| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the advent of Podman 2.0.0 we crossed the magical barrier of go
modules. While we were able to continue importing all packages inside
of the project, the project could not be vendored anymore from the
outside.
Move the go module to new major version and change all imports to
`github.com/containers/libpod/v2`. The renaming of the imports
was done via `gomove` [1].
[1] https://github.com/KSubedi/gomove
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Clarify in the help message and the man page that auto updates only work
with systemd units that are similar to the ones from `generate systemd
--new`. Units that merely start/stop a container do not work as they
will use the same image.
Fixes: #6793
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
| |
In the API, we are currently returning the image time of creation
as a string, in time.Time format. The API is for a 64 bit integer
representing Unix time.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
docs: recommend alternatives to podman inspect
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
podman inspect is problematic because there can be naming clashes. Also,
it only inspects a couple of types of objects and the docs for it didn't
help discover that several more types could be inspected as well.
To address both concerns, we deprecate `podman inspect` and update the
docs to point to to the recommend alternatives.
Issue: #6756
Signed-off-by: Mark Stosberg <mark@rideamigos.com>
|
|/
|
|
|
|
|
|
|
| |
Containers/image will use TMPDIR for the location of pulled layer blobs.
If TMPDIR is not set, it will use /tmp. Since this is known to be of
limited space on most systems, we change the default to /var/tmp
if the user has not told the tools where to store temporary files.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Allow empty host port in --publish flag
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I didn't believe that this was actually legal, but it looks like
it is. And, unlike our previous understanding (host port being
empty means just use container port), empty host port actually
carries the same meaning as `--expose` + `--publish-all` (that
is, assign a random host port to the given container port). This
requires a significant rework of our port handling code to handle
this new case. I don't foresee this being commonly used, so I
optimized having a fixed port number as fast path, which this
random assignment code running after the main port handling code
only if necessary.
Fixes #6806
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Set console mode for windows
|
| |/
| |
| |
| |
| |
| | |
Windows terminal handling is different than darwin and linux. It needs to have the terminal mode set to enable virtual terminal processing. This allows colors and other things to work.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Fixes --remote flag issues
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* --remote, --url and --identity are now anchored to podman command.
Subcommands should no longer have issues
* TraverseChildren now set to V1 expectations
* Latest flag now has helper function. Now has consistent usage.
* IsRemote() uses cobra parser to determin if --remote is given
* Moved validation functions from parser pkg to validate pkg
*
Fixes #6598
Fixes #6704
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \
| |/
|/| |
podman: add new cgroup mode split
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When running under systemd there is no need to create yet another
cgroup for the container.
With conmon-delegated the current cgroup will be split in two sub
cgroups:
- supervisor
- container
The supervisor cgroup will hold conmon and the podman process, while
the container cgroup is used by the OCI runtime (using the cgroupfs
backend).
Closes: https://github.com/containers/libpod/issues/6400
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| | |
* quick --remote fix, sent --remote to ctnrs as argument
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \
| | |
| | | |
Docs: consistency between man / --help
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
New functionality in hack/man-page-checker: start cross-
referencing the man page 'Synopsis' line against the
output of 'podman foo --help'. This is part 1, flag/option
consistency. Part 2 (arg consistency) is too big and will
have to wait for later.
flag/option consistency means: if 'podman foo --help'
includes the string '[flags]' in the Usage message,
make sure the man page includes '[*options*]' in its
Synopsis line, and vice-versa. This found several
inconsistencies, which I've fixed.
While doing this I realized that Cobra automatically
includes a 'Flags:' subsection in its --help output
for all subcommands that have defined flags. This
is great - it lets us cross-check against the
usage synopsis, and make sure that '[flags]' is
present or absent as needed, without fear of
human screwups. If a flag-less subcommand ever
gets extended with flags, but the developer forgets
to add '[flags]' and remove DisableFlagsInUseLine,
we now have a test that will catch that. (This,
too, caught two instances which I fixed).
I don't actually know if the new man-page-checker
functionality will work in CI: I vaguely recall that
it might run before 'make podman' does; and also
vaguely recall that some steps were taken to remedy
that.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| |_|/
|/| | |
podman run/create: support all transports
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Support all image transports in podman run/create. It seems we
regressed with v2 on that. Also add tests to make sure we're
not regressing again.
Fixes: #6744
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Fix inspect to display multiple label: changes
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the user runs a container like
podman run --security-opt seccomp=unconfined --security-opt label=type:spc_t --security-opt label=level:s0 ...
Podman inspect was only showing the second option
This change will show
"SecurityOpt": [
"label=type:spc_t,label=level:s0:c60",
"seccomp=unconfined"
],
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
Set stop signal to 15 when not explicitly set
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When going through the output of `podman inspect` to try and
identify another issue, I noticed that Podman 2.0 was setting
StopSignal to 0 on containers by default. After chasing it
through the command line and SpecGen, I determined that we were
actually not setting a default in Libpod, which is strange
because I swear we used to do that. I re-added the disappeared
default and now all is well again.
