diff options
31 files changed, 122 insertions, 368 deletions
diff --git a/docs/requirements.txt b/docs/requirements.txt index 84e7ec6a5..3ba6d658f 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,6 +1,4 @@ # requirements file for readthedocs pip installs # use md instead of rst -recommonmark -# needed for markdown table support -sphinx-markdown-tables +myst_parser diff --git a/docs/source/Commands.rst b/docs/source/Commands.rst index 767b09c08..2911efe18 100644 --- a/docs/source/Commands.rst +++ b/docs/source/Commands.rst @@ -13,7 +13,7 @@ Commands :doc:`commit <markdown/podman-commit.1>` Create new image based on the changed container -:doc:`container <managecontainers>` Manage Containers +:doc:`container <markdown/podman-container.1>` Manage Containers :doc:`cp <markdown/podman-cp.1>` Copy files/folders between a container and the local filesystem @@ -27,13 +27,13 @@ Commands :doc:`export <markdown/podman-export.1>` Export container's filesystem contents as a tar archive -:doc:`generate <generate>` Generated structured data +:doc:`generate <markdown/podman-generate.1>` Generated structured data -:doc:`healthcheck <healthcheck>` Manage Healthcheck +:doc:`healthcheck <markdown/podman-healthcheck.1>` Manage Healthcheck :doc:`history <markdown/podman-history.1>` Show history of a specified image -:doc:`image <image>` Manage images +:doc:`image <markdown/podman-image.1>` Manage images :doc:`images <markdown/podman-images.1>` List images in local storage @@ -55,19 +55,19 @@ Commands :doc:`logs <markdown/podman-logs.1>` Fetch the logs of a container -:doc:`machine <machine>` Manage podman's virtual machine +:doc:`machine <markdown/podman-machine.1>` Manage podman's virtual machine -:doc:`manifest <manifest>` Create and manipulate manifest lists and image indexes +:doc:`manifest <markdown/podman-manifest.1>` Create and manipulate manifest lists and image indexes :doc:`mount <markdown/podman-mount.1>` Mount a working container's root filesystem -:doc:`network <network>` Manage Networks +:doc:`network <markdown/podman-network.1>` Manage Networks :doc:`pause <markdown/podman-pause.1>` Pause all the processes in one or more containers -:doc:`play <play>` Play a pod +:doc:`play <markdown/podman-play.1>` Play a pod -:doc:`pod <pod>` Manage pods +:doc:`pod <markdown/podman-pod.1>` Manage pods :doc:`port <markdown/podman-port.1>` List port mappings or a specific mapping for the container @@ -91,7 +91,7 @@ Commands :doc:`search <markdown/podman-search.1>` Search registry for image -:doc:`secret <secret>` Manage podman secrets +:doc:`secret <markdown/podman-secret.1>` Manage podman secrets :doc:`start <markdown/podman-start.1>` Start one or more containers @@ -99,7 +99,7 @@ Commands :doc:`stop <markdown/podman-stop.1>` Stop one or more containers -:doc:`system <system>` Manage podman +:doc:`system <markdown/podman-system.1>` Manage podman :doc:`tag <markdown/podman-tag.1>` Add an additional name to a local image @@ -115,6 +115,6 @@ Commands :doc:`version <markdown/podman-version.1>` Display the Podman Version Information -:doc:`volume <volume>` Manage volumes +:doc:`volume <markdown/podman-volume.1>` Manage volumes :doc:`wait <markdown/podman-wait.1>` Block on one or more containers diff --git a/docs/source/conf.py b/docs/source/conf.py index 8210022f2..7684dd3f7 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -15,7 +15,6 @@ # sys.path.insert(0, os.path.abspath('.')) import re -from recommonmark.transform import AutoStructify # -- Project information ----------------------------------------------------- @@ -29,7 +28,7 @@ author = "team" # Add any Sphinx extension module names here, as strings. They can be # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom # ones. -extensions = ["sphinx_markdown_tables", "recommonmark"] +extensions = ["myst_parser"] # Add any paths that contain templates here, relative to this directory. templates_path = ["_templates"] @@ -63,27 +62,18 @@ html_css_files = [ # -- Extension configuration ------------------------------------------------- +# IMPORTANT: explicitly unset the extensions, by default dollarmath is enabled. +# We use the dollar sign as text and do not want it to be interpreted as math expression. +myst_enable_extensions = [] + def convert_markdown_title(app, docname, source): # Process markdown files only docpath = app.env.doc2path(docname) if docpath.endswith(".md"): - # Convert pandoc title line into eval_rst block for recommonmark - source[0] = re.sub(r"^% (.