summaryrefslogtreecommitdiff
path: root/cmd/podman/common.go
Commit message (Collapse)AuthorAge
* namespaces: by default create cgroupns on cgroups v2Giuseppe Scrivano2019-11-05
| | | | | | | | | | | | | | | | change the default on cgroups v2 and create a new cgroup namespace. When a cgroup namespace is used, processes inside the namespace are only able to see cgroup paths relative to the cgroup namespace root and not have full visibility on all the cgroups present on the system. The previous behaviour is maintained on a cgroups v1 host, where a cgroup namespace is not created by default. Closes: https://github.com/containers/libpod/issues/4363 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* pull/create: add --override-arch/--override-os flagsNalin Dahyabhai2019-10-29
| | | | | | | | Add --override-arch and --override-os as hidden flags, in line with the global flag names that skopeo uses, so that we can test behavior around manifest lists without having to conditionalize more of it by arch. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* cli: support --systemd=alwaysGiuseppe Scrivano2019-10-09
| | | | | | | it enforces the systemd mode also when the command name doesn't match /usr/sbin/init or systemd. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Setup a reasonable default for pids-limit 4096Daniel J Walsh2019-10-04
| | | | | | | | | | | CRI-O defaults to 1024 for the maximum pids in a container. Podman should have a similar limit. Once we have a containers.conf, we can set the limit in this file, and have it easily customizable. Currently the documentation says that -1 sets pids-limit=max, but -1 fails. This patch allows -1, but also indicates that 0 also sets the max pids limit. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add support for launching containers without CGroupsMatthew Heon2019-09-10
| | | | | | | This is mostly used with Systemd, which really wants to manage CGroups itself when managing containers via unit file. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* cli-flags: use a consistent format for <size><unit>Marco Vedovati2019-09-05
| | | | | | | | Use a consistent format for description of the <size><unit> flags. Also, avoid backticks for /dev/shm, as that's interpreted as the format by the flag parsing lib. Signed-off-by: Marco Vedovati <mvedovati@suse.com>
* add --pull flag for podman create&runQi Wang2019-08-09
| | | | | | | | | | | Requirement from https://github.com/containers/libpod/issues/3575#issuecomment-512238393 Added --pull for podman create and pull to match the newly added flag in docker CLI. `missing`: default value, podman will pull the image if it does not exist in the local. `always`: podman will always pull the image. `never`: podman will never pull the image. Signed-off-by: Qi Wang <qiwan@redhat.com>
* libpod: support for cgroup namespaceGiuseppe Scrivano2019-07-18
| | | | | | | | | | | | | | allow a container to run in a new cgroup namespace. When running in a new cgroup namespace, the current cgroup appears to be the root, so that there is no way for the container to access cgroups outside of its own subtree. By default it uses --cgroup=host to keep the previous behavior. To create a new namespace, --cgroup=private must be provided. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Make the healthcheck flags compatible with Docker CLIHunor Csomortáni2019-07-16
| | | | | | | | | | | | Docker CLI calls the healthcheck flags "--health-*", instead of "--healthcheck-*". Introduce the former, in order to keep compatibility, and alias the later, in order to avoid breaking current usage. Change "--healthcheck-*" to "--health-*" in the docs and tests. Signed-off-by: Hunor Csomortáni <csomh@redhat.com>
* Add support for -env-hostDaniel J Walsh2019-07-11
| | | | | | | | | | This flag passes the host environment into the container. The basic idea is to leak all environment variables from the host into the container. Environment variables from the image, and passed in via --env and --env-file will override the host environment. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* first pass of corrections for golangci-lintbaude2019-07-10
| | | | Signed-off-by: baude <bbaude@redhat.com>
* podman: create and run honors auth file locationGiuseppe Scrivano2019-07-09
| | | | | | | | if the auth file was overriden, be sure create and run honors it. Closes: https://github.com/containers/libpod/issues/3524 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #3324 from marcov/detach-keys-configurableOpenShift Merge Robot2019-07-01
|\ | | | | libpod: specify a detach keys sequence in libpod.conf
| * podman: clarify the format of --detach-keys argumentMarco Vedovati2019-06-26
| | | | | | | | Signed-off-by: Marco Vedovati <mvedovati@suse.com>
* | Merge pull request #3435 from mheon/fix_tmpfs_optionsOpenShift Merge Robot2019-06-26
|\ \ | |/ |/| Fix parsing of the --tmpfs option
| * Fix parsing of the --tmpfs optionMatthew Heon2019-06-25
| | | | | | | | | | | | | | | | | | With StringSlice, we're seeing individual options added and parsed separately, so `tmpfs:nosuid,nodev` turns into three tmpfs mounts passed into pkg/sec (tmpfs:, nosuid, nodev). Swap to StringArray to tell cobra this can't be split on commas. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | remove libpod from mainbaude2019-06-25
