summaryrefslogtreecommitdiff
path: root/cmd/podman/common
Commit message (Collapse)AuthorAge
* Add systempaths=unconfined optionUrvashi Mohnani2020-12-08
| | | | | | | | | Add the systempaths=unconfined option to --security-opt to match the docker options for unmasking all the paths that are masked by default. Add the mask and unmask options to the podman create doc. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* Drop default log-level from error to warnDaniel J Walsh2020-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Our users are missing certain warning messages that would make debugging issues with Podman easier. For example if you do a podman build with a Containerfile that contains the SHELL directive, the Derective is silently ignored. If you run with the log-level warn you get a warning message explainging what happened. $ podman build --no-cache -f /tmp/Containerfile1 /tmp/ STEP 1: FROM ubi8 STEP 2: SHELL ["/bin/bash", "-c"] STEP 3: COMMIT --> 7a207be102a 7a207be102aa8993eceb32802e6ceb9d2603ceed9dee0fee341df63e6300882e $ podman --log-level=warn build --no-cache -f /tmp/Containerfile1 /tmp/ STEP 1: FROM ubi8 STEP 2: SHELL ["/bin/bash", "-c"] STEP 3: COMMIT WARN[0000] SHELL is not supported for OCI image format, [/bin/bash -c] will be ignored. Must use `docker` format --> 7bd96fd25b9 7bd96fd25b9f755d8a045e31187e406cf889dcf3799357ec906e90767613e95f These messages will no longer be lost, when we default to WARNing level. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8408 from umohnani8/sec-optOpenShift Merge Robot2020-12-03
|\ | | | | Add mask and unmask option to --security-opt
| * Add mask and unmask option to --security-optUrvashi Mohnani2020-12-02
| | | | | | | | | | | | | | | | | | Add the mask and unmask option to the --security-opt flag to allow users to specify paths to mask and unmask in the container. If unmask=ALL, this will unmask all the paths we mask by default. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | add commas between mount optionsbaude2020-12-02
| | | | | | | | | | | | when formatting mount options into a string for the compat container create, the options need to be comma delimited. Signed-off-by: baude <bbaude@redhat.com>
* | Fix shell completion for ps --filter ancestorPaul Holzinger2020-12-02
| | | | | | | | | | | | | | The `ancestor` option was missing an equal sign. Therefore the completion did not work as expected. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8488 from rhatdan/platformOpenShift Merge Robot2020-12-01
|\ \ | | | | | | Add support for --platform
| * | Add support for --platformDaniel J Walsh2020-11-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For docker compatibility we need to support --platform flag. podman create --platform podman run --platform podman pull --platform Since we have --override-os and --override-arch already this can be done just by modifying the client to split the --platform call into os and arch and then pass those options to the server side. Fixes: https://github.com/containers/podman/issues/6244 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | compat create should use bindingsbaude2020-12-01
| |/ |/| | | | | | | | | | | | | | | the volumes provided is seemingly useless representing what volumes should be added to a container. instead, the host config bindings should be used as they acurately describe the src/dest and options for bindings. Signed-off-by: baude <bbaude@redhat.com>
* | Revert "Allow multiple --network flags for podman run/create"Luap992020-11-30
| | | | | | | | | | | | | | | | | | As described in issue #8507 this commit contains a breaking change which is not wanted in v2.2. We can discuss later if we want this in 3.0 or not. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Do not validate the volume source path in specgenPaul Holzinger2020-11-26
|/ | | | | | | | | | | | | | The volume src path should not be validated in specgen since the remote client also uses that part and the path must only exists on the server. This now fails later and only on the server and not the client. I don't think I can add a test for this because the CI runs server and client always on the same vm. Fixes #8473 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #8461 from Luap99/top-shell-completionOpenShift Merge Robot2020-11-24
|\ | | | | Implement shell completion for podman top
| * Implement shell completion for podman topPaul Holzinger2020-11-23
| | | | | | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Refactor compat container create endpointJhon Honce2020-11-23
|/ | | | | | | | | | | | * Make endpoint compatibile with docker-py network expectations * Update specgen helper when called from compat endpoint * Update godoc on types * Add test for network/container create using docker-py method * Add syslog logging when DEBUG=1 for tests Fixes #8361 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #8416 from Luap99/shell-completionOpenShift Merge Robot2020-11-23
|\ | | | | more shell completion improvements
| * shell completions: remove usage of ShellCompDirectiveErrorPaul Holzinger2020-11-23
| | | | | | | | | | | | | | | | | | If we return `ShellCompDirectiveError` to the shell the shell will provide path completion. In none of that cases we want path completion so it will be better to return `ShellCompDirectiveNoFileComp` instead and log the error in case we need it. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * more shell completion improvementsPaul Holzinger2020-11-23
| | | | | | | | | | | | | | | | | | | | * podman image ls --filter * podman network ls --filter * podman volume ls --filter * podman network connect/disconnect * podman events --filter Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8440 from psakar/fix-8433OpenShift Merge Robot2020-11-23