*)", r"```eval_rst\n.. title:: \g<1>\n```", source[0]) + # Convert pandoc title line into eval_rst block for myst_parser + source[0] = re.sub(r"^% (.*)", r"```{title} \g<1>\n```", source[0]) def setup(app): app.connect("source-read", convert_markdown_title) - - app.add_config_value( - "recommonmark_config", - { - "enable_eval_rst": True, - "enable_auto_doc_ref": False, - "enable_auto_toc_tree": False, - "enable_math": False, - "enable_inline_math": False, - }, - True, - ) - app.add_transform(AutoStructify) diff --git a/docs/source/connection.rst b/docs/source/connection.rst deleted file mode 100644 index 64eb18c57..000000000 --- a/docs/source/connection.rst +++ /dev/null @@ -1,12 +0,0 @@ -Manage the destination(s) for Podman service(s) -================= - -:doc:`add <markdown/podman-system-connection-add.1>` Record destination for the Podman service - -:doc:`default <markdown/podman-system-connection-default.1>` Set named destination as default for the Podman service - -:doc:`list <markdown/podman-system-connection-list.1>` List the destination for the Podman service(s) - -:doc:`remove <markdown/podman-system-connection-remove.1>` Delete named destination - -:doc:`rename <markdown/podman-system-connection-rename.1>` Rename the destination for Podman service diff --git a/docs/source/generate.rst b/docs/source/generate.rst deleted file mode 100644 index fd267ce62..000000000 --- a/docs/source/generate.rst +++ /dev/null @@ -1,6 +0,0 @@ -Generate -======== - -:doc:`kube <markdown/podman-generate-kube.1>` Generate Kubernetes pod YAML from a container or pod - -:doc:`systemd <markdown/podman-generate-systemd.1>` Generate a systemd unit file for a Podman container diff --git a/docs/source/healthcheck.rst b/docs/source/healthcheck.rst deleted file mode 100644 index 2e2f88fbc..000000000 --- a/docs/source/healthcheck.rst +++ /dev/null @@ -1,4 +0,0 @@ -HealthCheck -=========== - -:doc:`run <markdown/podman-healthcheck-run.1>` run the health check of a container diff --git a/docs/source/image.rst b/docs/source/image.rst deleted file mode 100644 index 0987a0149..000000000 --- a/docs/source/image.rst +++ /dev/null @@ -1,47 +0,0 @@ -Image -===== - - -:doc:`build <markdown/podman-build.1>` Build an image using instructions from Containerfiles - -:doc:`diff <markdown/podman-image-diff.1>` Inspect changes on an image's filesystem - -:doc:`exists <markdown/podman-image-exists.1>` Check if an image exists in local storage - -:doc:`history <markdown/podman-history.1>` Show history of a specified image - -:doc:`import <markdown/podman-import.1>` Import a tarball to create a filesystem image - -:doc:`inspect <markdown/podman-inspect.1>` Display the configuration of an image - -:doc:`list <markdown/podman-images.1>` List images in local storage - -:doc:`load <markdown/podman-load.1>` Load an image from container archive - -:doc:`mount <markdown/podman-image-mount.1>` Mount an image's root filesystem. - -:doc:`prune <markdown/podman-image-prune.1>` Remove unused images - -:doc:`pull <markdown/podman-pull.1>` Pull an image from a registry - -:doc:`push <markdown/podman-push.1>` Push an image to a specified destination - -:doc:`rm <markdown/podman-rmi.1>` Removes one or more images from local storage - -:doc:`save <markdown/podman-save.1>` Save image to an archive - -:doc:`scp <markdown/podman-image-scp.1>` Securely copy an image from one host to another - -:doc:`search <markdown/podman-search.1>` Search a registry for an image - -:doc:`sign <markdown/podman-image-sign.1>` Sign an image - -:doc:`tag <markdown/podman-tag.1>` Add an additional name to a local image - -:doc:`tree <markdown/podman-image-tree.1>` Prints layer hierarchy of an image in a tree format - -:doc:`trust <markdown/podman-image-trust.1>` Manage container image trust policy - -:doc:`unmount <markdown/podman-image-unmount.1>` Unmount an image's root filesystem - -:doc:`untag <markdown/podman-untag.1>` Removes one or more names from a locally-stored image diff --git a/docs/source/machine.rst b/docs/source/machine.rst deleted file mode 100644 index 3962fca99..000000000 --- a/docs/source/machine.rst +++ /dev/null @@ -1,15 +0,0 @@ -Machine -====== - - -:doc:`init <markdown/podman-machine-init.1>` Initialize a new virtual machine - -:doc:`list <markdown/podman-machine-list.1>` List virtual machines - -:doc:`rm <markdown/podman-machine-rm.1>` Remove a virtual machine - -:doc:`ssh <markdown/podman-machine-ssh.1>` SSH into a virtual machine - -:doc:`start <markdown/podman-machine-start.1>` Start a virtual machine - -:doc:`stop <markdown/podman-machine-stop.1>` Stop a virtual machine diff --git a/docs/source/managecontainers.rst b/docs/source/managecontainers.rst deleted file mode 100644 index 9b3978f25..000000000 --- a/docs/source/managecontainers.rst +++ /dev/null @@ -1,68 +0,0 @@ -Manage Containers -================= - -:doc:`attach <markdown/podman-attach.1>` Attach to a running container - -:doc:`checkpoint <markdown/podman-container-checkpoint.1>` Checkpoints one or more containers - -:doc:`cleanup <markdown/podman-container-cleanup.1>` Cleanup network and mountpoints of one or more containers - -:doc:`commit <markdown/podman-commit.1>` Create new image based on the changed container - -:doc:`cp <markdown/podman-cp.1>` Copy files/folders between a container and the local filesystem - -:doc:`create <markdown/podman-create.1>` Create but do not start a container - -:doc:`diff <markdown/podman-diff.1>` Inspect changes on container's file systems - -:doc:`exec <markdown/podman-exec.1>` Run a process in a running container - -:doc:`exists <markdown/podman-container-exists.1>` Check if a container exists in local storage - -:doc:`export <markdown/podman-export.1>` Export container's filesystem contents as a tar archive - -:doc:`init <markdown/podman-init.1>` Initialize one or more containers - -:doc:`inspect <markdown/podman-inspect.1>` Display the configuration of a container or image - -:doc:`kill <markdown/podman-kill.1>` Kill one or more running containers with a specific signal - -:doc:`list <markdown/podman-ps.1>` List containers - -:doc:`logs <markdown/podman-logs.1>` Fetch the logs of a container - -:doc:`mount <markdown/podman-mount.1>` Mount a working container's root filesystem - -:doc:`pause <markdown/podman-pause.1>` Pause all the processes in one or more containers - -:doc:`port <markdown/podman-port.1>` List port mappings or a specific mapping for the container - -:doc:`prune <markdown/podman-container-prune.1>` Remove all stopped containers - -:doc:`ps <markdown/podman-ps.1>` List containers - -:doc:`rename <markdown/podman-rename.1>` Rename an existing container - -:doc:`restart <markdown/podman-restart.1>` Restart one or more containers - -:doc:`restore <markdown/podman-container-restore.1>` Restores one or more containers from a checkpoint - -:doc:`rm <markdown/podman-rm.1>` Remove one or more containers - -:doc:`run <markdown/podman-run.1>` Run a command in a new container - -:doc:`runlabel <markdown/podman-container-runlabel.1>` Execute the command described by an image label - -:doc:`start <markdown/podman-start.1>` Start one or more containers - -:doc:`stats <markdown/podman-stats.1>` Display a live stream of container resource usage statistics - -:doc:`stop <markdown/podman-stop.1>` Stop one or more containers - -:doc:`top <markdown/podman-top.1>` Display the running processes of a container - -:doc:`unmount <markdown/podman-unmount.1>` Unmounts working container's root filesystem - -:doc:`unpause <markdown/podman-unpause.1>` Unpause the processes in one or more containers - -:doc:`wait <markdown/podman-wait.1>` Block on one or more containers diff --git a/docs/source/manifest.rst b/docs/source/manifest.rst deleted file mode 100644 index f0a06c2c7..000000000 --- a/docs/source/manifest.rst +++ /dev/null @@ -1,18 +0,0 @@ -Create and manipulate manifest lists and image indexes -================= - -:doc:`add <markdown/podman-manifest-add.1>` Add an image to a manifest list or image index - -:doc:`annotate <markdown/podman-manifest-annotate.1>` Add or update information about an entry in a manifest list or image index - -:doc:`create <markdown/podman-manifest-create.1>` Create a manifest list or image index - -:doc:`exists <markdown/podman-manifest-exists.1>` Check if the given manifest list exists in local storage - -:doc:`inspect <markdown/podman-manifest-inspect.1>` Display a manifest list or image index - -:doc:`push <markdown/podman-manifest-push.1>` Push a manifest list or image index to a registry - -:doc:`remove <markdown/podman-manifest-remove.1>` Remove an image from a manifest list or image index - -:doc:`rm <markdown/podman-manifest-rm.1>` Remove manifest list or image index from local storage diff --git a/docs/source/markdown/podman-inspect.1.md b/docs/source/markdown/podman-inspect.1.md index bfd0cea3d..ae26c1bbb 100644 --- a/docs/source/markdown/podman-inspect.1.md +++ b/docs/source/markdown/podman-inspect.1.md @@ -13,14 +13,10 @@ all results in a JSON array. If the inspect type is all, the order of inspection So, if a container