summaryrefslogtreecommitdiff
path: root/cmd/podman/common
Commit message (Collapse)AuthorAge
* Implement SecretsAshley Cui2021-02-09
| | | | | | | | | | | Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui <acui@redhat.com>
* Merge pull request #9174 from bitstrings/masterOpenShift Merge Robot2021-02-03
|\ | | | | Make slirp MTU configurable (network_cmd_options)
| * Make slirp MTU configurable (network_cmd_options)bitstrings2021-02-02
| | | | | | | | | | | | | | | | The mtu default value is currently forced to 65520. This let the user control it using the config key network_cmd_options, i.e.: network_cmd_options=["mtu=9000"] Signed-off-by: bitstrings <pino.silvaggio@gmail.com>
* | Docker ignores mount flags that begin with constencyDaniel J Walsh2021-01-30
|/ | | | | | | | | | | | | | Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1915332 ``` According to the Docker docs, the consistency option should be ignored on Linux. the possible values are 'cached', 'delegated', and 'consistent', but they should be ignored equally. This is a widely used option in scripts run by developer machines, as this makes file I/O less horribly slow on MacOS. ``` Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Ensure the Volumes field in Compat Create is honoredMatthew Heon2021-01-26
| | | | | | | | | | | | | | | | Docker has, for unclear reasons, three separate fields in their Create Container struct in which volumes can be placed. Right now we support two of those - Binds and Mounts, which (roughly) correspond to `-v` and `--mount` respectively. Unfortunately, we did not support the third, `Volumes`, which is used for anonymous named volumes created by `-v` (e.g. `-v /test`). It seems that volumes listed here are *not* included in the remaining two from my investigation, so it should be safe to just append them into our handling of the `Binds` (`-v`) field. Fixes #8649 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Fix --arch and --os flags to work correctlyDaniel J Walsh2021-01-25
| | | | | | | | | | | | | | | Currently podman implements --override-arch and --overide-os But Podman has made these aliases for --arch and --os. No reason to have to specify --override, since it is clear what the user intends. Currently if the user specifies an --override-arch field but the image was previously pulled for a different Arch, podman run uses the different arch. This PR also fixes this issue. Fixes: https://github.com/containers/podman/issues/8001 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Set log driver for compatability containersbaude2021-01-20
| | | | | | | | | | | | | | | when using the compatibility api to create containers, now reflect the use of k8s-file as json-file so that clients, which are unaware of k8s-file, can work. specifically, if the container is using k8s-file as the log driver, we change the log type in container inspection to json-file. These terms are used interchangably in other locations in libpod/podman. this fixes log messages in compose as well. [NO TESTS NEEDED] Signed-off-by: baude <bbaude@redhat.com>
* Rename AutocompletePortCommand funcPaul Holzinger2021-01-16
| | | | | | | This function is now used for the port and rename command. Rename it to AutocompleteContainerOneArg. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Reduce general binding binary sizebaude2021-01-13
| | | | | | | | when using the bindings to *only* make a connection, the binary was rough 28MB. This PR reduces it down to 11. There is more work to do but it will come in a secondary PR. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #8947 from Luap99/cleanup-codeOpenShift Merge Robot2021-01-12
|\ | | | | Fix problems reported by staticcheck
| * Fix problems reported by staticcheckPaul Holzinger2021-01-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | `staticcheck` is a golang code analysis tool. https://staticcheck.io/ This commit fixes a lot of problems found in our code. Common problems are: - unnecessary use of fmt.Sprintf - duplicated imports with different names - unnecessary check that a key exists before a delete call There are still a lot of reported problems in the test files but I have not looked at those. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Use HTTPProxy settings from containers.confDaniel J Walsh2021-01-11
|/ | | | | | | | | | | This PR takes the settings from containers.conf and uses them. This works on the podman local but does not fix the issue for podman remote or for APIv2. We need a way to specify optionalbooleans when creating containers. Fixes: https://github.com/containers/podman/issues/8843 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add network filter for podman ps and pod psPaul Holzinger2021-01-09
| | | | | | | Allow to filter on the network name or full id. For pod ps it will filter on the infra container networks. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* SpellingJosh Soref2020-12-22
| | | | Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* shell completion for the network flagPaul Holzinger2020-12-12
| | | | | | Complete all the options e.g. `container:`,`ns:`,`host`, etc... Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Add system test for shell completionPaul Holzinger2020-12-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There exists a unit test to ensure that shell completion functions are defined. However there was no check about the quality of the provided shell completions. Lets change that. The idea is to create a general test that makes sure we are suggesting containers,pods,images... for the correct commands. This works by reading the command use line and checking for each arg if we provide the correct suggestions for this arg. It includes the following tests: - flag suggestions if [options] is set - container, pod, image, network, volume, registry completion - path completion for the appropriate arg KEYWORDS (`PATH`,`CONTEXT`,etc.) - no completion if there are no args - completion for more than one arg if it ends with `...]` The test does not cover completion values for flags and not every arg KEYWORD is supported. This is still a huge improvement and covers most use cases. This test spotted several inconsistencies between the completion and the command use line. All of them have been adjusted to make the test pass. The biggest advantage is that the completions always match the latest command changes. So if someone changes the arguments for a command this ensures that the completions must be adjusted. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #8638 from kwiesmueller/fix-container-network-modeOpenShift Merge Robot2020-12-08
