diff options
Diffstat (limited to 'docs/source/markdown')
28 files changed, 476 insertions, 93 deletions
diff --git a/docs/source/markdown/containers-mounts.conf.5.md b/docs/source/markdown/containers-mounts.conf.5.md new file mode 100644 index 000000000..130c1c523 --- /dev/null +++ b/docs/source/markdown/containers-mounts.conf.5.md @@ -0,0 +1,16 @@ +% containers-mounts.conf(5) + +## NAME +containers-mounts.conf - configuration file for default mounts in containers + +## DESCRIPTION +The mounts.conf file specifies volume mount directories that are automatically mounted inside containers. Container processes can then use this content. Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories. Note that for security reasons, tools adhering to the mounts.conf are expected to copy the contents instead of bind mounting the paths from the host. + +## FORMAT +The format of the mounts.conf is the volume format `/SRC:/DEST`, one mount per line. For example, a mounts.conf with the line `/usr/share/secrets:/run/secrets` would cause the contents of the `/usr/share/secrets` directory on the host to be mounted on the `/run/secrets` directory inside the container. Setting mountpoints allows containers to use the files of the host, for instance, to use the host's subscription to some enterprise Linux distribution. + +## FILES +Some distributions may provide a `/usr/share/containers/mounts.conf` file to provide default mounts, but users can create a `/etc/containers/mounts.conf`, to specify their own special volumes to mount in the container. + +## HISTORY +Aug 2018, Originally compiled by Valentin Rothberg <vrothberg@suse.com> diff --git a/docs/source/markdown/libpod.conf.5.md b/docs/source/markdown/libpod.conf.5.md new file mode 100644 index 000000000..c28c80b56 --- /dev/null +++ b/docs/source/markdown/libpod.conf.5.md @@ -0,0 +1,113 @@ +% libpod.conf(5) + +## NAME +libpod.conf - libpod configuration file + +## DESCRIPTION +The libpod.conf file is the default configuration file for all tools using +libpod to manage containers. + +## OPTIONS + +**image_default_transport**="" + Default transport method for pulling and pushing images + +**runtime**="" + Default OCI runtime to use if nothing is specified in **runtimes** + +**runtimes** + For each OCI runtime, specify a list of paths to look for. The first one found is used. If the paths are empty or no valid path was found, then the `$PATH` environment variable will be used as the fallback. + +**conmon_path**="" + Paths to search for the conmon container manager binary. If the paths are empty or no valid path was found, then the `$PATH` environment variable will be used as the fallback. + +**conmon_env_vars**="" + Environment variables to pass into Conmon + +**cgroup_manager**="" + Specify the CGroup Manager to use; valid values are "systemd" and "cgroupfs" + +**lock_type**="" + Specify the locking mechanism to use; valid values are "shm" and "file". Change the default only if you are sure of what you are doing, in general "file" is useful only on platforms where cgo is not available for using the faster "shm" lock type. You may need to run "podman system renumber" after you change the lock type. + +**init_path**="" + Path to the container-init binary, which forwards signals and reaps processes within containers. Note that the container-init binary will only be used when the `--init` for podman-create and podman-run is set. + +**hooks_dir**=["*path*", ...] + + Each `*.json` file in the path configures a hook for Podman containers. For more details on the syntax of the JSON files and the semantics of hook injection, see `oci-hooks(5)`. Podman and libpod currently support both the 1.0.0 and 0.1.0 hook schemas, although the 0.1.0 schema is deprecated. + + Paths listed later in the array have higher precedence (`oci-hooks(5)` discusses directory precedence). + + For the annotation conditions, libpod uses any annotations set in the generated OCI configuration. + + For the bind-mount conditions, only mounts explicitly requested by the caller via `--volume` are considered. Bind mounts that libpod inserts by default (e.g. `/dev/shm`) are not considered. + + Podman and libpod currently support an additional `precreate` state which is called before the runtime's `create` operation. Unlike the other stages, which receive the container state on their standard input, `precreate` hooks receive the proposed runtime configuration on their standard input. They may alter that configuration as they see fit, and write the altered form to their standard output. + + **WARNING**: the `precreate` hook lets you do powerful things, such as adding additional mounts to the runtime configuration. That power also makes it easy to break things. Before reporting libpod errors, try running your container with `precreate` hooks disabled to see if the problem is due to one of your hooks. + +**static_dir**="" + Directory for persistent libpod files (database, etc) + By default this will be configured relative to where containers/storage + stores containers + +**tmp_dir**="" + Directory for temporary files + Must be a tmpfs (wiped after reboot) + +**max_log_size**="" + Maximum size of log files (in bytes) + +**no_pivot_root**="" + Whether to use chroot instead of pivot_root in the runtime + +**cni_config_dir**="" + Directory containing CNI plugin configuration files + +**cni_plugin_dir**="" + Directories where CNI plugin binaries may be located + +**infra_image** = "" + Infra (pause) container image name for pod infra containers. When running a pod, we + start a `pause` process in a container to hold open the namespaces associated with the + pod. This container and process, basically sleep/pause for the lifetime of the pod. + +**infra_command**="" + Command to run the infra container + +**namespace**="" + Default libpod namespace. If libpod is joined to a namespace, it will see only containers and pods + that were created in the same namespace, and will create new containers and pods in that