Also, while I was looking for the bug in SpecGen, I found a bunch
of TODOs that have already been done. Eliminate the comments for
these.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
BATS tests: new too-many-arguments test
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
...plus a few others. And fixes to actual parsing.
If a command's usage message includes '...' in the
argument list, assume it can take unlimited arguments.
Nothing we can check.
For all others, though, the ALL-CAPS part on the
right-hand side of the usage message will define
an upper bound on the number of arguments accepted
by the command. So in our 'podman --help' test,
generate N+1 args and run that command. We expect
a 125 exit status and a suitably helpful error message.
Not all podman commands or subcommands were checking,
so I fixed that. And, fixed some broken usage messages
(all-caps FLAGS, and '[flags]' at the end of 'ARGS').
Add new checks to the help test to prevent those in
the future.
Plus a little refactoring/cleanup where necessary.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
* An identity of "" implies ssh-agent and user/password to be used
* Fixed example
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \
| | |
| | | |
Add JSON output field for ps
|
| |/
| |
| |
| |
| |
| | |
the toolbox team needs a field in our ps json that represents a human readable time.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Implement command
* Refactor podman-remote to pull from containers.conf by default
* podman-remote defaults to --remote being true
* Write podman-system-connection.1.md
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|/
|
|
| |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\
| |
| | |
image load: no args required
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Disable the args requirement of `image load`. Instead of requiring a
lower bound, we really need an upper one with at most 1 argument.
Extend the system tests to prevent future regressions.
Fixes: #6718
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| |/
|/| |
Re-add PODMAN_USERNS environment variable
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This was lost during the Podman 2.0 migration. Turns out to be a
very easy fix, fortunately - we want to use the environment var
if not explicitly overridden.
Fixes #6705
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Add --preservefds to podman run
|
| | |
| | |
| | |
| | |
| | |
| | | |
Add --preservefds to podman run. close https://github.com/containers/libpod/issues/6458
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| | |
The `--privileged` flag does not conflict with `--group-add`
(this one was breaking Toolbox) and does not conflict with most
parts of `--security-opt` (this was breaking Openstack).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Fix podman build handling of --http-proxy flag
|
| |/
| |
| |
| |
| |
| | |
Also fixed a todo for handling of cgroup manager while I was in there.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Account for non-default port number in image name
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, if an image was tagged with the format
$REGISTRY:$PORT/$REPO:$TAG,
then `podman images` would display $PORT/$REPO:$TAG under the "TAG"
field.
This commit correctly displays $REGISTRY:$PORT/$REPO under the
"REPOSITORY" field while the "TAG" field only displays $TAG.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Fixes: gh#6665
|
|/ /
| |
| |
| |
| |
| |
| | |
* Sort images for -q option, removing duplicate id's
* Sort images for --format json
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
Pretty print the JSON output when listing images. We regressed on that
during v2 development. The indentation is now identical to the one of
Podman v1.9.3.
Fixes: #6687
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
| |
As such, we can remove the warnings logs that previously printed
every time it was run.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\
| |
| | |
Re-add resource limit warnings to Specgen
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These were part of Podman v1.9, but were lost in the transition
to using Specgen to create containers. Most resource limits are
checked via the sysinfo package to ensure they are safe to use
(the cgroup is mounted, kernel support is present, etc) and
removed if not safe. Further, bounds checks are performed to
ensure that values are valid.
Ensure these warnings are printed client-side when they occur.
This part is a little bit gross, as it happens in pkg/infra and
not cmd/podman, which is largely down to how we implemented
`podman run` - all the work is done in pkg/infra and it returns
only once the container has exited, and we need warnings to print
*before* the container runs. The solution here, while inelegant,
avoid the need to extensively refactor our handling of run.
Should fix blkio-limit warnings that were identified by the FCOS
test suite.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Fix podman inspect on overlapping/missing objects
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This started as a small fix to `podman inspect` where a container
and image, with the same name/tag, were present, and
`podman inspect` was run on that name. `podman inspect` in 1.9
(and `docker inspect`) will give you the container; in v2.0, we
gave the image. This was an easy fix (just reorder how we check
for image/container).
Unfortunately, in the process of testing this fix, I determined
that we regressed in a different area. When you run inspect on
a number of containers, some of which do not exist,
`podman inspect` should return an array of inspect results for
the objects that exist, then print a number of errors, one for
each object that could not be found. We were bailing after the
first error, and not printing output for the containers that
succeeded. (For reference, this applied to images as well). This
required a much more substantial set of changes to properly
handle - signatures for the inspect functions in ContainerEngine
and ImageEngine, plus the implementations of these interfaces,
plus the actual inspect frontend code needed to be adjusted to
use this.
Fixes #6556
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| |_|/
|/| | |
Fix --init and --init-path
|
| |/
| |
| |
| |
| |
| |
| | |
Init properly passed into specgen
Allow --init with --systemd=true but not --systemd=always.
Signed-off-by: Joseph Gooch <mrwizard@dok.org>
|