has the same name as an image, then the container JSON will be returned, and so on. If a format is specified, the given template will be executed for each result. -For more inspection options, see: - - podman container inspect - podman image inspect - podman network inspect - podman pod inspect - podman volume inspect - +For more inspection options, see also +[podman-network-inspect(1)](podman-network-inspect.1.md), +[podman-pod-inspect(1)](podman-pod-inspect.1.md), and +[podman-volume-inspect(1)](podman-volume-inspect.1.md). ## OPTIONS diff --git a/docs/source/markdown/podman-pull.1.md b/docs/source/markdown/podman-pull.1.md index be89d84af..7fd9732d6 100644 --- a/docs/source/markdown/podman-pull.1.md +++ b/docs/source/markdown/podman-pull.1.md @@ -234,7 +234,7 @@ Storing signatures ``` ## SEE ALSO -**[podman(1)](podman.1.md)**, **[podman-push(1)](podman-push.1.md)**, **[podman-login(1)](podman-login.1.md)**, **[containers-certs.d(5](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)**, **[containers-registries.conf(5)](https://github.com/containers/image/blob/main/docs/containers-registries.d.5.md)**, **[containers-transports(5)](https://github.com/containers/image/blob/main/docs/containers-transports.5.md)** +**[podman(1)](podman.1.md)**, **[podman-push(1)](podman-push.1.md)**, **[podman-login(1)](podman-login.1.md)**, **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)**, **[containers-registries.conf(5)](https://github.com/containers/image/blob/main/docs/containers-registries.d.5.md)**, **[containers-transports(5)](https://github.com/containers/image/blob/main/docs/containers-transports.5.md)** ## HISTORY July 2017, Originally compiled by Urvashi Mohnani <umohnani@redhat.com> diff --git a/docs/source/markdown/podman-search.1.md b/docs/source/markdown/podman-search.1.md index b30e25cee..d541e5c93 100644 --- a/docs/source/markdown/podman-search.1.md +++ b/docs/source/markdown/podman-search.1.md @@ -169,7 +169,7 @@ Note: This works only with registries that implement the v2 API. If tried with a **registries.conf** (`/etc/containers/registries.conf`) - registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. +registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. ## SEE ALSO podman(1), containers-registries.conf(5) diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md index dc0b8f1a1..8b5f385cb 100644 --- a/docs/source/markdown/podman.1.md +++ b/docs/source/markdown/podman.1.md @@ -276,7 +276,7 @@ the exit codes follow the `chroot` standard, see below: **containers.conf** (`/usr/share/containers/containers.conf`, `/etc/containers/containers.conf`, `$HOME/.config/containers/containers.conf`) - Podman has builtin defaults for command line options. These defaults can be overridden using the containers.conf configuration files. +Podman has builtin defaults for command line options. These defaults can be overridden using the containers.conf configuration files. Distributions ship the `/usr/share/containers/containers.conf` file with their default settings. Administrators can override fields in this file by creating the `/etc/containers/containers.conf` file. Users can further modify defaults by creating the `$HOME/.config/containers/containers.conf` file. Podman merges its builtin defaults with the specified fields from these files, if they exist. Fields specified in the users file override the administrator's file, which overrides the distribution's file, which override the built-in defaults. @@ -286,31 +286,31 @@ If the **CONTAINERS_CONF** environment variable is set, then its value is used f **mounts.conf** (`/usr/share/containers/mounts.conf`) - The mounts.conf file specifies volume mount directories that are automatically mounted inside containers when executing the `podman run` or `podman start` commands. Administrators can override the defaults file by creating `/etc/containers/mounts.conf`. +The mounts.conf file specifies volume mount directories that are automatically mounted inside containers when executing the `podman run` or `podman start` commands. Administrators can override the defaults file by creating `/etc/containers/mounts.conf`. When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.conf` will override the default if it exists. Please refer to containers-mounts.conf(5) for further details. **policy.json** (`/etc/containers/policy.json`) - Signature verification policy files are used to specify policy, e.g. trusted keys, applicable when deciding whether to accept an image, or individual signatures