diff options
107 files changed, 580 insertions, 1032 deletions
diff --git a/cmd/podman/common/completion.go b/cmd/podman/common/completion.go index 193f09e85..2ea5fa10f 100644 --- a/cmd/podman/common/completion.go +++ b/cmd/podman/common/completion.go @@ -1111,7 +1111,7 @@ func AutocompleteManifestFormat(cmd *cobra.Command, args []string, toComplete st // AutocompleteNetworkDriver - Autocomplete network driver option. // -> "bridge", "macvlan" func AutocompleteNetworkDriver(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { - drivers := []string{types.BridgeNetworkDriver, types.MacVLANNetworkDriver} + drivers := []string{types.BridgeNetworkDriver, types.MacVLANNetworkDriver, types.IPVLANNetworkDriver} return drivers, cobra.ShellCompDirectiveNoFileComp } @@ -1257,7 +1257,7 @@ func AutocompleteNetworkFilters(cmd *cobra.Command, args []string, toComplete st "id=": func(s string) ([]string, cobra.ShellCompDirective) { return getNetworks(cmd, s, completeIDs) }, "label=": nil, "driver=": func(_ string) ([]string, cobra.ShellCompDirective) { - return []string{types.BridgeNetworkDriver, types.MacVLANNetworkDriver}, cobra.ShellCompDirectiveNoFileComp + return []string{types.BridgeNetworkDriver, types.MacVLANNetworkDriver, types.IPVLANNetworkDriver}, cobra.ShellCompDirectiveNoFileComp }, "until=": nil, } diff --git a/cmd/podman/containers/mount.go b/cmd/podman/containers/mount.go index 55f6a1c34..0397b456f 100644 --- a/cmd/podman/containers/mount.go +++ b/cmd/podman/containers/mount.go @@ -62,7 +62,8 @@ func mountFlags(cmd *cobra.Command) { flags.StringVar(&mountOpts.Format, formatFlagName, "", "Print the mounted containers in specified format (json)") _ = cmd.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteFormat(nil)) - flags.BoolVar(&mountOpts.NoTruncate, "notruncate", false, "Do not truncate output") + flags.BoolVar(&mountOpts.NoTruncate, "no-trunc", false, "Do not truncate output") + flags.SetNormalizeFunc(utils.AliasFlags) } func init() { diff --git a/cmd/podman/images/history.go b/cmd/podman/images/history.go index c065acfad..cc7b1b4eb 100644 --- a/cmd/podman/images/history.go +++ b/cmd/podman/images/history.go @@ -11,6 +11,7 @@ import ( "github.com/containers/common/pkg/report" "github.com/containers/podman/v3/cmd/podman/common" "github.com/containers/podman/v3/cmd/podman/registry" + "github.com/containers/podman/v3/cmd/podman/utils" "github.com/containers/podman/v3/pkg/domain/entities" "github.com/docker/go-units" "github.com/pkg/errors" @@ -73,8 +74,8 @@ func historyFlags(cmd *cobra.Command) { flags.BoolVarP(&opts.human, "human", "H", true, "Display sizes and dates in human readable format") flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Do not truncate the output") - flags.BoolVar(&opts.noTrunc, "notruncate", false, "Do not truncate the output") flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Display the numeric IDs only") + flags.SetNormalizeFunc(utils.AliasFlags) } func history(cmd *cobra.Command, args []string) error { diff --git a/cmd/podman/machine/init.go b/cmd/podman/machine/init.go index ec44a707d..19f31d1a6 100644 --- a/cmd/podman/machine/init.go +++ b/cmd/podman/machine/init.go @@ -3,6 +3,8 @@ package machine import ( + "fmt" + "github.com/containers/common/pkg/completion" "github.com/containers/podman/v3/cmd/podman/registry" "github.com/containers/podman/v3/pkg/machine" @@ -26,6 +28,7 @@ var ( var ( initOpts = machine.InitOptions{} defaultMachineName = "podman-machine-default" + now bool ) func init() { @@ -61,6 +64,12 @@ func init() { ) _ = initCmd.RegisterFlagCompletionFunc(memoryFlagName, completion.AutocompleteNone) + flags.BoolVar( + &now, + "now", false, + "Start machine now", + ) + ImagePathFlagName := "image-path" flags.StringVar(&initOpts.ImagePath, ImagePathFlagName, cfg.Engine.MachineImage, "Path to qcow image") _ = initCmd.RegisterFlagCompletionFunc(ImagePathFlagName, completion.AutocompleteDefault) @@ -91,5 +100,15 @@ func initMachine(cmd *cobra.Command, args []string) error { if err != nil { return err } - return vm.Init(initOpts) + err = vm.Init(initOpts) + if err != nil { + return err + } + if now { + err = vm.Start(initOpts.Name, machine.StartOptions{}) + if err == nil { + fmt.Printf("Machine %q started successfully\n", initOpts.Name) + } + } + return err } diff --git a/cmd/podman/machine/ssh.go b/cmd/podman/machine/ssh.go index 84e9e88ab..da0a09338 100644 --- a/cmd/podman/machine/ssh.go +++ b/cmd/podman/machine/ssh.go @@ -5,6 +5,7 @@ package machine import ( "net/url" + "github.com/containers/common/pkg/completion" "github.com/containers/common/pkg/config" "github.com/containers/podman/v3/cmd/podman/registry" "github.com/containers/podman/v3/pkg/machine" @@ -15,7 +16,7 @@ import ( var ( sshCmd = &cobra.Command{ - Use: "ssh [NAME] [COMMAND [ARG ...]]", + Use: "ssh [options] [NAME] [COMMAND [ARG ...]]", Short: "SSH into an existing machine", Long: "SSH into a managed virtual machine ", RunE: ssh, @@ -35,6 +36,10 @@ func init() { Command: sshCmd, Parent: machineCmd, }) + flags := sshCmd.Flags() + usernameFlagName := "username" + flags.StringVar(&sshOpts.Username, usernameFlagName, "", "Username to use when ssh-ing into the VM.") + _ = sshCmd.RegisterFlagCompletionFunc(usernameFlagName, completion.AutocompleteNone) } func ssh(cmd *cobra.Command, args []string) error { @@ -48,13 +53,6 @@ func ssh(cmd *cobra.Command, args []string) error { // Set the VM to default vmName := defaultMachineName - // If we're not given a VM name, use the remote username from the connection config - if len(args) == 0 { - sshOpts.Username, err = remoteConnectionUsername() - if err != nil { - return err - } - } // If len is greater than 0, it means we may have been // provided the VM name. If so, we check. The VM name, // if provided, must be in args[0]. @@ -68,10 +66,6 @@ func ssh(cmd *cobra.Command, args []string) error { if validVM { vmName = args[0] } else { - sshOpts.Username, err = remoteConnectionUsername() - if err != nil { - return err - } sshOpts.Args = append(sshOpts.Args, args[0]) } } @@ -83,14 +77,17 @@ func ssh(cmd *cobra.Command, args []string) error { if validVM { sshOpts.Args = args[1:] } else { - sshOpts.Username, err = remoteConnectionUsername() - if err != nil { - return err - } sshOpts.Args = args } } + if !validVM && sshOpts.Username == "" { + sshOpts.Username, err = remoteConnectionUsername() + if err != nil { + return err + } + } + switch vmType { default: vm, err = qemu.LoadVMByName(vmName) diff --git a/cmd/podman/system/events.go b/cmd/podman/system/events.go index 677504cfc..e698e6652 100644 --- a/cmd/podman/system/events.go +++ b/cmd/podman/system/events.go @@ -36,6 +36,7 @@ var ( var ( eventOptions entities.EventsOptions eventFormat string + noTrunc bool ) func init() { @@ -58,6 +59,8 @@ func init() { flags.StringVar(&eventOptions.Since, sinceFlagName, "", "show all events created since timestamp") _ = eventsCommand.RegisterFlagCompletionFunc(sinceFlagName, completion.AutocompleteNone) + flags.BoolVar(&noTrunc, "no-trunc", true, "do not truncate the output") + untilFlagName := "until" flags.StringVar(&eventOptions.Until, untilFlagName, "", "show all events until timestamp") _ = eventsCommand.RegisterFlagCompletionFunc(untilFlagName, completion.AutocompleteNone) @@ -110,7 +113,7 @@ func eventsCmd(cmd *cobra.Command, _ []string) error { } fmt.Println("") default: - fmt.Println(event.ToHumanReadable()) + fmt.Println(event.ToHumanReadable(!noTrunc)) } } diff --git a/cmd/podman/utils/alias.go b/cmd/podman/utils/alias.go index 306e610d9..4d5b625d0 100644 --- a/cmd/podman/utils/alias.go +++ b/cmd/podman/utils/alias.go @@ -23,6 +23,8 @@ func AliasFlags(f *pflag.FlagSet, name string) pflag.NormalizedName { name = "external" case "purge": name = "rm" + case "notruncate": + name = "no-trunc" case "override-arch": name = "arch" case "override-os": diff --git a/docs/requirements.txt b/docs/requirements.txt index 84e7ec6a5..3ba6d658f 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,6 +1,4 @@ # requirements file for readthedocs pip installs # use md instead of rst -recommonmark -# needed for markdown table support -sphinx-markdown-tables +myst_parser diff --git a/docs/source/Commands.rst b/docs/source/Commands.rst index 767b09c08..2911efe18 100644 --- a/docs/source/Commands.rst +++ b/docs/source/Commands.rst @@ -13,7 +13,7 @@ Commands :doc:`commit <markdown/podman-commit.1>` Create new image based on the changed container -:doc:`container <managecontainers>` Manage Containers +:doc:`container <markdown/podman-container.1>` Manage Containers :doc:`cp <markdown/podman-cp.1>` Copy files/folders between a container and the local filesystem @@ -27,13 +27,13 @@ Commands :doc:`export <markdown/podman-export.1>` Export container's filesystem contents as a tar archive -:doc:`generate <generate>` Generated structured data +:doc:`generate <markdown/podman-generate.1>` Generated structured data -:doc:`healthcheck <healthcheck>` Manage Healthcheck +:doc:`healthcheck <markdown/podman-healthcheck.1>` Manage Healthcheck :doc:`history <markdown/podman-history.1>` Show history of a specified image -:doc:`image <image>` Manage images +:doc:`image <markdown/podman-image.1>` Manage images :doc:`images <markdown/podman-images.1>` List images in local storage @@ -55,19 +55,19 @@ Commands :doc:`logs <markdown/podman-logs.1>` Fetch the logs of a container -:doc:`machine <machine>` Manage podman's virtual machine +:doc:`machine <markdown/podman-machine.1>` Manage podman's virtual machine -:doc:`manifest <manifest>` Create and manipulate manifest lists and image indexes +:doc:`manifest <markdown/podman-manifest.1>` Create and manipulate manifest lists and image indexes :doc:`mount <markdown/podman-mount.1>` Mount a working container's root filesystem -:doc:`network <network>` Manage Networks +:doc:`network <markdown/podman-network.1>` Manage Networks :doc:`pause <markdown/podman-pause.1>` Pause all the processes in one or more containers -:doc:`play <play>` Play a pod +:doc:`play <markdown/podman-play.1>` Play a pod -:doc:`pod <pod>` Manage pods +:doc:`pod <markdown/podman-pod.1>` Manage pods :doc:`port <markdown/podman-port.1>` List port mappings or a specific mapping for the container @@ -91,7 +91,7 @@ Commands :doc:`search <markdown/podman-search.1>` Search registry for image -:doc:`secret <secret>` Manage podman secrets +:doc:`secret <markdown/podman-secret.1>` Manage podman secrets :doc:`start <markdown/podman-start.1>` Start one or more containers @@ -99,7 +99,7 @@ Commands :doc:`stop <markdown/podman-stop.1>` Stop one or more containers -:doc:`system <system>` Manage podman +:doc:`system <markdown/podman-system.1>` Manage podman :doc:`tag <markdown/podman-tag.1>` Add an additional name to a local image @@ -115,6 +115,6 @@ Commands :doc:`version <markdown/podman-version.1>` Display the Podman Version Information -:doc:`volume <volume>` Manage volumes +:doc:`volume <markdown/podman-volume.1>` Manage volumes :doc:`wait <markdown/podman-wait.1>` Block on one or more containers diff --git a/docs/source/conf.py b/docs/source/conf.py index 8210022f2..7684dd3f7 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -15,7 +15,6 @@ # sys.path.insert(0, os.path.abspath('.')) import re -from recommonmark.transform import AutoStructify # -- Project information ----------------------------------------------------- @@ -29,7 +28,7 @@ author = "team" # Add any Sphinx extension module names here, as strings. They can be # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom # ones. -extensions = ["sphinx_markdown_tables", "recommonmark"] +extensions = ["myst_parser"] # Add any paths that contain templates here, relative to this directory. templates_path = ["_templates"] @@ -63,27 +62,18 @@ html_css_files = [ # -- Extension configuration ------------------------------------------------- +# IMPORTANT: explicitly unset the extensions, by default dollarmath is enabled. +# We use the dollar sign as text and do not want it to be interpreted as math expression. +myst_enable_extensions = [] + def convert_markdown_title(app, docname, source): # Process markdown files only docpath = app.env.doc2path(docname) if docpath.endswith(".md"): - # Convert pandoc title line into eval_rst block for recommonmark - source[0] = re.sub(r"^% (.*)", r"```eval_rst\n.. title:: \g<1>\n```", source[0]) + # Convert pandoc title line into eval_rst block for myst_parser + source[0] = re.sub(r"^% (.*)", r"```{title} \g<1>\n```", source[0]) def setup(app): app.connect("source-read", convert_markdown_title) - - app.add_config_value( - "recommonmark_config", - { - "enable_eval_rst": True, - "enable_auto_doc_ref": False, - "enable_auto_toc_tree": False, - "enable_math": False, - "enable_inline_math": False, - }, - True, - ) - app.add_transform(AutoStructify) diff --git a/docs/source/connection.rst b/docs/source/connection.rst deleted file mode 100644 index 64eb18c57..000000000 --- a/docs/source/connection.rst +++ /dev/null @@ -1,12 +0,0 @@ -Manage the destination(s) for Podman service(s) -================= - -:doc:`add <markdown/podman-system-connection-add.1>` Record destination for the Podman service - -:doc:`default <markdown/podman-system-connection-default.1>` Set named destination as default for the Podman service - -:doc:`list <markdown/podman-system-connection-list.1>` List the destination for the Podman service(s) - -:doc:`remove <markdown/podman-system-connection-remove.1>` Delete named destination - -:doc:`rename <markdown/podman-system-connection-rename.1>` Rename the destination for Podman service diff --git a/docs/source/generate.rst b/docs/source/generate.rst deleted file mode 100644 index fd267ce62..000000000 --- a/docs/source/generate.rst +++ /dev/null @@ -1,6 +0,0 @@ -Generate -======== - -:doc:`kube <markdown/podman-generate-kube.1>` Generate Kubernetes pod YAML from a container or pod - -:doc:`systemd <markdown/podman-generate-systemd.1>` Generate a systemd unit file for a Podman container diff --git a/docs/source/healthcheck.rst b/docs/source/healthcheck.rst deleted file mode 100644 index 2e2f88fbc..000000000 --- a/docs/source/healthcheck.rst +++ /dev/null @@ -1,4 +0,0 @@ -HealthCheck -=========== - -:doc:`run <markdown/podman-healthcheck-run.1>` run the health check of a container diff --git a/docs/source/image.rst b/docs/source/image.rst deleted file mode 100644 index 0987a0149..000000000 --- a/docs/source/image.rst +++ /dev/null @@ -1,47 +0,0 @@ -Image -===== - - -:doc:`build <markdown/podman-build.1>` Build an image using instructions from Containerfiles - -:doc:`diff <markdown/podman-image-diff.1>` Inspect changes on an image's filesystem - -:doc:`exists <markdown/podman-image-exists.1>` Check if an image exists in local storage - -:doc:`history <markdown/podman-history.1>` Show history of a specified image - -:doc:`import <markdown/podman-import.1>` Import a tarball to create a filesystem image - -:doc:`inspect <markdown/podman-inspect.1>` Display the configuration of an image - -:doc:`list <markdown/podman-images.1>` List images in local storage - -:doc:`load <markdown/podman-load.1>` Load an image from container archive - -:doc:`mount <markdown/podman-image-mount.1>` Mount an image's root filesystem. - -:doc:`prune <markdown/podman-image-prune.1>` Remove unused images - -:doc:`pull <markdown/podman-pull.1>` Pull an image from a registry - -:doc:`push <markdown/podman-push.1>` Push an image to a specified destination - -:doc:`rm <markdown/podman-rmi.1>` Removes one or more images from local storage - -:doc:`save <markdown/podman-save.1>` Save image to an archive - -:doc:`scp <markdown/podman-image-scp.1>` Securely copy an image from one host to another - -:doc:`search <markdown/podman-search.1>` Search a registry for an image - -:doc:`sign <markdown/podman-image-sign.1>` Sign an image - -:doc:`tag <markdown/podman-tag.1>` Add an additional name to a local image - -:doc:`tree <markdown/podman-image-tree.1>` Prints layer hierarchy of an image in a tree format - -:doc:`trust <markdown/podman-image-trust.1>` Manage container image trust policy - -:doc:`unmount <markdown/podman-image-unmount.1>` Unmount an image's root filesystem - -:doc:`untag <markdown/podman-untag.1>` Removes one or more names from a locally-stored image diff --git a/docs/source/machine.rst b/docs/source/machine.rst deleted file mode 100644 index 3962fca99..000000000 --- a/docs/source/machine.rst +++ /dev/null @@ -1,15 +0,0 @@ -Machine -====== - - -:doc:`init <markdown/podman-machine-init.1>` Initialize a new virtual machine - -:doc:`list <markdown/podman-machine-list.1>` List virtual machines - -:doc:`rm <markdown/podman-machine-rm.1>` Remove a virtual machine - -:doc:`ssh <markdown/podman-machine-ssh.1>` SSH into a virtual machine - -:doc:`start <markdown/podman-machine-start.1>` Start a virtual machine - -:doc:`stop <markdown/podman-machine-stop.1>` Stop a virtual machine diff --git a/docs/source/managecontainers.rst b/docs/source/managecontainers.rst deleted file mode 100644 index 9b3978f25..000000000 --- a/docs/source/managecontainers.rst +++ /dev/null @@ -1,68 +0,0 @@ -Manage Containers -================= - -:doc:`attach <markdown/podman-attach.1>` Attach to a running container - -:doc:`checkpoint <markdown/podman-container-checkpoint.1>` Checkpoints one or more containers - -:doc:`cleanup <markdown/podman-container-cleanup.1>` Cleanup network and mountpoints of one or more containers - -:doc:`commit <markdown/podman-commit.1>` Create new image based on the changed container - -:doc:`cp <markdown/podman-cp.1>` Copy files/folders between a container and the local filesystem - -:doc:`create <markdown/podman-create.1>` Create but do not start a container - -:doc:`diff <markdown/podman-diff.1>` Inspect changes on container's file systems - -:doc:`exec <markdown/podman-exec.1>` Run a process in a running container - -:doc:`exists <markdown/podman-container-exists.1>` Check if a container exists in local storage - -:doc:`export <markdown/podman-export.1>` Export container's filesystem contents as a tar archive - -:doc:`init <markdown/podman-init.1>` Initialize one or more containers - -:doc:`inspect <markdown/podman-inspect.1>` Display the configuration of a container or image - -:doc:`kill <markdown/podman-kill.1>` Kill one or more running containers with a specific signal - -:doc:`list <markdown/podman-ps.1>` List containers - -:doc:`logs <markdown/podman-logs.1>` Fetch the logs of a container - -:doc:`mount <markdown/podman-mount.1>` Mount a working container's root filesystem - -:doc:`pause <markdown/podman-pause.1>` Pause all the processes in one or more containers - -:doc:`port <markdown/podman-port.1>` List port mappings or a specific mapping for the container - -:doc:`prune <markdown/podman-container-prune.1>` Remove all stopped containers - -:doc:`ps <markdown/podman-ps.1>` List containers - -:doc:`rename <markdown/podman-rename.1>` Rename an existing container - -:doc:`restart <markdown/podman-restart.1>` Restart one or more containers - -:doc:`restore <markdown/podman-container-restore.1>` Restores one or more containers from a checkpoint - -:doc:`rm <markdown/podman-rm.1>` Remove one or more containers - -:doc:`run <markdown/podman-run.1>` Run a command in a new container - -:doc:`runlabel <markdown/podman-container-runlabel.1>` Execute the command described by an image label - -:doc:`start <markdown/podman-start.1>` Start one or more containers - -:doc:`stats <markdown/podman-stats.1>` Display a live stream of container resource usage statistics - -:doc:`stop <markdown/podman-stop.1>` Stop one or more containers - -:doc:`top <markdown/podman-top.1>` Display the running processes of a container - -:doc:`unmount <markdown/podman-unmount.1>` Unmounts working container's root filesystem - -:doc:`unpause <markdown/podman-unpause.1>` Unpause the processes in one or more containers - -:doc:`wait <markdown/podman-wait.1>` Block on one or more containers diff --git a/docs/source/manifest.rst b/docs/source/manifest.rst deleted file mode 100644 index f0a06c2c7..000000000 --- a/docs/source/manifest.rst +++ /dev/null @@ -1,18 +0,0 @@ -Create and manipulate manifest lists and image indexes -================= - -:doc:`add <markdown/podman-manifest-add.1>` Add an image to a manifest list or image index - -:doc:`annotate <markdown/podman-manifest-annotate.1>` Add or update information about an entry in a manifest list or image index - -:doc:`create <markdown/podman-manifest-create.1>` Create a manifest list or image index - -:doc:`exists <markdown/podman-manifest-exists.1>` Check if the given manifest list exists in local storage - -:doc:`inspect <markdown/podman-manifest-inspect.1>` Display a manifest list or image index - -:doc:`push <markdown/podman-manifest-push.1>` Push a manifest list or image index to a registry - -:doc:`remove <markdown/podman-manifest-remove.1>` Remove an image from a manifest list or image index - -:doc:`rm <markdown/podman-manifest-rm.1>` Remove manifest list or image index from local storage diff --git a/docs/source/markdown/podman-auto-update.1.md b/docs/source/markdown/podman-auto-update.1.md index a1d2f291b..4952e09dc 100644 --- a/docs/source/markdown/podman-auto-update.1.md +++ b/docs/source/markdown/podman-auto-update.1.md @@ -41,7 +41,7 @@ If the authorization state is not found there, `$HOME/.docker/config.json` is ch Note: There is also the option to override the default path of the authentication file by setting the `REGISTRY_AUTH_FILE` environment variable. This can be done with **export REGISTRY_AUTH_FILE=_path_**. -#### **--dry-run**=*true|false* +#### **--dry-run** Check for the availability of new images but do not perform any pull operation or restart any service or container. The `UPDATED` field indicates the availability of a new image with "pending". @@ -51,7 +51,7 @@ The `UPDATED` field indicates the availability of a new image with "pending". Change the default output format. This can be of a supported type like 'json' or a Go template. Valid placeholders for the Go template are listed below: -#### **--rollback**=*true|false* +#### **--rollback** If restarting a systemd unit after updating the image has failed, rollback to using the previous image and restart the unit another time. Default is true. diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md index 3278436bd..98c8251b4 100644 --- a/docs/source/markdown/podman-build.1.md +++ b/docs/source/markdown/podman-build.1.md @@ -292,7 +292,7 @@ context. If you specify `-f -`, the Containerfile contents will be read from stdin. -#### **--force-rm**=*true|false* +#### **--force-rm** Always remove intermediate containers after a build, even if the build fails (default true). @@ -474,7 +474,7 @@ Suppress output messages which indicate which instruction is being processed, and of progress when pulling images from a registry, and when writing the output image. -#### **--rm**=*true|false* +#### **--rm** Remove intermediate containers after a successful build (default true). @@ -579,7 +579,7 @@ specified and therefore not changed, allowing the image's sha256 hash to remain same. All files committed to the layers of the image will be created with the timestamp. -#### **--tls-verify**=*true|false* +#### **--tls-verify** Require HTTPS and verify certificates when talking to container registries (defaults to true). (This option is not available with the remote Podman client) diff --git a/docs/source/markdown/podman-cp.1.md b/docs/source/markdown/podman-cp.1.md index 1929bed1f..0c375675d 100644 --- a/docs/source/markdown/podman-cp.1.md +++ b/docs/source/markdown/podman-cp.1.md @@ -56,7 +56,7 @@ Further note that `podman cp` does not support globbing (e.g., `cp dir/*.txt`). ## OPTIONS -#### **--archive**, **-a**=**true** | *false* +#### **--archive**, **-a** Archive mode (copy all uid/gid information). When set to true, files copied to a container will have changed ownership to the primary UID/GID of the container. diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 63836d040..0c48f105e 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -346,7 +346,7 @@ This option allows arbitrary environment variables that are available for the pr See [**Environment**](#environment) note below for precedence and examples. -#### **--env-host**=*true|false* +#### **--env-host** Use host environment inside of the container. See **Environment** note below for precedence. (This option is not available with the remote Podman client) @@ -414,7 +414,7 @@ Sets the container host name that is available inside the container. Can only be Print usage statement -#### **--http-proxy**=*true|false* +#### **--http-proxy** By default proxy environment variables are passed into the container if set for the Podman process. This can be disabled by setting the `--http-proxy` @@ -465,7 +465,7 @@ pod when that pod is not running. Path to the container-init binary. -#### **--interactive**, **-i**=*true|false* +#### **--interactive**, **-i** Keep STDIN open even if not attached. The default is *false*. @@ -684,18 +684,18 @@ Valid _mode_ values are: Add network-scoped alias for the container -#### **--no-healthcheck**=*true|false* +#### **--no-healthcheck** Disable any defined healthchecks for container. -#### **--no-hosts**=*true|false* +#### **--no-hosts** Do not create /etc/hosts for the container. By default, Podman will manage /etc/hosts, adding the container's own IP address and any hosts from **--add-host**. #### **--no-hosts** disables this, and the image's **/etc/host** will be preserved unmodified. This option conflicts with **--add-host**. -#### **--oom-kill-disable**=*true|false* +#### **--oom-kill-disable** Whether to disable OOM Killer for the container or not. @@ -737,7 +737,7 @@ To make a pod with more granular options, use the `podman pod create` command be Run container in an existing pod and read the pod's ID from the specified file. If a container is run within a pod, and the pod has an infra-container, the infra-container will be started before the container is. -#### **--privileged**=*true|false* +#### **--privileged** Give extended privileges to this container. The default is *false*. @@ -776,7 +776,7 @@ associated ports. If one container binds to a port, no other container can use t within the pod while it is in use. Containers in the pod can also communicate over localhost by having one container bind to localhost in the pod, and another connect to that port. -#### **--publish-all**, **-P**=*true|false* +#### **--publish-all**, **-P** Publish all exposed ports to random ports on the host interfaces. The default is *false*. @@ -801,7 +801,7 @@ Defaults to *missing*. Suppress output information when pulling images -#### **--read-only**=*true|false* +#### **--read-only** Mount the container's root filesystem as read only. @@ -809,11 +809,11 @@ By default a container will have its root filesystem writable allowing processes to write files anywhere. By specifying the `--read-only` flag the container will have its root filesystem mounted as read only prohibiting any writes. -#### **--read-only-tmpfs**=*true|false* +#### **--read-only-tmpfs** If container is running in --read-only mode, then mount a read-write tmpfs on /run, /tmp, and /var/tmp. The default is *true* -#### **--replace**=**true**|**false** +#### **--replace** If another container with the same name already exists, replace and remove it. The default is **false**. @@ -839,7 +839,7 @@ Please note that restart will not restart containers after a system reboot. If this functionality is required in your environment, you can invoke Podman from a systemd unit file, or create an init script for whichever init system is in use. To generate systemd unit files, please see *podman generate systemd* -#### **--rm**=*true|false* +#### **--rm** Automatically remove the container when it exits. The default is *false*. @@ -1001,7 +1001,7 @@ Maximum time a container is allowed to run before conmon sends it the kill signal. By default containers will run until they exit or are stopped by `podman stop`. -#### **--tls-verify**=**true**|**false** +#### **--tls-verify** Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. @@ -1018,7 +1018,7 @@ options are the same as the Linux default `mount` flags. If you do not specify any options, the systems uses the following options: `rw,noexec,nosuid,nodev`. -#### **--tty**, **-t**=*true|false* +#### **--tty**, **-t** Allocate a pseudo-TTY. The default is *false*. diff --git a/docs/source/markdown/podman-events.1.md b/docs/source/markdown/podman-events.1.md index 4f9e9418f..3c8b46884 100644 --- a/docs/source/markdown/podman-events.1.md +++ b/docs/source/markdown/podman-events.1.md @@ -93,6 +93,10 @@ filters are supported: In the case where an ID is used, the ID may be in its full or shortened form. +#### **--no-trunc** + +Do not truncate the output (default *true*). + #### **--since**=*timestamp* Show all events created since the given timestamp diff --git a/docs/source/markdown/podman-exec.1.md b/docs/source/markdown/podman-exec.1.md index 524ee50f0..d739e1f5d 100644 --- a/docs/source/markdown/podman-exec.1.md +++ b/docs/source/markdown/podman-exec.1.md @@ -30,7 +30,7 @@ command to be executed. Read in a line delimited file of environment variables. -#### **--interactive**, **-i**=*true|false* +#### **--interactive**, **-i** When set to true, keep stdin open even if not attached. The default is *false*. diff --git a/docs/source/markdown/podman-history.1.md b/docs/source/markdown/podman-history.1.md index 2dd41e9f5..c9d01f105 100644 --- a/docs/source/markdown/podman-history.1.md +++ b/docs/source/markdown/podman-history.1.md @@ -29,19 +29,15 @@ Valid placeholders for the Go template are listed below: ## OPTIONS -#### **--human**, **-H**=*true|false* +#### **--human**, **-H** Display sizes and dates in human readable format (default *true*). -#### **--no-trunc**=*true|false* +#### **--no-trunc** Do not truncate the output (default *false*). -#### **--notruncate** - -Do not truncate the output - -#### **--quiet**, **-q**=*true|false* +#### **--quiet**, **-q** Print the numeric IDs only (default *false*). #### **--format**=*format* diff --git a/docs/source/markdown/podman-images.1.md b/docs/source/markdown/podman-images.1.md index 02385daec..a346b7810 100644 --- a/docs/source/markdown/podman-images.1.md +++ b/docs/source/markdown/podman-images.1.md @@ -35,13 +35,13 @@ Filter output based on conditions provided **before=IMAGE** Filter on images created before the given IMAGE (name or tag). - **dangling=true|false** + **dangling Show dangling images. Dangling images are a file system layer that was used in a previous build of an image and is no longer referenced by any image. They are denoted with the `<none>` tag, consume disk space and serve no active purpose. **label** Filter by images labels key and/or value. - **readonly=true|false** + **readonly Show only read only images or Read/Write images. The default is to show both. Read/Only images can be configured by modifying the "additionalimagestores" in the /etc/containers/storage.conf file. **reference=** @@ -74,13 +74,13 @@ Omit the table headings from the listing of images. #### **--no-trunc** -Do not truncate