|\ \ | | | | | | APIv2 - wrong command and args for created container
| * | APIv2 - create container sets wrong entrypointPetr Sakař2020-11-22
| | | | | | | | | | | | | | | | | | | | | use nil instead of empty string as default value for entrypoint in ContainerCLIOpts - empty string signifies user wants to override image entry point value Signed-off-by: Petr Sakař <petr.sakar@chare.eu>
* | | Merge pull request #8263 from rhatdan/restartOpenShift Merge Robot2020-11-23
|\ \ \ | |_|/ |/| | Allow containers to --restart on-failure with --rm
| * | Allow containers to --restart on-failure with --rmDaniel J Walsh2020-11-20
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8436 from Luap99/remote-completionOpenShift Merge Robot2020-11-23
|\ \ \ | |_|/ |/| | Enable remote shell completion without a running endpoint
| * | Enable remote shell completion without a running endpointPaul Holzinger2020-11-20
| |/ | | | | | | | | | | | | | | | | | | The problem is that we always unconditionally setup up the `ContainerEngine/ImageEngine`. This requires an running endpoint. Most completions (e.g. flag names) do not need them and should not fail. This commit makes sure we only setup the engines as needed in the completions. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8410 from Luap99/fix-multiple-networksOpenShift Merge Robot2020-11-21
|\ \ | |/ |/| Allow multiple --network flags for podman run/create
| * Allow multiple --network flags for podman run/createPaul Holzinger2020-11-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We allow a container to be connected to several cni networks but only if they are listed comma sperated. This is not intuitive for users especially since the flag parsing allows multiple string flags but only would take the last value. see: spf13/pflag#72 Also get rid of the extra parsing logic for pods. The invalid options are already handled by `pkg/specgen`. A test is added to prevent a future regression. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Document containers.conf settings for remote connectionsDaniel J Walsh2020-11-19
|/ | | | | | | | | | Currently we don't document which end of the podman-remote client server operations uses the containers.conf. This PR begins documenting this and then testing to make sure the defaults follow the rules. Fixes: https://github.com/containers/podman/issues/7657 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Shell completion for podman ps and podman pod ps --filterPaul Holzinger2020-11-19
| | | | | | | | | | | Add all available filter options for `podman ps` and `podman pod ps` to the completions. Refactor the code a bit to make it easier to handle key value pairs in completions. The `completeKeyValues` function helps to reduce code duplication. Also make use of the new filter logic in the completions. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Remove some more excessive wrapping and stutteringDaniel J Walsh2020-11-17
| | | | | | | | | | Stop over wrapping API Calls The API calls will return an appropriate error, and this wrapping just makes the error message look like it is stuttering and a big mess. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Improve the shell completion apiPaul Holzinger2020-11-16
| | | | | | | | | | | | | | | | | | | | One main advantage of the new shell completion logic is that we can easly parse flags and adjust based on the given flags the suggestions. For example some commands accept the `--latest` flag only if no arguments are given. This commit implements this logic in a simple maintainable way since it reuses the already existing `Args` function in the cmd struct. I also refactored the `getXXX` function to match based on the namei/id which could speed up the shell completion with many containers, images, etc... I also added the degraded status to the valid pod status filters which was implemented in #8081. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Add shell completion with cobraPaul Holzinger2020-11-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow automatic generation for shell completion scripts with the internal cobra functions (requires v1.0.0+). This should replace the handwritten completion scripts and even adds support for fish. With this approach it is less likley that completions and code are out of sync. We can now create the scripts with - podman completion bash - podman completion zsh - podman completion fish To test the completion run: source <(podman completion bash) The same works for podman-remote and podman --remote and it will complete your remote containers/images with the correct endpoints values from --url/--connection. The completion logic is written in go and provided by the cobra library. The completion functions lives in `cmd/podman/completion/completion.go`. The unit test at cmd/podman/shell_completion_test.go checks if each command and flag has an autocompletion function set. This prevents that commands and flags have no shell completion set. This commit does not replace the current autocompletion scripts. Closes #6440 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* network aliases for container creationbaude2020-11-09
| | | | | | | | podman can now support adding network aliases when running containers (--network-alias). It requires an updated dnsname plugin as well as an updated ocicni to work properly. Signed-off-by: baude <bbaude@redhat.com>
* rootless container creation settingsbaude2020-11-05