of that image, as valid. +Signature verification policy files are used to specify policy, e.g. trusted keys, applicable when deciding whether to accept an image, or individual signatures of that image, as valid. **registries.conf** (`/etc/containers/registries.conf`, `$HOME/.config/containers/registries.conf`) - registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. +registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. - Non root users of Podman can create the `$HOME/.config/containers/registries.conf` file to be used instead of the system defaults. +Non root users of Podman can create the `$HOME/.config/containers/registries.conf` file to be used instead of the system defaults. - If the **CONTAINERS_REGISTRIES_CONF** environment variable is set, then its value is used for the registries.conf file rather than the default. +If the **CONTAINERS_REGISTRIES_CONF** environment variable is set, then its value is used for the registries.conf file rather than the default. **storage.conf** (`/etc/containers/storage.conf`, `$HOME/.config/containers/storage.conf`) - storage.conf is the storage configuration file for all tools using containers/storage +storage.conf is the storage configuration file for all tools using containers/storage - The storage configuration file specifies all of the available container storage options for tools using shared container storage. +The storage configuration file specifies all of the available container storage options for tools using shared container storage. - When Podman runs in rootless mode, the file `$HOME/.config/containers/storage.conf` is used instead of the system defaults. +When Podman runs in rootless mode, the file `$HOME/.config/containers/storage.conf` is used instead of the system defaults. - If the **CONTAINERS_STORAGE_CONF** environment variable is set, the its value is used for the storage.conf file rather than the default. +If the **CONTAINERS_STORAGE_CONF** environment variable is set, the its value is used for the storage.conf file rather than the default. ## Rootless mode Podman can also be used as non-root user. When podman runs in rootless mode, a user namespace is automatically created for the user, defined in /etc/subuid and /etc/subgid. diff --git a/docs/source/network.rst b/docs/source/network.rst deleted file mode 100644 index eb0c2c7f9..000000000 --- a/docs/source/network.rst +++ /dev/null @@ -1,20 +0,0 @@ -Network -======= - -:doc:`connect <markdown/podman-network-connect.1>` network connect - -:doc:`create <markdown/podman-network-create.1>` network create - -:doc:`disconnect <markdown/podman-network-disconnect.1>` network disconnect - -:doc:`exists <markdown/podman-network-exists.1>` network exists - -:doc:`inspect <markdown/podman-network-inspect.1>` network inspect - -:doc:`ls <markdown/podman-network-ls.1>` network list - -:doc:`prune <markdown/podman-network-prune.1>` network prune - -:doc:`reload <markdown/podman-network-reload.1>` network reload - -:doc:`rm <markdown/podman-network-rm.1>` network rm diff --git a/docs/source/play.rst b/docs/source/play.rst deleted file mode 100644 index 8f00d2f45..000000000 --- a/docs/source/play.rst +++ /dev/null @@ -1,4 +0,0 @@ -Play -==== - -:doc:`kube <markdown/podman-play-kube.1>` Play a pod based on Kubernetes YAML diff --git a/docs/source/pod.rst b/docs/source/pod.rst deleted file mode 100644 index d9ad07d83..000000000 --- a/docs/source/pod.rst +++ /dev/null @@ -1,32 +0,0 @@ -Pod -=== - -:doc:`create <markdown/podman-pod-create.1>` Create a new empty pod - -:doc:`exists <markdown/podman-pod-exists.1>` Check if a pod exists in local storage - -:doc:`inspect <markdown/podman-pod-inspect.1>` Displays a pod configuration - -:doc:`kill <markdown/podman-pod-kill.1>` Send the specified signal or SIGKILL to containers in pod - -:doc:`logs <markdown/podman-pod-logs.1>` Displays logs for pod with one or more containers - -:doc:`pause <markdown/podman-pause.1>` Pause one or more pods - -:doc:`prune <markdown/podman-pod-prune.1>` Remove all stopped pods and their containers - -:doc:`ps <markdown/podman-pod-ps.1>` List pods - -:doc:`restart <markdown/podman-pod-restart.1>` Restart one or more pods - -:doc:`rm <markdown/podman-pod-rm.1>` Remove one or more stopped pods and containers - -:doc:`start <markdown/podman-pod-start.1>` Start one or more pods - -:doc:`stats <markdown/podman-pod-stats.1>` Display a live stream of resource usage statistics for the containers in one or more pods - -:doc:`stop <markdown/podman-pod-stop.1>` Stop