output. +Do not truncate the output (default *false*). #### **--quiet**, **-q** Lists only the image IDs. -#### **--sort**=*sort* +#### **--sort**=*sort*=*created* Sort by created, id, repository, size or tag (default: created) diff --git a/docs/source/markdown/podman-inspect.1.md b/docs/source/markdown/podman-inspect.1.md index bfd0cea3d..ae26c1bbb 100644 --- a/docs/source/markdown/podman-inspect.1.md +++ b/docs/source/markdown/podman-inspect.1.md @@ -13,14 +13,10 @@ all results in a JSON array. If the inspect type is all, the order of inspection So, if a container has the same name as an image, then the container JSON will be returned, and so on. If a format is specified, the given template will be executed for each result. -For more inspection options, see: - - podman container inspect - podman image inspect - podman network inspect - podman pod inspect - podman volume inspect - +For more inspection options, see also +[podman-network-inspect(1)](podman-network-inspect.1.md), +[podman-pod-inspect(1)](podman-pod-inspect.1.md), and +[podman-volume-inspect(1)](podman-volume-inspect.1.md). ## OPTIONS diff --git a/docs/source/markdown/podman-login.1.md b/docs/source/markdown/podman-login.1.md index 3e23600fa..2559f4b77 100644 --- a/docs/source/markdown/podman-login.1.md +++ b/docs/source/markdown/podman-login.1.md @@ -56,7 +56,7 @@ Password for registry Take the password from stdin -#### **--tls-verify**=*true|false* +#### **--tls-verify** Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, diff --git a/docs/source/markdown/podman-machine-init.1.md b/docs/source/markdown/podman-machine-init.1.md index c864a87ef..1236db602 100644 --- a/docs/source/markdown/podman-machine-init.1.md +++ b/docs/source/markdown/podman-machine-init.1.md @@ -47,6 +47,10 @@ Defaults to `testing`. Memory (in MB). +#### **--now** + +Start the virtual machine immediately after it has been initialized. + #### **--help** Print usage statement. diff --git a/docs/source/markdown/podman-machine-ssh.1.md b/docs/source/markdown/podman-machine-ssh.1.md index a5cf69107..c4c732819 100644 --- a/docs/source/markdown/podman-machine-ssh.1.md +++ b/docs/source/markdown/podman-machine-ssh.1.md @@ -4,7 +4,7 @@ podman\-machine\-ssh - SSH into a virtual machine ## SYNOPSIS -**podman machine ssh** [*name*] [*command* [*arg* ...]] +**podman machine ssh** [*options*] [*name*] [*command* [*arg* ...]] ## DESCRIPTION @@ -21,6 +21,10 @@ with the virtual machine is established. Print usage statement. +#### **--username**=*name* + +Username to use when SSH-ing into the VM. + ## EXAMPLES To get an interactive session with the default virtual machine: diff --git a/docs/source/markdown/podman-mount.1.md b/docs/source/markdown/podman-mount.1.md index 1b1b09120..110fb0500 100644 --- a/docs/source/markdown/podman-mount.1.md +++ b/docs/source/markdown/podman-mount.1.md @@ -40,9 +40,9 @@ Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) -#### **--notruncate** +#### **--no-trunc** -Do not truncate IDs in output. +Do not truncate the output (default *false*). ## EXAMPLE diff --git a/docs/source/markdown/podman-network-create.1.md b/docs/source/markdown/podman-network-create.1.md index 816dd53ea..d48509581 100644 --- a/docs/source/markdown/podman-network-create.1.md +++ b/docs/source/markdown/podman-network-create.1.md @@ -25,16 +25,23 @@ resolution. #### **--driver**, **-d** -Driver to manage the network. Currently `bridge` and `macvlan` is supported. Defaults to `bridge`. -As rootless the `macvlan` driver has no access to the host network interfaces because rootless networking requires a separate network namespace. +Driver to manage the network. Currently `bridge`, `macvlan` and `ipvlan` are supported. Defaults to `bridge`. +As rootless the `macvlan` and `ipvlan` driver have no access to the host network interfaces because rootless networking requires a separate network namespace. #### **--opt**=*option*, **-o** Set driver specific options. -For the `bridge` driver the following options are supported: `mtu` and `vlan`. -The `mtu` option sets the Maximum Transmission Unit (MTU) and takes an integer value. -The `vlan` option assign VLAN tag and enables vlan\_filtering. Defaults to none. +All drivers accept the `mtu` option. The `mtu` option sets the Maximum Transmission Unit (MTU) and takes an integer value. + +Additionally the `bridge` driver supports the following option: +- `vlan`: This option assign VLAN tag and enables vlan\_filtering. Defaults to none. + +The `macvlan` and `ipvlan` driver support the following options: +- `parent`: The host device which should be used for the macvlan interface. Defaults to the default route interface. +- `mode`: This options sets the specified ip/macvlan mode on the interface. + - Supported values for `macvlan` are `bridge`, `private`, `vepa`, `passthru`. Defaults to `bridge`. + - Supported values for `ipvlan` are `l2`, `l3`, `l3s`. Defaults to `l2`. #### **--gateway** diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md index c170d6495..7e3e0f431 100644 --- a/docs/source/markdown/podman-play-kube.1.md +++ b/docs/source/markdown/podman-play-kube.1.md @@ -146,11 +146,11 @@ Suppress output information when pulling images Directory path for seccomp profiles (default: "/var/lib/kubelet/seccomp"). (This option is not available with the remote Podman client) -#### **--start**=*true|false* +#### **--start** Start the pod after creating it, set to false to only create it. -#### **--tls-verify**=*true|false* +#### **--tls-verify** Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markdown/podman-pod-create.1.md index bed94080a..b4c3fc2eb 100644 --- a/docs/source/markdown/podman-pod-create.1.md +++ b/docs/source/markdown/podman-pod-create.1.md @@ -78,7 +78,7 @@ Print usage statement. Set a hostname to the pod -#### **--infra**=**true**|**false** +#### **--infra** Create an infra container and associate it with the pod. An infra container is a lightweight container used to coordinate the shared kernel namespace of a pod. Default: true. @@ -143,7 +143,7 @@ Set network mode for the pod. Supported values are: Add a DNS alias for the container. When the container is joined to a CNI network with support for the dnsname plugin, the container will be accessible through this name from other containers in the network. -#### **--no-hosts**=**true**|**false** +#### **--no-hosts** Disable creation of /etc/hosts for the pod. @@ -170,7 +170,7 @@ Use `podman port` to see the actual mapping: `podman port CONTAINER $CONTAINERPO NOTE: This cannot be modified once the pod is created. -#### **--replace**=**true**|**false** +#### **--replace** If another pod with the same name already exists, replace and remove it. The default is **false**. diff --git a/docs/source/markdown/podman-pod-ps.1.md b/docs/source/markdown/podman-pod-ps.1.md index ed0789e93..41e06347e 100644 --- a/docs/source/markdown/podman-pod-ps.1.md +++ b/docs/source/markdown/podman-pod-ps.1.md @@ -50,7 +50,7 @@ Omit the table headings from the listing of pods. #### **--no-trunc** -Display the extended information +Do not truncate the output (default *false*). #### **--ns** diff --git a/docs/source/markdown/podman-ps.1.md b/docs/source/markdown/podman-ps.1.md index 40d26b86d..b1a944942 100644 --- a/docs/source/markdown/podman-ps.1.md +++ b/docs/source/markdown/podman-ps.1.md @@ -106,7 +106,7 @@ Omit the table headings from the listing of containers. #### **--no-trunc** -Display the extended information +Do not truncate the output (default *false*). #### **--pod**, **-p** @@ -116,11 +116,10 @@ Display the pods the containers are associated with Print the numeric IDs of the containers only -#### **--sort** +#### **--sort**=*created* Sort by command, created, id, image, names, runningfor, size, or status", Note: Choosing size will sort by size of rootFs, not alphabetically like the rest of the options -Default: created #### **--size**, **-s** diff --git a/docs/source/markdown/podman-pull.1.md b/docs/source/markdown/podman-pull.1.md index aa0815f4b..7fd9732d6 100644 --- a/docs/source/markdown/podman-pull.1.md +++ b/docs/source/markdown/podman-pull.1.md @@ -95,7 +95,7 @@ Specify the platform for selecting the image. The `--platform` option can be use Suppress output information when pulling images -#### **--tls-verify**=*true|false* +#### **--tls-verify** Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, @@ -234,7 +234,7 @@ Storing signatures ``` ## SEE ALSO -**[podman(1)](podman.1.md)**, **[podman-push(1)](podman-push.1.md)**, **[podman-login(1)](podman-login.1.md)**, **[containers-certs.d(5](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)**, **[containers-registries.conf(5)](https://github.com/containers/image/blob/main/docs/containers-registries.d.5.md)**, **[containers-transports(5)](https://github.com/containers/image/blob/main/docs/containers-transports.5.md)** +**[podman(1)](podman.1.md)**, **[podman-push(1)](podman-push.1.md)**, **[podman-login(1)](podman-login.1.md)**, **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)**, **[containers-registries.conf(5)](https://github.com/containers/image/blob/main/docs/containers-registries.d.5.md)**, **[containers-transports(5)](https://github.com/containers/image/blob/main/docs/containers-transports.5.md)** ## HISTORY July 2017, Originally compiled by Urvashi Mohnani <umohnani@redhat.com> diff --git a/docs/source/markdown/podman-push.1.md b/docs/source/markdown/podman-push.1.md index 68478accd..089d169fb 100644 --- a/docs/source/markdown/podman-push.1.md +++ b/docs/source/markdown/podman-push.1.md @@ -97,7 +97,7 @@ Discard any pre-existing signatures in the image. (This option is not available Add a signature at the destination using the specified key. (This option is not available with the remote Podman client) -#### **--tls-verify**=*true|false* +#### **--tls-verify** Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, diff --git a/docs/source/markdown/podman-rmi.1.md b/docs/source/markdown/podman-rmi.1.md index e34b1964b..4f3ec5541 100644 --- a/docs/source/markdown/podman-rmi.1.md +++ b/docs/source/markdown/podman-rmi.1.md @@ -12,6 +12,8 @@ podman\-rmi - Removes one or more locally stored images Removes one or more locally stored images. Passing an argument _image_ deletes it, along with any of its dangling parent images. A dangling image is an image without a tag and without being referenced by another image. +Note: To delete an image from a remote registry, use the [**skopeo delete**](https://github.com/containers/skopeo/blob/main/docs/skopeo-delete.1.md) command. Some registries do not allow users to delete an image via a CLI remotely. + ## OPTIONS #### **--all**, **-a** @@ -51,7 +53,7 @@ $ podman rmi -a -f **125** The command fails for any other reason ## SEE ALSO -podman(1) +podman(1), skopeo-delete(1) ## HISTORY March 2017, Originally compiled by Dan Walsh <dwalsh@redhat.com> diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 3a6803aaa..7b6a56fc6 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -270,7 +270,7 @@ Memory nodes (MEMs) in which to allow execution. Only effective on NUMA systems. For example, if you have four memory nodes (0-3) on your system, use **--cpuset-mems=0,1** to only use memory from the first two memory nodes. -#### **--detach**, **-d**=**true**|**false** +#### **--detach**, **-d** Detached mode: run the container in the background and print the new container ID. The default is *false*. @@ -381,7 +381,7 @@ This option allows arbitrary environment variables that are available for the pr See [**Environment**](#environment) note below for precedence and examples. -#### **--env-host**=**true**|**false** +#### **--env-host** Use host environment inside of the container. See **Environment** note below for precedence. (This option is not available with the remote Podman client) @@ -456,7 +456,7 @@ Container host name Sets the container host name that is available inside the container. Can only be used with a private UTS namespace `--uts=private` (default). If `--pod` is specified and the pod shares the UTS namespace (default) the pod's hostname will be used. -#### **--http-proxy**=**true**|**false** +#### **--http-proxy** By default proxy environment variables are passed into the container if set for the Podman process. This can be disabled by setting the value to **false**. @@ -488,7 +488,7 @@ Run an init inside the container that forwards signals and reaps processes. Path to the container-init binary. -#### **--interactive**, **-i**=**true**|**false** +#### **--interactive**, **-i** When set to **true**, keep stdin open even if not attached. The default is **false**. @@ -704,11 +704,11 @@ Valid _mode_ values are: Add network-scoped alias for the container -#### **--no-healthcheck**=*true|false* +#### **--no-healthcheck** Disable any defined healthchecks for container. -#### **--no-hosts**=**true**|**false** +#### **--no-hosts** Do not create _/etc/hosts_ for the container. @@ -716,7 +716,7 @@ By default, Podman will manage _/etc/hosts_, adding the container's own IP addre #### **--no-hosts** disables this, and the image's _/etc/hosts_ will be preserved unmodified. This option conflicts with **--add-host**. -#### **--oom-kill-disable**=**true**|**false** +#### **--oom-kill-disable** Whether to disable OOM Killer for the container or not. @@ -766,7 +766,7 @@ If a container is run within a pod, and the pod has an infra-container, the infr Pass down to the process N additional file descriptors (in addition to 0, 1, 2). The total FDs will be 3+N. (This option is not available with the remote Podman client) -#### **--privileged**=**true**|**false** +#### **--privileged** Give extended privileges to this container. The default is **false**. @@ -804,7 +804,7 @@ associated ports. If one container binds to a port, no other container can use t within the pod while it is in use. Containers in the pod can also communicate over localhost by having one container bind to localhost in the pod, and another connect to that port. -#### **--publish-all**, **-P**=**true**|**false** +#### **--publish-all**, **-P** Publish all exposed ports to random ports on the host interfaces. The default is **false**. @@ -829,7 +829,7 @@ Pull image before running. The default is **missing**. Suppress output information when pulling images -#### **--read-only**=**true**|**false** +#### **--read-only** Mount the container's root filesystem as read only. @@ -837,11 +837,11 @@ By default a container will have its root filesystem writable allowing processes to write files anywhere. By specifying the **--read-only** flag, the container will have its root filesystem mounted as read only prohibiting any writes. -#### **--read-only-tmpfs**=**true**|**false** +#### **--read-only-tmpfs** If container is running in **--read-only** mode, then mount a read-write tmpfs on _/run_, _/tmp_, and _/var/tmp_. The default is **true**. -#### **--replace**=**true**|**false** +#### **--replace** If another container with the same name already exists, replace and remove it. The default is **false**. @@ -867,11 +867,11 @@ Please note that restart will not restart containers after a system reboot. If this functionality is required in your environment, you can invoke Podman from a **systemd.unit**(5) file, or create an init script for whichever init system is in use. To generate systemd unit files, please see **podman generate systemd**. -#### **--rm**=**true**|**false** +#### **--rm** Automatically remove the container when it exits. The default is **false**. -#### **--rmi**=*true|false* +#### **--rmi** After exit of the container, remove the image