|\ | | | | Pass full NetworkMode to ParseNetworkNamespace
| * pass full NetworkMode to ParseNetworkNamespaceKevin Wiesmueller2020-12-07
| | | | | | | | | | | | This should create the correct namespace for NetworkModes like container:containerid Signed-off-by: Kevin Wiesmueller <kwiesmul@redhat.com>
* | Add systempaths=unconfined optionUrvashi Mohnani2020-12-08
|/ | | | | | | | | Add the systempaths=unconfined option to --security-opt to match the docker options for unmasking all the paths that are masked by default. Add the mask and unmask options to the podman create doc. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* Drop default log-level from error to warnDaniel J Walsh2020-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Our users are missing certain warning messages that would make debugging issues with Podman easier. For example if you do a podman build with a Containerfile that contains the SHELL directive, the Derective is silently ignored. If you run with the log-level warn you get a warning message explainging what happened. $ podman build --no-cache -f /tmp/Containerfile1 /tmp/ STEP 1: FROM ubi8 STEP 2: SHELL ["/bin/bash", "-c"] STEP 3: COMMIT --> 7a207be102a 7a207be102aa8993eceb32802e6ceb9d2603ceed9dee0fee341df63e6300882e $ podman --log-level=warn build --no-cache -f /tmp/Containerfile1 /tmp/ STEP 1: FROM ubi8 STEP 2: SHELL ["/bin/bash", "-c"] STEP 3: COMMIT WARN[0000] SHELL is not supported for OCI image format, [/bin/bash -c] will be ignored. Must use `docker` format --> 7bd96fd25b9 7bd96fd25b9f755d8a045e31187e406cf889dcf3799357ec906e90767613e95f These messages will no longer be lost, when we default to WARNing level. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8408 from umohnani8/sec-optOpenShift Merge Robot2020-12-03
|\ | | | | Add mask and unmask option to --security-opt
| * Add mask and unmask option to --security-optUrvashi Mohnani2020-12-02
| | | | | | | | | | | | | | | | | | Add the mask and unmask option to the --security-opt flag to allow users to specify paths to mask and unmask in the container. If unmask=ALL, this will unmask all the paths we mask by default. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | add commas between mount optionsbaude2020-12-02
| | | | | | | | | | | | when formatting mount options into a string for the compat container create, the options need to be comma delimited. Signed-off-by: baude <bbaude@redhat.com>
* | Fix shell completion for ps --filter ancestorPaul Holzinger2020-12-02
| | | | | | | | | | | | | | The `ancestor` option was missing an equal sign. Therefore the completion did not work as expected. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8488 from rhatdan/platformOpenShift Merge Robot2020-12-01
|\ \ | | | | | | Add support for --platform
| * | Add support for --platformDaniel J Walsh2020-11-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For docker compatibility we need to support --platform flag. podman create --platform podman run --platform podman pull --platform Since we have --override-os and --override-arch already this can be done just by modifying the client to split the --platform call into os and arch and then pass those options to the server side. Fixes: https://github.com/containers/podman/issues/6244 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | compat create should use bindingsbaude2020-12-01
| |/ |/| | | | | | | | | | | | | | | the volumes provided is seemingly useless representing what volumes should be added to a container. instead, the host config bindings should be used as they acurately describe the src/dest and options for bindings. Signed-off-by: baude <bbaude@redhat.com>
* | Revert "Allow multiple --network flags for podman run/create"Luap992020-11-30
| | | | | | | | | | | | | | | | | | As described in issue #8507 this commit contains a breaking change which is not wanted in v2.2. We can discuss later if we want this in 3.0 or not. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Do not validate the volume source path in specgenPaul Holzinger2020-11-26
|/ | | | | | | | | | | | | | The volume src path should not be validated in specgen since the remote client also uses that part and the path must only exists on the server. This now fails later and only on the server and not the client. I don't think I can add a test for this because the CI runs server and client always on the same vm. Fixes #8473 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #8461 from Luap99/top-shell-completionOpenShift Merge Robot2020-11-24
|\ | | | | Implement shell completion for podman top
| * Implement shell completion for podman topPaul Holzinger2020-11-23
| | | | | | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Refactor compat container create endpointJhon Honce2020-11-23
|/ | | | | | | | | | | | * Make endpoint compatibile with docker-py network expectations * Update specgen helper when called from compat endpoint * Update godoc on types * Add test for network/container create using docker-py method * Add syslog logging when DEBUG=1 for tests Fixes #8361 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #8416 from Luap99/shell-completionOpenShift Merge Robot2020-11-23
|\ | | | | more shell completion improvements
| * shell completions: remove usage of ShellCompDirectiveErrorPaul Holzinger2020-11-23
| | | | | | | | | | | | | | | | | | If we return `ShellCompDirectiveError` to the shell the shell will provide path completion. In none of that cases we want path completion so it will be better to return `ShellCompDirectiveNoFileComp` instead and log the error in case we need it. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * more shell completion improvementsPaul Holzinger2020-11-23
