diff options
29 files changed, 75 insertions, 82 deletions
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go index 39ff02857..0bb6e79e5 100644 --- a/cmd/podman/common/specgen.go +++ b/cmd/podman/common/specgen.go @@ -592,7 +592,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string case "max-size": logSize, err := units.FromHumanSize(split[1]) if err != nil { - return errors.Wrapf(err, "%s is not a valid option", o) + return err } s.LogConfiguration.Size = logSize default: @@ -662,7 +662,7 @@ func makeHealthCheckFromCli(inCmd, interval string, retries uint, timeout, start } intervalDuration, err := time.ParseDuration(interval) if err != nil { - return nil, errors.Wrapf(err, "invalid healthcheck-interval %s ", interval) + return nil, errors.Wrapf(err, "invalid healthcheck-interval") } hc.Interval = intervalDuration @@ -673,7 +673,7 @@ func makeHealthCheckFromCli(inCmd, interval string, retries uint, timeout, start hc.Retries = int(retries) timeoutDuration, err := time.ParseDuration(timeout) if err != nil { - return nil, errors.Wrapf(err, "invalid healthcheck-timeout %s", timeout) + return nil, errors.Wrapf(err, "invalid healthcheck-timeout") } if timeoutDuration < time.Duration(1) { return nil, errors.New("healthcheck-timeout must be at least 1 second") @@ -682,7 +682,7 @@ func makeHealthCheckFromCli(inCmd, interval string, retries uint, timeout, start startPeriodDuration, err := time.ParseDuration(startPeriod) if err != nil { - return nil, errors.Wrapf(err, "invalid healthcheck-start-period %s", startPeriod) + return nil, errors.Wrapf(err, "invalid healthcheck-start-period") } if startPeriodDuration < time.Duration(0) { return nil, errors.New("healthcheck-start-period must be 0 seconds or greater") diff --git a/cmd/podman/common/util.go b/cmd/podman/common/util.go index a971aa957..ef30e08d3 100644 --- a/cmd/podman/common/util.go +++ b/cmd/podman/common/util.go @@ -250,7 +250,7 @@ func parseAndValidateRange(portRange string) (uint16, uint16, error) { func parseAndValidatePort(port string) (uint16, error) { num, err := strconv.Atoi(port) if err != nil { - return 0, errors.Wrapf(err, "cannot parse %q as a port number", port) + return 0, errors.Wrapf(err, "invalid port number") } if num < 1 || num > 65535 { return 0, errors.Errorf("port numbers must be between 1 and 65535 (inclusive), got %d", num) diff --git a/cmd/podman/containers/prune.go b/cmd/podman/containers/prune.go index e8debd3ad..9ac529b1c 100644 --- a/cmd/podman/containers/prune.go +++ b/cmd/podman/containers/prune.go @@ -57,7 +57,7 @@ func prune(cmd *cobra.Command, args []string) error { fmt.Print("Are you sure you want to continue? [y/N] ") answer, err := reader.ReadString('\n') if err != nil { - return errors.Wrapf(err, "error reading input") + return err } if strings.ToLower(answer)[0] != 'y' { return nil diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go index b17c13f46..6ff1b929d 100644 --- a/cmd/podman/containers/run.go +++ b/cmd/podman/containers/run.go @@ -205,7 +205,7 @@ func run(cmd *cobra.Command, args []string) error { if runRmi { _, rmErrors := registry.ImageEngine().Remove(registry.GetContext(), []string{imageName}, entities.ImageRemoveOptions{}) if len(rmErrors) > 0 { - logrus.Errorf("%s", errors.Wrapf(errorhandling.JoinErrors(rmErrors), "failed removing image")) + logrus.Errorf("%s", errorhandling.JoinErrors(rmErrors)) } } return nil diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go index c76e4ac80..739e1c265 100644 --- a/cmd/podman/images/build.go +++ b/cmd/podman/images/build.go @@ -353,18 +353,18 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil isolation, err := parse.IsolationOption(flags.Isolation) if err != nil { - return nil, errors.Wrapf(err, "error parsing ID mapping options") + return nil, err } usernsOption, idmappingOptions, err := parse.IDMappingOptions(c, isolation) if err != nil { - return nil, errors.Wrapf(err, "error