unless another container is using it. The default is *false*. @@ -974,7 +974,7 @@ Size of _/dev/shm_. A _unit_ can be **b** (bytes), **k** (kilobytes), **m** (meg If you omit the unit, the system uses bytes. If you omit the size entirely, the default is **64m**. When _size_ is **0**, there is no limit on the amount of memory used for IPC by the container. -#### **--sig-proxy**=**true**|**false** +#### **--sig-proxy** Sets whether the signals sent to the **podman run** command are proxied to the container process. SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is **true**. @@ -1058,7 +1058,7 @@ Maximum time a container is allowed to run before conmon sends it the kill signal. By default containers will run until they exit or are stopped by `podman stop`. -#### **--tls-verify**=**true**|**false** +#### **--tls-verify** Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. @@ -1077,7 +1077,7 @@ options are the same as the Linux default mount flags. If you do not specify any options, the systems uses the following options: **rw,noexec,nosuid,nodev**. -#### **--tty**, **-t**=**true**|**false** +#### **--tty**, **-t** Allocate a pseudo-TTY. The default is **false**. diff --git a/docs/source/markdown/podman-search.1.md b/docs/source/markdown/podman-search.1.md index 661ad6742..d541e5c93 100644 --- a/docs/source/markdown/podman-search.1.md +++ b/docs/source/markdown/podman-search.1.md @@ -81,9 +81,9 @@ The result contains the Image name and its tag, one line for every tag associate #### **--no-trunc** -Do not truncate the output +Do not truncate the output (default *false*). -#### **--tls-verify**=*true|false* +#### **--tls-verify** Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used if needed. If not specified, @@ -169,7 +169,7 @@ Note: This works only with registries that implement the v2 API. If tried with a **registries.conf** (`/etc/containers/registries.conf`) - registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. +registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. ## SEE ALSO podman(1), containers-registries.conf(5) diff --git a/docs/source/markdown/podman-start.1.md b/docs/source/markdown/podman-start.1.md index ae05da817..a751a098b 100644 --- a/docs/source/markdown/podman-start.1.md +++ b/docs/source/markdown/podman-start.1.md @@ -34,7 +34,7 @@ Attach container's STDIN. The default is false. Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods. (This option is not available with the remote Podman client) -#### **--sig-proxy**=*true|false* +#### **--sig-proxy** Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true* when attaching, *false* otherwise. diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md index 2510eaa81..8b5f385cb 100644 --- a/docs/source/markdown/podman.1.md +++ b/docs/source/markdown/podman.1.md @@ -152,7 +152,7 @@ specify additional options via the `--storage-opt` flag. Storage driver option, Default storage driver options are configured in /etc/containers/storage.conf (`$HOME/.config/containers/storage.conf` in rootless mode). The `STORAGE_OPTS` environment variable overrides the default. The --storage-opt specified options overrides all. If you specify --storage-opt="", no storage options will be used. -#### **--syslog**=*true|false* +#### **--syslog** Output logging information to syslog as well as the console (default *false*). @@ -276,7 +276,7 @@ the exit codes follow the `chroot` standard, see below: **containers.conf** (`/usr/share/containers/containers.conf`, `/etc/containers/containers.conf`, `$HOME/.config/containers/containers.conf`) - Podman has builtin defaults for command line options. These defaults can be overridden using the containers.conf configuration files. +Podman has builtin defaults for command line options. These defaults can be overridden using the containers.conf configuration files. Distributions ship the `/usr/share/containers/containers.conf` file with their default settings. Administrators can override fields in this file by creating the `/etc/containers/containers.conf` file. Users can further modify defaults by creating the `$HOME/.config/containers/containers.conf` file. Podman merges its builtin defaults with the specified fields from these files, if they exist. Fields specified in the users file override the administrator's file, which overrides the distribution's file, which override the built-in defaults. @@ -286,31 +286,31 @@ If the **CONTAINERS_CONF** environment variable is set, then its value is used f **mounts.conf** (`/usr/share/containers/mounts.conf`) - The mounts.conf file specifies volume mount directories that are automatically mounted inside containers when executing the `podman run` or `podman start` commands. Administrators can override the defaults file by creating `/etc/containers/mounts.conf`. +The mounts.conf file specifies volume mount directories that are automatically mounted inside containers when executing the `podman run` or `podman start` commands. Administrators can override the defaults file by creating `/etc/containers/mounts.conf`. When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.conf` will override the default if it exists. Please refer to containers-mounts.conf(5) for further details. **policy.json** (`/etc/containers/policy.json`) - Signature verification policy files are used to specify policy, e.g. trusted keys, applicable when deciding whether to accept an image, or individual signatures of that image, as valid. +Signature verification policy files are used to specify policy, e.g. trusted keys, applicable when deciding whether to accept an image, or individual signatures of that image, as valid. **registries.conf** (`/etc/containers/registries.conf`, `$HOME/.config/containers/registries.conf`) - registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. +registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. - Non root users of Podman can create the `$HOME/.config/containers/registries.conf` file to be used instead of the system defaults. +Non root users of Podman can create the `$HOME/.config/containers/registries.conf` file to be used instead of the system defaults. - If the **CONTAINERS_REGISTRIES_CONF** environment variable is set, then its value is used for the registries.conf file rather than the default. +If the **CONTAINERS_REGISTRIES_CONF** environment variable is set, then its value is used for the registries.conf file rather than the default. **storage.conf** (`/etc/containers/storage.conf`, `$HOME/.config/containers/storage.conf`) - storage.conf is the storage configuration file for all tools using containers/storage +storage.conf is the storage configuration file for all tools using containers/storage - The storage configuration file specifies all of the available container storage options for tools using shared container storage. +The storage configuration file specifies all of the available container storage options for tools using shared container storage. - When Podman runs in rootless mode, the file `$HOME/.config/containers/storage.conf` is used instead of the system defaults. +When Podman runs in rootless mode, the file `$HOME/.config/containers/storage.conf` is used instead of the system defaults. - If the **CONTAINERS_STORAGE_CONF** environment variable is set, the its value is used for the storage.conf file rather than the default. +If the **CONTAINERS_STORAGE_CONF** environment variable is set, the its value is used for the storage.conf file rather than the default. ## Rootless mode Podman can also be used as non-root user. When podman runs in rootless mode, a user namespace is automatically created for the user, defined in /etc/subuid and /etc/subgid. diff --git a/docs/source/network.rst b/docs/source/network.rst deleted file mode 100644 index eb0c2c7f9..000000000 --- a/docs/source/network.rst +++ /dev/null @@ -1,20 +0,0 @@ -Network -======= - -:doc:`connect <markdown/podman-network-connect.1>` network connect - -:doc:`create <markdown/podman-network-create.1>` network create - -:doc:`disconnect <markdown/podman-network-disconnect.1>` network disconnect - -:doc:`exists <markdown/podman-network-exists.1>` network exists - -:doc:`inspect <markdown/podman-network-inspect.1>` network inspect - -:doc:`ls <markdown/podman-network-ls.1>` network list - -:doc:`prune <markdown/podman-network-prune.1>` network prune - -:doc:`reload <markdown/podman-network-reload.1>` network reload - -:doc:`rm <markdown/podman-network-rm.1>` network rm diff --git a/docs/source/play.rst b/docs/source/play.rst deleted file mode 100644 index 8f00d2f45..000000000 --- a/docs/source/play.rst +++ /dev/null @@ -1,4 +0,0 @@ -Play -==== - -:doc:`kube <markdown/podman-play-kube.1>` Play a pod based on Kubernetes YAML diff --git a/docs/source/pod.rst b/docs/source/pod.rst deleted file mode 100644 index d9ad07d83..000000000 --- a/docs/source/pod.rst +++ /dev/null @@ -1,32 +0,0 @@ -Pod -=== - -:doc:`create <markdown/podman-pod-create.1>` Create a new empty pod - -:doc:`exists <markdown/podman-pod-exists.1>` Check if a pod exists in local storage - -:doc:`inspect <markdown/podman-pod-inspect.1>` Displays a pod configuration - -:doc:`kill <markdown/podman-pod-kill.1>` Send the specified signal or SIGKILL to containers in pod - -:doc:`logs <markdown/podman-pod-logs.1>` Displays logs for pod with one or more containers - -:doc:`pause <markdown/podman-pause.1>` Pause one or more pods - -:doc:`prune <markdown/podman-pod-prune.1>` Remove all stopped pods and their containers - -:doc:`ps <markdown/podman-pod-ps.1>` List pods - -:doc:`restart <markdown/podman-pod-restart.1>` Restart one or more pods - -:doc:`rm <markdown/podman-pod-rm.1>` Remove one or more stopped pods and containers - -:doc:`start <markdown/podman-pod-start.1>` Start one or more pods - -:doc:`stats <markdown/podman-pod-stats.1>` Display a live stream of resource usage statistics for the containers in one or more pods - -:doc:`stop <markdown/podman-pod-stop.1>` Stop one or more pods - -:doc:`top <markdown/podman-pod-top.1>` Display the running processes of containers in a pod - -:doc:`unpause <markdown/podman-pod-unpause.1>` Unpause one or more pods diff --git a/docs/source/secret.rst b/docs/source/secret.rst deleted file mode 100644 index 3825ad1df..000000000 --- a/docs/source/secret.rst +++ /dev/null @@ -1,9 +0,0 @@ -Secret -====== -:doc:`create <markdown/podman-secret-create.1>` Create a new secert - -:doc:`inspect <markdown/podman-secret-inspect.1>` Display detailed information on one or more secrets - -:doc:`ls <markdown/podman-secret-ls.1>` List secrets - -:doc:`rm <markdown/podman-secret-rm.1>` Remove one or more secrets diff --git a/docs/source/system.rst b/docs/source/system.rst deleted file mode 100644 index 566fd1a95..000000000 --- a/docs/source/system.rst +++ /dev/null @@ -1,18 +0,0 @@ -System -====== - -:doc:`connection <connection>` Manage the destination(s) for Podman service(s) - -:doc:`df <markdown/podman-system-df.1>` Show podman disk usage - -:doc:`info <markdown/podman-info.1>` Display podman system information - -:doc:`migrate <markdown/podman-system-migrate.1>` Migrate containers - -:doc:`prune <markdown/podman-system-prune.1>` Remove unused data - -:doc:`renumber <markdown/podman-system-renumber.1>` Migrate lock numbers - -:doc:`reset <markdown/podman-system-reset.1>` Reset podman storage - -:doc:`service <markdown/podman-system-service.1>` Run an API service @@ -12,7 +12,7 @@ require ( github.com/containernetworking/cni v0.8.1 github.com/containernetworking/plugins v0.9.1 github.com/containers/buildah v1.23.0 - github.com/containers/common v0.44.1-0.20210914173811-fcaa2e0de285 + github.com/containers/common v0.44.1-0.20210920093543-bf187ada7d0e github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.16.0 github.com/containers/ocicrypt v1.1.2 @@ -246,8 +246,8 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD github.com/containers/buildah v1.23.0 h1:qGIeSNOczUHzvnaaOS29HSMiYAjw6JgIXYksAyvqnLs= github.com/containers/buildah v1.23.0/go.mod h1:K0iMKgy/MffkkgELBXhSXwTy2HTT6hM0X8qruDR1FwU= github.com/containers/common v0.44.0/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo= -github.com/containers/common v0.44.1-0.20210914173811-fcaa2e0de285 h1:sXBzh8CcqR5cGGY9cM/AUIk58CJKHbyljVtFh8HYyLY= -github.com/containers/common v0.44.1-0.20210914173811-fcaa2e0de285/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo= +github.com/containers/common v0.44.1-0.20210920093543-bf187ada7d0e h1:p21+CJSeryr0Vb3dottjXRNYTaRND1QSPm36NogQ7cQ= +github.com/containers/common v0.44.1-0.20210920093543-bf187ada7d0e/go.mod h1:zxv7KjdYddSGoWuLUVp6eSb++Ow1zmSMB2jwxuNB4cU= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.16.0 h1:WQcNSzb7+ngS2cfynx0vUwhk+scpgiKlldVcsF8GPbI= @@ -652,8 +652,9 @@ github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS4 github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.4.2 h1:6h7AQ0yhTcIsmFmnAwQls75jp2Gzs4iB8W7pjMO+rqo= +github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= diff --git a/hack/xref-helpmsgs-manpages b/hack/xref-helpmsgs-manpages index cc1e233b9..af54f05f3 100755 --- a/hack/xref-helpmsgs-manpages +++ b/hack/xref-helpmsgs-manpages @@ -201,13 +201,6 @@ sub xref_rst { if (ref $help->{$k}) { xref_rst($help->{$k}, $rst->{$k}, @subcommand, $k); } - - # Check that command is mentioned in at least one .rst file - if (! exists $rst->{$k}{_desc}) { - my @podman = ("podman", @subcommand, $k); - warn "$ME: no link in *.rst for @podman\n"; - ++$Errs; - } } } diff --git a/libpod/boltdb_state_unsupported.go b/libpod/boltdb_state_unsupported.go deleted file mode 100644 index 244dc51a0..000000000 --- a/libpod/boltdb_state_unsupported.go +++ /dev/null @@ -1,13 +0,0 @@ -// +build !linux - -package libpod - -// replaceNetNS is exclusive to the Linux platform and is a no-op elsewhere -func replaceNetNS(netNSPath string, ctr *Container, newState *ContainerState) error { - return nil -} - -// getNetNSPath is exclusive to the Linux platform and is a no-op elsewhere -func getNetNSPath(ctr *Container) string { - return "" -} diff --git a/libpod/container_copy_unsupported.go b/libpod/container_copy_unsupported.go deleted file mode 100644 index b2bdd3e3d..000000000 --- a/libpod/container_copy_unsupported.go +++ /dev/null @@ -1,16 +0,0 @@ -// +build !linux - -package libpod - -import ( - "context" - "io" -) - -func (c *Container) copyFromArchive(ctx context.Context, path string, reader io.Reader) (func() error, error) { - return nil, nil -} - -func (c *Container) copyToArchive(ctx context.Context, path string, writer io.Writer) (func() error, error) { - return nil, nil -} diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 0557b30d0..dbecea031 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -2033,15 +2033,16 @@ func (c *Container) getHosts() string { // Do we have a network namespace? netNone := false - for _, ns := range c.config.Spec.Linux.Namespaces { - if ns.Type == spec.NetworkNamespace { - if ns.Path == "" && !c.config.CreateNetNS { - netNone = true + if c.config.NetNsCtr == "" && !c.config.CreateNetNS { + for _, ns := range c.config.Spec.Linux.Namespaces { + if ns.Type == spec.NetworkNamespace { + if ns.Path == "" { + netNone = true + } + break } - break } } - // If we are net=none (have a network namespace, but not connected to // anything) add the container's name and hostname to localhost. if netNone { @@ -2049,35 +2050,39 @@ func (c *Container) getHosts() string { } } - // Add gateway entry - var depCtr *Container - netStatus := c.getNetworkStatus() - if c.config.NetNsCtr != "" { - // ignoring the error because there isn't anything to