summaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/common/create.go9
-rw-r--r--cmd/podman/common/create_opts.go1
-rw-r--r--cmd/podman/containers/create.go6
-rw-r--r--cmd/podman/containers/run.go2
-rw-r--r--cmd/podman/root.go41
5 files changed, 50 insertions, 9 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index 602ad5d94..401cf2e09 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -544,6 +544,15 @@ func DefineCreateFlags(cmd *cobra.Command, cf *ContainerCLIOpts) {
)
_ = cmd.RegisterFlagCompletionFunc(podIDFileFlagName, completion.AutocompleteDefault)
+ // Flag for TLS verification, so that `run` and `create` commands can make use of it.
+ // Make sure to use `=` while using this flag i.e `--tls-verify=false/true`
+ tlsVerifyFlagName := "tls-verify"
+ createFlags.BoolVar(
+ &cf.TLSVerify,
+ tlsVerifyFlagName, true,
+ "Require HTTPS and verify certificates when contacting registries for pulling images",
+ )
+
createFlags.BoolVar(
&cf.Privileged,
"privileged", false,
diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
index 0fdf3ce08..e046e5a19 100644
--- a/cmd/podman/common/create_opts.go
+++ b/cmd/podman/common/create_opts.go
@@ -112,6 +112,7 @@ type ContainerCLIOpts struct {
Sysctl []string
Systemd string
Timeout uint
+ TLSVerify bool
TmpFS []string
TTY bool
Timezone string
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index a57488af2..7583a024e 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -10,6 +10,7 @@ import (
"github.com/containers/common/pkg/completion"
"github.com/containers/common/pkg/config"
"github.com/containers/image/v5/transports/alltransports"
+ "github.com/containers/image/v5/types"
"github.com/containers/podman/v3/cmd/podman/common"
"github.com/containers/podman/v3/cmd/podman/registry"
"github.com/containers/podman/v3/cmd/podman/utils"
@@ -96,7 +97,7 @@ func create(cmd *cobra.Command, args []string) error {
var (
err error
)
- cliVals.Net, err = common.NetFlagsToNetOptions(cmd, cliVals.Pod == "")
+ cliVals.Net, err = common.NetFlagsToNetOptions(cmd, cliVals.Pod == "" && cliVals.PodIDFile == "")
if err != nil {
return err
}
@@ -261,7 +262,7 @@ func createInit(c *cobra.Command) error {
}
func pullImage(imageName string) (string, error) {
- pullPolicy, err := config.ValidatePullPolicy(cliVals.Pull)
+ pullPolicy, err := config.ParsePullPolicy(cliVals.Pull)
if err != nil {
return "", err
}
@@ -287,6 +288,7 @@ func pullImage(imageName string) (string, error) {
Variant: cliVals.Variant,
SignaturePolicy: cliVals.SignaturePolicy,
PullPolicy: pullPolicy,
+ SkipTLSVerify: types.NewOptionalBool(!cliVals.TLSVerify), // If Flag changed for TLS Verification
})
if pullErr != nil {
return "", pullErr
diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go
index 579af4eb1..830d1de7f 100644
--- a/cmd/podman/containers/run.go
+++ b/cmd/podman/containers/run.go
@@ -106,7 +106,7 @@ func init() {
func run(cmd *cobra.Command, args []string) error {
var err error
- cliVals.Net, err = common.NetFlagsToNetOptions(cmd, cliVals.Pod == "")
+ cliVals.Net, err = common.NetFlagsToNetOptions(cmd, cliVals.Pod == "" && cliVals.PodIDFile == "")
if err != nil {
return err
}
diff --git a/cmd/podman/root.go b/cmd/podman/root.go
index dc4ebb952..371ded9a8 100644
--- a/cmd/podman/root.go
+++ b/cmd/podman/root.go
@@ -6,6 +6,7 @@ import (
"path/filepath"
"runtime"
"runtime/pprof"
+ "strconv"
"strings"
"github.com/containers/common/pkg/completion"
@@ -194,6 +195,17 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error {
return err
}
}
+ if cmd.Flag("memory-profile").Changed {
+ // Same value as the default in github.com/pkg/profile.
+ runtime.MemProfileRate = 4096
+ if rate := os.Getenv("MemProfileRate"); rate != "" {
+ r, err := strconv.Atoi(rate)
+ if err != nil {
+ return err
+ }
+ runtime.MemProfileRate = r
+ }
+ }
if cfg.MaxWorks <= 0 {
return errors.Errorf("maximum workers must be set to a positive number (got %d)", cfg.MaxWorks)
@@ -224,14 +236,29 @@ func persistentPostRunE(cmd *cobra.Command, args []string) error {
return nil
}
- if !registry.IsRemote() {
- if cmd.Flag("cpu-profile").Changed {
- pprof.StopCPUProfile()
+ registry.ImageEngine().Shutdown(registry.Context())
+ registry.ContainerEngine().Shutdown(registry.Context())
+
+ if registry.IsRemote() {
+ return nil
+ }
+
+ // CPU and memory profiling.
+ if cmd.Flag("cpu-profile").Changed {
+ pprof.StopCPUProfile()
+ }
+ if cmd.Flag("memory-profile").Changed {
+ f, err := os.Create(registry.PodmanConfig().MemoryProfile)
+ if err != nil {
+ return errors.Wrap(err, "creating memory profile")
+ }
+ defer f.Close()
+ runtime.GC() // get up-to-date GC statistics
+ if err := pprof.WriteHeapProfile(f); err != nil {
+ return errors.Wrap(err, "writing memory profile")
}
}
- registry.ImageEngine().Shutdown(registry.Context())
- registry.ContainerEngine().Shutdown(registry.Context())
return nil
}
@@ -294,7 +321,8 @@ func rootFlags(cmd *cobra.Command, opts *entities.PodmanConfig) {
pFlags.StringVar(&cfg.Engine.CgroupManager, cgroupManagerFlagName, cfg.Engine.CgroupManager, "Cgroup manager to use (\"cgroupfs\"|\"systemd\")")
_ = cmd.RegisterFlagCompletionFunc(cgroupManagerFlagName, common.AutocompleteCgroupManager)
- pFlags.StringVar(&opts.CPUProfile, "cpu-profile", "", "Path for the cpu profiling results")
+ pFlags.StringVar(&opts.CPUProfile, "cpu-profile", "", "Path for the cpu-profiling results")
+ pFlags.StringVar(&opts.MemoryProfile, "memory-profile", "", "Path for the memory-profiling results")
conmonFlagName := "conmon"
pFlags.StringVar(&opts.ConmonPath, conmonFlagName, "", "Path of the conmon binary")
@@ -354,6 +382,7 @@ func rootFlags(cmd *cobra.Command, opts *entities.PodmanConfig) {
"cpu-profile",
"default-mounts-file",
"max-workers",
+ "memory-profile",
"registries-conf",
"trace",
} {
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-12-26 18:23:04 +0000