parsing ID mapping options") + return nil, err } nsValues = append(nsValues, usernsOption...) systemContext, err := parse.SystemContextFromOptions(c) if err != nil { - return nil, errors.Wrapf(err, "error building system context") + return nil, err } format := "" diff --git a/cmd/podman/images/prune.go b/cmd/podman/images/prune.go index 3af56b015..e68fe5f40 100644 --- a/cmd/podman/images/prune.go +++ b/cmd/podman/images/prune.go @@ -11,7 +11,6 @@ import ( "github.com/containers/podman/v2/cmd/podman/utils" "github.com/containers/podman/v2/cmd/podman/validate" "github.com/containers/podman/v2/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -60,7 +59,7 @@ WARNING! This will remove all dangling images. Are you sure you want to continue? [y/N] `) answer, err := reader.ReadString('\n') if err != nil { - return errors.Wrapf(err, "error reading input") + return err } if strings.ToLower(answer)[0] != 'y' { return nil diff --git a/cmd/podman/images/sign.go b/cmd/podman/images/sign.go index 529fb3d92..342536f7c 100644 --- a/cmd/podman/images/sign.go +++ b/cmd/podman/images/sign.go @@ -58,7 +58,7 @@ func sign(cmd *cobra.Command, args []string) error { if len(signOptions.Directory) > 0 { sigStoreDir = signOptions.Directory if _, err := os.Stat(sigStoreDir); err != nil { - return errors.Wrapf(err, "invalid directory %s", sigStoreDir) + return err } } _, err := registry.ImageEngine().Sign(registry.Context(), args, signOptions) diff --git a/cmd/podman/images/trust_set.go b/cmd/podman/images/trust_set.go index f0399b110..1a7392f3e 100644 --- a/cmd/podman/images/trust_set.go +++ b/cmd/podman/images/trust_set.go @@ -55,7 +55,7 @@ func setTrust(cmd *cobra.Command, args []string) error { valid, err := image.IsValidImageURI(args[0]) if err != nil || !valid { - return errors.Wrapf(err, "invalid image uri %s", args[0]) + return err } if !util.StringInSlice(setOptions.Type, validTrustTypes) { diff --git a/cmd/podman/manifest/add.go b/cmd/podman/manifest/add.go index 91bd423b8..cb0838eeb 100644 --- a/cmd/podman/manifest/add.go +++ b/cmd/podman/manifest/add.go @@ -11,7 +11,6 @@ import ( "github.com/containers/podman/v2/cmd/podman/registry" "github.com/containers/podman/v2/pkg/domain/entities" "github.com/containers/podman/v2/pkg/util" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -116,7 +115,7 @@ func add(cmd *cobra.Command, args []string) error { listID, err := registry.ImageEngine().ManifestAdd(context.Background(), manifestAddOpts.ManifestAddOptions) if err != nil { - return errors.Wrapf(err, "error adding to manifest list %s", args[0]) + return err } fmt.Printf("%s\n", listID) return nil diff --git a/cmd/podman/manifest/annotate.go b/cmd/podman/manifest/annotate.go index dab8c4da6..71017e0ec 100644 --- a/cmd/podman/manifest/annotate.go +++ b/cmd/podman/manifest/annotate.go @@ -73,7 +73,7 @@ func annotate(cmd *cobra.Command, args []string) error { } updatedListID, err := registry.ImageEngine().ManifestAnnotate(context.Background(), args, manifestAnnotateOpts) if err != nil { - return errors.Wrapf(err, "error removing from manifest list %s", listImageSpec) + return err } fmt.Printf("%s\n", updatedListID) return nil diff --git a/cmd/podman/manifest/create.go b/cmd/podman/manifest/create.go index c903c6fa8..399f9440c 100644 --- a/cmd/podman/manifest/create.go +++ b/cmd/podman/manifest/create.go @@ -7,7 +7,6 @@ import ( "github.com/containers/podman/v2/cmd/podman/common" "github.com/containers/podman/v2/cmd/podman/registry" "github.com/containers/podman/v2/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -39,7 +38,7 @@ func init() { func create(cmd *cobra.Command, args []string) error { imageID, err := registry.ImageEngine().ManifestCreate(context.Background(), args[:1], args[1:], manifestCreateOpts) if err != nil { - return errors.Wrapf(err, "error creating manifest %s", args[0]) + return err } fmt.Printf("%s\n", imageID) return nil diff --git