namespace. + The default namespace is "", which corresponds to no namespace. When no namespace is set, all + containers and pods are visible. + +**label**="true|false" + Indicates whether the containers should use label separation. + +**num_locks**="" + Number of locks available for containers and pods. Each created container or pod consumes one lock. + The default number available is 2048. + If this is changed, a lock renumbering must be performed, using the `podman system renumber` command. + +**volume_path**="" + Directory where named volumes will be created in using the default volume driver. + By default this will be configured relative to where containers/storage stores containers. + +**network_cmd_path**="" + Path to the command binary to use for setting up a network. It is currently only used for setting up + a slirp4netns network. If "" is used then the binary is looked up using the $PATH environment variable. + +**events_logger**="" + Default method to use when logging events. Valid values are "file", "journald", and "none". + +**detach_keys**="" + Keys sequence used for detaching a container + +## FILES + `/usr/share/containers/libpod.conf`, default libpod configuration path + + `/etc/containers/libpod.conf`, override libpod configuration path + +## HISTORY +Apr 2018, Originally compiled by Nathan Williams <nath.e.will@gmail.com> diff --git a/docs/source/markdown/podman-attach.1.md b/docs/source/markdown/podman-attach.1.md index cef01f0f6..1ac2e49a9 100644 --- a/docs/source/markdown/podman-attach.1.md +++ b/docs/source/markdown/podman-attach.1.md @@ -20,9 +20,7 @@ it in the **libpod.conf** file: see **libpod.conf(5)** for more information. ## OPTIONS **--detach-keys**=*sequence* -Override the key sequence for detaching a container. Format is a single character `[a-Z]` or -a comma separated sequence of `ctrl-<value>`, where `<value>` is one of: -`a-z`, `@`, `^`, `[`, `\\`, `]`, `^` or `_`. +Specify the key sequence for detaching a container. Format is a single character `[a-Z]` or one or more `ctrl-<value>` characters where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. Specifying "" will disable this feature. The default is *ctrl-p,ctrl-q*. **--latest**, **-l** diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md index 567d0ead3..6c8f239a6 100644 --- a/docs/source/markdown/podman-build.1.md +++ b/docs/source/markdown/podman-build.1.md @@ -342,8 +342,8 @@ than the one in storage. Raise an error if the image is not in any listed registry and is not present locally. If the flag is disabled (with *--pull=false*), do not pull the image from the -registry, use only the local version. Raise an error if the image is not -present locally. +registry, unless there is no local image. Raise an error if the image is not +in any registry and is not present locally. Defaults to *true*. @@ -352,6 +352,11 @@ Defaults to *true*. Pull the image from the first registry it is found in as listed in registries.conf. Raise an error if not found in the registries, even if the image is present locally. +**--pull-never** + +Do not pull the image from the registry, use only the local version. Raise an error +if the image is not present locally. + **--quiet**, **-q** Suppress output messages which indicate which instruction is being processed, diff --git a/docs/source/markdown/podman-container-prune.1.md b/docs/source/markdown/podman-container-prune.1.md index d8a4b7f4e..856843a80 100644 --- a/docs/source/markdown/podman-container-prune.1.md +++ b/docs/source/markdown/podman-container-prune.1.md @@ -20,6 +20,8 @@ Print usage statement Remove all stopped containers from local storage ``` $ sudo podman container prune +WARNING! This will remove all stopped containers. +Are you sure you want to continue? [y/N] y 878392adf2e6c5c9bb1fc19b69d37d2e98c8abf9d539c0bce4b15b46bbcce471 37664467fbe3618bf9479c34393ac29c02696675addf1750f9e346581636cde7 ed0c6468b8e1cb641b4621d1fe30cb477e1fefc5c0bceb66feaf2f7cb50e5962 @@ -28,6 +30,26 @@ fff1c5b6c3631746055ec40598ce8ecaa4b82aef122f9e3a85b03b55c0d06c23 602d343cd47e7cb3dfc808282a9900a3e4555747787ec6723bb68cedab8384d5 ``` +Remove all stopped containers from local storage without confirmation. +``` +$ sudo podman container prune -f +878392adf2e6c5c9bb1fc19b69d37d2e98c8abf9d539c0bce4b15b46bbcce471 +37664467fbe3618bf9479c34393ac29c02696675addf1750f9e346581636cde7 +ed0c6468b8e1cb641b4621d1fe30cb477e1fefc5c0bceb66feaf2f7cb50e5962 +6ac6c8f0067b7a4682e6b8e18902665b57d1a0e07e885d9abcd382232a543ccd +fff1c5b6c3631746055ec40598ce8ecaa4b82aef122f9e3a85b03b55c0d06c23 +602d343cd47e7cb3dfc808282a9900a3e4555747787ec6723bb68cedab8384d5 + +``` + +Remove all stopped containers from local storage created within last 10 minutes +``` +$ sudo podman container prune --filter until="10m" +WARNING! This will remove all stopped containers. +Are you sure you want to continue? [y/N] y +3d366295e33d8cc612c4d873199bacadd55088d90d17dcafaa9a2d317ad50b4e +``` + ## SEE ALSO podman(1), podman-ps diff --git a/docs/source/markdown/podman-container-restore.1.md b/docs/source/markdown/podman-container-restore.1.md index 1d2cf0b3e..d71daf4af 100644 --- a/docs/source/markdown/podman-container-restore.1.md +++ b/docs/source/markdown/podman-container-restore.1.md @@ -76,6 +76,15 @@ a container is restored multiple times from an exported checkpoint with **--name Using **--ignore-static-ip** tells Podman to ignore the IP address if it was configured with **--ip** during container creation. +**--ignore-static-mac** + +If the container was started with **--mac-address** the restored container also +tries to use that MAC address and restore fails if that MAC address is already +in use. This can happen, if a container is restored multiple times from an +exported checkpoint with **--name, -n**. + +Using **--ignore-static-mac** tells Podman to ignore the MAC address if it was +configured with **--mac-address** during container creation. ## EXAMPLE podman container restore mywebserver diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 