one or more pods - -:doc:`top <markdown/podman-pod-top.1>` Display the running processes of containers in a pod - -:doc:`unpause <markdown/podman-pod-unpause.1>` Unpause one or more pods diff --git a/docs/source/secret.rst b/docs/source/secret.rst deleted file mode 100644 index 3825ad1df..000000000 --- a/docs/source/secret.rst +++ /dev/null @@ -1,9 +0,0 @@ -Secret -====== -:doc:`create <markdown/podman-secret-create.1>` Create a new secert - -:doc:`inspect <markdown/podman-secret-inspect.1>` Display detailed information on one or more secrets - -:doc:`ls <markdown/podman-secret-ls.1>` List secrets - -:doc:`rm <markdown/podman-secret-rm.1>` Remove one or more secrets diff --git a/docs/source/system.rst b/docs/source/system.rst deleted file mode 100644 index 566fd1a95..000000000 --- a/docs/source/system.rst +++ /dev/null @@ -1,18 +0,0 @@ -System -====== - -:doc:`connection <connection>` Manage the destination(s) for Podman service(s) - -:doc:`df <markdown/podman-system-df.1>` Show podman disk usage - -:doc:`info <markdown/podman-info.1>` Display podman system information - -:doc:`migrate <markdown/podman-system-migrate.1>` Migrate containers - -:doc:`prune <markdown/podman-system-prune.1>` Remove unused data - -:doc:`renumber <markdown/podman-system-renumber.1>` Migrate lock numbers - -:doc:`reset <markdown/podman-system-reset.1>` Reset podman storage - -:doc:`service <markdown/podman-system-service.1>` Run an API service diff --git a/hack/xref-helpmsgs-manpages b/hack/xref-helpmsgs-manpages index cc1e233b9..af54f05f3 100755 --- a/hack/xref-helpmsgs-manpages +++ b/hack/xref-helpmsgs-manpages @@ -201,13 +201,6 @@ sub xref_rst { if (ref $help->{$k}) { xref_rst($help->{$k}, $rst->{$k}, @subcommand, $k); } - - # Check that command is mentioned in at least one .rst file - if (! exists $rst->{$k}{_desc}) { - my @podman = ("podman", @subcommand, $k); - warn "$ME: no link in *.rst for @podman\n"; - ++$Errs; - } } } diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 0557b30d0..6ebbfd1f3 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -2033,15 +2033,16 @@ func (c *Container) getHosts() string { // Do we have a network namespace? netNone := false - for _, ns := range c.config.Spec.Linux.Namespaces { - if ns.Type == spec.NetworkNamespace { - if ns.Path == "" && !c.config.CreateNetNS { - netNone = true + if c.config.NetNsCtr == "" && !c.config.CreateNetNS { + for _, ns := range c.config.Spec.Linux.Namespaces { + if ns.Type == spec.NetworkNamespace { + if ns.Path == "" { + netNone = true + } + break } - break } } - // If we are net=none (have a network namespace, but not connected to // anything) add the container's name and hostname to localhost. if netNone { diff --git a/libpod/runtime.go b/libpod/runtime.go index d2b3d36da..a2279e56d 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -35,6 +35,7 @@ import ( "github.com/containers/podman/v3/pkg/rootless" "github.com/containers/podman/v3/pkg/systemd" "github.com/containers/podman/v3/pkg/util" + "github.com/containers/podman/v3/utils" "github.com/containers/storage" "github.com/containers/storage/pkg/unshare" "github.com/docker/docker/pkg/namesgenerator" @@ -543,6 +544,7 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) { return err } if became { + utils.MovePauseProcessToScope(pausePid) os.Exit(ret) } } diff --git a/pkg/api/handlers/compat/networks.go b/pkg/api/handlers/compat/networks.go index 28727a22b..b1456ed9e 100644 --- a/pkg/api/handlers/compat/networks.go +++ b/pkg/api/handlers/compat/networks.go @@ -224,7 +224,8 @@ func CreateNetwork(w http.ResponseWriter, r *http.Request) { // FIXME can we use the IPAM driver and options? } - network, err := runtime.Network().NetworkCreate(network) + ic := abi.ContainerEngine{Libpod: runtime} + newNetwork, err := ic.NetworkCreate(r.Context(), network) if err != nil { utils.InternalServerError(w, err) return @@ -234,7 +235,7 @@ func CreateNetwork(w http.ResponseWriter, r *http.Request) { ID string `json:"Id"` Warning []string }{ - ID: network.ID, + ID: newNetwork.ID, } utils.WriteResponse(w, http.StatusCreated, body) } diff --git a/pkg/api/handlers/libpod/networks.go b/pkg/api/handlers/libpod/networks.go index fcd8e0231..1f7f2e26c 100644 --- a/pkg/api/handlers/libpod/networks.go +++ b/pkg/api/handlers/libpod/networks.go @@ -25,7 +25,7 @@ func CreateNetwork(w http.ResponseWriter, r *http.Request) { } ic := abi.ContainerEngine{Libpod: runtime} - report, err := ic.Libpod.Network().NetworkCreate(network) + report, err := ic.NetworkCreate(r.Context(), network) if