| Commit message (Collapse) | Author | Age |
|---|
| |
|
| |
Signed-off-by: Barnabé BALP <contact@barnabebalp.fr>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
if we are running in a container in the root cgroup, Podman tries to
move itself to a sub-cgroup. This could be a problem in a setup where
the cgroups are not writeable, so just log a debug message and
continue, since anyway it is a best-effort operation.
Closes: https://github.com/containers/podman/issues/15498
[NO NEW TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
implement new ssh interface into podman
this completely redesigns the entire functionality of podman image scp,
podman system connection add, and podman --remote. All references to golang.org/x/crypto/ssh
have been moved to common as have native ssh/scp execs and the new usage of the sftp package.
this PR adds a global flag, --ssh to podman which has two valid inputs `golang` and `native` where golang is the default.
Users should not notice any difference in their everyday workflows if they continue using the golang option. UNLESS they have been using an improperly verified ssh key, this will now fail. This is because podman was incorrectly using the
ssh callback method to IGNORE the ssh known hosts file which is very insecure and golang tells you not yo use this in production.
The native paths allows for immense flexibility, with a new containers.conf field `SSH_CONFIG` that specifies a specific ssh config file to be used in all operations. Else the users ~/.ssh/config file will be used.
podman --remote currently only uses the golang path, given its deep interconnection with dialing multiple clients and urls.
My goal after this PR is to go back and abstract the idea of podman --remote from golang's dialed clients, as it should not be so intrinsically connected. Overall, this is a v1 of a long process of offering native ssh, and one that covers some good ground with podman system connection add and podman image scp.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
It's a NOP since Podman v2.0 (#5738).
[NO NEW TESTS NEEDED] - does not change behavior.
Fixes: #15185
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |
|
|
|
|
| |
Needed for Docker compatibility.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\
| |
| | |
Podman system df JSON format outputs `Size` and `Reclaimable`
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, `podman system df --format "{{json .}}"` would not output
`Size` and `Reclaimable` like `podman system df` would.
```
{"Type":"Images","Total":5,"Active":0,"Size":39972240,"Reclaimable":39972240}
{"Type":"Containers","Total":0,"Active":0,"Size":0,"Reclaimable":0}
{"Type":"Local Volumes","Total":0,"Active":0,"Size":0,"Reclaimable":0}
```
Closes: #14769
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
|
| |\ \
| | |
| | | |
service: do not run under the root cgroup
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
at startup, when running on a cgroup v2 system, check if the current
process is running in the root cgroup and move it to a sub-cgroup,
otherwise Podman is not able to create cgroups and move processes
there.
Closes: https://github.com/containers/podman/issues/14573
[NO NEW TESTS NEEDED] it needs nested podman
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| | |
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
add support for podman-remote image scp as well as direct access via the API. This entailed
a full rework of the layering of image scp functions as well as the usual API plugging and type creation
also, implemented podman image scp tagging. which makes the syntax much more readable and allows users t tag the new image
they are loading to the local/remote machine:
allow users to pass a "new name" for the image they are transferring
`podman tag` as implemented creates a new image im `image list` when tagging, so this does the same
meaning that when transferring images with tags, podman on the remote machine/user will load two images
ex: `podman image scp computer1::alpine computer2::foobar` creates alpine:latest and localhost/foobar on the remote host
implementing tags means removal of the flexible syntax. In the currently released podman image scp, the user can either specify
`podman image scp source::img dest::` or `podman image scp dest:: source::img`. However, with tags this task becomes really hard to check
which is the image (src) and which is the new tag (dst). Removal of that streamlines the arg parsing process
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
* Replace "setup", "lookup", "cleanup", "backup" with
"set up", "look up", "clean up", "back up"
when used as verbs. Replace also variations of those.
* Improve language in a few places.
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
|
| |\
| |
| | |
podman system prune support prune unused networks
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is an enhancement for the podman system prune feature.
In this issue, it is mentioned that 'network prune' should be
wired into 'podman system prune'
https://github.com/containers/podman/issues/8673
Therefore, I add the function to remove unused networks.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commit 5fa6f686db added a regression which was fixed in eb71712626f9.
Apply the same fix again to prevent a panic and return a proper error
instead.
To not regress again I added a e2e test which makes sure we do not panic.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
The nolintlint linter does not deny the use of `//nolint`
Instead it allows us to enforce a common nolint style:
- force that a linter name must be specified
- do not add a space between `//` and `nolint`
- make sure nolint is only used when there is actually a problem
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\
| |
| | |
Improve robustness of `podman system reset`
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Firstly, reset is now managed by the runtime itself as a part of
initialization. This ensures that it can be used even with
runtimes that would otherwise fail to be created - most notably,
when the user has changed a core path
(runroot/root/tmpdir/staticdir).
Secondly, we now attempt a best-effort removal even if the store
completely fails to be configured.
Third, we now hold the alive lock for the entire reset operation.
This ensures that no other Podman process can start while we are
running a system reset, and removes any possibility of a race
where a user tries to create containers or pull images while we
are trying to perform a reset.
[NO NEW TESTS NEEDED] we do not test reset last I checked.
Fixes #9075
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/
|
|
|
|
|
|
|
| |
Forward the ssh exit code to the podman caller. This is useful for
scripts. Use the same logic as podman unshare.
Fixes #14401
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\
| |
| | |
Report correct RemoteURI
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rather than assuming a filesystem path, the API service URI is recorded
in the libpod runtime configuration and then reported as requested.
Note: All schemes other than "unix" are hard-coded to report URI exists.