a/cmd/podman/manifest/inspect.go b/cmd/podman/manifest/inspect.go index 17c94aaba..39fd54445 100644 --- a/cmd/podman/manifest/inspect.go +++ b/cmd/podman/manifest/inspect.go @@ -7,7 +7,6 @@ import ( "github.com/containers/podman/v2/cmd/podman/common" "github.com/containers/podman/v2/cmd/podman/registry" "github.com/containers/podman/v2/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -35,7 +34,7 @@ func init() { func inspect(cmd *cobra.Command, args []string) error { buf, err := registry.ImageEngine().ManifestInspect(context.Background(), args[0]) if err != nil { - return errors.Wrapf(err, "error inspect manifest %s", args[0]) + return err } fmt.Printf("%s\n", buf) return nil diff --git a/cmd/podman/manifest/push.go b/cmd/podman/manifest/push.go index 9d0977834..593d62710 100644 --- a/cmd/podman/manifest/push.go +++ b/cmd/podman/manifest/push.go @@ -108,7 +108,7 @@ func push(cmd *cobra.Command, args []string) error { manifestPushOpts.SkipTLSVerify = types.NewOptionalBool(!manifestPushOpts.TLSVerifyCLI) } if err := registry.ImageEngine().ManifestPush(registry.Context(), args, manifestPushOpts.ManifestPushOptions); err != nil { - return errors.Wrapf(err, "error pushing manifest %s to %s", listImageSpec, destSpec) + return err } return nil } diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go index d33455e81..449d60bb9 100644 --- a/cmd/podman/pods/create.go +++ b/cmd/podman/pods/create.go @@ -218,7 +218,7 @@ func create(cmd *cobra.Command, args []string) error { } if len(podIDFile) > 0 { if err = ioutil.WriteFile(podIDFile, []byte(response.Id), 0644); err != nil { - return errors.Wrapf(err, "failed to write pod ID to file %q", podIDFile) + return errors.Wrapf(err, "failed to write pod ID to file") } } fmt.Println(response.Id) diff --git a/cmd/podman/pods/prune.go b/cmd/podman/pods/prune.go index 626ef2895..444b0f5e0 100644 --- a/cmd/podman/pods/prune.go +++ b/cmd/podman/pods/prune.go @@ -12,7 +12,6 @@ import ( "github.com/containers/podman/v2/cmd/podman/utils" "github.com/containers/podman/v2/cmd/podman/validate" "github.com/containers/podman/v2/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -51,7 +50,7 @@ func prune(cmd *cobra.Command, args []string) error { fmt.Print("Are you sure you want to continue? [y/N] ") answer, err := reader.ReadString('\n') if err != nil { - return errors.Wrapf(err, "error reading input") + return err } if strings.ToLower(answer)[0] != 'y' { return nil diff --git a/cmd/podman/root.go b/cmd/podman/root.go index 0a44f5eac..34d92cd0f 100644 --- a/cmd/podman/root.go +++ b/cmd/podman/root.go @@ -189,8 +189,7 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error { if cmd.Flag("cpu-profile").Changed { f, err := os.Create(cfg.CPUProfile) if err != nil { - return errors.Wrapf(err, "unable to create cpu profiling file %s", - cfg.CPUProfile) + return err } if err := pprof.StartCPUProfile(f); err != nil { return err diff --git a/cmd/podman/system/connection/add.go b/cmd/podman/system/connection/add.go index b3a23bffd..57e747451 100644 --- a/cmd/podman/system/connection/add.go +++ b/cmd/podman/system/connection/add.go @@ -79,14 +79,14 @@ func add(cmd *cobra.Command, args []string) error { // Default to ssh: schema if none given dest := args[1] if match, err := regexp.Match(schemaPattern, []byte(dest)); err != nil { - return errors.Wrapf(err, "internal regex error %q", schemaPattern) + return errors.Wrapf(err, "invalid destination") } else if !match { dest = "ssh://" + dest } uri, err := url.Parse(dest) if err != nil { - return errors.Wrapf(err, "failed to parse %q", dest) + return err } if uri.User.Username() == "" { @@ -109,7 +109,7 @@ func add(cmd *cobra.Command, args []string) error { if uri.Path == "" || uri.Path == "/" { if uri.Path, err = getUDS(cmd, uri); err != nil { - return errors.Wrapf(err, "failed to connect to %q", uri.String()) + return err } } @@ -151,7 +151,7 @@ func getUserInfo(uri *url.URL) (*url.Userinfo, error) { if u, found := os.LookupEnv("_CONTAINERS_ROOTLESS_UID"); found { usr, err = user.LookupId(u) if err != nil { - return nil, errors.Wrapf(err, "failed to find user %q", u) + return nil, errors.Wrapf(err, "failed to lookup rootless user") } } else { usr, err = user.Current() @@ -209,7 +209,7 @@ func getUDS(cmd *cobra.Command, uri *url.URL) (string, error) { } dial, err := ssh.Dial("tcp", uri.Host, cfg) if err != nil { - return "", errors.Wrapf(err, "failed to connect to %q", uri.Host) + return "", errors.Wrapf(err, "failed to connect") } defer dial.Close() @@ -229,7 +229,7 @@ func getUDS(cmd *cobra.Command, uri *url.URL) (string, error) { var buffer bytes.Buffer session.Stdout = &buffer if err := session.Run(run); err != nil { - return "", errors.Wrapf(err, "failed to run %q", run) + return "", err } var info define.Info @@ -238,7 +238,7 @@ func getUDS(cmd *cobra.Command, uri *url.URL) (string, error) { } if info.Host.RemoteSocket == nil || len(info.Host.RemoteSocket.Path) == 0 { - return "", fmt.Errorf("remote podman %q failed to report its UDS socket", uri.Host) + return "", errors.Errorf("remote podman %q failed to report its UDS socket", uri.Host) } return info.Host.RemoteSocket.Path, nil } diff --git a/cmd/podman/system/events.go b/cmd/podman/system/events.go index 224ef89f3..d2aefab67 100644 --- a/cmd/podman/system/events.go +++ b/cmd/podman/system/events.go @@ -13,7 +13,6 @@ import ( "github.com/containers/podman/v2/cmd/podman/validate" "github.com/containers/podman/v2/libpod/events" "github.com/containers/podman/v2/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -104,7 +103,7 @@ func eventsCmd(cmd *cobra.Command, _ []string) error { case doJSON: jsonStr, err := event.ToJSONString() if err != nil { - return errors.Wrapf(err, "unable to format json") + return err } fmt.Println(jsonStr) case cmd.Flags().Changed("format"): diff --git a/cmd/podman/system/prune.go b/cmd/podman/system/prune.go index be0d60604..f2b9a3db5 100644 --- a/cmd/podman/system/prune.go +++ b/cmd/podman/system/prune.go @@ -12,7 +12,6 @@ import ( "github.com/containers/podman/v2/cmd/podman/utils" "github.com/containers/podman/v2/cmd/podman/validate" "github.com/containers/podman/v2/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -68,7 +67,7 @@ WARNING! This will remove: Are you sure you want to continue? [y/N] `, volumeString) answer, err := reader.ReadString('\n') if err != nil { - return errors.Wrapf(err, "error reading input") + return err } if strings.ToLower(answer)[0] != 'y' { return nil diff --git a/cmd/podman/system/reset.go b/cmd/podman/system/reset.go index d38a1a427..97f4fba28 100644 --- a/cmd/podman/system/reset.go +++ b/cmd/podman/system/reset.go @@ -13,7 +13,7 @@ import ( "github.com/containers/podman/v2/cmd/podman/validate" "github.com/containers/podman/v2/pkg/domain/entities" "github.com/containers/podman/v2/pkg/domain/infra" - "github.com/pkg/errors" + "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) @@ -57,7 +57,7 @@ WARNING! This will remove: Are you sure you want to continue? [y/N] `) answer, err := reader.ReadString('\n') if err != nil { - fmt.Println(errors.Wrapf(err, "error reading input")) + logrus.Error(err) os.Exit(1) } if strings.ToLower(answer)[0] != 'y' { @@ -71,13 +71,13 @@ Are you sure you want to continue? [y/N] `) engine, err := infra.NewSystemEngine(entities.ResetMode, registry.PodmanConfig()) if err != nil { - fmt.Println(err) + logrus.Error(err) os.Exit(125) } defer engine.Shutdown(registry.Context()) if err := engine.Reset(registry.Context()); err != nil { - fmt.Println(err) + logrus.Error(err) os.Exit(125) } os.Exit(0) diff --git a/cmd/podman/system/service_abi.go b/cmd/podman/system/service_abi.go index 95cbd19d9..84f9293d4 100644 --- a/cmd/podman/system/service_abi.go +++ b/cmd/podman/system/service_abi.go @@ -33,7 +33,7 @@ func restService(opts entities.ServiceOptions, flags *pflag.FlagSet, cfg *entiti address := strings.Join(fields[1:], ":") l, err := net.Listen(fields[0], address) if err != nil { - return errors.Wrapf(err, "unable to create socket %s", opts.URI) + return errors.Wrapf(err, "unable to create socket") } listener = &l } diff --git a/cmd/podman/volumes/prune.go b/cmd/podman/volumes/prune.go index 2f58b668f..4c2136dcf 100644 --- a/cmd/podman/volumes/prune.go +++ b/cmd/podman/volumes/prune.go @@ -12,7 +12,6 @@ import ( "github.com/containers/podman/v2/cmd/podman/utils" "github.com/containers/podman/v2/cmd/podman/validate" "github.com/containers/podman/v2/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -53,7 +52,7 @@ func prune(cmd *cobra.Command, args []string) error { fmt.Print("Are you sure you want to continue? [y/N] ") answer, err := reader.ReadString('\n') if err != nil { - return errors.Wrapf(err, "error reading input") + return err } if strings.ToLower(answer)[0] != 'y' { return nil diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 9f2aa1d7b..749af8a66 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -346,7 +346,7 @@ value can be expressed in a time format such as `1m22s`. The default value is ` Container host name -Sets the container host name that is available inside the container. Can only be used with a private UTS namespace `--uts=private` (default). If `--pod` is specified and the pod shares the UTS namespace (default) the pods hostname will be used. +Sets the container host name that is available inside the container. Can only be used with a private UTS namespace `--uts=private` (default). If `--pod` is specified and the pod shares the UTS namespace (default) the pod's hostname will be used. #### **--help** @@ -576,7 +576,7 @@ This works for both background and foreground containers. #### **--network**=*mode*, **--net** -Set the network mode for the container. Invalid if using **--dns**, **--dns-opt**, or **--dns-search** with **--network** that is set to **none** or **container:**_id_. If used together with **--pod**, the container will not join the pods network namespace. +Set the network mode for the container. Invalid if using **--dns**, **--dns-opt**, or **--dns-search** with **--network** that is set to **none** or **container:**_id_. If used together with **--pod**, the container will not join the pod's network namespace. Valid _mode_ values are: diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 8c7d713ac..5b2cdd6a5 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -384,7 +384,7 @@ Print usage statement Container host name -Sets the container host name that is available inside the container. Can only be used with a private UTS namespace `--uts=private` (default). If `--pod` is specified and the pod shares the UTS namespace (default) the pods hostname will be used. +Sets the container host name that is available inside the container. Can only be used with a private UTS namespace `--uts=private` (default). If `--pod` is specified and the pod shares the UTS namespace (default) the pod's hostname will be used. #### **--http-proxy**=**true**|**false** diff --git a/docs/tutorials/image_signing.md b/docs/tutorials/image_signing.md index f0adca9af..0d1d63de2 100644 --- a/docs/tutorials/image_signing.md +++ b/docs/tutorials/image_signing.md @@ -34,7 +34,7 @@ Now let’s assume that we run a container registry. For example we could simply start one on our local machine: ```bash -> sudo podman run -d -p 5000:5000 docker.io/registry +sudo podman run -d -p 5000:5000 docker.io/registry ``` The registry does not know anything about image signing, it just provides the remote @@ -44,11 +44,11 @@ have to take care of how to distribute the signatures. Let’s choose a standard `alpine` image for our signing experiment: ```bash -> sudo podman pull docker://docker.io/alpine:latest +sudo podman pull docker://docker.io/alpine:latest ``` ```bash -> sudo podman images alpine +sudo podman images