| | | | | | | | | | | | | | | | | | | | * podman image ls --filter * podman network ls --filter * podman volume ls --filter * podman network connect/disconnect * podman events --filter Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8440 from psakar/fix-8433OpenShift Merge Robot2020-11-23
|\ \ | | | | | | APIv2 - wrong command and args for created container
| * | APIv2 - create container sets wrong entrypointPetr Sakař2020-11-22
| | | | | | | | | | | | | | | | | | | | | use nil instead of empty string as default value for entrypoint in ContainerCLIOpts - empty string signifies user wants to override image entry point value Signed-off-by: Petr Sakař <petr.sakar@chare.eu>
* | | Merge pull request #8263 from rhatdan/restartOpenShift Merge Robot2020-11-23
|\ \ \ | |_|/ |/| | Allow containers to --restart on-failure with --rm
| * | Allow containers to --restart on-failure with --rmDaniel J Walsh2020-11-20
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8436 from Luap99/remote-completionOpenShift Merge Robot2020-11-23
|\ \ \ | |_|/ |/| | Enable remote shell completion without a running endpoint
| * | Enable remote shell completion without a running endpointPaul Holzinger2020-11-20
| |/ | | | | | | | | | | | | | | | | | | The problem is that we always unconditionally setup up the `ContainerEngine/ImageEngine`. This requires an running endpoint. Most completions (e.g. flag names) do not need them and should not fail. This commit makes sure we only setup the engines as needed in the completions. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8410 from Luap99/fix-multiple-networksOpenShift Merge Robot2020-11-21
|\ \ | |/ |/| Allow multiple --network flags for podman run/create
| * Allow multiple --network flags for podman run/createPaul Holzinger2020-11-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We allow a container to be connected to several cni networks but only if they are listed comma sperated. This is not intuitive for users especially since the flag parsing allows multiple string flags but only would take the last value. see: spf13/pflag#72 Also get rid of the extra parsing logic for pods. The invalid options are already handled by `pkg/specgen`. A test is added to prevent a future regression. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Document containers.conf settings for remote connectionsDaniel J Walsh2020-11-19
|/ | | | | | | | | | Currently we don't document which end of the podman-remote client server operations uses the containers.conf. This PR begins documenting this and then testing to make sure the defaults follow the rules. Fixes: https://github.com/containers/podman/issues/7657 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Shell completion for podman ps and podman pod ps --filterPaul Holzinger2020-11-19
| | | | | | | | | | | Add all available filter options for `podman ps` and `podman pod ps` to the completions. Refactor the code a bit to make it easier to handle key value pairs in completions. The `completeKeyValues` function helps to reduce code duplication. Also make use of the new filter logic in the completions. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Remove some more excessive wrapping and stutteringDaniel J Walsh2020-11-17
| | | | | | | | | | Stop over wrapping API Calls The API calls will return an appropriate error, and this wrapping just makes the error message look like it is stuttering and a big mess. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Improve the shell completion apiPaul Holzinger2020-11-16
| | | | | | | | | | | | | | | | | | | | One main advantage of the new shell completion logic is that we can easly parse flags and adjust based on the given flags the suggestions. For example some commands accept the `--latest` flag only if no arguments are given. This commit implements this logic in a simple maintainable way since it reuses the already existing `Args` function in the cmd struct. I also refactored the `getXXX` function to match based on the namei/id which could speed up the shell completion with many containers, images, etc... I also added the degraded status to the valid pod status filters which was implemented in #8081. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Add shell completion with cobraPaul Holzinger2020-11-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow automatic generation for shell completion scripts with the internal cobra functions (requires v1.0.0+). This should replace the handwritten completion scripts and even adds support for fish. With this approach it is less likley that completions and code are out of sync. We can now create the scripts with - podman completion bash - podman completion zsh - podman completion fish To test the completion run: source <(podman completion bash) The same works for podman-remote and podman --remote and it will complete your remote containers/images with the correct endpoints values from --url/--connection. The completion logic is written in go and provided by the cobra library. The completion functions lives in `cmd/podman/completion/completion.go`. The unit test at cmd/podman/shell_completion_test.go checks if each command and flag has an autocompletion function set. This prevents that commands and flags have no shell completion set. This commit does not replace the current autocompletion scripts. Closes #6440 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* network aliases for container creationbaude2020-11-09
| | | | | | | | podman can now support adding network aliases when running containers (--network-alias). It requires an updated dnsname plugin as well as an updated ocicni to work properly. Signed-off-by: baude <bbaude@redhat.com>
* rootless container creation settingsbaude2020-11-05
| | | | | | | | when running container creation as rootless on the compatibility layer, we need to make sure settings are not being done for memory and memory swappiness. Signed-off-by: baude <bbaude@redhat.com>