|/ | | | | | | | | | | | | the compilation demands of having libpod in main is a burden for the remote client compilations. to combat this, we should move the use of libpod structs, vars, constants, and functions into the adapter code where it will only be compiled by the local client. this should result in cleaner code organization and smaller binaries. it should also help if we ever need to compile the remote client on non-Linux operating systems natively (not cross-compiled). Signed-off-by: baude <bbaude@redhat.com>
* podman: honor env variable PODMAN_USERNSGiuseppe Scrivano2019-05-24
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fixup FlagsDaniel J Walsh2019-05-20
| | | | | | | | Mark hidden all references to signature-policy Default all uses of --authfile Add --authfile support to podman run and podman create. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add container restart policy to Libpod & PodmanMatthew Heon2019-05-03
| | | | | | | This initial version does not support restart count, but it works as advertised otherwise. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* http-proxy: improve docsJames Cassell2019-05-01
| | | | Signed-off-by: James Cassell <code@james.cassell.me>
* auto pass http_proxy into containerJames Cassell2019-04-30
| | | | Signed-off-by: James Cassell <code@james.cassell.me>
* Add --read-only-tmpfs optionsDaniel J Walsh2019-04-26
| | | | | | | | | | | The --read-only-tmpfs option caused podman to mount tmpfs on /run, /tmp, /var/tmp if the container is running int read-only mode. The default is true, so you would need to execute a command like --read-only --read-only-tmpfs=false to turn off this behaviour. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman-remote create|runbaude2019-04-08
| | | | | | | | | | | | | | add the ability to create and run containers via the podman-remote client. we now create an intermediate layer from the the create/run cli flags. the intermediate layer can be converted into a createconfig or into a varlink struct. Once transported, the varlink struct can be converted back to an intermediate layer and then to a createconfig. remote terminals are not supported yet. Signed-off-by: baude <bbaude@redhat.com>
* Revert "Switch to golangci-lint"Brent Baude2019-04-05
| | | | Signed-off-by: baude <bbaude@redhat.com>
* Add deadcode linterSascha Grunert2019-04-04
| | | | Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* Remove ulele/deepcopier in favor of JSON deep copyMatthew Heon2019-03-27
| | | | | | | | | | | | | We have a very high performance JSON library that doesn't need to perform code generation. Let's use it instead of our questionably performant, reflection-dependent deep copy library. Most changes because some functions can now return errors. Also converts cmd/podman to use jsoniter, instead of pkg/json, for increased performance. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add --no-hosts flag to disable management of /etc/hostsMatthew Heon2019-03-27
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* podman health check phase3baude2019-03-22
| | | | | | | | | | | | | | | | podman will not start a transient service and timer for healthchecks. this handles the tracking of the timing for health checks. added the 'started' status which represents the time that a container is in its start-period. the systemd timing can be disabled with an env variable of DISABLE_HC_SYSTEMD="true". added filter for ps where --filter health=[starting, healthy, unhealthy] can now be used. Signed-off-by: baude <bbaude@redhat.com>
* podman: do not split --env on commaGiuseppe Scrivano2019-03-20
| | | | | | | | if --env "a=b,c" is used, do not split into a=b and c=. Closes: https://github.com/containers/libpod/issues/2712 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2633 from edsantiago/default_defaultOpenShift Merge Robot2019-03-15
|\ | | | | Usage messages: deduplicate '(default true)' et al
| * Usage messages: deduplicate '(default true)' et alEd Santiago2019-03-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove hardcoded '(default: true)' strings from bool flags, and '(default this-or-that)' from string flags. First because it's unmaintainable duplication that would cause confusion should someone ever change the default and not notice the message. Second, because cobra[1] already prints '(default XXXX)' for all options with non-false non-nil default. So in each of these cases, current podman help behavior is: $ podman login --help ... --tls-verify Require HTTPS ... (default: true) (default true) This PR eliminates that duplication. [1] actually spf13/pflag/flag.go The only nontrivial one of these is start.go, where the default for sigProxy depends on the --attach flag. Solution: change the command-line default to false, and implement the new conditional default in logic. Bonus: removed unnecessary check, because now if sigProxy is set without --attach, we can guarantee that it was done by the user. But please pay close scrutiny to this particular section in case there's something I missed. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Corrected detach man pages and code commentsJhon Honce2019-03-13
|/ | | | | | * Updated documentation to match code Signed-off-by: Jhon Honce <jhonce@redhat.com>