alpine REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/alpine latest e7d92cdc71fe 6 weeks ago 5.86 MB ``` @@ -56,11 +56,11 @@ docker.io/library/alpine latest e7d92cdc71fe 6 weeks ago 5.86 MB Now we can re-tag the image to point it to our local registry: ```bash -> sudo podman tag alpine localhost:5000/alpine +sudo podman tag alpine localhost:5000/alpine ``` ```bash -> sudo podman images alpine +sudo podman images alpine REPOSITORY TAG IMAGE ID CREATED SIZE localhost:5000/alpine latest e7d92cdc71fe 6 weeks ago 5.86 MB docker.io/library/alpine latest e7d92cdc71fe 6 weeks ago 5.86 MB @@ -84,7 +84,7 @@ We can see that we have two signature stores configured: Now, let’s push and sign the image: ```bash -> sudo -E GNUPGHOME=$HOME/.gnupg \ +sudo -E GNUPGHOME=$HOME/.gnupg \ podman push \ --tls-verify=false \ --sign-by sgrunert@suse.com \ @@ -97,7 +97,7 @@ If we now take a look at the systems signature storage, then we see that there is a new signature available, which was caused by the image push: ```bash -> sudo ls /var/lib/containers/sigstore +sudo ls /var/lib/containers/sigstore 'alpine@sha256=e9b65ef660a3ff91d28cc50eba84f21798a6c5c39b4dd165047db49e84ae1fb9' ``` @@ -107,14 +107,14 @@ The default signature store in our edited version of the local staging signature store: ```bash -> sudo bash -c 'cd /var/lib/containers/sigstore && python3 -m http.server' +sudo bash -c 'cd /var/lib/containers/sigstore && python3 -m http.server' Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ... ``` Let’s remove the local images for our verification test: ``` -> sudo podman rmi docker.io/alpine localhost:5000/alpine +sudo podman rmi docker.io/alpine localhost:5000/alpine ``` We have to write a policy to enforce that the signature has to be valid. This @@ -142,13 +142,13 @@ below example, copy the `"docker"` entry into the `"transports"` section of your The `keyPath` does not exist yet, so we have to put the GPG key there: ```bash -> gpg --output /tmp/key.gpg --armor --export sgrunert@suse.com +gpg --output /tmp/key.gpg --armor --export sgrunert@suse.com ``` If we now pull the image: ```bash -> sudo podman pull --tls-verify=false localhost:5000/alpine +sudo podman pull --tls-verify=false localhost:5000/alpine … Storing signatures e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a @@ -164,14 +164,14 @@ accessed: As an counterpart example, if we specify the wrong key at `/tmp/key.gpg`: ```bash -> gpg --output /tmp/key.gpg --armor --export mail@saschagrunert.de +gpg --output /tmp/key.gpg --armor --export mail@saschagrunert.de File '/tmp/key.gpg' exists. Overwrite? (y/N) y ``` Then a pull is not possible any more: ```bash -> sudo podman pull --tls-verify=false localhost:5000/alpine +sudo podman pull --tls-verify=false localhost:5000/alpine Trying to pull localhost:5000/alpine... Error: error pulling image "localhost:5000/alpine": unable to pull localhost:5000/alpine: unable to pull image: Source image rejected: Invalid GPG signature: … ``` diff --git a/docs/tutorials/mac_win_client.md b/docs/tutorials/mac_win_client.md index 9e0798bbf..af2668e10 100644 --- a/docs/tutorials/mac_win_client.md +++ b/docs/tutorials/mac_win_client.md @@ -36,7 +36,7 @@ $ systemctl --user enable --now podman.socket You will need to enable linger for this user in order for the socket to work when the user is not logged in. ``` -$ sudo loginctl enable-linger $USER +sudo loginctl enable-linger $USER ``` You can verify that the socket is listening with a simple Podman command. @@ -55,7 +55,7 @@ host: In order for the client to communicate with the server you need to enable and start the SSH daemon on your Linux machine, if it is not currently enabled. ``` -$ sudo systemctl enable -s sshd +sudo systemctl enable --now -s sshd ``` #### Setting up SSH diff --git a/docs/tutorials/podman_tutorial.md b/docs/tutorials/podman_tutorial.md index 85b95af04..c15de67a6 100644 --- a/docs/tutorials/podman_tutorial.md +++ b/docs/tutorials/podman_tutorial.md @@ -41,7 +41,7 @@ Note: If you add *-a* to the *ps* command, Podman will show all containers. You can "inspect" a running container for metadata and details about itself. We can even use the inspect subcommand to see what IP address was assigned to the container. As the container is running in rootless mode, an IP address is not assigned and the value will be listed as "none" in the output from inspect. ```console -$ podman inspect -l | grep IPAddress\": +podman inspect -l | grep IPAddress\": "SecondaryIPAddresses": null, "IPAddress": "", ``` @@ -60,7 +60,7 @@ curl http://<IP_address>:8080 ### Viewing the container's logs You can view the container's logs with Podman as well: ```console -$ sudo podman logs --latest +podman logs --latest 10.88.0.1 - - [07/Feb/2018:15:22:11 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-" 10.88.0.1 - - [07/Feb/2018:15:22:30 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-" 10.88.0.1 - - [07/Feb/2018:15:22:30 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-" @@ -71,7 +71,7 @@ $ sudo podman logs --latest ### Viewing the container's pids And you can observe the httpd pid in the container with *top*. ```console -$ sudo podman top <container_id> +podman top <container_id> UID PID PPID C STIME TTY TIME CMD 0 31873 31863 0 09:21 ? 00:00:00 nginx: master process nginx -g daemon off; 101 31889 31873 0 09:21 ? 00:00:00 nginx: worker process @@ -81,6 +81,8 @@ $ sudo podman top <container_id> Checkpointing a container stops the container while writing the state of all processes in the container to disk. With this a container can later be restored and continue running at exactly the same point in time as the checkpoint. This capability requires CRIU 3.11 or later installed on the system. +This feature is not supported as rootless; as such, if you wish to try it, you'll need to re-create your container as root, using the same command but with sudo. + To checkpoint the container use: ```console sudo podman container checkpoint <container_id> @@ -124,18 +126,18 @@ curl http://<IP_address>:8080 ### Stopping the container To stop the httpd container: ```console -sudo podman stop --latest +podman stop --latest ``` You can also check the status of one or more containers using the *ps* subcommand. In this case, we should use the *-a* argument to list all containers. ```console -sudo podman ps -a +podman ps -a ``` ### Removing the container To remove the httpd container: ```console -sudo podman rm --latest +podman rm --latest ``` You can verify the deletion of the container by running *podman ps -a*. diff --git a/docs/tutorials/remote_client.md b/docs/tutorials/remote_client.md index ad506d19a..e39d804a6 100644 --- a/docs/tutorials/remote_client.md +++ b/docs/tutorials/remote_client.md @@ -29,19 +29,19 @@ You will need to [install Podman](https://podman.io/getting-started/installation Before performing any Podman client commands, you must enable the podman.sock SystemD service on the Linux server. In these examples, we are running Podman as a normal, unprivileged user, also known as a rootless user. By default, the rootless socket listens at `/run/user/${UID}/podman/podman.sock`. You can enable this socket permanently using the following command: ``` -$ systemctl --user enable podman.socket +systemctl --user enable --now podman.socket ``` You will need to enable linger for this user in order for the socket to work when the user is not logged in: ``` -$ sudo loginctl enable-linger $USER +sudo loginctl enable-linger $USER ``` This is only required if you are not running Podman as root. You can verify that the socket is listening with a simple Podman command. ``` -$ podman --remote info +podman --remote info host: arch: amd64 buildahVersion: 1.16.0-dev @@ -54,13 +54,13 @@ host: In order for the Podman client to communicate with the server you need to