Fixes #12023
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| |/
|/| |
podman system reset removed machines incorrectly
|
| | |
| |
| |
| |
| |
| |
| | |
podman system reset did not clean up machines fully, leaving some config
files, and breaking machines. Now it removes all machines files fully.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
| |
The errcheck linter makes sure that errors are always check and not
ignored by accident. It spotted a lot of unchecked errors, mostly in the
tests but also some real problem in the code.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
For the AutocompleteFormat function we expect the correct template
struct which is used in the golang template. The function can handle
both struct and pointer to a struct. Using the reference is more
efficient since it doe snot have to copy the whole struct.
Also change some structs to use he actual type from the template instead
of some nested one to make sure it has to correct fields.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
AutocompleteFormat() takes the format struct as argument. Often the structs
are deeply nested and contain other structs. Up until now if there was a
pointer to a struct the logic was not able to get the field names from
that, simply because the pointer was nil. However it is possible to
create a new initialized type with reflect.New(). This allows us to
complete all struct fields/functions even when there nil pointers.
Therefore we can drop the extra initialization which was done by some
callers.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The linter ensures a common code style.
- use switch/case instead of else if
- use if instead of switch/case for single case statement
- add space between comment and text
- detect the use of defer with os.Exit()
- use short form var += "..." instead of var = var + "..."
- detect problems with append()
```
newSlice := append(orgSlice, val)
```
This could lead to nasty bugs because the orgSlice will be changed in
place if it has enough capacity too hold the new elements. Thus we
newSlice might not be a copy.
Of course most of the changes are just cosmetic and do not cause any
logic errors but I think it is a good idea to enforce a common style.
This should help maintainability.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
| |
The unparam linter is useful to detect unused function parameters and
return values.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
| |
Since the listener is already an interface there is no reason to use a
extra pointer for it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When podman gets an error it prints out "Error: " before
printing the error string. If the error message starts with
error, we end up with
Error: error ...
This PR Removes all of these stutters.
logrus.Error() also prints out that this is an error, so no need for the
error stutter.
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
Numerous issues remain, especially in tests/e2e.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |
|
|
|
|
|
| |
Still an unknown number remains but I am running out of patience.
Adding dots is not the best use of my time.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |
|
|
|
|
|
| |
A number of cases looked suspicious, so I marked them with `FIXME`s to
leave some breadcrumbs.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The calculate the percentage we need floating point numbers. The current
code however casted the result of reclaimable/size to an int first.
Casting to an int in go will just discard the decimal points, thus the
result was either 0 or 1 so if multiplied by 100 it would show up as 0%
or 100%.
To fix this we have to multiply by 100 first before casting the result
to an int. Also add a check for div by zero which results in NaN and use
math.Round() to correctly round a number.
Ref #13516
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
| |
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When podman is build without git commit information it will print a
empty newline instead. This is undesirable and a regression introduced
in commit 7d22cc88ef38.
To test build podman with `go build -mod=vendor -o bin/podman ./cmd/podman`
and check the output of bin/podman version with and without this commit.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
podman system prune should also remove all networks. When we want to
users to migrate to the new network stack we recommend to run podman
system reset. However this did not remove networks and if there were
still networks around we would continue to use cni since this was
considered an old system.
There is one exception for the default network. It should not be removed
since this could cause other issues when it no longer exists. The
network backend detection logic ignores the default network so this is
fine.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Automated for .go files via gomove [1]:
`gomove github.com/containers/podman/v3 github.com/containers/podman/v4`
Remaining files via vgrep [2]:
`vgrep github.com/containers/podman/v3`
[1] https://github.com/KSubedi/gomove
[2] https://github.com/vrothberg/vgrep
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Support better compatibility output for podman system commands
* Format and content of output from podman version changed to
be more compatible
See #10974
Depends on containers/common#831
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Leverage new report.Formatter allowing better compatibility from
podman command output.
Follow on PR's will cover containers, etc.
See #10974
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
| |
Print out the headers even if the system connection list
is empty to match the behavior of other list commands.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
* Fix connection JSON encoding
* Add custom ginkgo matchers for connection testing
* Cleanup code
Fixes #11984
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
| |
Adds support of dropping all named destination from system connections via `--all`.
Closes: https://github.com/containers/podman/issues/12018
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since we want to use the rootless cni ns also for netavark we should
pick a more generic name. The name is now "rootless network namespace"
or short "rootless netns".
The rename might cause some issues after the update but when the
all containers are restarted or the host is rebooted it should work
correctly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This is a cosmetic change. The help message for `podman version` is in
title case whereas all other command help messages are not in title
case. This stands out as inconsistent when looking at the output of
`podman help`.
Signed-off-by: Praveen Kumar <praveen+git@kumar.in>
|
| |
|
|
|
|
|
|
|
| |
So far, the infra containers of pods required pulling down an image
rendering pods not usable in disconnected environments. Instead, build
an image locally which uses local pause binary.
Fixes: #10354
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Stop using "*" to indicate default. Add default field to make
it more obvios and the json field more machine usable.
Fixes: https://github.com/containers/podman/issues/12019
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Increase timeout for tests to 10s
* To aid in debugging add PID to shutdown package logging
* Added new message for forced service shutdown
* Always wait for HTTP server to shutdown, duration of 0 not friendly
to clients
Note: The log event
"IdleTracker: StateClosed transition by connection marked un-managed"
denotes a TCP connection has been initiated but no HTTP request was sent.
And is expected during these tests.
Fixes #11921
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
