()) - containerfile := `FROM quay.io/libpod/alpine:latest` + containerfile := fmt.Sprintf("FROM %s", ALPINE) containerfilePath := filepath.Join(targetSubPath, "Containerfile") err = ioutil.WriteFile(containerfilePath, []byte(containerfile), 0644) @@ -344,9 +345,9 @@ RUN find /test` targetPath, err := CreateTempDirInTempDir() Expect(err).To(BeNil()) - containerfile := `FROM quay.io/libpod/alpine:latest + containerfile := fmt.Sprintf(`FROM %s ADD . /testfilter/ -RUN find /testfilter/` +RUN find /testfilter/`, ALPINE) containerfilePath := filepath.Join(targetPath, "Containerfile") err = ioutil.WriteFile(containerfilePath, []byte(containerfile), 0644) @@ -428,10 +429,10 @@ subdir**` Expect(os.Chdir(targetSubPath)).To(BeNil()) Expect(os.Symlink("dummy", "dummy-symlink")).To(BeNil()) - containerfile := `FROM quay.io/libpod/alpine:latest + containerfile := fmt.Sprintf(`FROM %s ADD . /test RUN find /test -RUN [[ -L /test/dummy-symlink ]] && echo SYMLNKOK || echo SYMLNKERR` +RUN [[ -L /test/dummy-symlink ]] && echo SYMLNKOK || echo SYMLNKERR`, ALPINE) containerfilePath := filepath.Join(targetSubPath, "Containerfile") err = ioutil.WriteFile(containerfilePath, []byte(containerfile), 0644) @@ -475,14 +476,14 @@ RUN grep CapEff /proc/self/status` // When session := podmanTest.Podman([]string{ - "build", "--pull-never", "--cap-drop=all", "--cap-add=net_bind_service", "--add-host", "testhost:1.2.3.4", "--from", "alpine", targetPath, + "build", "--pull-never", "--cap-drop=all", "--cap-add=net_bind_service", "--add-host", "testhost:1.2.3.4", "--from", ALPINE, targetPath, }) session.WaitWithDefaultTimeout() // Then Expect(session.ExitCode()).To(Equal(0)) Expect(strings.Fields(session.OutputToString())). - To(ContainElement("alpine")) + To(ContainElement(ALPINE)) Expect(strings.Fields(session.OutputToString())). To(ContainElement("testhost")) Expect(strings.Fields(session.OutputToString())). @@ -494,7 +495,7 @@ RUN grep CapEff /proc/self/status` Expect(err).To(BeNil()) containerFile := filepath.Join(targetPath, "Containerfile") - Expect(ioutil.WriteFile(containerFile, []byte("FROM alpine"), 0755)).To(BeNil()) + Expect(ioutil.WriteFile(containerFile, []byte(fmt.Sprintf("FROM %s", ALPINE)), 0755)).To(BeNil()) defer func() { Expect(os.RemoveAll(containerFile)).To(BeNil()) @@ -502,7 +503,7 @@ RUN grep CapEff /proc/self/status` // When session := podmanTest.Podman([]string{ - "build", "--pull-never", "--isolation", "oci", "--arch", "arm64", targetPath, + "build", "--isolation", "oci", "--arch", "arm64", targetPath, }) session.WaitWithDefaultTimeout() // Then @@ -510,7 +511,7 @@ RUN grep CapEff /proc/self/status` // When session = podmanTest.Podman([]string{ - "build", "--pull-never", "--isolation", "chroot", "--arch", "arm64", targetPath, + "build", "--isolation", "chroot", "--arch", "arm64", targetPath, }) session.WaitWithDefaultTimeout() // Then @@ -534,8 +535,8 @@ RUN grep CapEff /proc/self/status` }) It("podman build --timestamp flag", func() { - containerfile := `FROM quay.io/libpod/alpine:latest -RUN echo hello` + containerfile := fmt.Sprintf(`FROM %s +RUN echo hello`, ALPINE) containerfilePath := filepath.Join(podmanTest.TempDir, "Containerfile") err := ioutil.WriteFile(containerfilePath, []byte(containerfile), 0755) diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go index aa2380c51..803124de1 100644 --- a/test/e2e/containers_conf_test.go +++ b/test/e2e/containers_conf_test.go @@ -91,7 +91,7 @@ var _ = Describe("Podman run", func() { if IsRemote() { podmanTest.RestartRemoteService() } - session := podmanTest.Podman([]string{"run", "busybox", "grep", "CapEff", "/proc/self/status"}) + session := podmanTest.Podman([]string{"run", BB, "grep", "CapEff", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).ToNot(Equal(cap.OutputToString())) diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go index 2ffb5cd2e..df86eab15 100644 --- a/test/e2e/exec_test.go +++ b/test/e2e/exec_test.go @@ -475,10 +475,10 @@ var _ = Describe("Podman exec", func() { }) It("podman exec preserves container groups with --user and --group-add", func() { - dockerfile := `FROM registry.fedoraproject.org/fedora-minimal + dockerfile := fmt.Sprintf(`FROM %s RUN groupadd -g 4000 first RUN groupadd -g 4001 second -RUN useradd -u 1000 auser` +RUN useradd -u 1000 auser`, fedoraMinimal) imgName := "testimg" podmanTest.BuildImage(dockerfile, imgName, "false") diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index a4c738f17..93c8426a7 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -141,7 +141,16 @@ spec: configMapKeyRef: name: {{ .RefName }} key: {{ .RefKey }} - {{ else }} + optional: {{ .Optional }} + {{ end }} + {{ if (eq .ValueFrom "secret") }} + valueFrom: + secretKeyRef: + name: {{ .RefName }} + key: {{ .RefKey }} + optional: {{ .Optional }} + {{ end }} + {{ if (eq .ValueFrom "") }} value: {{ .Value }} {{ end }} {{ end }} @@ -151,6 +160,12 @@ spec: {{ if (eq .From "configmap") }} - configMapRef: name: {{ .Name }} + optional: {{ .Optional }} + {{ end }} + {{ if (eq .From "secret") }} + - secretRef: + name: {{ .Name }} + optional: {{ .Optional }} {{ end }} {{ end }} {{ end }} @@ -340,6 +355,8 @@ var ( seccompPwdEPERM = []byte(`{"defaultAction":"SCMP_ACT_ALLOW","syscalls":[{"name":"getcwd","action":"SCMP_ACT_ERRNO"}]}`) // CPU Period in ms defaultCPUPeriod = 100 + // Default secret in JSON. Note that the values ("foo" and "bar") are base64 encoded. + defaultSecret = []byte(`{"FOO":"Zm9v","BAR":"YmFy"}`) ) func writeYaml(content string, fileName string) error { @@ -407,6 +424,16 @@ func generateMultiDocKubeYaml(kubeObjects []string, pathname string) error { return writeYaml(multiKube, pathname) } +func createSecret(podmanTest *PodmanTestIntegration, name string, value []byte) { + secretFilePath := filepath.Join(podmanTest.TempDir, "secret") + err := ioutil.WriteFile(secretFilePath, value, 0755) + Expect(err).To(BeNil()) + + secret := podmanTest.Podman([]string{"secret", "create", name, secretFilePath}) + secret.WaitWithDefaultTimeout() + Expect(secret.ExitCode()).To(Equal(0)) +} + // ConfigMap describes the options a kube yaml can be configured at configmap level type ConfigMap struct { Name string @@ -746,7 +773,7 @@ func withVolumeMount(mountPath string, readonly bool) ctrOption { } } -func withEnv(name, value, valueFrom, refName, refKey string) ctrOption { +func withEnv(name, value, valueFrom, refName, refKey string, optional bool) ctrOption { return func(c *Ctr) { e := Env{ Name: name, @@ -754,17 +781,19 @@ func withEnv(name, value, valueFrom, refName, refKey string) ctrOption { ValueFrom: valueFrom, RefName: refName, RefKey: refKey, + Optional: optional, } c.Env = append(c.Env, e) } } -func withEnvFrom(name, from string) ctrOption { +func withEnvFrom(name, from string, optional bool) ctrOption { return func(c *Ctr) { e := EnvFrom{ - Name: name, - From: from, + Name: name, + From: from, + Optional: optional, } c.EnvFrom = append(c.EnvFrom, e) @@ -822,11 +851,13 @@ type Env struct { ValueFrom string RefName string RefKey string + Optional bool } type EnvFrom struct { - Name string - From string + Name string + From string + Optional bool } func milliCPUToQuota(milliCPU string) int { @@ -1062,7 +1093,7 @@ var _ = Describe("Podman play kube", func() { err := generateKubeYaml("configmap", cm, cmYamlPathname) Expect(err).To(BeNil()) - pod := getPod(withCtr(getCtr(withEnv("FOO", "", "configmap", "foo", "FOO")))) + pod := getPod(withCtr(getCtr(withEnv("FOO", "", "configmap", "foo", "FOO", false)))) err = generateKubeYaml("pod", pod, kubeYaml) Expect(err).To(BeNil()) @@ -1076,6 +1107,68 @@ var _ = Describe("Podman play kube", func() { Expect(inspect.OutputToString()).To(ContainSubstring(`FOO=foo`)) }) + It("podman play kube test required env value from configmap with missing key", func() { + SkipIfRemote("configmap list is not supported as a param") + cmYamlPathname := filepath.Join(podmanTest.TempDir, "foo-cm.yaml") + cm := getConfigMap(withConfigMapName("foo"), withConfigMapData("FOO", "foo")) + err := generateKubeYaml("configmap", cm, cmYamlPathname) + Expect(err).To(BeNil()) + + pod := getPod(withCtr(getCtr(withEnv("FOO", "", "configmap", "foo", "MISSING_KEY", false)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml, "--configmap", cmYamlPathname}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Not(Equal(0))) + }) + + It("podman play kube test required env value from missing configmap", func() { + pod := getPod(withCtr(getCtr(withEnv("FOO", "", "configmap", "missing_cm", "FOO", false)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Not(Equal(0))) + }) + + It("podman play kube test optional env value from configmap with missing key", func() { + SkipIfRemote("configmap list is not supported as a param") + cmYamlPathname := filepath.Join(podmanTest.TempDir, "foo-cm.yaml") + cm := getConfigMap(withConfigMapName("foo"), withConfigMapData("FOO", "foo")) + err := generateKubeYaml("configmap", cm, cmYamlPathname) + Expect(err).To(BeNil()) + + pod := getPod(withCtr(getCtr(withEnv("FOO", "", "configmap", "foo", "MISSING_KEY", true)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml, "--configmap", cmYamlPathname}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "'{{ range .Config.Env }}[{{ . }}]{{end}}'"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + Expect(inspect.OutputToString()).To(ContainSubstring(`[FOO=]`)) + }) + + It("podman play kube test optional env value from missing configmap", func() { + pod := getPod(withCtr(getCtr(withEnv("FOO", "", "configmap", "missing_cm", "FOO", true)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "'{{ range .Config.Env }}[{{ . }}]{{end}}'"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + Expect(inspect.OutputToString()).To(ContainSubstring(`[FOO=]`)) + }) + It("podman play kube test get all key-value pairs from configmap as envs", func() { SkipIfRemote("configmap list is not supported as a param") cmYamlPathname := filepath.Join(podmanTest.TempDir, "foo-cm.yaml") @@ -1083,7 +1176,7 @@ var _ = Describe("Podman play kube", func() { err := generateKubeYaml("configmap", cm, cmYamlPathname) Expect(err).To(BeNil()) - pod := getPod(withCtr(getCtr(withEnvFrom("foo", "configmap")))) + pod := getPod(withCtr(getCtr(withEnvFrom("foo", "configmap", false)))) err = generateKubeYaml("pod", pod, kubeYaml) Expect(err).To(BeNil()) @@ -1098,6 +1191,131 @@ var _ = Describe("Podman play kube", func() { Expect(inspect.OutputToString()).To(ContainSubstring(`FOO2=foo2`)) }) + It("podman play kube test get all key-value pairs from required configmap as envs", func() { + pod := getPod(withCtr(getCtr(withEnvFrom("missing_cm", "configmap", false)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Not(Equal(0))) + }) + + It("podman play kube test get all key-value pairs from optional configmap as envs", func() { + pod := getPod(withCtr(getCtr(withEnvFrom("missing_cm", "configmap", true)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + }) + + It("podman play kube test env value from secret", func() { + createSecret(podmanTest, "foo", defaultSecret) + pod := getPod(withCtr(getCtr(withEnv("FOO", "", "secret", "foo", "FOO", false)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "'{{ .Config.Env }}'"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + Expect(inspect.OutputToString()).To(ContainSubstring(`FOO=foo`)) + }) + + It("podman play kube test required env value from missing secret", func() { + pod := getPod(withCtr(getCtr(withEnv("FOO", "", "secret", "foo", "FOO", false)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Not(Equal(0))) + }) + + It("podman play kube test required env value from secret with missing key", func() { + createSecret(podmanTest, "foo", defaultSecret) + pod := getPod(withCtr(getCtr(withEnv("FOO", "", "secret", "foo", "MISSING", false)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Not(Equal(0))) + }) + + It("podman play kube test optional env value from missing secret", func() { + pod := getPod(withCtr(getCtr(withEnv("FOO", "", "secret", "foo", "FOO", true)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "'{{ range .Config.Env }}[{{ . }}]{{end}}'"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + Expect(inspect.OutputToString()).To(ContainSubstring(`[FOO=]`)) + }) + + It("podman play kube test optional env value from secret with missing key", func() { + createSecret(podmanTest, "foo", defaultSecret) + pod := getPod(withCtr(getCtr(withEnv("FOO", "", "secret", "foo", "MISSING", true)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "'{{ range .Config.Env }}[{{ . }}]{{end}}'"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + Expect(inspect.OutputToString()).To(ContainSubstring(`[FOO=]`)) + }) + + It("podman play kube test get all key-value pairs from secret as envs", func() { + createSecret(podmanTest, "foo", defaultSecret) + pod := getPod(withCtr(getCtr(withEnvFrom("foo", "secret", false)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "'{{ .Config.Env }}'"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + Expect(inspect.OutputToString()).To(ContainSubstring(`FOO=foo`)) + Expect(inspect.OutputToString()).To(ContainSubstring(`BAR=bar`)) + }) + + It("podman play kube test get all key-value pairs from required secret as envs", func() { + pod := getPod(withCtr(getCtr(withEnvFrom("missing_secret", "secret", false)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Not(Equal(0))) + }) + + It("podman play kube test get all key-value pairs from optional secret as envs", func() { + pod := getPod(withCtr(getCtr(withEnvFrom("missing_secret", "secret", true)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + }) + It("podman play kube test hostname", func() { pod := getPod() err := generateKubeYaml("pod", pod, kubeYaml) diff --git a/test/e2e/prune_test.go b/test/e2e/prune_test.go index 73da77417..cbe38fc76 100644 --- a/test/e2e/prune_test.go +++ b/test/e2e/prune_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "os" . "github.com/containers/podman/v3/test/utils" @@ -8,11 +9,11 @@ import ( . "github.com/onsi/gomega" ) -var pruneImage = ` -FROM alpine:latest +var pruneImage = fmt.Sprintf(` +FROM %s LABEL RUN podman --version RUN apk update -RUN apk add bash` +RUN apk add bash`, ALPINE) var _ = Describe("Podman prune", func() { var ( diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go index ac0910a83..37b6516c1 100644 --- a/test/e2e/ps_test.go +++ b/test/e2e/ps_test.go @@ -351,7 +351,7 @@ var _ = Describe("Podman ps", func() { }) It("podman --format by size", func() { - session := podmanTest.Podman([]string{"create", "busybox", "ls"}) + session := podmanTest.Podman([]string{"create", BB, "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -366,7 +366,7 @@ var _ = Describe("Podman ps", func() { }) It("podman --sort by size", func() { - session := podmanTest.Podman([]string{"create", "busybox", "ls"}) + session := podmanTest.Podman([]string{"create", BB, "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/rmi_test.go b/test/e2e/rmi_test.go index d8367d636..5e6d66d53 100644 --- a/test/e2e/rmi_test.go +++ b/test/e2e/rmi_test.go @@ -184,19 +184,20 @@ var _ = Describe("Podman rmi", func() { It("podman rmi with cached images", func() { podmanTest.AddImageToRWStore(cirros) - dockerfile := `FROM quay.io/libpod/cirros:latest + dockerfile := fmt.Sprintf(`FROM %s RUN mkdir hello RUN touch test.txt ENV foo=bar - ` + `, cirros) podmanTest.BuildImage(dockerfile, "test", "true") - dockerfile = `FROM quay.io/libpod/cirros:latest + dockerfile = fmt.Sprintf(`FROM %s RUN mkdir hello RUN touch test.txt RUN mkdir blah ENV foo=bar - ` + `, cirros) + podmanTest.BuildImage(dockerfile, "test2", "true") session := podmanTest.Podman([]string{"images", "-q", "-a"}) @@ -249,14 +250,15 @@ var _ = Describe("Podman rmi", func() { }) It("podman rmi -a with parent|child images", func() { - dockerfile := `FROM quay.io/libpod/cirros:latest AS base + podmanTest.AddImageToRWStore(cirros) + dockerfile := fmt.Sprintf(`FROM %s AS base RUN touch /1 ENV LOCAL=/1 RUN find $LOCAL FROM base RUN find $LOCAL -` +`, cirros) podmanTest.BuildImage(dockerfile, "test", "true") session := podmanTest.Podman([]string{"rmi", "-a"}) session.WaitWithDefaultTimeout() @@ -284,14 +286,15 @@ RUN find $LOCAL // a race, we may not hit the condition a 100 percent of times // but ocal reproducers hit it all the time. + podmanTest.AddImageToRWStore(cirros) var wg sync.WaitGroup buildAndRemove := func(i int) { defer GinkgoRecover() defer wg.Done() imageName := fmt.Sprintf("rmtest:%d", i) - containerfile := `FROM quay.io/libpod/cirros:latest -RUN ` + fmt.Sprintf("touch %s", imageName) + containerfile := fmt.Sprintf(`FROM %s +RUN touch %s`, cirros, imageName) podmanTest.BuildImage(containerfile, imageName, "false") session := podmanTest.Podman([]string{"rmi", "-f", imageName}) diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go index 12b6c64df..0d5dd5f3b 100644 --- a/test/e2e/run_passwd_test.go +++ b/test/e2e/run_passwd_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "os" . "github.com/containers/podman/v3/test/utils" @@ -60,9 +61,9 @@ var _ = Describe("Podman run passwd", func() { }) It("podman can run container without /etc/passwd", func() { - dockerfile := `FROM alpine + dockerfile := fmt.Sprintf(`FROM %s RUN rm -f /etc/passwd /etc/shadow /etc/group -USER 1000` +USER 1000`, ALPINE) imgName := "testimg" podmanTest.BuildImage(dockerfile, imgName, "false") session := podmanTest.Podman([]string{"run", "--rm", imgName, "ls", "/etc/"}) @@ -113,9 +114,9 @@ USER 1000` }) It("podman run numeric group from image and no group file", func() { - dockerfile := `FROM alpine + dockerfile := fmt.Sprintf(`FROM %s RUN rm -f /etc/passwd /etc/shadow /etc/group -USER 1000` +USER 1000`, ALPINE) imgName := "testimg" podmanTest.BuildImage(dockerfile, imgName, "false") session := podmanTest.Podman([]string{"run", "--rm", imgName, "ls", "/etc/"}) diff --git a/test/e2e/run_privileged_test.go b/test/e2e/run_privileged_test.go index 33b3b85c5..0bf68e20b 100644 --- a/test/e2e/run_privileged_test.go +++ b/test/e2e/run_privileged_test.go @@ -59,7 +59,7 @@ var _ = Describe("Podman privileged container