enable and start the SSH daemon on your Linux machine, if it is not currently enabled. ``` -$ sudo systemctl enable -s sshd +sudo systemctl enable --now -s sshd ``` #### Setting up SSH Remote Podman uses SSH to communicate between the client and server. The remote client works considerably smoother using SSH keys. To set up your ssh connection, you need to generate an ssh key pair from your client machine. ``` -$ ssh-keygen +ssh-keygen ``` Your public key by default should be in your home directory under ~/.ssh/id_rsa.pub. You then need to copy the contents of id_rsa.pub and append it into ~/.ssh/authorized_keys on the Linux server. You can automate this using ssh-copy-id. @@ -75,13 +75,13 @@ The first step in using the Podman remote client is to configure a connection. You can add a connection by using the `podman-remote system connection add` command. ``` -$ podman-remote system connection add myuser --identity ~/.ssh/id_rsa ssh://192.168.122.1/run/user/1000/podman/podman.sock +podman-remote system connection add myuser --identity ~/.ssh/id_rsa ssh://192.168.122.1/run/user/1000/podman/podman.sock ``` This will add a remote connection to Podman and if it is the first connection added, it will mark the connection as the default. You can observe your connections with `podman-remote system connection list`: ``` -$ podman-remote system connection list +podman-remote system connection list Name Identity URI myuser* id_rsa ssh://myuser@192.168.122.1/run/user/1000/podman/podman.sock ``` @@ -89,7 +89,7 @@ myuser* id_rsa ssh://myuser@192.168.122.1/run/user/1000/podman/podman.s Now we can test the connection with `podman info`: ``` -$ podman-remote info +podman-remote info host: arch: amd64 buildahVersion: 1.16.0-dev @@ -101,7 +101,7 @@ host: Podman-remote has also introduced a “--connection” flag where you can use other connections you have defined. If no connection is provided, the default connection will be used. ``` -$ podman-remote system connection --help +podman-remote system connection --help ``` ## Wrap up diff --git a/docs/tutorials/rootless_tutorial.md b/docs/tutorials/rootless_tutorial.md index 3b9cbd2d0..9d8851bc8 100644 --- a/docs/tutorials/rootless_tutorial.md +++ b/docs/tutorials/rootless_tutorial.md @@ -6,14 +6,14 @@ Prior to allowing users without root privileges to run Podman, the administrator ## cgroup V2 support -The cgroup V2 Linux kernel feature allows the user to limit the amount of resources a rootless container can use. If the Linux distribution that you are running Podman on is enabled with cgroup V2 then you might need to change the default OCI Runtime. The default runtime `runc` does not currently work with cgroup V2 enabled systems, so you have to switch to the alternative OCI runtime `crun`. +The cgroup V2 Linux kernel feature allows the user to limit the amount of resources a rootless container can use. If the Linux distribution that you are running Podman on is enabled with cgroup V2 then you might need to change the default OCI Runtime. Some older versions of `runc` do not work with cgroup V2, you might have to switch to the alternative OCI runtime `crun`. -The alternative OCI runtime support for cgroup V2 can be turned on at the command line by using the `--runtime` option: +The alternative OCI runtime support for cgroup V2 can also be turned on at the command line by using the `--runtime` option: ``` -sudo podman --runtime /usr/bin/crun +podman --runtime crun ``` -or by changing the value for the "Default OCI runtime" in the containers.conf file either at the system level or at the [user level](#user-configuration-files) from `runtime = "runc"` to `runtime = "crun"`. +or for all commands by changing the value for the "Default OCI runtime" in the containers.conf file either at the system level or at the [user level](#user-configuration-files) from `runtime = "runc"` to `runtime = "crun"`. ## Administrator Actions |