do - depCtr, _ = c.getRootNetNsDepCtr() - } else if len(netStatus) != 0 { - depCtr = c - } - - if depCtr != nil { - for _, status := range depCtr.getNetworkStatus() { - for _, netInt := range status.Interfaces { - for _, netAddress := range netInt.Networks { - if netAddress.Gateway != nil { - hosts += fmt.Sprintf("%s host.containers.internal\n", netAddress.Gateway.String()) + // Add gateway entry if we are not in a machine. If we use podman machine + // the gvproxy dns server will take care of host.containers.internal. + // https://github.com/containers/gvisor-tap-vsock/commit/1108ea45162281046d239047a6db9bc187e64b08 + if !c.runtime.config.Engine.MachineEnabled { + var depCtr *Container + netStatus := c.getNetworkStatus() + if c.config.NetNsCtr != "" { + // ignoring the error because there isn't anything to do + depCtr, _ = c.getRootNetNsDepCtr() + } else if len(netStatus) != 0 { + depCtr = c + } + + if depCtr != nil { + for _, status := range depCtr.getNetworkStatus() { + for _, netInt := range status.Interfaces { + for _, netAddress := range netInt.Networks { + if netAddress.Gateway != nil { + hosts += fmt.Sprintf("%s host.containers.internal\n", netAddress.Gateway.String()) + } } } } - } - } else if c.config.NetMode.IsSlirp4netns() { - gatewayIP, err := GetSlirp4netnsGateway(c.slirp4netnsSubnet) - if err != nil { - logrus.Warn("failed to determine gatewayIP: ", err.Error()) + } else if c.config.NetMode.IsSlirp4netns() { + gatewayIP, err := GetSlirp4netnsGateway(c.slirp4netnsSubnet) + if err != nil { + logrus.Warn("failed to determine gatewayIP: ", err.Error()) + } else { + hosts += fmt.Sprintf("%s host.containers.internal\n", gatewayIP.String()) + } } else { - hosts += fmt.Sprintf("%s host.containers.internal\n", gatewayIP.String()) + logrus.Debug("network configuration does not support host.containers.internal address") } - } else { - logrus.Debug("network configuration does not support host.containers.internal address") } return hosts diff --git a/libpod/container_internal_unsupported.go b/libpod/container_internal_unsupported.go deleted file mode 100644 index 125329ce5..000000000 --- a/libpod/container_internal_unsupported.go +++ /dev/null @@ -1,64 +0,0 @@ -// +build !linux - -package libpod - -import ( - "context" - - "github.com/containers/podman/v3/libpod/define" - "github.com/containers/podman/v3/pkg/lookup" - spec "github.com/opencontainers/runtime-spec/specs-go" -) - -func (c *Container) mountSHM(shmOptions string) error { - return define.ErrNotImplemented -} - -func (c *Container) unmountSHM(mount string) error { - return define.ErrNotImplemented -} - -func (c *Container) prepare() error { - return define.ErrNotImplemented -} - -func (c *Container) cleanupNetwork() error { - return define.ErrNotImplemented -} - -func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { - return nil, define.ErrNotImplemented -} - -func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointOptions) error { - return define.ErrNotImplemented -} - -func (c *Container) restore(ctx context.Context, options ContainerCheckpointOptions) error { - return define.ErrNotImplemented -} - -func (c *Container) copyOwnerAndPerms(source, dest string) error { - return nil -} - -func (c *Container) getOCICgroupPath() (string, error) { - return "", define.ErrNotImplemented -} - -func (c *Container) cleanupOverlayMounts() error { - return nil -} - -func (c *Container) reloadNetwork() error { - return define.ErrNotImplemented -} - -func (c *Container) getUserOverrides() *lookup.Overrides { - return nil -} - -// Fix ownership and permissions of the specified volume if necessary. -func (c *Container) fixVolumePermissions(v *ContainerNamedVolume) error { - return define.ErrNotImplemented -} diff --git a/libpod/container_stat_unsupported.go b/libpod/container_stat_unsupported.go deleted file mode 100644 index c002e4d32..000000000 --- a/libpod/container_stat_unsupported.go +++ /dev/null @@ -1,13 +0,0 @@ -// +build !linux - -package libpod - -import ( - "context" - - "github.com/containers/podman/v3/libpod/define" -) - -func (c *Container) stat(ctx context.Context, containerMountPoint string, containerPath string) (*define.FileInfo, string, string, error) { - return nil, "", "", nil -} diff --git a/libpod/container_top_unsupported.go b/libpod/container_top_unsupported.go deleted file mode 100644 index 1a096d248..000000000 --- a/libpod/container_top_unsupported.go +++ /dev/null @@ -1,23 +0,0 @@ -// +build !linux - -package libpod - -import "github.com/containers/podman/v3/libpod/define" - -// Top gathers statistics about the running processes in a container. It returns a -// []string for output -func (c *Container) Top(descriptors []string) ([]string, error) { - return nil, define.ErrNotImplemented -} - -// GetContainerPidInformation returns process-related data of all processes in -// the container. The output data can be controlled via the `descriptors` -// argument which expects format descriptors and supports all AIXformat -// descriptors of ps (1) plus some additional ones to for instance inspect the -// set of effective capabilities. Each element in the returned string slice -// is a tab-separated string. -// -// For more details, please refer to github.com/containers/psgo. -func (c *Container) GetContainerPidInformation(descriptors []string) ([]string, error) { - return nil, define.ErrNotImplemented -} diff --git a/libpod/container_unsupported.go b/libpod/container_unsupported.go deleted file mode 100644 index e214b9465..000000000 --- a/libpod/container_unsupported.go +++ /dev/null @@ -1,5 +0,0 @@ -// +build !linux - -package libpod - -type containerPlatformState struct{} diff --git a/libpod/events/events.go b/libpod/events/events.go index e03215eff..16dd6424e 100644 --- a/libpod/events/events.go +++ b/libpod/events/events.go @@ -6,6 +6,7 @@ import ( "os" "time" + "github.com/containers/storage/pkg/stringid" "github.com/hpcloud/tail" "github.com/pkg/errors" ) @@ -65,11 +66,15 @@ func (e *Event) ToJSONString() (string, error) { } // ToHumanReadable returns human readable event as a formatted string -func (e *Event) ToHumanReadable() string { +func (e *Event) ToHumanReadable(truncate bool) string { var humanFormat string + id := e.ID + if truncate { + id = stringid.TruncateID(id) + } switch e.Type { case Container, Pod: - humanFormat = fmt.Sprintf("%s %s %s %s (image=%s, name=%s", e.Time, e.Type, e.Status, e.ID, e.Image, e.Name) + humanFormat = fmt.Sprintf("%s %s %s %s (image=%s, name=%s", e.Time, e.Type, e.Status, id, e.Image, e.Name) // check if the container has labels and add it to the output if len(e.Attributes) > 0 { for k, v := range e.Attributes { @@ -78,9 +83,9 @@ func (e *Event) ToHumanReadable() string { } humanFormat += ")" case Network: - humanFormat = fmt.Sprintf("%s %s %s %s (container=%s, name=%s)", e.Time, e.Type, e.Status, e.ID, e.ID, e.Network) + humanFormat = fmt.Sprintf("%s %s %s %s (container=%s, name=%s)", e.Time, e.Type, e.Status, id, id, e.Network) case Image: - humanFormat = fmt.Sprintf("%s %s %s %s %s", e.Time, e.Type, e.Status, e.ID, e.Name) + humanFormat = fmt.Sprintf("%s %s %s %s %s", e.Time, e.Type, e.Status, id, e.Name) case System: humanFormat = fmt.Sprintf("%s %s %s", e.Time, e.Type, e.Status) case Volume: diff --git a/libpod/events/journal_linux.go b/libpod/events/journal_linux.go index a3e0d9754..3e16d8679 100644 --- a/libpod/events/journal_linux.go +++ b/libpod/events/journal_linux.go @@ -63,7 +63,7 @@ func (e EventJournalD) Write(ee Event) error { case Volume: m["PODMAN_NAME"] = ee.Name } - return journal.Send(string(ee.ToHumanReadable()), journal.PriInfo, m) + return journal.Send(string(ee.ToHumanReadable(false)), journal.PriInfo, m) } // Read reads events from the journal and sends qualified events to the event channel diff --git a/libpod/healthcheck_unsupported.go b/libpod/healthcheck_unsupported.go deleted file mode 100644 index 8b6a0209b..000000000 --- a/libpod/healthcheck_unsupported.go +++ /dev/null @@ -1,21 +0,0 @@ -// +build !linux - -package libpod - -import "github.com/containers/podman/v3/libpod/define" - -// createTimer systemd timers for healthchecks of a container -func (c *Container) createTimer() error { - return define.ErrNotImplemented -} - -// startTimer starts a systemd timer for the healthchecks -func (c *Container) startTimer() error { - return define.ErrNotImplemented -} - -// removeTimer removes the systemd timer and unit files -// for the container -func (c *Container) removeTimer() error { - return define.ErrNotImplemented -} diff --git a/libpod/network/cni/cni_conversion.go b/libpod/network/cni/cni_conversion.go index 060794ebe..d69dd7eb3 100644 --- a/libpod/network/cni/cni_conversion.go +++ b/libpod/network/cni/cni_conversion.go @@ -81,20 +81,24 @@ func createNetworkFromCNIConfigList(conf *libcni.NetworkConfigList, confPath str return nil, err } - case types.MacVLANNetworkDriver: - var macvlan macVLANConfig - err := json.Unmarshal(firstPlugin.Bytes, &macvlan) + case types.MacVLANNetworkDriver, types.IPVLANNetworkDriver: + var vlan VLANConfig + err := json.Unmarshal(firstPlugin.Bytes, &vlan) if err != nil { return nil, errors.Wrapf(err, "failed to unmarshal the macvlan plugin config in %s", confPath) } - network.NetworkInterface = macvlan.Master + network.NetworkInterface = vlan.Master // set network options - if macvlan.MTU != 0 { - network.Options["mtu"] = strconv.Itoa(macvlan.MTU) + if vlan.MTU != 0 { + network.Options["mtu"] = strconv.Itoa(vlan.MTU) + } + + if vlan.Mode != "" { + network.Options["mode"] = vlan.Mode } - err = convertIPAMConfToNetwork(&network, macvlan.IPAM, confPath) + err = convertIPAMConfToNetwork(&network, vlan.IPAM, confPath) if err != nil { return nil, err } @@ -207,7 +211,7 @@ func getNetworkArgsFromConfList(args map[string]interface{}, argType string) map return result } } - return nil + return map[string]string{} } // createCNIConfigListFromNetwork will create a cni config file from the given network. @@ -237,6 +241,7 @@ func (n *cniNetwork) createCNIConfigListFromNetwork(network *types.Network, writ vlan := 0 mtu := 0 + vlanPluginMode := "" for k, v := range network.Options { switch k { case "mtu": @@ -251,6 +256,21 @@ func (n *cniNetwork) createCNIConfigListFromNetwork(network *types.Network, writ return nil, "", err } + case "mode": + switch network.Driver { + case types.MacVLANNetworkDriver: + if !pkgutil.StringInSlice(v, []string{"", "bridge", "private", "vepa", "passthru"}) { + return nil, "", errors.Errorf("unknown macvlan mode %q", v) + } + case types.IPVLANNetworkDriver: + if !pkgutil.StringInSlice(v, []string{"", "l2", "l3", "l3s"}) { + return nil, "", errors.Errorf("unknown ipvlan mode %q", v) + } + default: + return nil, "", errors.Errorf("cannot set option \"mode\" with driver %q", network.Driver) + } + vlanPluginMode = v + default: return nil, "", errors.Errorf("unsupported network option %s", k) } @@ -281,7 +301,10 @@ func (n *cniNetwork) createCNIConfigListFromNetwork(network *types.Network, writ } case types.MacVLANNetworkDriver: - plugins = append(plugins, newMacVLANPlugin(network.NetworkInterface, mtu, ipamConf)) + plugins = append(plugins, newVLANPlugin(types.MacVLANNetworkDriver, network.NetworkInterface, vlanPluginMode, mtu, ipamConf)) + + case types.IPVLANNetworkDriver: + plugins = append(plugins, newVLANPlugin(types.IPVLANNetworkDriver, network.NetworkInterface, vlanPluginMode, mtu, ipamConf)) default: return nil, "", errors.Errorf("driver %q is not supported by cni", network.Driver) diff --git a/libpod/network/cni/cni_types.go b/libpod/network/cni/cni_types.go index 91fd1c27b..fbf917c2d 100644 --- a/libpod/network/cni/cni_types.go +++ b/libpod/network/cni/cni_types.go @@ -50,7 +50,7 @@ type hostLocalBridge struct { PromiscMode bool `json:"promiscMode,omitempty"` Vlan int `json:"vlan,omitempty"` IPAM ipamConfig `json:"ipam"` - Capabilities map[string]bool `json:"capabilities"` + Capabilities map[string]bool `json:"capabilities,omitempty"` } // ipamConfig describes an IPAM configuration @@ -82,13 +82,14 @@ type portMapConfig struct { Capabilities map[string]bool `json:"capabilities"` } -// macVLANConfig describes the macvlan config -type macVLANConfig struct { +// VLANConfig describes the macvlan config +type VLANConfig struct { PluginType string `json:"type"` Master string `json:"master"` IPAM ipamConfig `json:"ipam"` MTU int `json:"mtu,omitempty"` - Capabilities map[string]bool `json:"capabilities"` + Mode string `json:"mode,omitempty"` + Capabilities map[string]bool `json:"capabilities,omitempty"` } // firewallConfig describes the firewall plugin @@ -259,15 +260,18 @@ func hasDNSNamePlugin(paths []string) bool { return false } -// newMacVLANPlugin creates a macvlanconfig with a given device name -func newMacVLANPlugin(device string, mtu int, ipam ipamConfig) macVLANConfig { - m := macVLANConfig{ - PluginType: "macvlan", +// newVLANPlugin creates a macvlanconfig with a given device name +func newVLANPlugin(pluginType, device, mode string, mtu int, ipam ipamConfig) VLANConfig { + m := VLANConfig{ + PluginType: pluginType, IPAM: ipam, } if mtu > 0 { m.MTU = mtu } + if len(mode) > 0 { + m.Mode = mode + } // CNI is supposed to use the default route if a // parent device is not provided if len(device) > 0 { diff --git a/libpod/network/cni/config.go b/libpod/network/cni/config.go index d31cd3002..2a6ad8eb3 100644 --- a/libpod/network/cni/config.go +++ b/libpod/network/cni/config.go @@ -100,8 +100,8 @@ func (n *cniNetwork) networkCreate(newNetwork types.Network, defaultNet bool) (* if err != nil { return nil, err } - case types.MacVLANNetworkDriver: - err = createMacVLAN(&newNetwork) + case types.MacVLANNetworkDriver, types.IPVLANNetworkDriver: + err = createIPMACVLAN(&newNetwork) if err != nil { return nil, err } @@ -214,7 +214,7 @@ func (n *cniNetwork) NetworkInspect(nameOrID string) (types.Network, error) { return *network.libpodNet, nil } -func createMacVLAN(network *types.Network) error { +func createIPMACVLAN(network *types.Network) error { if network.Internal { return errors.New("internal is not supported with macvlan") } diff --git a/libpod/network/cni/config_test.go b/libpod/network/cni/config_test.go index 11ad71870..a0a0ea1af 100644 --- a/libpod/network/cni/config_test.go +++ b/libpod/network/cni/config_test.go @@ -250,6 +250,67 @@ var _ = Describe("Config", func() { grepInFile(path, `"type": "host-local"`) }) + It("create ipvlan config with subnet", func() { + subnet := "10.1.0.0/24" + n, _ := types.ParseCIDR(subnet) + network := types.Network{ + Driver: "ipvlan", + Subnets: []types.Subnet{ + {Subnet: n}, + }, + } + network1, err := libpodNet.NetworkCreate(network) + Expect(err).To(BeNil()) + Expect(network1.Name).ToNot(BeEmpty()) + path := filepath.Join(cniConfDir, network1.Name+".conflist") + Expect(path).To(BeARegularFile()) + Expect(network1.ID).ToNot(BeEmpty()) + Expect(network1.Driver).To(Equal("ipvlan")) + Expect(network1.Labels).To(BeEmpty()) + Expect(network1.Options).To(BeEmpty()) + Expect(network1.Subnets).To(HaveLen(1)) + Expect(network1.Subnets[0].Subnet.String()).To(Equal(subnet)) + Expect(network1.Subnets[0].Gateway.String()).To(Equal("10.1.0.1")) + Expect(network1.Subnets[0].LeaseRange).To(BeNil()) + Expect(network1.DNSEnabled).To(BeFalse()) + Expect(network1.Internal).To(BeFalse()) + Expect(network1.IPAMOptions).To(HaveKeyWithValue("driver", "host-local")) + grepInFile(path, `"type": "host-local"`) + }) + + It("create macvlan config with mode", func() { + for _, mode := range []string{"bridge", "private", "vepa", "passthru"} { + network := types.Network{ + Driver: "macvlan", + Options: map[string]string{ + "mode": mode, + }, + } + network1, err := libpodNet.NetworkCreate(network) + Expect(err).To(BeNil()) + Expect(network1.Name).ToNot(BeEmpty()) + path := filepath.Join(cniConfDir, network1.Name+".conflist") + Expect(path).To(BeARegularFile()) + Expect(network1.Driver).To(Equal("macvlan")) + Expect(network1.Options).To(HaveKeyWithValue("mode", mode)) + Expect(network1.IPAMOptions).ToNot(BeEmpty()) + Expect(network1.IPAMOptions).To(HaveKeyWithValue("driver", "dhcp")) + grepInFile(path, `"mode": "`+mode+`"`) + } + }) + + It("create macvlan config with invalid mode", func() { + network := types.Network{ + Driver: "macvlan", + Options: map[string]string{ + "mode": "test", + }, + } + _, err := libpodNet.NetworkCreate(network) + Expect(err).To(HaveOccurred()) + Expect(err.Error()).To(ContainSubstring(`unknown macvlan mode "test"`)) + }) + It("create macvlan config with invalid device", func() { network := types.Network{ Driver: "macvlan", @@ -270,6 +331,47 @@ var _ = Describe("Config", func() { Expect(err.Error()).To(ContainSubstring("internal is not supported with macvlan")) }) + It("create ipvlan config with mode", func() { + for _, mode := range []string{"l2", "l3", "l3s"} { + network := types.Network{ + Driver: "ipvlan", + Options: map[string]string{ + "mode": mode, + }, + } + network1, err := libpodNet.NetworkCreate(network) + Expect(err).To(BeNil()) + Expect(network1.Name).ToNot(BeEmpty()) + path := filepath.Join(cniConfDir, network1.Name+".conflist") + Expect(path).To(BeARegularFile()) + Expect(network1.Driver).To(Equal("ipvlan")) + Expect(network1.Options).To(HaveKeyWithValue("mode", mode)) + Expect(network1.IPAMOptions).ToNot(BeEmpty()) + Expect(network1.IPAMOptions).To(HaveKeyWithValue("driver", "dhcp")) + grepInFile(path, `"mode": "`+mode+`"`) + + // reload configs from disk + libpodNet, err = getNetworkInterface(cniConfDir, false) + Expect(err).To(BeNil()) + + network2, err := libpodNet.NetworkInspect(network1.Name) + Expect(err).To(BeNil()) + Expect(network2).To(Equal(network1)) + } + }) + + It("create ipvlan config with invalid mode", func() { + network := types.Network{ + Driver: "ipvlan", + Options: map[string]string{ + "mode": "test", + }, + } + _, err := libpodNet.NetworkCreate(network) + Expect(err).To(HaveOccurred()) + Expect(err.Error()).To(ContainSubstring(`unknown ipvlan mode "test"`)) + }) + It("create bridge with subnet", func() { subnet := "10.0.0.0/24" n, _ := types.ParseCIDR(subnet) diff --git a/libpod/network/cni/network.go b/libpod/network/cni/network.go index 46e07f780..d77e63a5d 100644 --- a/libpod/network/cni/network.go +++ b/libpod/network/cni/network.go @@ -109,7 +109,7 @@ func NewCNINetworkInterface(conf InitConfig) (types.ContainerNetwork, error) { // Drivers will return the list of supported network drivers // for this interface. func (n *cniNetwork) Drivers() []string { - return []string{types.BridgeNetworkDriver, types.MacVLANNetworkDriver} + return []string{types.BridgeNetworkDriver, types.MacVLANNetworkDriver, types.IPVLANNetworkDriver} } func (n *cniNetwork) loadNetworks() error { diff --git a/libpod/network/types/const.go b/libpod/network/types/const.go index be7ef03cf..916c6e6bf 100644 --- a/libpod/network/types/const.go +++ b/libpod/network/types/const.go @@ -7,6 +7,8 @@ const ( DefaultNetworkDriver = BridgeNetworkDriver // MacVLANNetworkDriver defines the macvlan driver MacVLANNetworkDriver = "macvlan" + // MacVLANNetworkDriver defines the macvlan driver + IPVLANNetworkDriver = "ipvlan" // IPAM drivers // HostLocalIPAMDriver store the ip diff --git a/libpod/networking_unsupported.go b/libpod/networking_unsupported.go deleted file mode 100644 index 20c27ca7f..000000000 --- a/libpod/networking_unsupported.go +++ /dev/null @@ -1,40 +0,0 @@ -// +build !linux - -package libpod - -import ( - cnitypes "github.com/containernetworking/cni/pkg/types/current" - "github.com/containers/podman/v3/libpod/define" -) - -func (r *Runtime) setupRootlessNetNS(ctr *Container) error { - return define.ErrNotImplemented -} - -func (r *Runtime) setupSlirp4netns(ctr *Container) error { - return define.ErrNotImplemented -} - -func (r *Runtime) setupNetNS(ctr *Container) error { - return define.ErrNotImplemented -} - -func (r *Runtime) teardownNetNS(ctr *Container) error { - return define.ErrNotImplemented -} - -func (r *Runtime) createNetNS(ctr *Container) error { - return define.ErrNotImplemented -} - -func (c *Container) getContainerNetworkInfo() (*define.InspectNetworkSettings, error) { - return nil, define.ErrNotImplemented -} - -func (r *Runtime) reloadContainerNetwork(ctr *Container) ([]*cnitypes.Result, error) { - return nil, define.ErrNotImplemented -} - -func getCNINetworksDir() (string, error) { - return "", define.ErrNotImplemented -} diff --git a/libpod/oci_attach_unsupported.go b/libpod/oci_attach_unsupported.go deleted file mode 100644 index 85e8b32e6..000000000 --- a/libpod/oci_attach_unsupported.go +++ /dev/null @@ -1,17 +0,0 @@ -//+build !linux - -package libpod - -import ( - "os" - - "github.com/containers/podman/v3/libpod/define" -) - -func (c *Container) attach(streams *define.AttachStreams, keys string, resize <-chan define.TerminalSize, startContainer bool, started chan bool, attachRdy chan<- bool) error { - return define.ErrNotImplemented -} - -func (c *Container) attachToExec(streams *define.AttachStreams, keys string, resize <-chan define.TerminalSize, sessionID string, startFd *os.File, attachFd *os.File) error { - return define.ErrNotImplemented -} diff --git a/libpod/oci_conmon_unsupported.go b/libpod/oci_conmon_unsupported.go deleted file mode 100644 index 4de27d663..000000000 --- a/libpod/oci_conmon_unsupported.go +++ /dev/null @@ -1,132 +0,0 @@ -// +build !linux - -package libpod - -import ( - "github.com/containers/common/pkg/config" - - "github.com/containers/podman/v3/libpod/define" -) - -const ( - osNotSupported = "Not supported on this OS" -) - -// ConmonOCIRuntime is not supported on this OS. -type ConmonOCIRuntime struct { -} - -// newConmonOCIRuntime is not supported on this OS. -func newConmonOCIRuntime(name string, paths []string, conmonPath string, runtimeFlags []string, runtimeCfg *config.Config) (OCIRuntime, error) { - return nil, define.ErrNotImplemented -} - -// Name is not supported on this OS. -func (r *ConmonOCIRuntime) Name() string { - return osNotSupported -} - -// Path is not supported on this OS. -func (r *ConmonOCIRuntime) Path() string { - return osNotSupported -} - -// CreateContainer is not supported on this OS. -func (r *ConmonOCIRuntime) CreateContainer(ctr *Container, restoreOptions *ContainerCheckpointOptions) error { - return define.ErrNotImplemented -} - -// UpdateContainerStatus is not supported on this OS. -func (r *ConmonOCIRuntime) UpdateContainerStatus(ctr *Container, useRuntime bool) error { - return define.ErrNotImplemented -} - -// StartContainer is not supported on this OS. -func (r *ConmonOCIRuntime) StartContainer(ctr *Container) error { - return define.ErrNotImplemented -} - -// KillContainer is not supported on this OS. -func (r *ConmonOCIRuntime) KillContainer(ctr *Container, signal uint, all bool) error { - return define.ErrNotImplemented -} - -// StopContainer is not supported on this OS. -func (r *ConmonOCIRuntime) StopContainer(ctr *Container, timeout uint, all bool) error { - return define.ErrNotImplemented -} - -// DeleteContainer is not supported on this OS. -func (r *ConmonOCIRuntime) DeleteContainer(ctr *Container) error { - return define.ErrNotImplemented -} - -// PauseContainer is not supported on this OS. -func (r *ConmonOCIRuntime) PauseContainer(ctr *Container) error { - return define.ErrNotImplemented -} - -// UnpauseContainer is not supported on this OS. -func (r *ConmonOCIRuntime) UnpauseContainer(ctr *Container) error { - return define.ErrNotImplemented -} - -// ExecContainer is not supported on this OS. -func (r *ConmonOCIRuntime) ExecContainer(ctr *Container, sessionID string, options *ExecOptions) (int, chan error, error) { - return -1, nil, define.ErrNotImplemented -} - -// ExecStopContainer is not supported on this OS. -func (r *ConmonOCIRuntime) ExecStopContainer(ctr *Container, sessionID string, timeout uint) error { - return define.ErrNotImplemented -} - -// CheckpointContainer is not supported on this OS. -func (r *ConmonOCIRuntime) CheckpointContainer(ctr *Container, options ContainerCheckpointOptions) error { - return define.ErrNotImplemented -} - -// SupportsCheckpoint is not supported on this OS. -func (r *ConmonOCIRuntime) SupportsCheckpoint() bool { - return false -} - -// SupportsJSONErrors is not supported on this OS. -func (r *ConmonOCIRuntime) SupportsJSONErrors() bool { - return false -} - -// SupportsNoCgroups is not supported on this OS. -func (r *ConmonOCIRuntime) SupportsNoCgroups() bool { - return false -} - -// AttachSocketPath is not supported on this OS. -func (r *ConmonOCIRuntime) AttachSocketPath(ctr *Container) (string, error) { - return "", define.ErrNotImplemented -} - -// ExecAttachSocketPath is not supported on this OS. -func (r *ConmonOCIRuntime) ExecAttachSocketPath(ctr *Container, sessionID string) (string, error) { - return "", define.ErrNotImplemented -} - -// ExitFilePath is not supported on this OS. -func (r *ConmonOCIRuntime) ExitFilePath(ctr *Container) (string, error) { - return "", define.ErrNotImplemented -} - -// RuntimeInfo is not supported on this OS. -func (r *ConmonOCIRuntime) RuntimeInfo() (*define.ConmonInfo, *define.OCIRuntimeInfo, error) { - return nil, nil, define.ErrNotImplemented -} - -// Package is not supported on this OS. -func (r *ConmonOCIRuntime) Package() string { - return osNotSupported -} - -// ConmonPackage is not supported on this OS. -func (r *ConmonOCIRuntime) ConmonPackage() string { - return osNotSupported -} diff --git a/libpod/pod_top_unsupported.go b/libpod/pod_top_unsupported.go deleted file mode 100644 index 59d2ff9a2..000000000 --- a/libpod/pod_top_unsupported.go +++ /dev/null @@ -1,10 +0,0 @@ -// +build !linux - -package libpod - -import "github.com/containers/podman/v3/libpod/define" - -// GetPodPidInformation is exclusive to linux -func (p *Pod) GetPodPidInformation(descriptors []string) ([]string, error) { - return nil, define.ErrNotImplemented -} diff --git a/libpod/runtime.go b/libpod/runtime.go index d2b3d36da..a2279e56d 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -35,6 +35,7 @@ import ( "github.com/containers/podman/v3/pkg/rootless" "github.com/containers/podman/v3/pkg/systemd" "github.com/containers/podman/v3/pkg/util" + "github.com/containers/podman/v3/utils" "github.com/containers/storage" "github.com/containers/storage/pkg/unshare" "github.com/docker/docker/pkg/namesgenerator" @@ -543,6 +544,7 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) { return err } if became { + utils.MovePauseProcessToScope(pausePid) os.Exit(ret) } } diff --git a/libpod/runtime_migrate_unsupported.go b/libpod/runtime_migrate_unsupported.go deleted file mode 100644 index a9d351318..000000000 --- a/libpod/runtime_migrate_unsupported.go +++ /dev/null @@ -1,15 +0,0 @@ -// +build !linux - -package libpod - -import ( - "context" -) - -func (r *Runtime) migrate(ctx context.Context) error { - return nil -} - -func (r *Runtime) stopPauseProcess() error { - return nil -} diff --git a/libpod/runtime_pod_unsupported.go b/libpod/runtime_pod_unsupported.go deleted file mode 100644 index 6dbcc9214..000000000 --- a/libpod/runtime_pod_unsupported.go +++ /dev/null @@ -1,18 +0,0 @@ -// +build !linux - -package libpod - -import ( - "context" - - "github.com/containers/podman/v3/libpod/define" -) - -// NewPod makes a new, empty pod -func (r *Runtime) NewPod(ctx context.Context, options ...PodCreateOption) (*Pod, error) { - return nil, define.ErrOSNotSupported -} - -func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) error { - return define.ErrOSNotSupported -} diff --git a/libpod/runtime_volume_unsupported.go b/libpod/runtime_volume_unsupported.go deleted file mode 100644 index da7ee3552..000000000 --- a/libpod/runtime_volume_unsupported.go +++ /dev/null @@ -1,21 +0,0 @@ -// +build !linux - -package libpod - -import ( - "context" - - "github.com/containers/podman/v3/libpod/define" -) - -func (r *Runtime) removeVolume(ctx context.Context, v *Volume, force bool) error { - return define.ErrNotImplemented -} - -func (r *Runtime) newVolume(ctx context.Context, options ...VolumeCreateOption) (*Volume, error) { - return nil, define.ErrNotImplemented -} - -func (r *Runtime) NewVolume(ctx context.Context, options ...VolumeCreateOption) (*Volume, error) { - return nil, define.ErrNotImplemented -} diff --git a/libpod/stats_unsupported.go b/libpod/stats_unsupported.go deleted file mode 100644 index 44a1c8d03..000000000 --- a/libpod/stats_unsupported.go +++ /dev/null @@ -1,10 +0,0 @@ -// +build !linux - -package libpod - -import "github.com/containers/podman/v3/libpod/define" - -// GetContainerStats gets the running stats for a given container -func (c *Container) GetContainerStats(previousStats *define.ContainerStats) (*define.ContainerStats, error) { - return nil, define.ErrOSNotSupported -} diff --git a/libpod/util_unsupported.go b/libpod/util_unsupported.go deleted file mode 100644 index b718d36aa..000000000 --- a/libpod/util_unsupported.go +++ /dev/null @@ -1,34 +0,0 @@ -// +build !linux - -package libpod - -import ( - "github.com/containers/podman/v3/libpod/define" - "github.com/pkg/errors" -) - -func systemdSliceFromPath(parent, name string) (string, error) { - return "", errors.Wrapf(define.ErrOSNotSupported, "cgroups are not supported on non-linux OSes") -} - -func makeSystemdCgroup(path string) error { - return errors.Wrapf(define.ErrOSNotSupported, "cgroups are not supported on non-linux OSes") -} - -func deleteSystemdCgroup(path string) error { - return errors.Wrapf(define.ErrOSNotSupported, "cgroups are not supported on non-linux OSes") -} - -func assembleSystemdCgroupName(baseSlice, newSlice string) (string, error) { - return "", errors.Wrapf(define.ErrOSNotSupported, "cgroups are not supported on non-linux OSes") -} - -// LabelVolumePath takes a mount path for a volume and gives it an -// selinux label of either shared or not -func LabelVolumePath(path string) error { - return define.ErrNotImplemented -} - -func Unmount(mount string) error { - return define.ErrNotImplemented -} diff --git a/libpod/volume_internal_unsupported.go b/libpod/volume_internal_unsupported.go deleted file mode 100644 index 77452cf22..000000000 --- a/libpod/volume_internal_unsupported.go +++ /dev/null @@ -1,15 +0,0 @@ -// +build !linux - -package libpod - -import ( - "github.com/containers/podman/v3/libpod/define" -) - -func (v *Volume) mount() error { - return define.ErrNotImplemented -} - -func (v *Volume) unmount(force bool) error { - return define.ErrNotImplemented -} diff --git a/pkg/api/handlers/compat/images_push.go b/pkg/api/handlers/compat/images_push.go index 07ff76819..8b6d3d56a 100644 --- a/pkg/api/handlers/compat/images_push.go +++ b/pkg/api/handlers/compat/images_push.go @@ -152,7 +152,7 @@ loop: // break out of for/select infinite loop case err := <-pushErrChan: if err != nil { var msg string - if errors.Cause(err) != storage.ErrImageUnknown { + if errors.Is(err, storage.ErrImageUnknown) { msg = "An image does not exist locally with the tag: " + imageName } else { msg = err.Error() diff --git a/pkg/api/handlers/compat/networks.go b/pkg/api/handlers/compat/networks.go index 28727a22b..b1456ed9e 100644 --- a/pkg/api/handlers/compat/networks.go +++ b/pkg/api/handlers/compat/networks.go @@ -224,7 +224,8 @@ func CreateNetwork(w http.ResponseWriter, r *http.Request) { // FIXME can we use the IPAM driver and options? } - network, err := runtime.Network().NetworkCreate(network) + ic := abi.ContainerEngine{Libpod: runtime} + newNetwork, err := ic.NetworkCreate(r.Context(), network) if err != nil { utils.InternalServerError(w, err) return @@ -234,7 +235,7 @@ func CreateNetwork(w http.ResponseWriter, r *http.Request) { ID string `json:"Id"` Warning []string }{ - ID: network.ID, + ID: newNetwork.ID, } utils.WriteResponse(w, http.StatusCreated, body) } diff --git a/pkg/api/handlers/libpod/networks.go b/pkg/api/handlers/libpod/networks.go index fcd8e0231..1f7f2e26c 100644 --- a/pkg/api/handlers/libpod/networks.go +++ b/pkg/api/handlers/libpod/networks.go @@ -25,7 +25,7 @@ func CreateNetwork(w http.ResponseWriter, r *http.Request) { } ic := abi.ContainerEngine{Libpod: runtime} - report, err := ic.Libpod.Network().NetworkCreate(network) + report, err := ic.NetworkCreate(r.Context(), network) if err != nil { utils.InternalServerError(w, err) return diff --git a/pkg/api/handlers/types.go b/pkg/api/handlers/types.go index b82c586ea..fedab3bb3 100644 --- a/pkg/api/handlers/types.go +++ b/pkg/api/handlers/types.go @@ -183,7 +183,8 @@ func ImageToImageSummary(l *libimage.Image) (*entities.ImageSummary, error) { } is := entities.ImageSummary{ - ID: l.ID(), + // docker adds sha256: in front of the ID + ID: "sha256:" + l.ID(), ParentId: imageData.Parent, RepoTags: imageData.RepoTags, RepoDigests: imageData.RepoDigests, diff --git a/pkg/autoupdate/autoupdate.go b/pkg/autoupdate/autoupdate.go index 894178bb9..29c234ce9 100644 --- a/pkg/autoupdate/autoupdate.go +++ b/pkg/autoupdate/autoupdate.go @@ -404,7 +404,8 @@ func newerRemoteImageAvailable(ctx context.Context, runtime *libpod.Runtime, img if err != nil { return false, err } - return img.HasDifferentDigest(ctx, remoteRef) + options := &libimage.HasDifferentDigestOptions{AuthFilePath: authfile} + return img.HasDifferentDigest(ctx, remoteRef, options) } // newerLocalImageAvailable returns true if the container and local image have different digests diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go index b916d6fc6..383e42098 100644 --- a/pkg/domain/entities/engine_container.go +++ b/pkg/domain/entities/engine_container.go @@ -59,7 +59,7 @@ type ContainerEngine interface { HealthCheckRun(ctx context.Context, nameOrID string, options HealthCheckOptions) (*define.HealthCheckResults, error) Info(ctx context.Context) (*define.Info, error) NetworkConnect(ctx context.Context, networkname string, options NetworkConnectOptions) error - NetworkCreate(ctx context.Context, network types.Network) (*NetworkCreateReport, error) + NetworkCreate(ctx context.Context, network types.Network) (*types.Network, error) NetworkDisconnect(ctx context.Context, networkname string, options NetworkDisconnectOptions) error NetworkExists(ctx context.Context, networkname string) (*BoolReport, error) NetworkInspect(ctx context.Context, namesOrIds []string, options InspectOptions) ([]types.Network, []error, error) diff --git a/pkg/domain/infra/abi/network.go b/pkg/domain/infra/abi/network.go index 45d2c6925..d792226a8 100644 --- a/pkg/domain/infra/abi/network.go +++ b/pkg/domain/infra/abi/network.go @@ -107,12 +107,15 @@ func (ic *ContainerEngine) NetworkRm(ctx context.Context, namesOrIds []string, o return reports, nil } -func (ic *ContainerEngine) NetworkCreate(ctx context.Context, network types.Network) (*entities.NetworkCreateReport, error) { +func (ic *ContainerEngine) NetworkCreate(ctx context.Context, network types.Network) (*types.Network, error) { + if util.StringInSlice(network.Name, []string{"none", "host", "bridge", "private", "slirp4netns", "container", "ns"}) { + return nil, errors.Errorf("cannot create network with name %q because it conflicts with a valid network mode", network.Name) + } network, err := ic.Libpod.Network().NetworkCreate(network) if err != nil { return nil, err } - return &entities.NetworkCreateReport{Name: network.Name}, nil + return &network, nil } // NetworkDisconnect removes a container from a given network diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go index bc98edd06..e326f26a8 100644 --- a/pkg/domain/infra/abi/system.go +++ b/pkg/domain/infra/abi/system.go @@ -3,16 +3,12 @@ package abi import ( "context" "fmt" - "io/ioutil" "net/url" "os" "os/exec" "path/filepath" - "strconv" - "strings" "github.com/containers/common/pkg/config" - "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/pkg/cgroups" "github.com/containers/podman/v3/pkg/domain/entities" @@ -72,11 +68,7 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool) if err != nil { return err } - - initCommand, err := ioutil.ReadFile("/proc/1/comm") - // On errors, default to systemd - runsUnderSystemd := err != nil || strings.TrimRight(string(initCommand), "\n") == "systemd" - + runsUnderSystemd := utils.RunsOnSystemd() unitName := fmt.Sprintf("podman-%d.scope", os.Getpid()) if runsUnderSystemd || conf.Engine.CgroupManager == config.SystemdCgroupsManager { if err := utils.RunUnderSystemdScope(os.Getpid(), "user.slice", unitName); err != nil { @@ -120,18 +112,7 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool) } became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths) - - if err := movePauseProcessToScope(ic.Libpod); err != nil { - conf, err2 := ic.Config(context.Background()) - if err2 != nil { - return err - } - if conf.Engine.CgroupManager == config.SystemdCgroupsManager { - logrus.Warnf("Failed to add pause process to systemd sandbox cgroup: %v", err) - } else { - logrus.Debugf("Failed to add pause process to systemd sandbox cgroup: %v", err) - } - } + utils.MovePauseProcessToScope(pausePidPath) if err != nil { logrus.Error(errors.Wrapf(err, "invalid internal status, try resetting the pause process with %q", os.Args[0]+" system migrate")) os.Exit(1) @@ -142,27 +123,6 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool) return nil } -func movePauseProcessToScope(r *libpod.Runtime) error { - tmpDir, err := r.TmpDir() - if err != nil { - return err - } - pausePidPath, err := util.GetRootlessPauseProcessPidPathGivenDir(tmpDir) - if err != nil { - return errors.Wrapf(err, "could not get pause process pid file path") - } - data, err := ioutil.ReadFile(pausePidPath) - if err != nil { - return errors.Wrapf(err, "cannot read pause pid file") - } - pid, err := strconv.ParseUint(string(data), 10, 0) - if err != nil { - return errors.Wrapf(err, "cannot parse pid file %s", pausePidPath) - } - - return utils.RunUnderSystemdScope(int(pid), "user.slice", "podman-pause.scope") -} - // SystemPrune removes unused data from the system. Pruning pods, containers, volumes and images. func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.SystemPruneOptions) (*entities.SystemPruneReport, error) { var systemPruneReport = new(entities.SystemPruneReport) diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go index db4e14aba..9a746d68c 100644 --- a/pkg/domain/infra/tunnel/images.go +++ b/pkg/domain/infra/tunnel/images.go @@ -165,6 +165,9 @@ func (ir *ImageEngine) Untag(ctx context.Context, nameOrID string, tags []string if t, ok := ref.(reference.Tagged); ok { tag = t.Tag() } + if t, ok := ref.(reference.Digested); ok { + tag += "@" + t.Digest().String() + } if r, ok := ref.(reference.Named); ok { repo = r.Name() } diff --git a/pkg/domain/infra/tunnel/network.go b/pkg/domain/infra/tunnel/network.go index 711c2e00c..6f227f565 100644 --- a/pkg/domain/infra/tunnel/network.go +++ b/pkg/domain/infra/tunnel/network.go @@ -62,12 +62,12 @@ func (ic *ContainerEngine) NetworkRm(ctx context.Context, namesOrIds []string, o return reports, nil } -func (ic *ContainerEngine) NetworkCreate(ctx context.Context, net types.Network) (*entities.NetworkCreateReport, error) { +func (ic *ContainerEngine) NetworkCreate(ctx context.Context, net types.Network) (*types.Network, error) { net, err := network.Create(ic.ClientCtx, &net) if err != nil { return nil, err } - return &entities.NetworkCreateReport{Name: net.Name}, nil + return &net, nil } // NetworkDisconnect removes a container from a given network diff --git a/test/apiv2/python/rest_api/test_v2_0_0_image.py b/test/apiv2/python/rest_api/test_v2_0_0_image.py index bcacaa935..58d03b149 100644 --- a/test/apiv2/python/rest_api/test_v2_0_0_image.py +++ b/test/apiv2/python/rest_api/test_v2_0_0_image.py @@ -32,6 +32,9 @@ class ImageTestCase(APITestCase): for k in required_keys: self.assertIn(k, item) + # Id should be prefixed with sha256: (#11645) + self.assertIn("sha256:",item['Id']) + def test_inspect(self): r = requests.get(self.podman_url + "/v1.40/images/alpine/json") self.assertEqual(r.status_code, 200, r.text) @@ -59,6 +62,8 @@ class ImageTestCase(APITestCase): for item in required_keys: self.assertIn(item, image) _ = parse(image["Created"]) + # Id should be prefixed with sha256: (#11645) + self.assertIn("sha256:",image['Id']) def test_delete(self): r = requests.delete(self.podman_url + "/v1.40/images/alpine?force=true") diff --git a/test/e2e/mount_test.go b/test/e2e/mount_test.go index 141d1a386..5ecd61097 100644 --- a/test/e2e/mount_test.go +++ b/test/e2e/mount_test.go @@ -169,7 +169,7 @@ var _ = Describe("Podman mount", func() { Expect(setup).Should(Exit(0)) cid := setup.OutputToString() - lmount := podmanTest.Podman([]string{"mount", "--notruncate"}) + lmount := podmanTest.Podman([]string{"mount", "--no-trunc"}) lmount.WaitWithDefaultTimeout() Expect(lmount).Should(Exit(0)) Expect(lmount.OutputToString()).To(Equal("")) @@ -178,7 +178,7 @@ var _ = Describe("Podman mount", func() { mount.WaitWithDefaultTimeout() Expect(mount).Should(Exit(0)) - lmount = podmanTest.Podman([]string{"mount", "--notruncate"}) + lmount = podmanTest.Podman([]string{"mount", "--no-trunc"}) lmount.WaitWithDefaultTimeout() Expect(lmount).Should(Exit(0)) Expect(lmount.OutputToString()).To(ContainSubstring(cid)) @@ -195,7 +195,7 @@ var _ = Describe("Podman mount", func() { Expect(setup).Should(Exit(0)) cid := setup.OutputToString() - lmount := podmanTest.Podman([]string{"mount", "--notruncate"}) + lmount := podmanTest.Podman([]string{"mount", "--no-trunc"}) lmount.WaitWithDefaultTimeout() Expect(lmount).Should(Exit(0)) Expect(lmount.OutputToString()).To(ContainSubstring(cid)) @@ -204,7 +204,7 @@ var _ = Describe("Podman mount", func() { stop.WaitWithDefaultTimeout() Expect(stop).Should(Exit(0)) - lmount = podmanTest.Podman([]string{"mount", "--notruncate"}) + lmount = podmanTest.Podman([]string{"mount", "--no-trunc"}) lmount.WaitWithDefaultTimeout() Expect(lmount).Should(Exit(0)) Expect(lmount.OutputToString()).To(Equal("")) @@ -227,7 +227,7 @@ var _ = Describe("Podman mount", func() { Expect(setup).Should(Exit(0)) cid3 := setup.OutputToString() - lmount := podmanTest.Podman([]string{"mount", "--notruncate"}) + lmount := podmanTest.Podman([]string{"mount", "--no-trunc"}) lmount.WaitWithDefaultTimeout() Expect(lmount).Should(Exit(0)) Expect(lmount.OutputToString()).To(Equal("")) @@ -236,7 +236,7 @@ var _ = Describe("Podman mount", func() { mount.WaitWithDefaultTimeout() Expect(mount).Should(Exit(0)) - lmount = podmanTest.Podman([]string{"mount", "--notruncate"}) + lmount = podmanTest.Podman([]string{"mount", "--no-trunc"}) lmount.WaitWithDefaultTimeout() Expect(lmount).Should(Exit(0)) Expect(lmount.OutputToString()).To(ContainSubstring(cid1)) @@ -247,7 +247,7 @@ var _ = Describe("Podman mount", func() { umount.WaitWithDefaultTimeout() Expect(umount).Should(Exit(0)) - lmount = podmanTest.Podman([]string{"mount", "--notruncate"}) + lmount = podmanTest.Podman([]string{"mount", "--no-trunc"}) lmount.WaitWithDefaultTimeout() Expect(lmount).Should(Exit(0)) Expect(lmount.OutputToString()).To(Equal("")) @@ -261,7 +261,7 @@ var _ = Describe("Podman mount", func() { Expect(setup).Should(Exit(0)) cid := setup.OutputToString() - lmount := podmanTest.Podman([]string{"mount", "--notruncate"}) + lmount := podmanTest.Podman([]string{"mount", "--no-trunc"}) lmount.WaitWithDefaultTimeout() Expect(lmount).Should(Exit(0)) Expect(lmount.OutputToString()).To(Equal("")) @@ -270,6 +270,7 @@ var _ = Describe("Podman mount", func() { mount.WaitWithDefaultTimeout() Expect(mount).Should(Exit(0)) + // test --notruncate alias lmount = podmanTest.Podman([]string{"mount", "--notruncate"}) lmount.WaitWithDefaultTimeout() Expect(lmount).Should(Exit(0)) diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go index d419a701d..ae9f112b5 100644 --- a/test/e2e/network_create_test.go +++ b/test/e2e/network_create_test.go @@ -343,4 +343,13 @@ var _ = Describe("Podman network create", func() { Expect(nc.OutputToString()).ToNot(ContainSubstring("dnsname")) }) + It("podman network create with invalid name", func() { + for _, name := range []string{"none", "host", "bridge", "private", "slirp4netns", "container", "ns"} { + nc := podmanTest.Podman([]string{"network", "create", name}) + nc.WaitWithDefaultTimeout() + Expect(nc).To(Exit(125)) + Expect(nc.ErrorToString()).To(ContainSubstring("cannot create network with name %q because it conflicts with a valid network mode", name)) + } + }) + }) diff --git a/test/e2e/run_cleanup_test.go b/test/e2e/run_cleanup_test.go index cfe11079d..6753fcf12 100644 --- a/test/e2e/run_cleanup_test.go +++ b/test/e2e/run_cleanup_test.go @@ -46,7 +46,7 @@ var _ = Describe("Podman run exit", func() { Expect(mount).Should(Exit(0)) Expect(mount.OutputToString()).To(ContainSubstring(cid)) - pmount := podmanTest.Podman([]string{"mount", "--notruncate"}) + pmount := podmanTest.Podman([]string{"mount", "--no-trunc"}) pmount.WaitWithDefaultTimeout() Expect(pmount).Should(Exit(0)) Expect(pmount.OutputToString()).To(ContainSubstring(cid)) @@ -64,7 +64,7 @@ var _ = Describe("Podman run exit", func() { Expect(mount).Should(Exit(0)) Expect(mount.OutputToString()).NotTo(ContainSubstring(cid)) - pmount = podmanTest.Podman([]string{"mount", "--notruncate"}) + pmount = podmanTest.Podman([]string{"mount", "--no-trunc"}) pmount.WaitWithDefaultTimeout() Expect(pmount).Should(Exit(0)) Expect(pmount.OutputToString()).NotTo(ContainSubstring(cid)) diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 8eabeba97..c7ffdaf4c 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -709,6 +709,18 @@ var _ = Describe("Podman run networking", func() { Expect(strings.Contains(run.OutputToString(), hostname)).To(BeTrue()) }) + It("podman run with pod does not add extra 127 entry to /etc/hosts", func() { + pod := "testpod" + hostname := "test-hostname" + run := podmanTest.Podman([]string{"pod", "create", "--hostname", hostname, "--name", pod}) + run.WaitWithDefaultTimeout() + Expect(run).Should(Exit(0)) + run = podmanTest.Podman([]string{"run", "--pod", pod, ALPINE, "cat", "/etc/hosts"}) + run.WaitWithDefaultTimeout() + Expect(run).Should(Exit(0)) + Expect(run.OutputToString()).ToNot(ContainSubstring("127.0.0.1 %s", hostname)) + }) + ping_test := func(netns string) { hostname := "testctr" run := podmanTest.Podman([]string{"run", netns, "--hostname", hostname, ALPINE, "ping", "-c", "1", hostname}) diff --git a/test/system/001-basic.bats b/test/system/001-basic.bats index 963c89281..888c075b8 100644 --- a/test/system/001-basic.bats +++ b/test/system/001-basic.bats @@ -57,6 +57,9 @@ function setup() { # Now untag the digest reference again. run_podman untag $IMAGE $IMAGE@$digest + + # Make sure the original image is still present (#11557). + run_podman image exists $IMAGE } # PR #7212: allow --remote anywhere before subcommand, not just as 1st flag diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 03c7984e2..0e1396fc6 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -285,21 +285,11 @@ EOF build_arg_implicit+="=$arg_implicit_value" fi - # FIXME FIXME FIXME: 2021-03-15: workaround for #9567 (slow ubuntu 2004): - # we're seeing lots of timeouts in CI. Until/unless #9567 gets fixed, - # let's get CI passing by extending the timeout when remote on ubuntu - local localtimeout=${PODMAN_TIMEOUT} - if is_remote; then - if grep -qi ubuntu /etc/os-release; then - localtimeout=$(( 2 * $localtimeout )) - fi - fi - # cd to the dir, so we test relative paths (important for podman-remote) cd $PODMAN_TMPDIR export arg_explicit="THIS SHOULD BE OVERRIDDEN BY COMMAND LINE!" export arg_implicit=${arg_implicit_value} - PODMAN_TIMEOUT=$localtimeout run_podman ${MOUNTS_CONF} build \ + run_podman ${MOUNTS_CONF} build \ --build-arg arg_explicit=${arg_explicit_value} \ $build_arg_implicit \ --dns-search $nosuchdomain \ @@ -456,16 +446,24 @@ Labels.