* healtcheck phase 2baude2019-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | integration of healthcheck into create and run as well as inspect. healthcheck enhancements are as follows: * add the following options to create|run so that non-docker images can define healthchecks at the container level. * --healthcheck-command * --healthcheck-retries * --healthcheck-interval * --healthcheck-start-period * podman create|run --healthcheck-command=none disables healthcheck as described by an image. * the healthcheck itself and the healthcheck "history" can now be observed in podman inspect * added the wiring for healthcheck history which logs the health history of the container, the current failed streak attempts, and log entries for the last five attempts which themselves have start and stop times, result, and a 500 character truncated (if needed) log of stderr/stdout. The timings themselves are not implemented in this PR but will be in future enablement (i.e. next). Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2582 from baude/issue2574OpenShift Merge Robot2019-03-08
|\ | | | | label parsing in non-quoted field
| * label parsing in non-quoted fieldbaude2019-03-08
| | | | | | | | | | | | | | | | | | switch from a stringslice to a stringarray for labels to handle quoted input. fixes issue #2574 Signed-off-by: baude <bbaude@redhat.com>
* | More cleanup for failures on missing commands.Daniel J Walsh2019-03-08
|/ | | | | | | | | | | | | | | | | | Currently in podman if a user specifies a command that does not exist the tool shows the help information. This patch changes it to show information like: $ ./bin/podman foobar Error: unrecognized command 'podman foobar' Try 'podman --help' for more information. $ ./bin/podman volume foobar Error: unrecognized command `podman volume foobar` Try 'podman volume --help' for more information. $ ./bin/podman container foobar Error: unrecognized command `podman container foobar` Try 'podman container --help' for more information. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix help commands to show short and long description.Daniel J Walsh2019-03-07
| | | | | | Cleanup lots of help information to look good when displayed. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add missing short flag -l for run/createDaniel J Walsh2019-03-03
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2452 from edsantiago/no_more_argsOpenShift Merge Robot2019-03-01
|\ | | | | Command-line input validation: reject unused args
| * Command-line input validation: reject unused argsEd Santiago2019-02-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Several podman commands accept no subcommands. Some of those were not actually checking, though, which could lead to user confusion. Added validation where missing; and, refactored to minimize duplication. (Side note: I decided against using cobra.NoArgs because its error message, "unknown command", misleadingly implies that there are known ones). Also added validation to varlink Signed-off-by: Ed Santiago <santiago@redhat.com>
* | podman-commands script: refactorEd Santiago2019-02-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make more general-purpose: instead of hardcoding a list of known subcommands, and duplicating sed pipelines for each, rely on 'podman help' itself to tell us which podman commands have subcommands; and examine each in turn. Should there ever be new subcommands, this will identify and test them. A special case is needed for 'podman image trust', whose documentation format doesn't match the others. The change to `common.go` fixes an inconsistency: the Usage message for commands with subcommands had an unnecessary blank line, making it harder to parse automatically. This simply produces consistent Usage messages for all podman commands. This script will not pass until #2480 is merged. After that, the goal is to add this as a CI hook. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Fix ignored --stop-timeout flag to 'podman create'Matthew Heon2019-02-27
|/ | | | | | | | | Also add some extra debug information to help figure out what's going on when stop goes bad. Fixes: #2472 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Improve command line validationbaude2019-02-22
| | | | | | | Use the checkallandlatest function to validate flag usage as part of the cobra command args validation. Signed-off-by: baude <bbaude@redhat.com>
* OpenTracing support added to start, stop, run, create, pull, and psSebastian Jug2019-02-18
| | | | | | Drop context.Context field from cli.Context Signed-off-by: Sebastian Jug <sejug@redhat.com>
* Add examples for CobraTomSweeneyRedHat2019-02-14
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> First pass of entries for the Examples listed in the Cobra Help. Will add others in following PR's.
* Don't show global flags except for podman commandDaniel J Walsh2019-02-12
| | | | | | | | | Subcommands should not be showing the global flags. This causes the important information to scroll off the screen. Also fixed a typo on runCommmand (Too many 'm's) Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Migrate to cobra CLIbaude2019-02-08
| | | | | | | | We intend to migrate to the cobra cli from urfave/cli because the project is more well maintained. There are also some technical reasons as well which extend into our remote client work. Signed-off-by: baude <bbaude@redhat.com>
* Capatilize all usage and descriptionsDaniel J Walsh2019-02-05
| | | | | | | | | We have no consistancy in out option usages and descritions on whether or not the first letter should be capatalized. This patch forces them all to be capatilized. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add a --workdir option to 'podman exec'Debarshi Ray2019-01-08
| | | | Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>