tests", func() { }) It("podman privileged make sure sys is mounted rw", func() { - session := podmanTest.Podman([]string{"run", "--privileged", "busybox", "mount"}) + session := podmanTest.Podman([]string{"run", "--privileged", BB, "mount"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) ok, lines := session.GrepString("sysfs") @@ -71,7 +71,7 @@ var _ = Describe("Podman privileged container tests", func() { hostCap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"}) Expect(hostCap.ExitCode()).To(Equal(0)) - session := podmanTest.Podman([]string{"run", "--privileged", "busybox", "awk", "/^CapEff/ { print $2 }", "/proc/self/status"}) + session := podmanTest.Podman([]string{"run", "--privileged", BB, "awk", "/^CapEff/ { print $2 }", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -83,7 +83,7 @@ var _ = Describe("Podman privileged container tests", func() { hostCap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"}) Expect(hostCap.ExitCode()).To(Equal(0)) - session := podmanTest.Podman([]string{"run", "--cap-add", "all", "busybox", "awk", "/^CapEff/ { print $2 }", "/proc/self/status"}) + session := podmanTest.Podman([]string{"run", "--cap-add", "all", BB, "awk", "/^CapEff/ { print $2 }", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -95,7 +95,7 @@ var _ = Describe("Podman privileged container tests", func() { hostCap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"}) Expect(hostCap.ExitCode()).To(Equal(0)) - session := podmanTest.Podman([]string{"run", "--user=bin", "--cap-add", "all", "busybox", "awk", "/^CapEff/ { print $2 }", "/proc/self/status"}) + session := podmanTest.Podman([]string{"run", "--user=bin", "--cap-add", "all", BB, "awk", "/^CapEff/ { print $2 }", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -103,7 +103,7 @@ var _ = Describe("Podman privileged container tests", func() { }) It("podman cap-drop CapEff", func() { - session := podmanTest.Podman([]string{"run", "--cap-drop", "all", "busybox", "grep", "CapEff", "/proc/self/status"}) + session := podmanTest.Podman([]string{"run", "--cap-drop", "all", BB, "grep", "CapEff", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) capEff := strings.Split(session.OutputToString(), " ") @@ -120,7 +120,7 @@ var _ = Describe("Podman privileged container tests", func() { }) It("podman non-privileged should have very few devices", func() { - session := podmanTest.Podman([]string{"run", "-t", "busybox", "ls", "-l", "/dev"}) + session := podmanTest.Podman([]string{"run", "-t", BB, "ls", "-l", "/dev"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(len(session.OutputToStringArray())).To(Equal(17)) @@ -147,12 +147,12 @@ var _ = Describe("Podman privileged container tests", func() { Skip("Can't determine NoNewPrivs") } - session := podmanTest.Podman([]string{"run", "busybox", "grep", "NoNewPrivs", "/proc/self/status"}) + session := podmanTest.Podman([]string{"run", BB, "grep", "NoNewPrivs", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) privs := strings.Split(session.OutputToString(), ":") - session = podmanTest.Podman([]string{"run", "--security-opt", "no-new-privileges", "busybox", "grep", "NoNewPrivs", "/proc/self/status"}) + session = podmanTest.Podman([]string{"run", "--security-opt", "no-new-privileges", BB, "grep", "NoNewPrivs", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/run_security_labels_test.go b/test/e2e/run_security_labels_test.go index a2e0b2aab..b714df323 100644 --- a/test/e2e/run_security_labels_test.go +++ b/test/e2e/run_security_labels_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "os" "strings" @@ -128,9 +129,9 @@ var _ = Describe("Podman generate