summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* Fix inspect to display multiple label: changesDaniel J Walsh2020-06-25
| | | | | | | | | | | | | | | | | If the user runs a container like podman run --security-opt seccomp=unconfined --security-opt label=type:spc_t --security-opt label=level:s0 ... Podman inspect was only showing the second option This change will show "SecurityOpt": [ "label=type:spc_t,label=level:s0:c60", "seccomp=unconfined" ], Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman run/create: support all transportsValentin Rothberg2020-06-25
| | | | | | | | | Support all image transports in podman run/create. It seems we regressed with v2 on that. Also add tests to make sure we're not regressing again. Fixes: #6744 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Revert sending --remote flag to containersJhon Honce2020-06-25
| | | | | | * quick --remote fix, sent --remote to ctnrs as argument Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Set stop signal to 15 when not explicitly setMatthew Heon2020-06-24
| | | | | | | | | | | | | | | | When going through the output of `podman inspect` to try and identify another issue, I noticed that Podman 2.0 was setting StopSignal to 0 on containers by default. After chasing it through the command line and SpecGen, I determined that we were actually not setting a default in Libpod, which is strange because I swear we used to do that. I re-added the disappeared default and now all is well again. Also, while I was looking for the bug in SpecGen, I found a bunch of TODOs that have already been done. Eliminate the comments for these. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix ssh-agent supportJhon Honce2020-06-24
| | | | | | | * An identity of "" implies ssh-agent and user/password to be used * Fixed example Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Add JSON output field for psBrent Baude2020-06-24
| | | | | | the toolbox team needs a field in our ps json that represents a human readable time. Signed-off-by: Brent Baude <bbaude@redhat.com>
* V2 podman system connectionJhon Honce2020-06-24
| | | | | | | | | * Implement command * Refactor podman-remote to pull from containers.conf by default * podman-remote defaults to --remote being true * Write podman-system-connection.1.md Signed-off-by: Jhon Honce <jhonce@redhat.com>
* wipBrent Baude2020-06-24
| | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* image load: no args requiredValentin Rothberg2020-06-24
| | | | | | | | | Disable the args requirement of `image load`. Instead of requiring a lower bound, we really need an upper one with at most 1 argument. Extend the system tests to prevent future regressions. Fixes: #6718 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Re-add PODMAN_USERNS environment variableMatthew Heon2020-06-24
| | | | | | | | | | This was lost during the Podman 2.0 migration. Turns out to be a very easy fix, fortunately - we want to use the environment var if not explicitly overridden. Fixes #6705 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix conflicts between privileged and other flagsMatthew Heon2020-06-24
| | | | | | | | The `--privileged` flag does not conflict with `--group-add` (this one was breaking Toolbox) and does not conflict with most parts of `--security-opt` (this was breaking Openstack). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix podman build handling of --http-proxy flagDaniel J Walsh2020-06-24
| | | | | | Also fixed a todo for handling of cgroup manager while I was in there. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fixes #6670Jhon Honce2020-06-19
| | | | | | | * Sort images for -q option, removing duplicate id's * Sort images for --format json Signed-off-by: Jhon Honce <jhonce@redhat.com>
* podman images --format json: pretty printValentin Rothberg2020-06-19
| | | | | | | | | Pretty print the JSON output when listing images. We regressed on that during v2 development. The indentation is now identical to the one of Podman v1.9.3. Fixes: #6687 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Podman system service is no longer experimentalMatthew Heon2020-06-17
| | | | | | | As such, we can remove the warnings logs that previously printed every time it was run. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #6636 from mheon/add_warningsOpenShift Merge Robot2020-06-17
|\ | | | | Re-add resource limit warnings to Specgen
| * Re-add resource limit warnings to SpecgenMatthew Heon2020-06-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These were part of Podman v1.9, but were lost in the transition to using Specgen to create containers. Most resource limits are checked via the sysinfo package to ensure they are safe to use (the cgroup is mounted, kernel support is present, etc) and removed if not safe. Further, bounds checks are performed to ensure that values are valid. Ensure these warnings are printed client-side when they occur. This part is a little bit gross, as it happens in pkg/infra and not cmd/podman, which is largely down to how we implemented `podman run` - all the work is done in pkg/infra and it returns only once the container has exited, and we need warnings to print *before* the container runs. The solution here, while inelegant, avoid the need to extensively refactor our handling of run. Should fix blkio-limit warnings that were identified by the FCOS test suite. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6583 from mheon/inspect_ctr_before_imgOpenShift Merge Robot2020-06-17