| | | | | | | | when running container creation as rootless on the compatibility layer, we need to make sure settings are not being done for memory and memory swappiness. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #8166 from rhatdan/unbindableOpenShift Merge Robot2020-11-02
|\ | | | | Allow users to mount with unbindable flag
| * Add better support for unbindable volume mountsDaniel J Walsh2020-11-02
| | | | | | | | | | | | | | | | Allow users to specify unbindable on volume command line Switch internal mounts to rprivate to help prevent leaks. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Centralize cores and period/quota conversion codeJordan Christiansen2020-10-31
|/ | | | Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* new "image" mount typeValentin Rothberg2020-10-29
| | | | | | | | | | | | | | Add a new "image" mount type to `--mount`. The source of the mount is the name or ID of an image. The destination is the path inside the container. Image mounts further support an optional `rw,readwrite` parameter which if set to "true" will yield the mount writable inside the container. Note that no changes are propagated to the image mount on the host (which in any case is read only). Mounts are overlay mounts. To support read-only overlay mounts, vendor a non-release version of Buildah. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* set resources only when specifiedbaude2020-10-27
| | | | | | when using the compatibility endpoint to create a container, we should only set certain resources when we are provided a value for them or we result in fields with zero values. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #8053 from rhatdan/detachkeysOpenShift Merge Robot2020-10-22
|\ | | | | podman create doesn't support creating detached containers
| * podman create doesn't support creating detached containersDaniel J Walsh2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | Detached containers and detach keys are only created with the podman run, i exec, and start commands. We do not store the detach key sequence or the detach flags in the database, nor does Docker. The current code was ignoreing these fields but documenting that they can be used. Fix podman create man page and --help output to no longer indicate that --detach and --detach-keys works. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7772 from TomSweeneyRedHat/dev/tsweeney/splitnOpenShift Merge Robot2020-10-21
|\ \ | |/ |/| Convert Split() calls with an equal sign to SplitN()
| * Convert Split() calls with an equal sign to SplitN()TomSweeneyRedHat2020-10-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After seeing #7759, I decided to look at the calls in Podman and Buildah to see if we had issues with strings.Split() calls where an "=" (equals) sign was in play and we expected to split on only the first one. There were only one or two that I found in here that I think might have been troubling, the remainder are just adding some extra safety. I also had another half dozen or so that were checking length expectations appropriately, those I left alone. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Refactor podman to use c/common/pkg/reportJhon Honce2020-10-21
| | | | | | | | | | | | | | All formatting for containers stack moved into one package The does not correct issue with headers when using custom tables Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | refactor api compatibility container creation to specgenbaude2020-10-20
|/ | | | | | when using the compatibility layer to create containers, it used code paths to the pkg/spec which is the old implementation of containers. it is error prone and no longer being maintained. rather that fixing things in spec, migrating to specgen usage seems to make the most sense. furthermore, any fixes to the compat create will not need to be ported later. Signed-off-by: baude <bbaude@redhat.com>
* Ports given only by number should have random host portMatthew Heon2020-10-08
| | | | | | | | | | | | | | | In Podman 1.9.3, `podman run -p 80` would assign port 80 in the container to a random port on the host. In Podman 2.0 and up, it assigned Port 80 in the container to Port 80 on the host. This is an easy fix, fortunately - just need to remove the bit that assumed host port, if not given, should be set to container port. We also had a test for the bad behavior, so fix it to test for the correct way of doing things. Fixes #7947 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Attempt to turn on some more remote testsDaniel J Walsh2020-10-07
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Support max_size logoptionsDaniel J Walsh2020-10-05
| | | | | | | | Docker supports log-opt max_size and so does conmon (ALthough poorly). Adding support for this allows users to at least make sure their containers logs do not become a DOS vector. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* --rm option shold conflicts with --restartzhangguanzhang2020-10-02
| | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Merge pull request #7788 from IceCodeNew/patch-1OpenShift Merge Robot2020-09-29
|\ | | | | Updating on supported restart policy
| * Updating on supported restart policyIceCodeNew2020-09-27
| | | | | | | | Signed-off-by: IceCodeNew <32576256+IceCodeNew@users.noreply.github.com>
* | Ignore containers.conf sysctl when namespaces set to hostDaniel J Walsh2020-09-28
| | | | | | | | | | | | | | | | | | | | | | If user sets namespace to host, then default sysctls need to be ignored that are specific to that namespace. --net=host ignore sysctls that begin with net. --ipc=host ignore fs.mqueue --uts=host ignore kernel.domainname and kernel.hostname Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>