| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
For rootless users the infra container used the slirp4netns net mode
even when bridge was requested. We can support bridge networking for
rootless users so we have allow this. The default is not changed.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |
|
|
|
|
| |
This is supported with the new rootless cni logic.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of creating an extra container create a network and mount
namespace inside the podman user namespace. This ns is used to
for rootless cni operations.
This helps to align the rootless and rootful network code path.
If we run as rootless we just have to set up a extra net ns and
initialize slirp4netns in it. The ocicni lib will be called in
that net ns.
This design allows allows easier maintenance, no extra container
with pause processes, support for rootless cni with --uidmap
and possibly more.
The biggest problem is backwards compatibility. I don't think
live migration can be possible. If the user reboots or restart
all cni containers everything should work as expected again.
The user is left with the rootless-cni-infa container and image
but this can safely be removed.
To make the existing cni configs work we need execute the cni plugins
in a extra mount namespace. This ensures that we can safely mount over
/run and /var which have to be writeable for the cni plugins without
removing access to these files by the main podman process. One caveat
is that we need to keep the netns files at `XDG_RUNTIME_DIR/netns`
accessible.
`XDG_RUNTIME_DIR/rootless-cni/{run,var}` will be mounted to `/{run,var}`.
To ensure that we keep the netns directory we bind mount this relative
to the new root location, e.g. XDG_RUNTIME_DIR/rootless-cni/run/user/1000/netns
before we mount the run directory. The run directory is mounted recursive,
this makes the netns directory at the same path accessible as before.
This also allows iptables-legacy to work because /run/xtables.lock is
now writeable.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\
| |
| | |
Remove --execute from podman machine ssh
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The --execute flag ended up serving no purpose. It was removed and
documentation was updated.
Fixed a panic when no VM name was provided.
[NO TESTS NEEDED]
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
Should send the OCI runtime path not just the name to buildah
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[NO TESTS NEEDED] Mainly because I have no idea how we would test
this.
Fixes: https://github.com/containers/podman/issues/9459
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
[CI:DOCS] Makefile: Fix make install.docker regression
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The split of install.docker and install.docker-docs makes some sense but
there should be some way to specify both for packagers.
This introduces `make install.docker-full` which installs both the
docker binary and the documentation.
Signed-off-by: Morten Linderud <morten@linderud.pw>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commit 3908c00799fe2af1a12c9c4f4be8b49dbdecd9be introduces a split for
installing the docker binary and the docker documentation. The
install line creating BINDIR and MANDIR was both moved to the
install.docker-docs path which makes `install.docker` fail.
Signed-off-by: Morten Linderud <morten@linderud.pw>
|
| |\ \ \
| | | |
| | | | |
podman machine shell completion
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add shell completion for machine names.
[NO TESTS NEEDED]
I would like to add one to the shell completion test however
using podman machine init is to expensive.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \
| | | |
| | | | |
Fix handling of remote --log-rusage param
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes: https://github.com/containers/podman/issues/9889
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Fix bindings prune containers flaky test
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In #9863 prune containers filter params were narrowed to support only those
required by http API. name filter in bindings was replaced by until filter,
which is not a good match, as until filters are causing tests to be flaky.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
[CI:DOCS] Fix unmount doc reference in image.rst
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
This pointed to the container-unmount doc page. It now points to the
expected podman-image-unmount doc page.
Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>
|
| |\ \ \
| |/ /
|/| | |
podman machine init --ignition-path
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
allow for the user to provide an alternate ignition-file rather than the
auto-generated one.
updated docs to describe ramifications of providing an alterate ignition
file.
[NO TESTS NEEDED]
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
[CI:DOCS] Add local html build info to docs/README.md
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
Rename Readme.md to README.md in the docs directory. Add
the local build process per @Luap99 in #9856 for the man pages
to preview any changes that are made.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
| |\ \
| | |
| | | |
Add podman machine ls
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
podman machine list lists all virtual machines & indicates the default VM
connection, if it exists. it also can take a --format flag arg as a go
template.
[NO TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \
| | |
| | | |
Trim white space from /top endpoint results
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Versions of the ps command have additional spaces between fields, this
manifests as the container asking to run "top" and API reporting "top "
as a process.
Endpoint and tests updated to check that "top" is reported.
There is no libpod specialized endpoint to update.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Containers prune endpoint should use only prune filters
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Containers endpoints for HTTP compad and libpod APIs allowed usage of list HTTP
endpoint filter funcs. Documentation in case of libpod and compat API does not allow that.
This commit aligns code with the documentation.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
[NO TESTS NEEDED] Remove semantic version suffices from API calls
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When using the bindings do not include the pre-release or build
metadata in the URL for the service. This breaks older services, while
not providing that much additional functionality.
[NO TESTS NEEDED]
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | | |
Document --volume from podman-remote run/create client
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
[NO TESTS NEEDED] This PR is mainly documentation and some code cleanup.
Also cleanup and consolidate handling of other hanlding of podman-remote
hidden options.
Fixes: https://github.com/containers/podman/issues/9874
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \ \
| |_|_|_|/
|/| | | | |
resolve proper aarch64 image names
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
when automatically downloading fcos for the Apple M1, we needed
to replace a statically defined URL with the dynamically
determined one.
also, it appears boolean qemu options `server` and `onwait` are
not defined as `server=on` and `wait=off`.
[NO TESTS NEEDED]
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
podman machine init user input
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
users may now provide a fully qualified local file path or a URL to seed
the disk-image to be used in the VM.
[NO TESTS NEEDED]
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
[CI:DOCS] Update main branch to reflect the release of v3.1.0
|
| | | |_|/ / /
| |/| | | |
| | | | | |
| | | | | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
Silence podman network reload errors with iptables-nft
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Make sure we do not display the expected error when using podman network
reload. This is already done for iptables-legacy however iptables-nft
creates a slightly different error message so check for this as well.
The error is logged at info level.
[NO TESTS NEEDED] The test VMs do not use iptables-nft so there is no
way to test this. It is already tested for iptables-legacy.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
APIv2 basic test: relax APIVersion check
|
| | | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
It is tedious and error-prone to update the 'APIVersion=<exact>'
test every time there's a minor bump. Change the test so it
confirms only the major version.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
[NO TESTS NEEDED] Add machine support for qemu-system-aarch64 on linux
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Build machine also for podman-linux-arm64
- Add default machine type for linux arm64
- Add the required qemu-uefi bios parameter
- Remove hardcoded outdated path and show url
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Bump to v3.2.0-dev
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
[CI:DOCS] manpage xref: helpful diagnostic for unescaped dash-dash
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
PR #9856 works around a buggy markdown processor that cleverly
converts double dashes to em-dash. The unfortunate result is
that the man page source files are unmaintainable, because
every '--foo' has to be specified as '\-\-foo'. This is
impossible for humans to remember, so let's add a helpful
diagnostic message when we detect new options added without
the escapes.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
service: use LISTEN_FDS
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
if LISTEN_FDS is specified by systemd, we need to use the first fd
after the std files (so fd=3) to read from the activation socket
instead of manually opening the UNIX socket.
[NO TESTS NEEDED]
Closes: https://github.com/containers/podman/issues/9251
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
