aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/source/markdown/podman-create.1.md2
-rw-r--r--docs/source/markdown/podman-generate-systemd.1.md7
-rw-r--r--docs/source/markdown/podman-manifest-push.1.md4
-rw-r--r--docs/source/markdown/podman-pod-create.1.md2
-rw-r--r--docs/source/markdown/podman-push.1.md2
-rw-r--r--docs/source/markdown/podman-run.1.md2
-rw-r--r--docs/tutorials/socket_activation.md23
7 files changed, 34 insertions, 8 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 6a951b421..b3e707e45 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -1571,7 +1571,7 @@ $ podman create -v /var/lib/design:/var/lib/design --group-add keep-groups ubi8
### Configure execution domain for containers using personality flag
```
-$ podman create --name container1 --personaity=LINUX32 fedora bash
+$ podman create --name container1 --personality=LINUX32 fedora bash
```
### Create a container with external rootfs mounted as an overlay
diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md
index 50881a509..fc2ce171e 100644
--- a/docs/source/markdown/podman-generate-systemd.1.md
+++ b/docs/source/markdown/podman-generate-systemd.1.md
@@ -14,6 +14,13 @@ Generating unit files for a pod requires the pod to be created with an infra con
_Note: If you use this command with the remote client, including Mac and Windows (excluding WSL2) machines, you would still have to place the generated units on the remote system. Moreover, please make sure that the XDG_RUNTIME_DIR environment variable is set. If unset, you may set it via `export XDG_RUNTIME_DIR=/run/user/$(id -u)`._
+_Note: The generated `podman run` command contains an `--sdnotify` option with the value taken from the container.
+If the container does not have any explicitly set value or the value is set to __ignore__, the value __conmon__ is used.
+The reason for overriding the default value __container__ is that almost no container workloads send notify messages.
+Systemd would wait for a ready message that never comes, if the value __container__ is used for a container
+that does not send notify messages. The use of the default value might have been unintentional by the user,
+therefore the overridden default value._
+
### Kubernetes Integration
A Kubernetes YAML can be executed in systemd via the `podman-kube@.service` systemd template. The template's argument is the path to the YAML file. Given a `workload.yaml` file in the home directory, it can be executed as follows:
diff --git a/docs/source/markdown/podman-manifest-push.1.md b/docs/source/markdown/podman-manifest-push.1.md
index 22e8cae9a..649315270 100644
--- a/docs/source/markdown/podman-manifest-push.1.md
+++ b/docs/source/markdown/podman-manifest-push.1.md
@@ -32,6 +32,10 @@ environment variable. `export REGISTRY_AUTH_FILE=path`
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d)
Please refer to containers-certs.d(5) for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
+#### **--compression-format**=**gzip** | *zstd* | *zstd:chunked*
+
+Specifies the compression format to use. Supported values are: `gzip`, `zstd` and `zstd:chunked`. The default is `gzip` unless overridden in the containers.conf file.
+
#### **--creds**=*creds*
The [username[:password]] to use to authenticate with the registry if required.
diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markdown/podman-pod-create.1.md
index 6ed66c599..7b63ac51d 100644
--- a/docs/source/markdown/podman-pod-create.1.md
+++ b/docs/source/markdown/podman-pod-create.1.md
@@ -373,7 +373,7 @@ Note: Labeling can be disabled for all containers by setting label=false in the
#### **--share**=*namespace*
-A comma-separated list of kernel namespaces to share. If none or "" is specified, no namespaces will be shared. The namespaces to choose from are cgroup, ipc, net, pid, uts. If the option is prefixed with a "+" then the namespace is appended to the default list, otherwise it replaces the default list. Defaults matches Kubernetes default (ipc, net, uts)
+A comma-separated list of kernel namespaces to share. If none or "" is specified, no namespaces will be shared and the infra container will not be created unless expiclity specified via **--infra=true**. The namespaces to choose from are cgroup, ipc, net, pid, uts. If the option is prefixed with a "+" then the namespace is appended to the default list, otherwise it replaces the default list. Defaults matches Kubernetes default (ipc, net, uts)
#### **--share-parent**
diff --git a/docs/source/markdown/podman-push.1.md b/docs/source/markdown/podman-push.1.md
index 3cda982ac..115d077dd 100644
--- a/docs/source/markdown/podman-push.1.md
+++ b/docs/source/markdown/podman-push.1.md
@@ -67,7 +67,7 @@ Note: This flag can only be set when using the **dir** transport
#### **--compression-format**=**gzip** | *zstd* | *zstd:chunked*
-Specifies the compression format to use. Supported values are: `gzip`, `zstd` and `zstd:chunked`. The default is `gzip`.
+Specifies the compression format to use. Supported values are: `gzip`, `zstd` and `zstd:chunked`. The default is `gzip` unless overridden in the containers.conf file.
#### **--creds**=*[username[:password]]*
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index cb19e929e..8c889f0a5 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -1924,7 +1924,7 @@ $ podman run -v /var/lib/design:/var/lib/design --group-add keep-groups ubi8
### Configure execution domain for containers using personality flag
```
-$ podman run --name container1 --personaity=LINUX32 fedora bash
+$ podman run --name container1 --personality=LINUX32 fedora bash
```
### Run a container with external rootfs mounted as an overlay
diff --git a/docs/tutorials/socket_activation.md b/docs/tutorials/socket_activation.md
index 9b4b02b81..f4ad5aefd 100644
--- a/docs/tutorials/socket_activation.md
+++ b/docs/tutorials/socket_activation.md
@@ -19,7 +19,7 @@ The architecture looks like this
``` mermaid
stateDiagram-v2
- [*] --> systemd: client connects
+ [*] --> systemd: first client connects
systemd --> podman: socket inherited via fork/exec
```
@@ -55,6 +55,9 @@ $ export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock
$ docker-compose up
```
+When __docker-compose__ or any other client connects to the UNIX socket `$XDG_RUNTIME_DIR/podman/podman.sock`,
+the service _podman.service_ is started. See its definition in the file _/usr/lib/systemd/user/podman.service_.
+
## Socket activation of containers
Since version 3.4.0 Podman supports socket activation of containers, i.e., passing
@@ -65,7 +68,7 @@ as can be seen in the following diagram:
``` mermaid
stateDiagram-v2
- [*] --> systemd: client connects
+ [*] --> systemd: first client connects
systemd --> podman: socket inherited via fork/exec
state "OCI runtime" as s2
podman --> conmon: socket inherited via double fork/exec
@@ -207,6 +210,18 @@ container then runs with less privileges.
When using rootless Podman, network traffic is normally passed through slirp4netns. This comes with
a performance penalty. Fortunately, communication over the socket-activated socket does not pass through
slirp4netns so it has the same performance characteristics as the normal network on the host.
-Note, there is a delay when the first connection is made because the container needs to
+
+### Starting a socket-activated service
+
+There is a delay when the first connection is made because the container needs to
start up. To minimize this delay, consider passing __--pull=never__ to `podman run` and instead
-pull the container image beforehand.
+pull the container image beforehand. Instead of waiting for the start of the service to be triggered by the
+first client connecting to it, the service can also be explicitly started (`systemctl --user start echo.service`).
+
+### Stopping a socket-activated service
+
+Some services run a command (configured by the systemd directive __ExecStart__) that exits after some time of inactivity.
+Depending on the restart configuration for the service
+(systemd directive [__Restart__](https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=)),
+it may then be stopped. An example of this is _podman.service_ that stops after some time of inactivity.
+The service will be started again when the next client connects to the socket.
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-10-04 12:27:37 +0000