|\ \ | | | | | | Fix podman inspect on overlapping/missing objects
| * | Fix podman inspect on overlapping/missing objectsMatthew Heon2020-06-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This started as a small fix to `podman inspect` where a container and image, with the same name/tag, were present, and `podman inspect` was run on that name. `podman inspect` in 1.9 (and `docker inspect`) will give you the container; in v2.0, we gave the image. This was an easy fix (just reorder how we check for image/container). Unfortunately, in the process of testing this fix, I determined that we regressed in a different area. When you run inspect on a number of containers, some of which do not exist, `podman inspect` should return an array of inspect results for the objects that exist, then print a number of errors, one for each object that could not be found. We were bailing after the first error, and not printing output for the containers that succeeded. (For reference, this applied to images as well). This required a much more substantial set of changes to properly handle - signatures for the inspect functions in ContainerEngine and ImageEngine, plus the implementations of these interfaces, plus the actual inspect frontend code needed to be adjusted to use this. Fixes #6556 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6622 from goochjj/podman_fix_initOpenShift Merge Robot2020-06-17
|\ \ \ | |_|/ |/| | Fix --init and --init-path
| * | Fix --init and --init-pathJoseph Gooch2020-06-16
| |/ | | | | | | | | | | | | Init properly passed into specgen Allow --init with --systemd=true but not --systemd=always. Signed-off-by: Joseph Gooch <mrwizard@dok.org>
* / Add deprecated message to varlink commandJhon Honce2020-06-15
|/ | | | | | | * Remove varlink references from the man pages * Fix signature for extractTarFile() Signed-off-by: Jhon Honce <jhonce@redhat.com>
* pod create --replaceValentin Rothberg2020-06-15
| | | | | | | | | | | | | | | Add a `--replace` flag to the `pod create` command. If another pod with the same name already exists, it will be replaced and removed. Adding this flag is motivated by #5485 to make running Podman in systemd units (or any other scripts/automation) more robust. In case of a crash, a pod may not be removed by a sytemd unit anymore. The `--replace` flag allows for supporting crashes. Note that the `--replace` flag does not require the `--name` flag to be set, so it can be set unconditionally in `podman generate systemd`. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* {create,run} --replaceValentin Rothberg2020-06-15
| | | | | | | | | | | | | Add a `--replace` flag to the `container {create,run}` commands. If another container with the same name already exists, it will be replaced and removed. Adding this flag is motivated by #5485 to make running Podman in systemd units (or any other scripts/automation) more robust. In case of a crash, a container may not be removed by a sytemd unit anymore. The `--replace` flag allows for supporting crashes. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Turn on More lintersDaniel J Walsh2020-06-15
| | | | | | | | | - misspell - prealloc - unparam - nakedret Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Do not default WorkingDir to / on client sideDaniel J Walsh2020-06-12
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6415 from vrothberg/systemd-new-podOpenShift Merge Robot2020-06-11
|\ | | | | podman-generate-systemd --new for pods
| * pod create: add `--infra-conmon-pidfile`Valentin Rothberg2020-06-11
| | | | | | | | | | | | | | | | | | | | | | Add an `--infra-conmon-pidfile` flag to `podman-pod-create` to write the infra container's conmon process ID to a specified path. Several container sub-commands already support `--conmon-pidfile` which is especially helpful to allow for systemd to access and track the conmon processes. This allows for easily tracking the conmon process of a pod's infra container. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * container-{create,run}: add `--pod-id-file`Valentin Rothberg2020-06-11
| | | | | | | | | | | | | | | | Allow containers to join an existing pod via the `--pod-id-file` which is already supported by a number of `podman-pod` subcommands. Also add tests to make sure it's working and to prevent future regressions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * podman-pod{rm,start,stop}: support --pod-id-fileValentin Rothberg2020-06-11
| | | | | | | | | | | | | | | | | | | | Support the `--pod-id-file` flag in the rm, start and stop pod commands. This completes the already support flag in pod-create and is another prerequisite for generating generic systemd unit files for pods. Also add completions, docs and tests. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6256 from theunrealgeek/play_kube_deploymentOpenShift Merge Robot2020-06-11
|\ \ | | | | | | Support k8s Deployment in play kube
| * | Fix play kube report printing when no containers are createdtheunrealgeek2020-06-05
| | | | | | | | | | | | Signed-off-by: Aditya Kamath <theunrealgeek@gmail.com>
| * | Add tests for Deployment Kind and minor fix for play kube outputtheunrealgeek2020-06-02
