| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
validate pulltype will allow initial caps form cli or yaml file passed to i
play kube.
Use code related with pullpolicy from containers/common.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Vendor in containers/buildah 1.16.1
|
|/
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Vendor in containers/common v0.22.0
|
| |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
system df: fix image-size calculations
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix the image-size calculations of system-df, where the shared size is
the actual shared size with other images (including children) and the
(total) size is the sum of the shared and unique size [1].
To calculate parent/child relations, make use of the recently added
layer tree which allows for quick (and cached!) calculations.
Break calculating image disk usages into the image runtime to a) access
the layer tree, and b) make the code easier to maintain and extend.
[1] https://docs.docker.com/engine/reference/commandline/system_df/
Fixes: #7406
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Fix up errors found by codespell
|
| |/
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Add global options --runtime-flags
|
| | |
| | |
| | |
| | |
| | |
| | | |
Add global options --runtime-flags for setting options to container runtime.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \
| | | |
| | | | |
[CI:DOCS] Document --read-only --rootfs requirements
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add entry to troubleshooting to document how to setup a read-only rootfs to
use with Podman.
Fixes: https://github.com/containers/podman/issues/5895
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
add @edsantiago to OWNERS file
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
I keep forgetting to /approve PRs as Ed really doesn't need an explicit
approval.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| |_|_|_|/
|/| | | | |
remote run: fix error checks
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
As error types are not preserved on the client side (due to marshaling),
we cannot use `errors.Cause(...)` and friends but, unfortunately, have
to fall back to looking for substring the error messages.
Change the error checks in remote run to do substring matches and fix
issue #7340.
Fixes: #7340
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Force Attach() to send a SIGWINCH and redraw
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Basically, we want to force the application in the container to
(iff the container was made with a terminal) redraw said terminal
immediately after an attach completes, so the fresh Attach
session will be able to see what's going on (e.g. will have a
shell prompt). Our current attach functions are unfortunately
geared more towards `podman run` than `podman attach` and will
start forwarding resize events *immediately* instead of waiting
until the attach session is alive (much safer for short-lived
`podman run` sessions, but broken for the `podman attach` case).
To avoid a major rewrite, let's just manually send a SIGWINCH
after attach succeeds to force a redraw.
Fixes #6253
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
play/generate: support shareProcessNamespace
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
this is an option that allows a user to specify whether to share PID namespace in the pod
for play kube and generate kube
associated test added
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
run_networking e2e test: add cleanup to some tests
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Problem: if either of the two "podman network create" tests
fail, all subsequent retries will also fail because the
created network has not been cleaned up (so "network create"
will fail with EEXIST).
Solution: run "podman network rm" as deferred cleanup instead
of in each test.
This is NOT a fix for #7583 - it is just a way to allow
ginkgo to retry a failing test.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Allowed underscores to remain in name for YAML (Kube generate)
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Add read-only volume mount to play kube
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
add support for read-only volume mounts in podman play kube
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
[CI:DOCS] Add auth.json(5) link to login/logout docs
|
| | |/ / / / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Add auth.json(5) link to login/logout docs. Provide more details about the usage of auth.json by podman-login.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \ \ \ \
| |_|_|/ / / /
|/| | | | | | |
system tests: cleanup
|
| | |_|/ / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
- run tests: better "skip" message for docker-archive test;
remove FIXME, document that podman-remote doesn't support it
- run tests: instrument the --conmon-pidfile test in hopes
of tracking down flake #7580: cross-check pidfile against
output of 'podman inspect', and add some debug messages
that will only be seen on test failure.
- load tests: the pipe test: save and load a temporary tag,
not $IMAGE. Primary reason is because of #7371, in which
'podman load' assigns a new image ID (instead of preserving
the saved one). This messes with our image management, and
it turns out to be nonfixable.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
Make an entry in /etc/group when we modify /etc/passwd
|
| | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
To ensure that the user running in the container ahs a valid
entry in /etc/passwd so lookup functions for the current user
will not error, Podman previously began adding entries to the
passwd file. We did not, however, add entries to the group file,
and this created problems - our passwd entries included the group
the user is in, but said group might not exist. The solution is
to mirror our logic for /etc/passwd modifications to also edit
/etc/group in the container.
Unfortunately, this is not a catch-all solution. Our logic here
is only advanced enough to *add* to the group file - so if the
group already exists but we add a user not a part of it, we will
not modify that existing entry, and things remain inconsistent.
We can look into adding this later if we absolutely need to, but
it would involve adding significant complexity to this already
massively complicated function.
While we're here, address an edge case where Podman could add a
user or group whose UID overlapped with an existing user or
group.
Also, let's make users able to log into users we added. Instead
of generating user entries with an 'x' in the password field,
indicating they have an entry in /etc/shadow, generate a '*'
indicating the user has no password but can be logged into by
other means e.g. ssh key, su.
Fixes #7503
Fixes #7389
Fixes #7499
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
podman container runlabel should pull the image if it does not exist
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Since --pull is deprecated, remove it from help and hide if from --help
Also set it to true by default.
Share image pull code betweern podman image pull and podman container runlabel.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1877181
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
libpod: read mappings when joining a container userns
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
when joining an existing container user namespace, read the existing
mappings so the storage can be created with the correct ownership.
Closes: https://github.com/containers/podman/issues/7547
Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
vendor containers/storage v1.23.5
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
rootless: support `podman network create` (CNI-in-slirp4netns)
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Usage:
```
$ podman network create foo
$ podman run -d --name web --hostname web --network foo nginx:alpine
$ podman run --rm --network foo alpine wget -O - http://web.dns.podman
Connecting to web.dns.podman (10.88.4.6:80)
...
<h1>Welcome to nginx!</h1>
...
```
See contrib/rootless-cni-infra for the design.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
remote run: consult events for exit code
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
After attaching to a container, we wait for the container to finish and
return its exit code. Waiting for the container may not always succeed,
for instance, when the container has been force removed by another
process. In such case, we have to look at the *last* container-exit
event.
Also refactor the `ContainerRun` method a bit to return early on errors
and de-spaghetti the code.
Enable the remote-disabled system test.
Fixes: #7117
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Extend the flags of the `manifest add` command
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Ensure the new flags added to `manifest add` are known to bash
completion.
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Ensure all the flags are covered by the man page.
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Prior to this commit the value of the `--cert-dir` flag
specified for `podman manifest push` was not handled by the internal
code.
That resulted in `podman manifest push` not reading the certificates
stored inside of the directory specified by the user.
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
|
| | |_|_|_|_|/ /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Extend the flags of `podman manifest add` to include also:
* cert-dir
* auth-file
* creds
* tls-verify
These options are useful when adding to a manifest an image that is not
part of the local image store. The image resides on a remote registry
that falls into one of these cases: it's not using tls termination, it requires
authentication or it's secured with an unknown tls certificate.
Consider the following scenario: a multi architecture manifest is created as
part of a multi-step CI pipeline running in a containerized way.
All the images referenced by the manifest live inside of a registry
secured with a self-signed tls certificate.
Without this patch the manifest creation step would have to pull all the
multi-architecture images locally via `podman pull`.
With this patch the usage of `podman pull` would not be needed because the
images' digests can be requested straight to the registry. That means the
execution of manifest creation step would be faster and result in less disk
space and network bandwidth being used.
Finally, this is a propagation of a similar fix done inside of buildah
via https://github.com/containers/buildah/pull/2593
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
|