6617850fd..82d2e8f6a 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -67,12 +67,14 @@ Drop Linux capabilities **--cgroupns**=*mode* -Set the cgroup namespace mode for the container, by default **host** is used. +Set the cgroup namespace mode for the container. **host**: use the host's cgroup namespace inside the container. **container:<NAME|ID>**: join the namespace of the specified container. **private**: create a new cgroup namespace. **ns:<PATH>**: join the namespace at the specified path. +If the host uses cgroups v1, the default is set to **host**. On cgroups v2 the default is **private**. + **--cgroups**=*mode* Determines whether the container will create CGroups. @@ -196,9 +198,7 @@ it in the **libpod.conf** file: see **libpod.conf(5)** for more information. **--detach-keys**=*sequence* -Override the key sequence for detaching a container. Format is a single character `[a-Z]` or -a comma separated sequence of `ctrl-<value>`, where `<value>` is one of: -`a-z`, `@`, `^`, `[`, `\\`, `]`, `^` or `_`. +Specify the key sequence for detaching a container. Format is a single character `[a-Z]` or one or more `ctrl-<value>` characters where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. Specifying "" will disable this feature. The default is *ctrl-p,ctrl-q*. **--device**=*device* @@ -334,7 +334,7 @@ option to `false`. The environment variables passed in include `http_proxy`, those. This option is only needed when the host system must use a proxy but the container should not use any proxy. Proxy environment variables specified for the container in any other way will override the values that would have -been passed thru from the host. (Other ways to specify the proxy for the +been passed through from the host. (Other ways to specify the proxy for the container include passing the values with the `--env` flag, or hard coding the proxy environment at container build time.) @@ -498,6 +498,10 @@ Current supported mount TYPES are `bind`, `volume`, and `tmpfs`. · tmpfs-mode: File mode of the tmpfs in octal. (e.g. 700 or 0700.) Defaults to 1777 in Linux. + · tmpcopyup: Enable copyup from the image directory at the same location to the tmpfs. Used by default. + + · notmpcopyup: Disable copying files from the image to the tmpfs. + **--name**=*name* Assign a name to the container @@ -813,6 +817,10 @@ container. The `OPTIONS` are a comma delimited list and can be: * [rw|ro] * [z|Z] * [`[r]shared`|`[r]slave`|`[r]private`] +* [`[r]bind`] +* [`noexec`|`exec`] +* [`nodev`|`dev`] +* [`nosuid`|`suid`] The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume will be mounted into the container at this directory. @@ -866,6 +874,25 @@ where source dir is mounted on) has to have right propagation properties. For shared volumes, source mount point has to be shared. And for slave volumes, source mount has to be either shared or slave. +If you want to recursively mount a volume and all of it's submounts into a +container, then you can use the `rbind` option. By default the bind option is +used, and submounts of the source directory will not be mounted into the +container. + +Mounting the volume with the `nosuid` options means that SUID applications on +the volume will not be able to change their privilege. By default volumes +are mounted with `nosuid`. + +Mounting the volume with the noexec option means that no executables on the +volume will be able to executed within the container. + +Mounting the volume with the nodev option means that no devices on the volume +will be able to be used by processes within the container. By default volumes +are mounted with `nodev`. + +If the <source-dir> is a mount point, then "dev", "suid", and "exec" options are +ignored by the kernel. + Use `df <source-dir>` to figure out the source mount and then use `findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation properties of source mount. If `findmnt` utility is not available, then one diff --git a/docs/source/markdown/podman-exec.1.md b/docs/source/markdown/podman-exec.1.md index 4c17c056a..d46427c91 100644 --- a/docs/source/markdown/podman-exec.1.md +++ b/docs/source/markdown/podman-exec.1.md @@ -15,13 +15,17 @@ podman\-exec - Execute a command in a running container **--detach-keys**=*sequence* -Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. +Specify the key sequence for detaching a container. Format is a single character `[a-Z]` or one or more `ctrl-<value>` characters where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. Specifying "" will disable this feature. The default is *ctrl-p,ctrl-q*. **--env**, **-e** You may specify arbitrary environment variables that are available for the command to be executed. +**--env-file**=*file* + +Read in a line delimited file of environment variables. + **--interactive**, **-i**=*true|false* When set to true, keep stdin open even if not attached. The default is *false*. diff --git a/docs/source/markdown/podman-image-prune.1.md b/docs/source/markdown/podman-image-prune.1.md index b844a9f63..0155ebcd1 100644 --- a/docs/source/markdown/podman-image-prune.1.md +++ b/docs/source/markdown/podman-image-prune.1.md @@ -25,13 +25,16 @@ Print usage statement Remove all dangling images from local storage ``` $ sudo podman image prune + +WARNING! This will remove all dangling images. +Are you sure you want to continue? [y/N] y f3e20dc537fb04cb51672a5cb6fdf2292e61d411315549391a0d1f64e4e3097e 324a7a3b2e0135f4226ffdd473e4099fd9e477a74230cdc35de69e84c0f9d907 ``` -Remove all unused images from local storage +Remove all unused images from local storage without confirming ``` -$ sudo podman image prune -a +$ sudo podman image prune -a -f f3e20dc537fb04cb51672a5cb6fdf2292e61d411315549391a0d1f64e4e3097e 324a7a3b2e0135f4226ffdd473e4099fd9e477a74230cdc35de69e84c0f9d907 6125002719feb1ddf3030acab1df6156da7ce0e78e571e9b6e9c250424d6220c @@ -41,6 +44,40 @@ e4e5109420323221f170627c138817770fb64832da7d8fe2babd863148287fca ``` +Remove all unused images from local