| | | | | | | | | | | | Signed-off-by: Aditya Kamath <theunrealgeek@gmail.com>
| * | Modify PlayKubeReport to preserve pod->container mappingtheunrealgeek2020-06-02
| | | | | | | | | | | | Signed-off-by: Aditya Kamath <theunrealgeek@gmail.com>
| * | supporting k8s Deployment objectstheunrealgeek2020-06-02
| | | | | | | | | | | | Signed-off-by: Aditya Kamath <theunrealgeek@gmail.com>
* | | Enable IPv6 port bindingMatthew Heon2020-06-10
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Two areas needed tweaking to accomplish this: port parsing and binding ports on the host. Parsing is an obvious problem - we have to accomodate an IPv6 address enclosed by [] as well as a normal IPv4 address. It was slightly complicated by the fact that we previously just counted the number of colons in the whole port definition (a thousand curses on whoever in the IPv6 standard body decided to reuse colons for address separators), but did not end up being that bad. Libpod also (optionally) binds ports on the host to prevent their reuse by host processes. This code was IPv4 only for TCP, and bound to both for UDP (which I'm fairly certain is not correct, and has been adjusted). This just needed protocols adjusted to read "tcp4"/"tcp6" and "udp4"/"udp6" based on what we wanted to bind to. Fixes #5715 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6537 from vrothberg/events-docsOpenShift Merge Robot2020-06-10
|\ \ | | | | | | podman-events: clarify streaming behaviour
| * | podman-events: clarify streaming behaviourValentin Rothberg2020-06-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | Unless `--since` or `--until` is specified, `podman events` will stream new events. Clarify this behavior in the `--help` message and man page to avoid confusion. Fixes: #6536 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Fix Id->ID where possible for lintDaniel J Walsh2020-06-10
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Fixup issues found by golintDaniel J Walsh2020-06-10
|/ / | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add parallel operation to `podman stop`Matthew Heon2020-06-05
| | | | | | | | | | | | | | | | | | | | | | | | This is the other command that benefits greatly from being run in parallel, due to the potential 15-second timeout for containers that ignore SIGTERM. While we're at it, also clean up how stop timeout is set. This needs to be an optional parameter, so that the value set when the container is created with `--stop-timeout` will be respected. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Fix handling of systemd.Daniel J Walsh2020-06-05
| | | | | | | | | | | | | | | | | | | | Systemd enablement has to happen on the server side, since we need check if the image is running systemd. Also need to make sure user setting the StopSignal is not overriden on the server side. But if not set and using systemd, we set it correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6495 from mheon/parallel_executionOpenShift Merge Robot2020-06-05
|\ \ | | | | | | Add parallel execution code for container operations
| * | Add parallel execution code for container operationsMatthew Heon2020-06-05
| | | | | | | | | | | | | | | | | | | | | | | | This code will run container operations in parallel, up to a given maximum number of threads. Currently, it has only been enabled for local `podman rm` as a proof of concept. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Strip defaults from namespace flagsMatthew Heon2020-06-04
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We were picking up defaults from the client's containers.conf, which broke pod namespaces. The server-side code already checks containers.conf when not explicitly overridden by the user, or by the container being part of a pod (the last bit being our bug). This only manifested on systems with a containers.conf installed, so RHEL 8 and Fedora 32 (which means our F32 CI VMs likely should have caught it, but didn't, which is concerning). This prevents defaults for these flags being shown, but they were incorrect anyways for `podman-remote`, so I'm not terribly concerned. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6484 from rhatdan/namespaceOpenShift Merge Robot2020-06-04
|\ \ | | | | | | Namespace fields were set with bogus values
| * | Namespace fields were set with bogus valuesDaniel J Walsh2020-06-03
| | | | | | | | | | | | | | | | | | | | | | | | Namespace fields were being set with their option names unless overriden by the user. This was causing issues with podman-remote on userns. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6482 from mheon/split_inspectOpenShift Merge Robot2020-06-04
|\ \ \ | | | | | | | | Ensure that image/container inspect are specialized
| * | | Ensure that image/container inspect are specializedMatthew Heon2020-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are currently able to inspect images with `podman container inspect` and containers with `podman image inspect` and neither of those seem correct. This ensures that the appropriate flags, and only the appropriate flags, are available for each specialized exec, and they can only inspect the specific type they were intended to. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #6478 from rhatdan/abisupportOpenShift Merge Robot2020-06-03
|\ \ \ \ | |_|/ / |/| | | Remove use of ABISupport buildtag