kube", func() { It("podman container runlabel (podman --version)", func() { SkipIfRemote("runlabel not supported on podman-remote") - PodmanDockerfile := ` -FROM alpine:latest -LABEL io.containers.capabilities=chown,kill` + PodmanDockerfile := fmt.Sprintf(` +FROM %s +LABEL io.containers.capabilities=chown,kill`, ALPINE) image := "podman-caps:podman" podmanTest.BuildImage(PodmanDockerfile, image, "false") diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index bb1f9590d..23930b4f7 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -489,8 +489,8 @@ var _ = Describe("Podman run", func() { if IsRemote() { podmanTest.RestartRemoteService() } - dockerfile := `FROM busybox -USER bin` + dockerfile := fmt.Sprintf(`FROM %s +USER bin`, BB) podmanTest.BuildImage(dockerfile, "test", "false") session := podmanTest.Podman([]string{"run", "--rm", "--user", "bin", "test", "grep", "CapBnd", "/proc/self/status"}) session.WaitWithDefaultTimeout() @@ -898,10 +898,10 @@ USER bin` session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - dockerfile := `FROM busybox + dockerfile := fmt.Sprintf(`FROM %s RUN mkdir -p /myvol/data && chown -R mail.0 /myvol VOLUME ["/myvol/data"] -USER mail` +USER mail`, BB) podmanTest.BuildImage(dockerfile, "test", "false") session = podmanTest.Podman([]string{"run", "--rm", "test", "ls", "-al", "/myvol/data"}) @@ -1499,8 +1499,8 @@ USER mail` It("podman run makes workdir from image", func() { // BuildImage does not seem to work remote - dockerfile := `FROM busybox -WORKDIR /madethis` + dockerfile := fmt.Sprintf(`FROM %s +WORKDIR /madethis`, BB) podmanTest.BuildImage(dockerfile, "test", "false") session := podmanTest.Podman([]string{"run", "--rm", "test", "pwd"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 85a4d6d52..9b77aaef8 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -308,9 +308,9 @@ var _ = Describe("Podman run with volumes", func() { It("podman named volume copyup symlink", func() { imgName := "testimg" - dockerfile := `FROM alpine + dockerfile := fmt.Sprintf(`FROM %s RUN touch /testfile -RUN sh -c "cd /etc/apk && ln -s ../../testfile"` +RUN sh -c "cd /etc/apk && ln -s ../../testfile"`, ALPINE) podmanTest.BuildImage(dockerfile, imgName, "false") baselineSession := podmanTest.Podman([]string{"run", "--rm", "-t", "-i", imgName, "ls", "/etc/apk/"}) @@ -479,9 +479,8 @@ RUN sh -c "cd /etc/apk && ln -s ../../testfile"` It("Podman mount over image volume with trailing /", func() { image := "podman-volume-test:trailing" - dockerfile := ` -FROM alpine:latest -VOLUME /test/` + dockerfile := fmt.Sprintf(`FROM %s +VOLUME /test/`, ALPINE) podmanTest.BuildImage(dockerfile, image, "false") ctrName := "testCtr" @@ -646,9 +645,9 @@ VOLUME /test/` It("volume permissions after run", func() { imgName := "testimg" - dockerfile := `FROM fedora-minimal + dockerfile := fmt.Sprintf(`FROM %s RUN useradd -m testuser -u 1005 -USER testuser` +USER testuser`, fedoraMinimal) podmanTest.BuildImage(dockerfile, imgName, "false") testString := "testuser testuser" diff --git a/test/e2e/run_working_dir_test.go b/test/e2e/run_working_dir_test.go index 2d16cdc18..de0f55134 100644 --- a/test/e2e/run_working_dir_test.go +++ b/test/e2e/run_working_dir_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "os" . "github.com/containers/podman/v3/test/utils" @@ -46,9 +47,9 @@ var _ = Describe("Podman run", func() { }) It("podman run a container on an image with a workdir", func() { - dockerfile := `FROM alpine + dockerfile := fmt.Sprintf(`FROM %s RUN mkdir -p /home/foobar /etc/foobar; chown bin:bin /etc/foobar -WORKDIR /etc/foobar` +WORKDIR /etc/foobar`, ALPINE) podmanTest.BuildImage(dockerfile, "test", "false") session := podmanTest.Podman([]string{"run", "test", "pwd"}) diff --git a/test/e2e/runlabel_test.go b/test/e2e/runlabel_test.go index 2eec15c62..54fa7e2f6 100644 --- a/test/e2e/runlabel_test.go +++ b/test/e2e/runlabel_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "os" . "github.com/containers/podman/v3/test/utils" @@ -8,18 +9,17 @@ import ( . "github.com/onsi/gomega" ) -var PodmanDockerfile = ` -FROM alpine:latest -LABEL RUN podman --version` +var PodmanDockerfile = fmt.Sprintf(` +FROM %s +LABEL RUN podman --version`, ALPINE) -var LsDockerfile = ` -FROM alpine:latest -LABEL RUN ls -la` +var LsDockerfile = fmt.Sprintf(` +FROM %s +LABEL RUN ls -la`, ALPINE) -var GlobalDockerfile = ` -FROM alpine:latest -LABEL RUN echo \$GLOBAL_OPTS -` +var GlobalDockerfile = fmt.Sprintf(` +FROM %s +LABEL RUN echo \$GLOBAL_OPTS`, ALPINE) var _ = Describe("podman container runlabel", func() { var ( diff --git a/test/e2e/system_df_test.go b/test/e2e/system_df_test.go index 9daf3f8f9..9aee85ca3 100644 --- a/test/e2e/system_df_test.go +++ b/test/e2e/system_df_test.go @@ -44,7 +44,7 @@ var _ = Describe("podman system df", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - session = podmanTest.Podman([]string{"create", "-v", "data:/data", "--name", "container1", "busybox"}) + session = podmanTest.Podman([]string{"create", "-v", "data:/data", "--name", "container1", BB}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 8f6cdb46b..e5b68a0d8 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -668,6 +668,33 @@ EOF run_podman image prune -f } +@test "podman build --pull-never" { + local tmpdir=$PODMAN_TMPDIR/build-test + mkdir -p $tmpdir + + # First, confirm that --pull-never is a NOP if image exists locally + local random_string=$(random_string 15) + + cat >$tmpdir/Containerfile <<EOF +FROM $IMAGE +RUN echo $random_string +EOF + + run_podman build -t build_test --pull-never $tmpdir + is "$output" ".*$random_string" "pull-never is OK if image already exists" + run_podman rmi build_test + + # Now try an image that does not exist locally nor remotely + cat >$tmpdir/Containerfile <<EOF +FROM quay.io/libpod/nosuchimage:nosuchtag +RUN echo $random_string +EOF + + run_podman 125 build -t build_test --pull-never $tmpdir + is "$output" ".* pull policy is .never. but .* could not be found locally" \ + "--pull-never fails with expected error message" +} + @test "podman build --logfile test" { tmpdir=$PODMAN_TMPDIR/build-test mkdir -p $tmpdir diff --git a/test/system/helpers.bash b/test/system/helpers.bash index 38e317709..823dc3376 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -72,6 +72,9 @@ function basic_setup() { # on cleanup. # TODO: do this outside of setup, so it carries across tests? PODMAN_TMPDIR=$(mktemp -d --tmpdir=${BATS_TMPDIR:-/tmp} podman_bats.XXXXXX) + + # In the unlikely event that a test runs is() before a run_podman() + MOST_RECENT_PODMAN_COMMAND= } # Basic teardown: remove all pods and containers @@ -150,6 +153,9 @@ function run_podman() { '?') expected_rc= ; shift;; # ignore exit code esac + # Remember command args, for possible use in later diagnostic messages + MOST_RECENT_PODMAN_COMMAND="podman $*" + # stdout is only emitted upon error; this echo is to help a debugger echo "$_LOG_PROMPT $PODMAN $*" # BATS hangs if a subprocess remains and keeps FD 3 open; this happens @@ -384,7 +390,7 @@ function die() { function is() { local actual="$1" local expect="$2" - local testname="${3:-FIXME}" + local testname="${3:-${MOST_RECENT_PODMAN_COMMAND:-[no test name given]}}" if [ -z "$expect" ]; then if [ -z "$actual" ]; then |