storage since given time/hours. +``` +$ sudo podman image prune -a --filter until=2019-11-14T06:15:42.937792374Z + +WARNING! This will remove all dangling images. +Are you sure you want to continue? [y/N] y +e813d2135f17fadeffeea8159a34cfdd4c30b98d8111364b913a91fd930643e9 +5e6572320437022e2746467ddf5b3561bf06e099e8e6361df27e0b2a7ed0b17b +58fda2abf5042b35dfe04e5f8ee458a3cc26375bf309efb42c078b551a2055c7 +6d2bd30fe924d3414b64bd3920760617e6ced872364bc3bc6959a623252da002 +33d1c829be64a1e1d379caf4feec1f05a892c3ef7aa82c0be53d3c08a96c59c5 +f9f0a8a58c9e02a2b3250b88cc5c95b1e10245ca2c4161d19376580aaa90f55c +1ef14d5ede80db78978b25ad677fd3e897a578c3af614e1fda608d40c8809707 +45e1482040e441a521953a6da2eca9bafc769e15667a07c23720d6e0cafc3ab2 + +$ sudo podman image prune -f --filter until=10h +f3e20dc537fb04cb51672a5cb6fdf2292e61d411315549391a0d1f64e4e3097e +324a7a3b2e0135f4226ffdd473e4099fd9e477a74230cdc35de69e84c0f9d907 +``` + +Remove all unused images from local storage with label version 1.0 +``` +$ sudo podman image prune -a -f --filter label=version=1.0 +e813d2135f17fadeffeea8159a34cfdd4c30b98d8111364b913a91fd930643e9 +5e6572320437022e2746467ddf5b3561bf06e099e8e6361df27e0b2a7ed0b17b +58fda2abf5042b35dfe04e5f8ee458a3cc26375bf309efb42c078b551a2055c7 +6d2bd30fe924d3414b64bd3920760617e6ced872364bc3bc6959a623252da002 +33d1c829be64a1e1d379caf4feec1f05a892c3ef7aa82c0be53d3c08a96c59c5 +f9f0a8a58c9e02a2b3250b88cc5c95b1e10245ca2c4161d19376580aaa90f55c +1ef14d5ede80db78978b25ad677fd3e897a578c3af614e1fda608d40c8809707 +45e1482040e441a521953a6da2eca9bafc769e15667a07c23720d6e0cafc3ab2 + +``` + ## SEE ALSO podman(1), podman-images diff --git a/docs/source/markdown/podman-image-sign.1.md b/docs/source/markdown/podman-image-sign.1.md index 62845e715..fa75691bc 100644 --- a/docs/source/markdown/podman-image-sign.1.md +++ b/docs/source/markdown/podman-image-sign.1.md @@ -41,7 +41,7 @@ The write (and read) location for signatures is defined in YAML-based configuration files in /etc/containers/registries.d/. When you sign an image, Podman will use those configuration files to determine where to write the signature based on the the name of the originating -registry or a default storage value unless overriden with the --directory +registry or a default storage value unless overridden with the --directory option. For example, consider the following configuration file. docker: diff --git a/docs/source/markdown/podman-images.1.md b/docs/source/markdown/podman-images.1.md index 3ac07fc43..21fca1dbd 100644 --- a/docs/source/markdown/podman-images.1.md +++ b/docs/source/markdown/podman-images.1.md @@ -52,6 +52,10 @@ Filter output based on conditions provided Change the default output format. This can be of a supported type like 'json' or a Go template. +**--history** + +Display the history of image names. If an image gets re-tagged or untagged, then the image name history gets prepended (latest image first). This is especially useful when undoing a tag operation or an image does not contain any name because it has been untagged. + **--noheading**, **-n** Omit the table headings from the listing of images. diff --git a/docs/source/markdown/podman-network-create.1.md b/docs/source/markdown/podman-network-create.1.md index c281d50d9..2eca93adb 100644 --- a/docs/source/markdown/podman-network-create.1.md +++ b/docs/source/markdown/podman-network-create.1.md @@ -7,8 +7,10 @@ podman\-network-create - Create a Podman CNI network **podman network create** [*options*] name ## DESCRIPTION -Create a CNI-network configuration for use with Podman. At the time of this writing, the only network -type that can be created is a *bridge* network. +Create a CNI-network configuration for use with Podman. By default, Podman creates a bridge connection. A +*Macvlan* connection can be created with the *macvlan* option. In the case of *Macvlan* connections, the +CNI *dhcp* plugin needs to be activated or the container image must have a DHCP client to interact +with the host network's DHCP server. If no options are provided, Podman will assign a free subnet and name for your network. @@ -38,6 +40,11 @@ Restrict external access of this network Allocate container IP from a range. The range must be a complete subnet and in CIDR notation. The *ip-range* option must be used with a *subnet* option. +**--macvlan** + +Create a *Macvlan* based connection rather than a classic bridge. You must pass an interface name from the host for the +Macvlan connection. + **--subnet** The subnet in CIDR notation. @@ -68,6 +75,12 @@ Create a network that uses a *192.168.55.0/24** subnet and has an IP address ran /etc/cni/net.d/cni-podman-5.conflist ``` +Create a Macvlan based network using the host interface eth0 +``` +# podman network create --macvlan eth0 newnet +/etc/cni/net.d/newnet.conflist +``` + ## SEE ALSO podman(1), podman-network(1), podman-network-inspect(1) diff --git a/docs/source/markdown/podman-pod-prune.1.md b/docs/source/markdown/podman-pod-prune.1.md index f79961b2f..478f563c3 100644 --- a/docs/source/markdown/podman-pod-prune.1.md +++ b/docs/source/markdown/podman-pod-prune.1.md @@ -1,16 +1,21 @@ % podman-pod-prune(1) ## NAME -podman-pod-prune - Remove all stopped pods +podman-pod-prune - Remove all stopped pods and their containers ## SYNOPSIS **podman pod prune** ## DESCRIPTION -**podman pod prune** removes all stopped pods from local storage. +**podman pod prune** removes all stopped pods and their containers from local storage. + +## OPTIONS + +**--force** **-f** +Force removal of all running pods and their containers. The default is false. ## EXAMPLES -Remove all stopped pods from local storage +Remove all stopped pods and their containers from local storage ``` $ sudo podman pod prune 22b8813332948064b6566370088c5e0230eeaf15a58b1c5646859fd9fc364fe7 diff --git a/docs/source/markdown/podman-pod-rm.1.md b/docs/source/markdown/podman-pod-rm.1.md index 6659534b4..14da2071f 100644 --- a/docs/source/markdown/podman-pod-rm.1.md +++ b/docs/source/markdown/podman-pod-rm.1.md @@ -1,13 +1,13 @@ % podman-pod-rm(1) ## NAME -podman\-pod\-rm - Remove one or more pods +podman\-pod\-rm - Remove one or more stopped pods and containers ## SYNOPSIS **podman pod rm** [*options*] *pod* ## DESCRIPTION -**podman pod rm** will remove one or more pods from the host. The pod name or ID can be used. The \-f option stops all containers and then removes them before removing the pod. Without the \-f option, a pod cannot be removed if it has associated containers. +**podman pod rm** will remove one or more stopped pods and their containers from the host. The pod name or ID can be used. The \-f option stops all containers and then removes them before removing the pod. ## OPTIONS @@ -15,6 +15,12 @@ podman\-pod\-rm - Remove one or more pods Remove all pods. Can be used in conjunction with \-f as well. +**--ignore**, **-i** + +Ignore errors when specified pods are not in the container store. A user might +have decided to manually remove a pod which would lead to a failure during the +ExecStop directive of a systemd service referencing that pod. + **--latest**, **-l** Instead of providing the pod name or ID, remove the last created pod. diff --git a/docs/source/markdown/podman-pod-stop.1.md b/docs/source/markdown/podman-pod-stop.1.md index b3ce47d72..73c347cec 100644 --- a/docs/source/markdown/podman-pod-stop.1.md +++ b/docs/source/markdown/podman-pod-stop.1.md @@ -15,6 +15,12 @@ Stop containers in one or more pods. You may use pod IDs or names as input. Stops all pods +**--ignore**, **-i** + +Ignore errors when specified pods are not in the container store. A user might +have decided to manually remove a pod which would lead to a failure during the +ExecStop directive of a systemd service referencing that pod. + **--latest**, **-l** Instead of providing the pod name or ID, stop the last created pod. diff --git a/docs/source/markdown/podman-pod-top.1.md b/docs/source/markdown/podman-pod-top.1.md index 48f10055a..6a1fa8c42 100644 --- a/docs/source/markdown/podman-pod-top.1.md +++ b/docs/source/markdown/podman-pod-top.1.md @@ -23,53 +23,11 @@ The latest option is not supported on the remote client. ## FORMAT DESCRIPTORS -The following descriptors are supported in addition to the AIX format descriptors mentioned in ps (1): - -**args**, **capbnd**, **capeff**, **capinh**, **capprm**, **comm**, **etime**, **group**, **hgroup**, **hpid**, **huser**, **label**, **nice**, **pcpu**, **pgid**, **pid**, **ppid**, **rgroup**, **ruser**, **seccomp**, **state**, **time**, **tty**, **user**, **vsz** - -**capbnd** - - Set of bounding capabilities. See capabilities (7) for more information. - -**capeff** - - Set of effective capabilities. See capabilities (7) for more information. - -**capinh** - - Set of inheritable capabilities. See capabilities (7) for more information. - -**capprm** - - Set of permitted capabilities. See capabilities (7) for more information. - -**hgroup** - - The corresponding effective group of a container process on the host. - -**hpid** - - The corresponding host PID of a container process. - -**huser** - - The corresponding effective user of a container process on the host. - -**label** - - Current security attributes of the process. - -**seccomp** - - Seccomp mode of the process (i.e., disabled, strict or filter). See seccomp (2) for more information. - -**state** - - Process state codes (e.g, **R** for *running*, **S** for *sleeping*). See proc(5) for more information. +Please refer to podman-top(1) for a full list of available descriptors. ## EXAMPLES -By default, `podman-top` prints data similar to `ps -ef`: +By default, `podman-pod-top` prints data similar to `ps -ef`: ``` $ podman pod top b031293491cc @@ -88,7 +46,7 @@ PID SECCOMP COMMAND %CPU ``` ## SEE ALSO -podman-pod(1), ps(1), seccomp(2), proc(5), capabilities(7) +podman-pod(1), podman-top(1), ps(1), seccomp(2), proc(5), capabilities(7) ## HISTORY August 2018, Originally compiled by Peter Hunt <pehunt@redhat.com> diff --git a/docs/source/markdown/podman-pod.1.md b/docs/source/markdown/podman-pod.1.md index b3d002a06..e5a8207e9 100644 --- a/docs/source/markdown/podman-pod.1.md +++ b/docs/source/markdown/podman-pod.1.md @@ -18,10 +18,10 @@ podman pod is a set of subcommands that manage pods, or groups of containers. | inspect | [podman-pod-inspect(1)](podman-pod-inspect.1.md) | Displays information describing a pod. | | kill | [podman-pod-kill(1)](podman-pod-kill.1.md) | Kill the main process of each container in one or more pods. | | pause | [podman-pod-pause(1)](podman-pod-pause.1.md) | Pause one or more pods. | -| prune | [podman-pod-prune(1)](podman-pod-prune.1.md) | Remove all stopped pods. | +| prune | [podman-pod-prune(1)](podman-pod-prune.1.md) | Remove all stopped pods and their containers. | | ps | [podman-pod-ps(1)](podman-pod-ps.1.md) | Prints out information about pods. | | restart | [podman-pod-restart(1)](podman-pod-restart.1.md) | Restart one or more pods. | -| rm | [podman-pod-rm(1)](podman-pod-rm.1.md) | Remove one or more pods. | +| rm | [podman-pod-rm(1)](podman-pod-rm.1.md) | Remove one or more stopped pods and containers. | | start | [podman-pod-start(1)](podman-pod-start.1.md) | Start one or more pods. | | stats | [podman-pod-stats(1)](podman-pod-stats.1.md) | Display a live stream of resource usage stats for containers in one or more pods. | | stop | [podman-pod-stop(1)](podman-pod-stop.1.md) | Stop one or more pods. | diff --git a/docs/source/markdown/podman-remote.1.md b/docs/source/markdown/podman-remote.1.md index 04010abaf..bbc54a2a6 100644 --- a/docs/source/markdown/podman-remote.1.md +++ b/docs/source/markdown/podman-remote.1.md @@ -17,7 +17,7 @@ Podman uses Buildah(1) internally to create container images. Both tools share i (not container) storage, hence each can use or manipulate images (but not containers) created by the other. -Podman-remote provides a local client interacting with a Podman backend node through a varlink ssh connection. In this context, a Podman node is a