$label_name | $label_value @test "podman build - COPY with ignore" { local tmpdir=$PODMAN_TMPDIR/build-test-$(random_string 10) - mkdir -p $tmpdir/subdir + mkdir -p $tmpdir/subdir{1,2} # Create a bunch of files. Declare this as an array to avoid duplication # because we iterate over that list below, checking for each file. # A leading "-" indicates that the file SHOULD NOT exist in the built image + # + # Weird side effect of Buildah 3486, relating to subdirectories and + # wildcard patterns. See that PR for details, it's way too confusing + # to explain in a comment. local -a files=( -test1 -test1.txt test2 test2.txt - -subdir/sub1 -subdir/sub1.txt - -subdir/sub2 -subdir/sub2.txt + subdir1/sub1 subdir1/sub1.txt + -subdir1/sub2 -subdir1/sub2.txt + subdir1/sub3 subdir1/sub3.txt + -subdir2/sub1 -subdir2/sub1.txt + -subdir2/sub2 -subdir2/sub2.txt + -subdir2/sub3 -subdir2/sub3.txt this-file-does-not-match-anything-in-ignore-file comment ) @@ -492,8 +490,10 @@ EOF # comment test* !test2* -subdir +subdir1 +subdir2 !*/sub1* +!subdir1/sub3* EOF # Build an image. For .dockerignore diff --git a/test/system/090-events.bats b/test/system/090-events.bats index 22edaeee9..1fb542ccd 100644 --- a/test/system/090-events.bats +++ b/test/system/090-events.bats @@ -25,6 +25,23 @@ load helpers is "$output" "$expect" "filtering just by label" } +@test "truncate events" { + cname=test-$(random_string 30 | tr A-Z a-z) + labelname=$(random_string 10) + labelvalue=$(random_string 15) + + run_podman run -d --name=$cname --rm $IMAGE echo hi + id="$output" + + expect="$id" + run_podman events --filter container=$cname --filter event=start --stream=false + is "$output" ".* $id " "filtering by container name full id" + + truncID=$(expr substr "$id" 1 12) + run_podman events --filter container=$cname --filter event=start --stream=false --no-trunc=false + is "$output" ".* $truncID " "filtering by container name trunc id" +} + @test "image events" { skip_if_remote "remote does not support --events-backend" pushedDir=$PODMAN_TMPDIR/dir diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats index f6dc3f0af..e21be9ea4 100644 --- a/test/system/160-volumes.bats +++ b/test/system/160-volumes.bats @@ -21,8 +21,6 @@ function teardown() { # Simple volume tests: share files between host and container @test "podman run --volumes : basic" { - skip_if_remote "volumes cannot be shared across hosts" - run_podman volume list --noheading is "$output" "" "baseline: empty results from list --noheading" @@ -192,9 +190,12 @@ EOF run_podman volume create my_vol run_podman run --rm -v my_vol:/data $IMAGE sh -c "echo hello >> /data/test" run_podman volume create my_vol2 - run_podman volume export my_vol --output=hello.tar + + tarfile=hello$(random_string | tr A-Z a-z).tar + run_podman volume export my_vol --output=$tarfile # we want to use `run_podman volume export my_vol` but run_podman is wrapping EOF - cat hello.tar | run_podman volume import my_vol2 - + run_podman volume import my_vol2 - < $tarfile + rm -f $tarfile run_podman run --rm -v my_vol2:/data $IMAGE sh -c "cat /data/test" is "$output" "hello" "output from second container" run_podman volume rm my_vol diff --git a/utils/utils.go b/utils/utils.go index 2e415130e..b08630d2f 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -4,12 +4,15 @@ import ( "bytes" "fmt" "io" + "io/ioutil" "os" "os/exec" "strconv" "strings" + "sync" "github.com/containers/podman/v3/libpod/define" + "github.com/containers/podman/v3/pkg/cgroups" "github.com/containers/storage/pkg/archive" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -155,3 +158,47 @@ func RemoveScientificNotationFromFloat(x float64) (float64, error) { } return result, nil } + +var ( + runsOnSystemdOnce sync.Once + runsOnSystemd bool +) + +// RunsOnSystemd returns whether the system is using systemd +func RunsOnSystemd() bool { + runsOnSystemdOnce.Do(func() { + initCommand, err := ioutil.ReadFile("/proc/1/comm") + // On errors, default to systemd + runsOnSystemd = err != nil || strings.TrimRight(string(initCommand), "\n") == "systemd" + }) + return runsOnSystemd +} + +func moveProcessToScope(pidPath, slice, scope string) error { + data, err := ioutil.ReadFile(pidPath) + if err != nil { + return errors.Wrapf(err, "cannot read pid file %s", pidPath) + } + pid, err := strconv.ParseUint(string(data), 10, 0) + if err != nil { + return errors.Wrapf(err, "cannot parse pid file %s", pidPath) + } + return RunUnderSystemdScope(int(pid), slice, scope) +} + +// MovePauseProcessToScope moves the pause process used for rootless mode to keep the namespaces alive to +// a separate scope. +func MovePauseProcessToScope(pausePidPath string) { + err := moveProcessToScope(pausePidPath, "user.slice", "podman-pause.scope") + if err != nil { + unified, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + logrus.Warnf("Failed to detect if running with cgroup unified: %v", err) + } + if RunsOnSystemd() && unified { + logrus.Warnf("Failed to add pause process to systemd sandbox cgroup: %v", err) + } else { + logrus.Debugf("Failed to add pause process to systemd sandbox cgroup: %v", err) + } + } +} diff --git a/utils/utils_supported.go b/utils/utils_supported.go index ebc870d26..1404e3194 100644 --- a/utils/utils_supported.go +++ b/utils/utils_supported.go @@ -47,10 +47,10 @@ func RunUnderSystemdScope(pid int, slice string, unitName string) error { // On errors check if the cgroup already exists, if it does move the process there if props, err := conn.GetUnitTypeProperties(unitName, "Scope"); err == nil { if cgroup, ok := props["ControlGroup"].(string); ok && cgroup != "" { - if err := moveUnderCgroup(cgroup, "", []uint32{uint32(pid)}); err != nil { - return err + if err := moveUnderCgroup(cgroup, "", []uint32{uint32(pid)}); err == nil { + return nil } - return nil + // On errors return the original error message we got from StartTransientUnit. } } return err diff --git a/vendor/github.com/containers/common/libimage/image.go b/vendor/github.com/containers/common/libimage/image.go index ff7d546e9..8456d5280 100644 --- a/vendor/github.com/containers/common/libimage/image.go +++ b/vendor/github.com/containers/common/libimage/image.go @@ -715,10 +715,18 @@ func (i *Image) Size() (int64, error) { return i.runtime.store.ImageSize(i.ID()) } +// HasDifferentDigestOptions allows for customizing the check if another +// (remote) image has a different digest. +type HasDifferentDigestOptions struct { + // containers-auth.json(5) file to use when authenticating against + // container registries. + AuthFilePath string +} + // HasDifferentDigest returns true if the image specified by `remoteRef` has a // different digest than the local one. This check can be useful to check for // updates on remote registries. -func (i *Image) HasDifferentDigest(ctx context.Context, remoteRef types.ImageReference) (bool, error) { +func (i *Image) HasDifferentDigest(ctx context.Context, remoteRef types.ImageReference, options *HasDifferentDigestOptions) (bool, error) { // We need to account for the arch that the image uses. It seems // common on ARM to tweak this option to pull the correct image. See // github.com/containers/podman/issues/6613. @@ -738,6 +746,14 @@ func (i *Image) HasDifferentDigest(ctx context.Context, remoteRef types.ImageRef sys.VariantChoice = inspectInfo.Variant } + if options != nil && options.AuthFilePath != "" { + sys.AuthFilePath = options.AuthFilePath + } + + return i.hasDifferentDigestWithSystemContext(ctx, remoteRef, sys) +} + +func (i *Image) hasDifferentDigestWithSystemContext(ctx context.Context, remoteRef types.ImageReference, sys *types.SystemContext) (bool, error) { remoteImg, err := remoteRef.NewImage(ctx, sys) if err != nil { return false, err diff --git a/vendor/github.com/containers/common/libimage/pull.go b/vendor/github.com/containers/common/libimage/pull.go index 8712a13fd..1c322c37e 100644 --- a/vendor/github.com/containers/common/libimage/pull.go +++ b/vendor/github.com/containers/common/libimage/pull.go @@ -561,7 +561,7 @@ func (r *Runtime) copySingleImageFromRegistry(ctx context.Context, imageName str } if pullPolicy == config.PullPolicyNewer && localImage != nil { - isNewer, err := localImage.HasDifferentDigest(ctx, srcRef) + isNewer, err := localImage.hasDifferentDigestWithSystemContext(ctx, srcRef, c.systemContext) if err != nil { pullErrors = append(pullErrors, err) continue diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go index b982aa552..c1f63577a 100644 --- a/vendor/github.com/containers/common/pkg/config/config.go +++ b/vendor/github.com/containers/common/pkg/config/config.go @@ -335,7 +335,7 @@ type EngineConfig struct { // ActiveService index to Destinations added v2.0.3 ActiveService string `toml:"active_service,omitempty"` - // Destinations mapped by service Names + // ServiceDestinations mapped by service Names ServiceDestinations map[string]Destination `toml:"service_destinations,omitempty"` // RuntimePath is the path to OCI runtime binary for launching containers. @@ -379,6 +379,10 @@ type EngineConfig struct { // containers/storage. As such this is not exposed via the config file. StateType RuntimeStateStore `toml:"-"` + // ServiceTimeout is the number of seconds to wait without a connection + // before the `podman system service` times out and exits + ServiceTimeout uint `toml:"service_timeout,omitempty"` + // StaticDir is the path to a persistent directory to store container // files. StaticDir string `toml:"static_dir,omitempty"` diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index dc38f8ec6..7c72ec79f 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -422,7 +422,7 @@ default_sysctls = [ # Default options to pass to the slirp4netns binary. # For example "allow_host_loopback=true" # -#network_cmd_options = [] +#network_cmd_options = ["enable_ipv6=true",] # Whether to use chroot instead of pivot_root in the runtime # @@ -466,6 +466,11 @@ default_sysctls = [ # container/storage tmp directory will be used. # image_copy_tmp_dir="/var/tmp" +# Number of seconds to wait without a connection +# before the `podman system service` times out and exits +# +#service_timeout = 5 + # Directory for persistent engine files (database, etc) # By default, this will be configured relative to where the containers/storage # stores containers diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index 5ce73bd2a..a3fdc9529 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -257,8 +257,11 @@ func defaultConfigFromMemory() (*EngineConfig, error) { c.ImageBuildFormat = "oci" c.CgroupManager = defaultCgroupManager() + c.ServiceTimeout = uint(5) c.StopTimeout = uint(10) - + c.NetworkCmdOptions = []string{ + "enable_ipv6=true", + } c.Remote = isRemote() c.OCIRuntimes = map[string][]string{ "crun": { diff --git a/vendor/github.com/mitchellh/mapstructure/CHANGELOG.md b/vendor/github.com/mitchellh/mapstructure/CHANGELOG.md index 1955f2878..9fe803a5e 100644 --- a/vendor/github.com/mitchellh/mapstructure/CHANGELOG.md +++ b/vendor/github.com/mitchellh/mapstructure/CHANGELOG.md @@ -1,6 +1,12 @@ -## unreleased +## 1.4.2 -* Fix regression where `*time.Time` value would be set to empty and not be sent +* Custom name matchers to support any sort of casing, formatting, etc. for + field names. [GH-250] +* Fix possible panic in ComposeDecodeHookFunc [GH-251] + +## 1.4.1 + +* Fix regression where `*time.Time` value would be set to empty and not be sent to decode hooks properly [GH-232] ## 1.4.0 diff --git a/vendor/github.com/mitchellh/mapstructure/decode_hooks.go b/vendor/github.com/mitchellh/mapstructure/decode_hooks.go index 92e6f76ff..4d4bbc733 100644 --- a/vendor/github.com/mitchellh/mapstructure/decode_hooks.go +++ b/vendor/github.com/mitchellh/mapstructure/decode_hooks.go @@ -62,7 +62,8 @@ func DecodeHookExec( func ComposeDecodeHookFunc(fs ...DecodeHookFunc) DecodeHookFunc { return func(f reflect.Value, t reflect.Value) (interface{}, error) { var err error - var data interface{} + data := f.Interface() + newFrom := f for _, f1 := range fs { data, err = DecodeHookExec(f1, newFrom, t) diff --git a/vendor/github.com/mitchellh/mapstructure/mapstructure.go b/vendor/github.com/mitchellh/mapstructure/mapstructure.go index 3643901f5..dcee0f2d6 100644 --- a/vendor/github.com/mitchellh/mapstructure/mapstructure.go +++ b/vendor/github.com/mitchellh/mapstructure/mapstructure.go @@ -192,7 +192,7 @@ type DecodeHookFuncType func(reflect.Type, reflect.Type, interface{}) (interface // source and target types. type DecodeHookFuncKind func(reflect.Kind, reflect.Kind, interface{}) (interface{}, error) -// DecodeHookFuncRaw is a DecodeHookFunc which has complete access to both the source and target +// DecodeHookFuncValue is a DecodeHookFunc which has complete access to both the source and target // values. type DecodeHookFuncValue func(from reflect.Value, to reflect.Value) (interface{}, error) @@ -258,6 +258,11 @@ type DecoderConfig struct { // The tag name that mapstructure reads for field names. This // defaults to "mapstructure" TagName string + + // MatchName is the function used to match the map key to the struct + // field name or tag. Defaults to `strings.EqualFold`. This can be used + // to implement case-sensitive tag values, support snake casing, etc. + MatchName func(mapKey, fieldName string) bool } // A Decoder takes a raw interface value and turns it into structured @@ -376,6 +381,10 @@ func NewDecoder(config *DecoderConfig) (*Decoder, error) { config.TagName = "mapstructure" } + if config.MatchName == nil { + config.MatchName = strings.EqualFold + } + result := &Decoder{ config: config, } @@ -1340,7 +1349,7 @@ func (d *Decoder) decodeStructFromMap(name string, dataVal, val reflect.Value) e continue } - if strings.EqualFold(mK, fieldName) { + if d.config.MatchName(mK, fieldName) { rawMapKey = dataValKey rawMapVal = dataVal.MapIndex(dataValKey) break diff --git a/vendor/modules.txt b/vendor/modules.txt index 324487b7c..5e82b9977 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -94,7 +94,7 @@ github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.44.1-0.20210914173811-fcaa2e0de285 +# github.com/containers/common v0.44.1-0.20210920093543-bf187ada7d0e github.com/containers/common/libimage github.com/containers/common/libimage/manifests github.com/containers/common/pkg/apparmor @@ -432,7 +432,7 @@ github.com/matttproud/golang_protobuf_extensions/pbutil github.com/miekg/pkcs11 # github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible github.com/mistifyio/go-zfs -# github.com/mitchellh/mapstructure v1.4.1 +# github.com/mitchellh/mapstructure v1.4.2 github.com/mitchellh/mapstructure # github.com/moby/sys/mount v0.2.0 github.com/moby/sys/mount |