err != nil { utils.InternalServerError(w, err) return diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go index b916d6fc6..383e42098 100644 --- a/pkg/domain/entities/engine_container.go +++ b/pkg/domain/entities/engine_container.go @@ -59,7 +59,7 @@ type ContainerEngine interface { HealthCheckRun(ctx context.Context, nameOrID string, options HealthCheckOptions) (*define.HealthCheckResults, error) Info(ctx context.Context) (*define.Info, error) NetworkConnect(ctx context.Context, networkname string, options NetworkConnectOptions) error - NetworkCreate(ctx context.Context, network types.Network) (*NetworkCreateReport, error) + NetworkCreate(ctx context.Context, network types.Network) (*types.Network, error) NetworkDisconnect(ctx context.Context, networkname string, options NetworkDisconnectOptions) error NetworkExists(ctx context.Context, networkname string) (*BoolReport, error) NetworkInspect(ctx context.Context, namesOrIds []string, options InspectOptions) ([]types.Network, []error, error) diff --git a/pkg/domain/infra/abi/network.go b/pkg/domain/infra/abi/network.go index 45d2c6925..d792226a8 100644 --- a/pkg/domain/infra/abi/network.go +++ b/pkg/domain/infra/abi/network.go @@ -107,12 +107,15 @@ func (ic *ContainerEngine) NetworkRm(ctx context.Context, namesOrIds []string, o return reports, nil } -func (ic *ContainerEngine) NetworkCreate(ctx context.Context, network types.Network) (*entities.NetworkCreateReport, error) { +func (ic *ContainerEngine) NetworkCreate(ctx context.Context, network types.Network) (*types.Network, error) { + if util.StringInSlice(network.Name, []string{"none", "host", "bridge", "private", "slirp4netns", "container", "ns"}) { + return nil, errors.Errorf("cannot create network with name %q because it conflicts with a valid network mode", network.Name) + } network, err := ic.Libpod.Network().NetworkCreate(network) if err != nil { return nil, err } - return &entities.NetworkCreateReport{Name: network.Name}, nil + return &network, nil } // NetworkDisconnect removes a container from a given network diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go index bc98edd06..e326f26a8 100644 --- a/pkg/domain/infra/abi/system.go +++ b/pkg/domain/infra/abi/system.go @@ -3,16 +3,12 @@ package abi import ( "context" "fmt" - "io/ioutil" "net/url" "os" "os/exec" "path/filepath" - "strconv" - "strings" "github.com/containers/common/pkg/config" - "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/pkg/cgroups" "github.com/containers/podman/v3/pkg/domain/entities" @@ -72,11 +68,7 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool) if err != nil { return err } - - initCommand, err := ioutil.ReadFile("/proc/1/comm") - // On errors, default to systemd - runsUnderSystemd := err != nil || strings.TrimRight(string(initCommand), "\n") == "systemd" - + runsUnderSystemd := utils.RunsOnSystemd() unitName := fmt.Sprintf("podman-%d.scope", os.Getpid()) if runsUnderSystemd || conf.Engine.CgroupManager == config.SystemdCgroupsManager { if err := utils.RunUnderSystemdScope(os.Getpid(), "user.slice", unitName); err != nil { @@ -120,18 +112,7 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool) } became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths) - - if err := movePauseProcessToScope(ic.Libpod); err != nil { - conf, err2 := ic.Config(context.Background()) - if err2 != nil { - return err - } - if conf.Engine.CgroupManager == config.SystemdCgroupsManager { - logrus.Warnf("Failed to add pause process to systemd sandbox cgroup: %v", err) - } else { - logrus.Debugf("Failed to add pause process to systemd sandbox cgroup: %v", err) - } - } + utils.MovePauseProcessToScope(pausePidPath) if err != nil { logrus.Error(errors.Wrapf(err, "invalid internal status, try resetting the pause process with %q", os.Args[0]+" system migrate")) os.Exit(1) @@ -142,27 +123,6 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool) return nil } -func movePauseProcessToScope(r *libpod.Runtime) error { - tmpDir, err := r.TmpDir() - if err != nil { - return err - } - pausePidPath, err := util.GetRootlessPauseProcessPidPathGivenDir(tmpDir) - if err != nil { - return errors.Wrapf(err, "could not get pause process pid file path") - } - data, err := ioutil.ReadFile(pausePidPath) - if err != nil { - return errors.Wrapf(err, "cannot read pause pid file") - } - pid, err := strconv.ParseUint(string(data), 10, 0) - if err != nil { - return errors.Wrapf(err, "cannot parse pid file %s", pausePidPath) - } - - return