Linux system with Podman installed on it and the varlink service activated. Credentials for this session can be passed in using flags, enviroment variables, or in `podman-remote.conf` +Podman-remote provides a local client interacting with a Podman backend node through a varlink ssh connection. In this context, a Podman node is a Linux system with Podman installed on it and the varlink service activated. Credentials for this session can be passed in using flags, environment variables, or in `podman-remote.conf` **podman [GLOBAL OPTIONS]** diff --git a/docs/source/markdown/podman-remote.conf.5.md b/docs/source/markdown/podman-remote.conf.5.md new file mode 100644 index 000000000..e9cc05989 --- /dev/null +++ b/docs/source/markdown/podman-remote.conf.5.md @@ -0,0 +1,57 @@ +% podman-remote.conf(5) + +## NAME +podman-remote.conf - configuration file for the podman remote client + +## DESCRIPTION +The libpod.conf file is the default configuration file for all tools using +libpod to manage containers. + +The podman-remote.conf file is the default configuration file for the podman +remote client. It is in the TOML format. It is primarily used to keep track +of the user's remote connections. + +## CONNECTION OPTIONS +**destination** = "" + The hostname or IP address of the remote system + +**username** = "" + The username to use when connecting to the remote system + +**default** = bool + Denotes whether the connection is the default connection for the user. The default connection + is used when the user does not specify a destination or connection name to `podman`. + +**port** = int + Use an alternative port for the ssh connections. The default port is 22. + +**identity_file** = "" + Use an alternative location for the ssh private key + +**ignore_hosts** = bool + Don't match the remote ssh host key with known hosts + + +## EXAMPLE + +The following example depicts a configuration file with two connections. One of the connections +is designated as the default connection. +``` +[connections] + [connections.host1] + destination = "host1" + username = "homer" + default = true + + [connections.host2] + destination = "192.168.122.133" + username = "fedora" + port = 2222 +``` + +## FILES + `/$HOME/.config/containers/podman-remote.conf`, default location for the podman remote +configuration file + +## HISTORY +May 2019, Originally compiled by Brent Baude<bbaude@redhat.com> diff --git a/docs/source/markdown/podman-rm.1.md b/docs/source/markdown/podman-rm.1.md index 207d9d61d..782feac6f 100644 --- a/docs/source/markdown/podman-rm.1.md +++ b/docs/source/markdown/podman-rm.1.md @@ -18,6 +18,10 @@ Running or unusable containers will not be removed without the `-f` option. Remove all containers. Can be used in conjunction with -f as well. +**--cidfile** + +Read container ID from the specified file and remove the container. Can be specified multiple times. + **--force**, **-f** Force the removal of running and paused containers. Forcing a container removal also @@ -26,6 +30,12 @@ Containers could have been created by a different container engine. In addition, forcing can be used to remove unusable containers, e.g. containers whose OCI runtime has become unavailable. +**--ignore**, **-i** + +Ignore errors when specified containers are not in the container store. A user +might have decided to manually remove a container which would lead to a failure +during the ExecStop directive of a systemd service referencing that container. + **--latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman @@ -42,18 +52,25 @@ The storage option conflicts with the **--all**, **--latest**, and **--volumes** **--volumes**, **-v** -Remove the volumes associated with the container. +Remove anonymous volumes associated with the container. This does not include named volumes +created with `podman volume create`, or the `--volume` option of `podman run` and `podman create`. ## EXAMPLE Remove a container by its name *mywebserver* ``` podman rm mywebserver ``` + Remove several containers by name and container id. ``` podman rm mywebserver myflaskserver 860a4b23 ``` +Remove several containers reading their IDs from files. +``` +podman rm --cidfile ./cidfile-1 --cidfile /home/user/cidfile-2 +``` + Forcibly remove a container by container ID. ``` podman rm -f 860a4b23 diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index d6d8f4c1e..e1177cb34 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -81,12 +81,14 @@ Drop Linux capabilities **--cgroupns**=*mode* -Set the cgroup namespace mode for the container, by default **host** is used. +Set the cgroup namespace mode for the container. **host**: use the host's cgroup namespace inside the container. **container:<NAME|ID>**: join the namespace of the specified container. **private**: create a new cgroup namespace. **ns:<PATH>**: join the namespace at the specified path. +If the host uses cgroups v1, the default is set to **host**. On cgroups v2 the default is **private**. + **--cgroups**=*mode* Determines whether the container will create CGroups. @@ -202,9 +204,7 @@ it in the **libpod.conf** file: see **libpod.conf(5)** for more information. **--detach-keys**=*sequence* -Override the key sequence for detaching a container. Format is a single character `[a-Z]` or -a comma separated sequence of `ctrl-<value>`, where `<value>` is one of: -`a-z`, `@`, `^`, `[`, `\\`, `]`, `^` or `_`. +Specify the key sequence for detaching a container. Format is a single character `[a-Z]` or one or more `ctrl-<value>` characters where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. Specifying "" will disable this feature. The default is *ctrl-p,ctrl-q*. **--device**=*device* @@ -341,7 +341,7 @@ option to `false`. The environment variables passed in include `http_proxy`, those. This option is only needed when the host system must use a proxy but the container should not use any proxy. Proxy environment variables specified for the container in any other way will override the values that would have -been