utils.RunUnderSystemdScope(int(pid), "user.slice", "podman-pause.scope") -} - // SystemPrune removes unused data from the system. Pruning pods, containers, volumes and images. func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.SystemPruneOptions) (*entities.SystemPruneReport, error) { var systemPruneReport = new(entities.SystemPruneReport) diff --git a/pkg/domain/infra/tunnel/network.go b/pkg/domain/infra/tunnel/network.go index 711c2e00c..6f227f565 100644 --- a/pkg/domain/infra/tunnel/network.go +++ b/pkg/domain/infra/tunnel/network.go @@ -62,12 +62,12 @@ func (ic *ContainerEngine) NetworkRm(ctx context.Context, namesOrIds []string, o return reports, nil } -func (ic *ContainerEngine) NetworkCreate(ctx context.Context, net types.Network) (*entities.NetworkCreateReport, error) { +func (ic *ContainerEngine) NetworkCreate(ctx context.Context, net types.Network) (*types.Network, error) { net, err := network.Create(ic.ClientCtx, &net) if err != nil { return nil, err } - return &entities.NetworkCreateReport{Name: net.Name}, nil + return &net, nil } // NetworkDisconnect removes a container from a given network diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go index d419a701d..ae9f112b5 100644 --- a/test/e2e/network_create_test.go +++ b/test/e2e/network_create_test.go @@ -343,4 +343,13 @@ var _ = Describe("Podman network create", func() { Expect(nc.OutputToString()).ToNot(ContainSubstring("dnsname")) }) + It("podman network create with invalid name", func() { + for _, name := range []string{"none", "host", "bridge", "private", "slirp4netns", "container", "ns"} { + nc := podmanTest.Podman([]string{"network", "create", name}) + nc.WaitWithDefaultTimeout() + Expect(nc).To(Exit(125)) + Expect(nc.ErrorToString()).To(ContainSubstring("cannot create network with name %q because it conflicts with a valid network mode", name)) + } + }) + }) diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 8eabeba97..c7ffdaf4c 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -709,6 +709,18 @@ var _ = Describe("Podman run networking", func() { Expect(strings.Contains(run.OutputToString(), hostname)).To(BeTrue()) }) + It("podman run with pod does not add extra 127 entry to /etc/hosts", func() { + pod := "testpod" + hostname := "test-hostname" + run := podmanTest.Podman([]string{"pod", "create", "--hostname", hostname, "--name", pod}) + run.WaitWithDefaultTimeout() + Expect(run).Should(Exit(0)) + run = podmanTest.Podman([]string{"run", "--pod", pod, ALPINE, "cat", "/etc/hosts"}) + run.WaitWithDefaultTimeout() + Expect(run).Should(Exit(0)) + Expect(run.OutputToString()).ToNot(ContainSubstring("127.0.0.1 %s", hostname)) + }) + ping_test := func(netns string) { hostname := "testctr" run := podmanTest.Podman([]string{"run", netns, "--hostname", hostname, ALPINE, "ping", "-c", "1", hostname}) diff --git a/utils/utils.go b/utils/utils.go index 2e415130e..185ac4865 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -4,10 +4,12 @@ import ( "bytes" "fmt" "io" + "io/ioutil" "os" "os/exec" "strconv" "strings" + "sync" "github.com/containers/podman/v3/libpod/define" "github.com/containers/storage/pkg/archive" @@ -155,3 +157,43 @@ func RemoveScientificNotationFromFloat(x float64) (float64, error) { } return result, nil } + +var ( + runsOnSystemdOnce sync.Once + runsOnSystemd bool +) + +// RunsOnSystemd returns whether the system is using systemd +func RunsOnSystemd() bool { + runsOnSystemdOnce.Do(func() { + initCommand, err := ioutil.ReadFile("/proc/1/comm") + // On errors, default to systemd + runsOnSystemd = err != nil || strings.TrimRight(string(initCommand), "\n") == "systemd" + }) + return runsOnSystemd +} + +func moveProcessToScope(pidPath, slice, scope string) error { + data, err := ioutil.ReadFile(pidPath) + if err != nil { + return errors.Wrapf(err, "cannot read pid file %s", pidPath) + } + pid, err := strconv.ParseUint(string(data), 10, 0) + if err != nil { + return errors.Wrapf(err, "cannot parse pid file %s", pidPath) + } + return RunUnderSystemdScope(int(pid), slice, scope) +} + +// MovePauseProcessToScope moves the pause process used for rootless mode to keep the namespaces alive to +// a separate scope. +func MovePauseProcessToScope(pausePidPath string) { + err := moveProcessToScope(pausePidPath, "user.slice", "podman-pause.scope") + if err != nil { + if RunsOnSystemd() { + logrus.Warnf("Failed to add pause process to systemd sandbox cgroup: %v", err) + } else { + logrus.Debugf("Failed to add pause process to systemd sandbox cgroup: %v", err) + } + } +} |