passed thru from the host. (Other ways to specify the proxy for the +been passed through from the host. (Other ways to specify the proxy for the container include passing the values with the `--env` flag, or hard coding the proxy environment at container build time.) @@ -509,6 +509,10 @@ Current supported mount TYPES are `bind`, `volume`, and `tmpfs`. · tmpfs-mode: File mode of the tmpfs in octal. (e.g. 700 or 0700.) Defaults to 1777 in Linux. + · tmpcopyup: Enable copyup from the image directory at the same location to the tmpfs. Used by default. + + · notmpcopyup: Disable copying files from the image to the tmpfs. + **--name**=*name* Assign a name to the container @@ -856,6 +860,10 @@ create one. * [`rw`|`ro`] * [`z`|`Z`] * [`[r]shared`|`[r]slave`|`[r]private`] +* [`[r]bind`] +* [`noexec`|`exec`] +* [`nodev`|`dev`] +* [`nosuid`|`suid`] The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume will be mounted into the container at this directory. @@ -909,6 +917,25 @@ where source dir is mounted on) has to have right propagation properties. For shared volumes, source mount point has to be shared. And for slave volumes, source mount has to be either shared or slave. +If you want to recursively mount a volume and all of it's submounts into a +container, then you can use the `rbind` option. By default the bind option is +used, and submounts of the source directory will not be mounted into the +container. + +Mounting the volume with the `nosuid` options means that SUID applications on +the volume will not be able to change their privilege. By default volumes +are mounted with `nosuid`. + +Mounting the volume with the noexec option means that no executables on the +volume will be able to executed within the container. + +Mounting the volume with the nodev option means that no devices on the volume +will be able to be used by processes within the container. By default volumes +are mounted with `nodev`. + +If the <source-dir> is a mount point, then "dev", "suid", and "exec" options are +ignored by the kernel. + Use `df <source-dir>` to figure out the source mount and then use `findmnt -o TARGET,PROPAGATION <source-mount-dir>` to figure out propagation properties of source mount. If `findmnt` utility is not available, then one diff --git a/docs/source/markdown/podman-start.1.md b/docs/source/markdown/podman-start.1.md index 4c81d17bd..84af9d800 100644 --- a/docs/source/markdown/podman-start.1.md +++ b/docs/source/markdown/podman-start.1.md @@ -23,9 +23,7 @@ starting multiple containers. **--detach-keys**=*sequence* -Override the key sequence for detaching a container. Format is a single character `[a-Z]` or -a comma separated sequence of `ctrl-<value>`, where `<value>` is one of: -`a-z`, `@`, `^`, `[`, `\\`, `]`, `^` or `_`. +Specify the key sequence for detaching a container. Format is a single character `[a-Z]` or one or more `ctrl-<value>` characters where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. Specifying "" will disable this feature. The default is *ctrl-p,ctrl-q*. **--interactive**, **-i** diff --git a/docs/source/markdown/podman-stop.1.md b/docs/source/markdown/podman-stop.1.md index b5ea670b0..3b5f17057 100644 --- a/docs/source/markdown/podman-stop.1.md +++ b/docs/source/markdown/podman-stop.1.md @@ -21,6 +21,16 @@ container and also via command line when creating the container. Stop all running containers. This does not include paused containers. +**--cidfile** + +Read container ID from the specified file and remove the container. Can be specified multiple times. + +**--ignore**, **-i** + +Ignore errors when specified containers are not in the container store. A user +might have decided to manually remove a container which would lead to a failure +during the ExecStop directive of a systemd service referencing that container. + **--latest**, **-l** Instead of providing the container name or ID, use the last created container. If you use methods other than Podman @@ -40,6 +50,10 @@ podman stop 860a4b235279 podman stop mywebserver 860a4b235279 +podman stop --cidfile /home/user/cidfile-1 + +podman stop --cidfile /home/user/cidfile-1 --cidfile ./cidfile-2 + podman stop --timeout 2 860a4b235279 podman stop -a diff --git a/docs/source/markdown/podman-system-reset.1.md b/docs/source/markdown/podman-system-reset.1.md new file mode 100644 index 000000000..432f275f4 --- /dev/null +++ b/docs/source/markdown/podman-system-reset.1.md @@ -0,0 +1,25 @@ +% podman-system-reset(1) + +## NAME +podman\-system\-reset - Reset storage back to initial state + +## SYNOPSIS +**podman system reset** + +## DESCRIPTION +**podman system reset** removes all pods, containers, images and volumes. + +## OPTIONS +**--force**, **-f** + +Do not prompt for confirmation + +**--help**, **-h** + +Print usage statement + +## SEE ALSO +`podman(1)`, `podman-system(1)` + +## HISTORY +November 2019, Originally compiled by Dan Walsh (dwalsh at redhat dot com) diff --git a/docs/source/markdown/podman-system.1.md b/docs/source/markdown/podman-system.1.md index bbd541066..1af97290d 100644 --- a/docs/source/markdown/podman-system.1.md +++ b/docs/source/markdown/podman-system.1.md @@ -15,9 +15,10 @@ The system command allows you to manage the podman systems | ------- | --------------------------------------------------- | ---------------------------------------------------------------------------- | | df | [podman-system-df(1)](podman-system-df.1.md) | Show podman disk usage. | | info | [podman-system-info(1)](podman-info.1.md) | Displays Podman related system information. | -| prune | [podman-system-prune(1)](podman-system-prune.1.md) | Remove all unused container, image and volume data | -| renumber | [podman-system-renumber(1)](podman-system-renumber.1.md)| Migrate lock numbers to handle a change in maximum number of locks. | | migrate | [podman-system-migrate(1)](podman-system-migrate.1.md)| Migrate existing containers to a new podman version. | +| prune | [podman-system-prune(1)](podman-system-prune.1.md) | Remove all unused container, image and volume data. | +| renumber | [podman-system-renumber(1)](podman-system-renumber.1.md)| Migrate lock numbers to handle a change in maximum number of locks. | +| reset | [podman-system-reset(1)](podman-system-reset.1.md) | Reset storage back to initial state. | ## SEE ALSO podman(1) diff --git a/docs/source/markdown/podman-top.1.md b/docs/source/markdown/podman-top.1.md index 1410aa651..6a04ab91a 100644 --- a/docs/source/markdown/podman-top.1.md +++ b/docs/source/markdown/podman-top.1.md @@ -70,6 +70,10 @@ The following descriptors are supported in addition to the AIX format descriptor Process state codes (e.g, **R** for *running*, **S** for *sleeping*). See proc(5) for more information. +**stime** + + Process start time (e.g, "2019-12-09 10:50:36 +0100 CET). + ## EXAMPLES By default, `podman-top` prints data similar to `ps -ef`: diff --git a/docs/source/markdown/podman-version.1.md b/docs/source/markdown/podman-version.1.md index 4499f6338..de22c4800 100644 --- a/docs/source/markdown/podman-version.1.md +++ b/docs/source/markdown/podman-version.1.md @@ -34,8 +34,8 @@ OS/Arch: linux/amd64 Filtering out only the version: ``` -$ podman version --format '{{.Version}}' -0.11.2 +$ podman version --format '{{.Client.Version}}' +1.6.3 ``` ## SEE ALSO diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md index f6fa1a457..c62f54fbb 100644 --- a/docs/source/markdown/podman.1.md +++ b/docs/source/markdown/podman.1.md @@ -21,10 +21,6 @@ created by the other. ## GLOBAL OPTIONS -**--help**, **-h** - -Print usage statement - **--cgroup-manager**=*manager* CGroup manager to use for container cgroups. Supported values are cgroupfs or systemd. Default is systemd unless overridden in the libpod.conf file. @@ -32,6 +28,17 @@ CGroup manager to use for container cgroups. Supported values are cgroupfs or sy Note: Setting this flag can cause certain commands to break when called on containers previously created by the other CGroup manager type. Note: CGroup manager is not supported in rootless mode when using CGroups Version V1. +**--cni-config-dir** +Path of the configuration directory for CNI networks. (Default: `/etc/cni/net.d`) + +**--config** +Path of a libpod config file detailing container server configuration options + +Default libpod config file is /usr/share/containers/libpod.conf. Override file is in /etc/containers/libpod.conf. In rootless mode the config file will be read from $HOME/.config/containers/libpod.conf. + +**--conmon** +Path of the conmon binary (Default path is configured in `libpod.conf`) + **--cpu-profile**=*path* Path to where the cpu performance results should be written @@ -40,6 +47,10 @@ Path to where the cpu performance results should be written Backend to use for storing events. Allowed values are **file**, **journald**, and **none**. +**--help**, **-h** + +Print usage statement + **--hooks-dir**=*path* Each `*.json` file in the path configures a hook for Podman containers. For more details on the syntax of the JSON files and the semantics of hook injection, see `oci-hooks(5)`. Podman and libpod currently support both the 1.0.0 and 0.1.0 hook schemas, although the 0.1.0 schema is deprecated. @@ -58,30 +69,30 @@ Podman and libpod currently support an additional `precreate` state which is cal **--log-level**=*level* -Log messages above specified level: debug, info, warn, error (default), fatal or panic +Log messages above specified level: debug, info, warn, error (default), fatal or panic (default: "error") **--namespace**=*namespace* Set libpod namespace. Namespaces are used to separate groups of containers and pods in libpod's state. When namespace is set, created containers and pods will join the given namespace, and only containers and pods in the given namespace will be visible to Podman. +**--network-cmd-path**=*path* +Path to the command binary to use for setting up a network. It is currently only used for setting up a slirp4netns network. If "" is used then the binary is looked up using the $PATH environment variable. + **--root=***value* Storage root dir in which data, including images, is stored (default: "/var/lib/containers/storage" for UID 0, "$HOME/.local/share/containers/storage" for other users). -Default root dir is configured in /etc/containers/storage.conf. +Default root dir is configured in `/etc/containers/storage.conf`. **--runroot**=*value* Storage state directory where all state information is stored (default: "/var/run/containers/storage" for UID 0, "/var/run/user/$UID/run" for other users). -Default state dir is configured in /etc/containers/storage.conf. +Default state dir is configured in `/etc/containers/storage.conf`. **--runtime**=*value* Name of the OCI runtime as specified in libpod.conf or absolute path to the OCI compatible binary used to run containers. -**--network-cmd-path**=*path* -Path to the command binary to use for setting up a network. It is currently only used for setting up a slirp4netns network. If "" is used then the binary is looked up using the $PATH environment variable. - **--storage-driver**=*value* Storage driver. The default storage driver for UID 0 is configured in /etc/containers/storage.conf (`$HOME/.config/containers/storage.conf` in rootless mode), and is *vfs* for non-root users when *fuse-overlayfs* is not available. The `STORAGE_DRIVER` environment variable overrides the default. The --storage-driver specified driver overrides all. @@ -95,10 +106,16 @@ Storage driver option, Default storage driver options are configured in /etc/con **--syslog** -output logging information to syslog as well as the console +Output logging information to syslog as well as the console. On remote clients, logging is directed to the file ~/.config/containers/podman.log +**--tmpdir** + +Path to the tmp directory, for libpod runtime content. + +NOTE --tmpdir is not used for the temporary storage of downloaded images. Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`. + **--version**, **-v** Print the version |